Fix provisioning boulder after changes by the LE team.
This commit is contained in:
parent
9511e4c1b5
commit
8a66035004
|
@ -21,8 +21,8 @@ ENVS = {
|
|||
|
||||
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
|
||||
config.hostmanager.enabled = true
|
||||
config.hostmanager.manage_host = true
|
||||
#config.hostmanager.enabled = true
|
||||
#config.hostmanager.manage_host = true
|
||||
config.vbguest.auto_update = true
|
||||
config.vbguest.no_remote = false
|
||||
|
||||
|
|
|
@ -1,52 +0,0 @@
|
|||
diff --git a/test/config/va.json b/test/config/va.json
|
||||
index f3e64ee..1136e98 100644
|
||||
--- a/test/config/va.json
|
||||
+++ b/test/config/va.json
|
||||
@@ -4,8 +4,8 @@
|
||||
"userAgent": "boulder",
|
||||
"debugAddr": ":8004",
|
||||
"portConfig": {
|
||||
- "httpPort": 5002,
|
||||
- "httpsPort": 5001,
|
||||
+ "httpPort": 80,
|
||||
+ "httpsPort": 443,
|
||||
"tlsPort": 5001
|
||||
},
|
||||
"lookupIPV6": true,
|
||||
diff --git a/test/rate-limit-policies.yml b/test/rate-limit-policies.yml
|
||||
index 41aadd3..28198b1 100644
|
||||
--- a/test/rate-limit-policies.yml
|
||||
+++ b/test/rate-limit-policies.yml
|
||||
@@ -4,7 +4,7 @@ totalCertificates:
|
||||
threshold: 100000
|
||||
certificatesPerName:
|
||||
window: 2160h
|
||||
- threshold: 2
|
||||
+ threshold: 1000
|
||||
overrides:
|
||||
ratelimit.me: 1
|
||||
lim.it: 0
|
||||
@@ -27,10 +27,10 @@ registrationsPerIP:
|
||||
127.0.0.1: 1000000
|
||||
pendingAuthorizationsPerAccount:
|
||||
window: 168h # 1 week, should match pending authorization lifetime.
|
||||
- threshold: 3
|
||||
+ threshold: 1000
|
||||
certificatesPerFQDNSet:
|
||||
window: 24h
|
||||
- threshold: 5
|
||||
+ threshold: 1000
|
||||
overrides:
|
||||
le.wtf: 10000
|
||||
le1.wtf: 10000
|
||||
diff --git a/test/test-ca.key-pkcs11.json b/test/test-ca.key-pkcs11.json
|
||||
index b7a44f5..40cc685 100644
|
||||
--- a/test/test-ca.key-pkcs11.json
|
||||
+++ b/test/test-ca.key-pkcs11.json
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
- "module": "/usr/local/lib/libpkcs11-proxy.so",
|
||||
+ "module": "/usr/lib/softhsm/libsofthsm.so",
|
||||
"tokenLabel": "intermediate",
|
||||
"pin": "5678",
|
||||
"privateKeyLabel": "intermediate_key"
|
|
@ -0,0 +1,90 @@
|
|||
#!/usr/bin/env python2
|
||||
"""
|
||||
Patch the HSM config file to set correct settings for use with a Vagrant
|
||||
development setup.
|
||||
|
||||
Note: this used to be a simple patch file but since the format changed, it
|
||||
seems better to parse the file, change the json object and dump it back to the
|
||||
file.
|
||||
"""
|
||||
import simplejson as json
|
||||
import yaml
|
||||
import sys
|
||||
import os.path
|
||||
|
||||
MAX_RECURSION = 100
|
||||
|
||||
PATCHES = {
|
||||
"test/config/va.json": {
|
||||
"va": {
|
||||
"portConfig": {
|
||||
"httpPort": 80,
|
||||
"httpsPort": 443
|
||||
}
|
||||
}
|
||||
},
|
||||
"test/rate-limit-policies.yml": {
|
||||
"certificatesPerName": {
|
||||
"threshold": 1000
|
||||
},
|
||||
"certificatesPerFQDNSet": {
|
||||
"threshold": 1000
|
||||
}
|
||||
},
|
||||
"test/test-ca.key-pkcs11.json": {
|
||||
"module": "/usr/lib/softhsm/libsofthsm.so",
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
def recursive_update(old_obj, new_obj, depth=0):
|
||||
if depth > MAX_RECURSION:
|
||||
raise RuntimeError("Maximum recursion level reached.")
|
||||
|
||||
if isinstance(new_obj, dict):
|
||||
for key, value in new_obj.items():
|
||||
old_obj[key] = recursive_update(
|
||||
old_obj[key], new_obj[key], depth+1)
|
||||
elif isinstance(new_obj, (list, tuple)):
|
||||
# Merge lists/tuples.
|
||||
old_obj = old_obj + new_obj
|
||||
else:
|
||||
# Set strings, integers, etc. and set() so arrays can be
|
||||
# overridden.
|
||||
old_obj = new_obj
|
||||
return old_obj
|
||||
|
||||
|
||||
def patch_yaml(file, obj):
|
||||
with open(file, "r") as fp:
|
||||
yaml_obj = yaml.load(fp)
|
||||
yaml_obj = recursive_update(yaml_obj, obj)
|
||||
with open(file, "w") as fp:
|
||||
yaml.dump(yaml_obj, fp, default_flow_style=False)
|
||||
|
||||
|
||||
def patch_json(file, obj):
|
||||
with open(file, "r") as fp:
|
||||
json_obj = json.load(fp)
|
||||
json_obj = recursive_update(json_obj, obj)
|
||||
with open(file, "w") as fp:
|
||||
json.dump(json_obj, fp, indent=4)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
try:
|
||||
for patch_file, patch_obj in PATCHES.items():
|
||||
_, file_extension = os.path.splitext(patch_file)
|
||||
if file_extension in (".yml", ".yaml"):
|
||||
patch_yaml(patch_file, patch_obj)
|
||||
elif file_extension in (".json", ".js"):
|
||||
patch_json(patch_file, patch_obj)
|
||||
else:
|
||||
raise NotImplementedError(
|
||||
"Can't patch files with %s extension" % file_extension)
|
||||
print("Patched {}".format(os.path.abspath(patch_file)))
|
||||
|
||||
except (OSError, IOError), exc:
|
||||
print(
|
||||
"Failed to patch the HSM for development, reason: {}".format(exc))
|
||||
sys.exit(1)
|
|
@ -89,7 +89,7 @@ go get bitbucket.org/liamstask/goose/cmd/goose
|
|||
go get -d github.com/letsencrypt/boulder/...
|
||||
|
||||
# Enter the boulder directory
|
||||
cd /gopath/src/github.com/letsencrypt/boulder
|
||||
cd $GOPATH/src/github.com/letsencrypt/boulder
|
||||
|
||||
# Install alle dependencies
|
||||
godep restore
|
||||
|
@ -107,7 +107,8 @@ fi
|
|||
|
||||
# Change pkcs to softhsm and IP to 192.168.33.111 and set high thresholds for rate limiting
|
||||
if grep -Fq "/usr/local/lib/libpkcs11-proxy.so" test/test-ca.key-pkcs11.json; then
|
||||
git apply /boulder/greenhost.patch
|
||||
pip install simplejson pyyaml
|
||||
/boulder/hsmpatch.py
|
||||
fi
|
||||
|
||||
cat <<EOF > /etc/nginx/sites-available/wfe
|
||||
|
|
Reference in New Issue