diff --git a/test/config-next/akamai-purger.json b/test/config-next/akamai-purger.json index 538ddac76b5..27088ad86a6 100644 --- a/test/config-next/akamai-purger.json +++ b/test/config-next/akamai-purger.json @@ -26,6 +26,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/ca.json b/test/config-next/ca.json index 4ae243721c3..7572360dc3e 100644 --- a/test/config-next/ca.json +++ b/test/config-next/ca.json @@ -21,6 +21,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/crl-storer.json b/test/config-next/crl-storer.json index 0934bcef071..736b5b2093c 100644 --- a/test/config-next/crl-storer.json +++ b/test/config-next/crl-storer.json @@ -15,6 +15,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/email-exporter.json b/test/config-next/email-exporter.json index 5652e0c1c38..af4447fc1ff 100644 --- a/test/config-next/email-exporter.json +++ b/test/config-next/email-exporter.json @@ -12,6 +12,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/nonce-a.json b/test/config-next/nonce-a.json index d14b44063f2..29db005dbab 100644 --- a/test/config-next/nonce-a.json +++ b/test/config-next/nonce-a.json @@ -22,6 +22,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/nonce-b.json b/test/config-next/nonce-b.json index d14b44063f2..29db005dbab 100644 --- a/test/config-next/nonce-b.json +++ b/test/config-next/nonce-b.json @@ -22,6 +22,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/publisher.json b/test/config-next/publisher.json index 3d0a0fb7e4e..27d6a4942ad 100644 --- a/test/config-next/publisher.json +++ b/test/config-next/publisher.json @@ -30,6 +30,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/ra.json b/test/config-next/ra.json index bf73cae1d6c..7f863106ed1 100644 --- a/test/config-next/ra.json +++ b/test/config-next/ra.json @@ -130,6 +130,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/remoteva-a.json b/test/config-next/remoteva-a.json index 43f22840c6a..18a7a79ed83 100644 --- a/test/config-next/remoteva-a.json +++ b/test/config-next/remoteva-a.json @@ -29,6 +29,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/remoteva-b.json b/test/config-next/remoteva-b.json index 7595a8b4e58..e4ba70a26b5 100644 --- a/test/config-next/remoteva-b.json +++ b/test/config-next/remoteva-b.json @@ -29,6 +29,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/remoteva-c.json b/test/config-next/remoteva-c.json index a5ca7ffa5c7..eb51a622acc 100644 --- a/test/config-next/remoteva-c.json +++ b/test/config-next/remoteva-c.json @@ -29,6 +29,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config-next/sa.json b/test/config-next/sa.json index 1af58f20647..1242a4b3ba7 100644 --- a/test/config-next/sa.json +++ b/test/config-next/sa.json @@ -39,8 +39,8 @@ }, "grpc.health.v1.Health": { "clientNames": [ - "health-checker.boulder", - "consul.boulder" + "consul.boulder", + "health-checker.boulder" ] } } diff --git a/test/config-next/va.json b/test/config-next/va.json index a0bef772ec8..d0e872bccae 100644 --- a/test/config-next/va.json +++ b/test/config-next/va.json @@ -31,6 +31,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/akamai-purger.json b/test/config/akamai-purger.json index 3b2fe51b7a7..d906f77e564 100644 --- a/test/config/akamai-purger.json +++ b/test/config/akamai-purger.json @@ -24,6 +24,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/ca.json b/test/config/ca.json index 477f82b12aa..db22128e748 100644 --- a/test/config/ca.json +++ b/test/config/ca.json @@ -22,6 +22,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/crl-storer.json b/test/config/crl-storer.json index 3ab267b0f64..88ca5b65526 100644 --- a/test/config/crl-storer.json +++ b/test/config/crl-storer.json @@ -17,6 +17,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/email-exporter.json b/test/config/email-exporter.json index 8505cc4535e..92fac3d402f 100644 --- a/test/config/email-exporter.json +++ b/test/config/email-exporter.json @@ -12,6 +12,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/nonce-a.json b/test/config/nonce-a.json index e549c30ba1e..b9c4bbb1790 100644 --- a/test/config/nonce-a.json +++ b/test/config/nonce-a.json @@ -20,6 +20,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/nonce-b.json b/test/config/nonce-b.json index e549c30ba1e..b9c4bbb1790 100644 --- a/test/config/nonce-b.json +++ b/test/config/nonce-b.json @@ -20,6 +20,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/publisher.json