summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris <chris@greenhost.nl>2017-02-24 11:32:31 (GMT)
committerChris <chris@greenhost.nl>2017-02-24 11:32:31 (GMT)
commit8a66035004dff748a676650321c9231b0da47418 (patch)
treefd27401a6065955e6d08711a09d063bdc618ff68
parent9511e4c1b593bc7428a472fe745c5c1c87e0e4a9 (diff)
downloadcertbot-haproxy-8a66035004dff748a676650321c9231b0da47418.zip
certbot-haproxy-8a66035004dff748a676650321c9231b0da47418.tar.gz
certbot-haproxy-8a66035004dff748a676650321c9231b0da47418.tar.bz2
Fix provisioning boulder after changes by the LE team.
-rw-r--r--Vagrantfile4
-rw-r--r--greenhost.patch52
-rwxr-xr-xhsmpatch.py90
-rw-r--r--provisioning_server.sh5
4 files changed, 95 insertions, 56 deletions
diff --git a/Vagrantfile b/Vagrantfile
index 9d6e2f9..3535b52 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -21,8 +21,8 @@ ENVS = {
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
- config.hostmanager.enabled = true
- config.hostmanager.manage_host = true
+ #config.hostmanager.enabled = true
+ #config.hostmanager.manage_host = true
config.vbguest.auto_update = true
config.vbguest.no_remote = false
diff --git a/greenhost.patch b/greenhost.patch
deleted file mode 100644
index 3602aae..0000000
--- a/greenhost.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-diff --git a/test/config/va.json b/test/config/va.json
-index f3e64ee..1136e98 100644
---- a/test/config/va.json
-+++ b/test/config/va.json
-@@ -4,8 +4,8 @@
- "userAgent": "boulder",
- "debugAddr": ":8004",
- "portConfig": {
-- "httpPort": 5002,
-- "httpsPort": 5001,
-+ "httpPort": 80,
-+ "httpsPort": 443,
- "tlsPort": 5001
- },
- "lookupIPV6": true,
-diff --git a/test/rate-limit-policies.yml b/test/rate-limit-policies.yml
-index 41aadd3..28198b1 100644
---- a/test/rate-limit-policies.yml
-+++ b/test/rate-limit-policies.yml
-@@ -4,7 +4,7 @@ totalCertificates:
- threshold: 100000
- certificatesPerName:
- window: 2160h
-- threshold: 2
-+ threshold: 1000
- overrides:
- ratelimit.me: 1
- lim.it: 0
-@@ -27,10 +27,10 @@ registrationsPerIP:
- 127.0.0.1: 1000000
- pendingAuthorizationsPerAccount:
- window: 168h # 1 week, should match pending authorization lifetime.
-- threshold: 3
-+ threshold: 1000
- certificatesPerFQDNSet:
- window: 24h
-- threshold: 5
-+ threshold: 1000
- overrides:
- le.wtf: 10000
- le1.wtf: 10000
-diff --git a/test/test-ca.key-pkcs11.json b/test/test-ca.key-pkcs11.json
-index b7a44f5..40cc685 100644
---- a/test/test-ca.key-pkcs11.json
-+++ b/test/test-ca.key-pkcs11.json
-@@ -1,5 +1,5 @@
- {
-- "module": "/usr/local/lib/libpkcs11-proxy.so",
-+ "module": "/usr/lib/softhsm/libsofthsm.so",
- "tokenLabel": "intermediate",
- "pin": "5678",
- "privateKeyLabel": "intermediate_key"
diff --git a/hsmpatch.py b/hsmpatch.py
new file mode 100755
index 0000000..a1380c8
--- /dev/null
+++ b/hsmpatch.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python2
+"""
+Patch the HSM config file to set correct settings for use with a Vagrant
+development setup.
+
+Note: this used to be a simple patch file but since the format changed, it
+seems better to parse the file, change the json object and dump it back to the
+file.
+"""
+import simplejson as json
+import yaml
+import sys
+import os.path
+
+MAX_RECURSION = 100
+
+PATCHES = {
+ "test/config/va.json": {
+ "va": {
+ "portConfig": {
+ "httpPort": 80,
+ "httpsPort": 443
+ }
+ }
+ },
+ "test/rate-limit-policies.yml": {
+ "certificatesPerName": {
+ "threshold": 1000
+ },
+ "certificatesPerFQDNSet": {
+ "threshold": 1000
+ }
+ },
+ "test/test-ca.key-pkcs11.json": {
+ "module": "/usr/lib/softhsm/libsofthsm.so",
+ }
+}
+
+
+def recursive_update(old_obj, new_obj, depth=0):
+ if depth > MAX_RECURSION:
+ raise RuntimeError("Maximum recursion level reached.")
+
+ if isinstance(new_obj, dict):
+ for key, value in new_obj.items():
+ old_obj[key] = recursive_update(
+ old_obj[key], new_obj[key], depth+1)
+ elif isinstance(new_obj, (list, tuple)):
+ # Merge lists/tuples.
+ old_obj = old_obj + new_obj
+ else:
+ # Set strings, integers, etc. and set() so arrays can be
+ # overridden.
+ old_obj = new_obj
+ return old_obj
+
+
+def patch_yaml(file, obj):
+ with open(file, "r") as fp:
+ yaml_obj = yaml.load(fp)
+ yaml_obj = recursive_update(yaml_obj, obj)
+ with open(file, "w") as fp:
+ yaml.dump(yaml_obj, fp, default_flow_style=False)
+
+
+def patch_json(file, obj):
+ with open(file, "r") as fp:
+ json_obj = json.load(fp)
+ json_obj = recursive_update(json_obj, obj)
+ with open(file, "w") as fp:
+ json.dump(json_obj, fp, indent=4)
+
+
+if __name__ == '__main__':
+ try:
+ for patch_file, patch_obj in PATCHES.items():
+ _, file_extension = os.path.splitext(patch_file)
+ if file_extension in (".yml", ".yaml"):
+ patch_yaml(patch_file, patch_obj)
+ elif file_extension in (".json", ".js"):
+ patch_json(patch_file, patch_obj)
+ else:
+ raise NotImplementedError(
+ "Can't patch files with %s extension" % file_extension)
+ print("Patched {}".format(os.path.abspath(patch_file)))
+
+ except (OSError, IOError), exc:
+ print(
+ "Failed to patch the HSM for development, reason: {}".format(exc))
+ sys.exit(1)
diff --git a/provisioning_server.sh b/provisioning_server.sh
index b41be60..d2f4fa6 100644
--- a/provisioning_server.sh
+++ b/provisioning_server.sh
@@ -89,7 +89,7 @@ go get bitbucket.org/liamstask/goose/cmd/goose
go get -d github.com/letsencrypt/boulder/...
# Enter the boulder directory
-cd /gopath/src/github.com/letsencrypt/boulder
+cd $GOPATH/src/github.com/letsencrypt/boulder
# Install alle dependencies
godep restore
@@ -107,7 +107,8 @@ fi
# Change pkcs to softhsm and IP to 192.168.33.111 and set high thresholds for rate limiting
if grep -Fq "/usr/local/lib/libpkcs11-proxy.so" test/test-ca.key-pkcs11.json; then
- git apply /boulder/greenhost.patch
+ pip install simplejson pyyaml
+ /boulder/hsmpatch.py
fi
cat <<EOF > /etc/nginx/sites-available/wfe