fix provisioning for boulder testserver

This commit is contained in:
Maarten de Waard 2016-12-13 18:12:14 +01:00
parent e1035840d5
commit dc6b3ee0ad
4 changed files with 28 additions and 38 deletions

View File

@ -384,7 +384,19 @@ server, which is the exact same server Let's Encrypt is running. The server is
started in Virtual Box using Vagrant. To prevent the installation of any
components and dependencies from cluttering up your computer there is also a
client Virtual Box instance. Both of these machines can be setup and started by
running the ``dev_start.sh`` script.
running the ``dev_start.sh`` script. This sets up a local boulder server and the
letsencrypt client, so don't worry if it takes more than an hour.
Vagrant machines
================
The ``dev_start.sh`` script boots two virtual machines. The first is named
'boulder' and runs a development instance of the boulder server. The second is
'lehaproxy' and runs the client. To test if the machines are setup correctly,
you can SSH into the 'lehaproxy' machine, by running ``vagrant ssh
lehaproxy``. Next, go to the /lehaproxy directory and run
``./tests/boulder-integration.sh``. This runs a modified version of certbot's
boulder-integration test, which tests the HAProxy plugin. If the test succeeds,
your development environment is setup correctly.
Development: Running locally without sudo
-----------------------------------------
@ -453,14 +465,15 @@ you can update.
Making a `.deb` debian package
------------------------------
Requirements:
- python stdeb: pip install --upgrade stdeb
- dh clean: apt-get install dh-make
- python stdeb: pip install --upgrade stdeb
- dh clean: apt-get install dh-make
Run the following commands in your vagrant machine:
```
```bash
apt-file update
python setup.py sdist
# py2dsc has a problem with vbox mounted folders

3
Vagrantfile vendored
View File

@ -30,7 +30,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
server.vm.box = "debian/jessie64"
server.vm.hostname = "boulder.local"
server.vm.network :private_network, ip: ENVS['PROJECT_SERVER_IP']
server.vm.synced_folder ".", "/vagrant/", type: "virtualbox"
server.vm.synced_folder ".", "/boulder/", type: "virtualbox"
server.vm.provision "shell" do |s|
s.path = './provisioning_server.sh'
s.env = ENVS
@ -47,7 +47,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
client.vm.box = "debian/jessie64"
client.vm.hostname = PROJECT_NAME + ".local"
client.vm.network :private_network, ip: ENVS['PROJECT_CLIENT_IP']
client.vm.synced_folder ".", "/vagrant/", disabled: true
client.vm.synced_folder ".", "/" + PROJECT_NAME + "/", type: "virtualbox"
client.vm.provision "shell" do |s|
s.path = './provisioning_client.sh'

View File

@ -1,10 +1,10 @@
diff --git a/test/config/va.json b/test/config/va.json
index 75ff959..d031f99 100644
index f3e64ee..1136e98 100644
--- a/test/config/va.json
+++ b/test/config/va.json
@@ -3,8 +3,8 @@
@@ -4,8 +4,8 @@
"userAgent": "boulder",
"debugAddr": "localhost:8004",
"debugAddr": ":8004",
"portConfig": {
- "httpPort": 5002,
- "httpsPort": 5001,
@ -12,31 +12,9 @@ index 75ff959..d031f99 100644
+ "httpsPort": 443,
"tlsPort": 5001
},
"maxConcurrentRPCServerRequests": 16,
@@ -37,4 +37,4 @@
"dnsTimeout": "10s",
"dnsAllowLoopbackAddresses": true
}
-}
\ No newline at end of file
+}
diff --git a/test/config/wfe.json b/test/config/wfe.json
index 532da42..29e09fd 100644
--- a/test/config/wfe.json
+++ b/test/config/wfe.json
@@ -44,7 +44,7 @@
},
"common": {
- "baseURL": "http://127.0.0.1:4000",
+ "baseURL": "http://192.168.33.111:4000",
"issuerCert": "test/test-ca.pem"
}
-}
\ No newline at end of file
+}
"lookupIPV6": true,
diff --git a/test/rate-limit-policies.yml b/test/rate-limit-policies.yml
index 41aadd3..25d656b 100644
index 41aadd3..28198b1 100644
--- a/test/rate-limit-policies.yml
+++ b/test/rate-limit-policies.yml
@@ -4,7 +4,7 @@ totalCertificates:
@ -44,7 +22,7 @@ index 41aadd3..25d656b 100644
certificatesPerName:
window: 2160h
- threshold: 2
+ threshold: 10000
+ threshold: 1000
overrides:
ratelimit.me: 1
lim.it: 0
@ -53,16 +31,16 @@ index 41aadd3..25d656b 100644
pendingAuthorizationsPerAccount:
window: 168h # 1 week, should match pending authorization lifetime.
- threshold: 3
+ threshold: 10000
+ threshold: 1000
certificatesPerFQDNSet:
window: 24h
- threshold: 5
+ threshold: 10000
+ threshold: 1000
overrides:
le.wtf: 10000
le1.wtf: 10000
diff --git a/test/test-ca.key-pkcs11.json b/test/test-ca.key-pkcs11.json
index 7a8d348..746dee8 100644
index b7a44f5..40cc685 100644
--- a/test/test-ca.key-pkcs11.json
+++ b/test/test-ca.key-pkcs11.json
@@ -1,5 +1,5 @@

View File

@ -107,7 +107,7 @@ fi
# Change pkcs to softhsm and IP to 192.168.33.111 and set high thresholds for rate limiting
if grep -Fq "/usr/local/lib/libpkcs11-proxy.so" test/test-ca.key-pkcs11.json; then
git apply /vagrant/greenhost.patch
git apply /boulder/greenhost.patch
fi
cat <<EOF > /etc/nginx/sites-available/wfe