fix provisioning for boulder testserver
This commit is contained in:
parent
e1035840d5
commit
dc6b3ee0ad
21
README.rst
21
README.rst
|
@ -384,7 +384,19 @@ server, which is the exact same server Let's Encrypt is running. The server is
|
|||
started in Virtual Box using Vagrant. To prevent the installation of any
|
||||
components and dependencies from cluttering up your computer there is also a
|
||||
client Virtual Box instance. Both of these machines can be setup and started by
|
||||
running the ``dev_start.sh`` script.
|
||||
running the ``dev_start.sh`` script. This sets up a local boulder server and the
|
||||
letsencrypt client, so don't worry if it takes more than an hour.
|
||||
|
||||
Vagrant machines
|
||||
================
|
||||
The ``dev_start.sh`` script boots two virtual machines. The first is named
|
||||
'boulder' and runs a development instance of the boulder server. The second is
|
||||
'lehaproxy' and runs the client. To test if the machines are setup correctly,
|
||||
you can SSH into the 'lehaproxy' machine, by running ``vagrant ssh
|
||||
lehaproxy``. Next, go to the /lehaproxy directory and run
|
||||
``./tests/boulder-integration.sh``. This runs a modified version of certbot's
|
||||
boulder-integration test, which tests the HAProxy plugin. If the test succeeds,
|
||||
your development environment is setup correctly.
|
||||
|
||||
Development: Running locally without sudo
|
||||
-----------------------------------------
|
||||
|
@ -453,14 +465,15 @@ you can update.
|
|||
|
||||
Making a `.deb` debian package
|
||||
------------------------------
|
||||
|
||||
Requirements:
|
||||
|
||||
- python stdeb: pip install --upgrade stdeb
|
||||
- dh clean: apt-get install dh-make
|
||||
- python stdeb: pip install --upgrade stdeb
|
||||
- dh clean: apt-get install dh-make
|
||||
|
||||
Run the following commands in your vagrant machine:
|
||||
|
||||
```
|
||||
```bash
|
||||
apt-file update
|
||||
python setup.py sdist
|
||||
# py2dsc has a problem with vbox mounted folders
|
||||
|
|
|
@ -30,7 +30,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
|||
server.vm.box = "debian/jessie64"
|
||||
server.vm.hostname = "boulder.local"
|
||||
server.vm.network :private_network, ip: ENVS['PROJECT_SERVER_IP']
|
||||
server.vm.synced_folder ".", "/vagrant/", type: "virtualbox"
|
||||
server.vm.synced_folder ".", "/boulder/", type: "virtualbox"
|
||||
server.vm.provision "shell" do |s|
|
||||
s.path = './provisioning_server.sh'
|
||||
s.env = ENVS
|
||||
|
@ -47,7 +47,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
|||
client.vm.box = "debian/jessie64"
|
||||
client.vm.hostname = PROJECT_NAME + ".local"
|
||||
client.vm.network :private_network, ip: ENVS['PROJECT_CLIENT_IP']
|
||||
client.vm.synced_folder ".", "/vagrant/", disabled: true
|
||||
client.vm.synced_folder ".", "/" + PROJECT_NAME + "/", type: "virtualbox"
|
||||
client.vm.provision "shell" do |s|
|
||||
s.path = './provisioning_client.sh'
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
diff --git a/test/config/va.json b/test/config/va.json
|
||||
index 75ff959..d031f99 100644
|
||||
index f3e64ee..1136e98 100644
|
||||
--- a/test/config/va.json
|
||||
+++ b/test/config/va.json
|
||||
@@ -3,8 +3,8 @@
|
||||
@@ -4,8 +4,8 @@
|
||||
"userAgent": "boulder",
|
||||
"debugAddr": "localhost:8004",
|
||||
"debugAddr": ":8004",
|
||||
"portConfig": {
|
||||
- "httpPort": 5002,
|
||||
- "httpsPort": 5001,
|
||||
|
@ -12,31 +12,9 @@ index 75ff959..d031f99 100644
|
|||
+ "httpsPort": 443,
|
||||
"tlsPort": 5001
|
||||
},
|
||||
"maxConcurrentRPCServerRequests": 16,
|
||||
@@ -37,4 +37,4 @@
|
||||
"dnsTimeout": "10s",
|
||||
"dnsAllowLoopbackAddresses": true
|
||||
}
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
diff --git a/test/config/wfe.json b/test/config/wfe.json
|
||||
index 532da42..29e09fd 100644
|
||||
--- a/test/config/wfe.json
|
||||
+++ b/test/config/wfe.json
|
||||
@@ -44,7 +44,7 @@
|
||||
},
|
||||
|
||||
"common": {
|
||||
- "baseURL": "http://127.0.0.1:4000",
|
||||
+ "baseURL": "http://192.168.33.111:4000",
|
||||
"issuerCert": "test/test-ca.pem"
|
||||
}
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
"lookupIPV6": true,
|
||||
diff --git a/test/rate-limit-policies.yml b/test/rate-limit-policies.yml
|
||||
index 41aadd3..25d656b 100644
|
||||
index 41aadd3..28198b1 100644
|
||||
--- a/test/rate-limit-policies.yml
|
||||
+++ b/test/rate-limit-policies.yml
|
||||
@@ -4,7 +4,7 @@ totalCertificates:
|
||||
|
@ -44,7 +22,7 @@ index 41aadd3..25d656b 100644
|
|||
certificatesPerName:
|
||||
window: 2160h
|
||||
- threshold: 2
|
||||
+ threshold: 10000
|
||||
+ threshold: 1000
|
||||
overrides:
|
||||
ratelimit.me: 1
|
||||
lim.it: 0
|
||||
|
@ -53,16 +31,16 @@ index 41aadd3..25d656b 100644
|
|||
pendingAuthorizationsPerAccount:
|
||||
window: 168h # 1 week, should match pending authorization lifetime.
|
||||
- threshold: 3
|
||||
+ threshold: 10000
|
||||
+ threshold: 1000
|
||||
certificatesPerFQDNSet:
|
||||
window: 24h
|
||||
- threshold: 5
|
||||
+ threshold: 10000
|
||||
+ threshold: 1000
|
||||
overrides:
|
||||
le.wtf: 10000
|
||||
le1.wtf: 10000
|
||||
diff --git a/test/test-ca.key-pkcs11.json b/test/test-ca.key-pkcs11.json
|
||||
index 7a8d348..746dee8 100644
|
||||
index b7a44f5..40cc685 100644
|
||||
--- a/test/test-ca.key-pkcs11.json
|
||||
+++ b/test/test-ca.key-pkcs11.json
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
|
@ -107,7 +107,7 @@ fi
|
|||
|
||||
# Change pkcs to softhsm and IP to 192.168.33.111 and set high thresholds for rate limiting
|
||||
if grep -Fq "/usr/local/lib/libpkcs11-proxy.so" test/test-ca.key-pkcs11.json; then
|
||||
git apply /vagrant/greenhost.patch
|
||||
git apply /boulder/greenhost.patch
|
||||
fi
|
||||
|
||||
cat <<EOF > /etc/nginx/sites-available/wfe
|
||||
|
|
Reference in New Issue