b/test/config/publisher.json index 1909a6f601b..fdc2380cd02 100644 --- a/test/config/publisher.json +++ b/test/config/publisher.json @@ -30,6 +30,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/ra.json b/test/config/ra.json index 1cecd47722e..5c5fe697117 100644 --- a/test/config/ra.json +++ b/test/config/ra.json @@ -140,6 +140,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/remoteva-a.json b/test/config/remoteva-a.json index 2ace42df439..f375b3f40e7 100644 --- a/test/config/remoteva-a.json +++ b/test/config/remoteva-a.json @@ -33,6 +33,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/remoteva-b.json b/test/config/remoteva-b.json index 171b8534ad9..2d9200794d1 100644 --- a/test/config/remoteva-b.json +++ b/test/config/remoteva-b.json @@ -33,6 +33,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/remoteva-c.json b/test/config/remoteva-c.json index 22c168b662c..27a38e3a5c1 100644 --- a/test/config/remoteva-c.json +++ b/test/config/remoteva-c.json @@ -33,6 +33,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/config/sa.json b/test/config/sa.json index 1ab11c6848a..f24bc6cfb8f 100644 --- a/test/config/sa.json +++ b/test/config/sa.json @@ -41,8 +41,8 @@ }, "grpc.health.v1.Health": { "clientNames": [ - "health-checker.boulder", - "consul.boulder" + "consul.boulder", + "health-checker.boulder" ] } } diff --git a/test/config/va.json b/test/config/va.json index 1172ad9de7b..fdd784abc3e 100644 --- a/test/config/va.json +++ b/test/config/va.json @@ -32,6 +32,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/consul/config.hcl b/test/consul/config.hcl index a296e154966..096e86735eb 100644 --- a/test/consul/config.hcl +++ b/test/consul/config.hcl @@ -31,6 +31,18 @@ services { address = "10.77.77.77" port = 9399 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "akamai-purger-a-grpc" + name = "akamai-purger-a-grpc" + grpc = "10.77.77.77:9399" + grpc_use_tls = true + tls_server_name = "akamai-purger.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -39,6 +51,18 @@ services { address = "10.77.77.77" port = 9603 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "email-exporter-a-grpc" + name = "email-exporter-a-grpc" + grpc = "10.77.77.77:9603" + grpc_use_tls = true + tls_server_name = "email-exporter.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -59,6 +83,18 @@ services { address = "10.77.77.77" port = 9393 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "ca-a-grpc" + name = "ca-a-grpc" + grpc = "10.77.77.77:9393" + grpc_use_tls = true + tls_server_name = "ca.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -67,6 +103,18 @@ services { address = "10.77.77.77" port = 9493 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "ca-b-grpc" + name = "ca-b-grpc" + grpc = "10.77.77.77:9493" + grpc_use_tls = true + tls_server_name = "ca.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -75,6 +123,18 @@ services { address = "10.77.77.77" port = 9309 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "crl-storer-a-grpc" + name = "crl-storer-a-grpc" + grpc = "10.77.77.77:9309" + grpc_use_tls = true + tls_server_name = "crl-storer.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -118,6 +178,18 @@ services { address = "10.77.77.77" port = 9301 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "nonce-taro-a-grpc" + name = "nonce-taro-a-grpc" + grpc = "10.77.77.77:9301" + grpc_use_tls = true + tls_server_name = "nonce.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -126,6 +198,18 @@ services { address = "10.77.77.77" port = 9501 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "nonce-taro-b-grpc" + name = "nonce-taro-b-grpc" + grpc = "10.77.77.77:9501" + grpc_use_tls = true + tls_server_name = "nonce.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -134,6 +218,18 @@ services { address = "10.77.77.77" port = 9401 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "nonce-zinc-grpc" + name = "nonce-zinc-grpc" + grpc = "10.77.77.77:9401" + grpc_use_tls = true + tls_server_name = "nonce.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -142,6 +238,18 @@ services { address = "10.77.77.77" port = 9391 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "publisher-a-grpc" + name = "publisher-a-grpc" + grpc = "10.77.77.77:9391" + grpc_use_tls = true + tls_server_name = "publisher.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -150,6 +258,18 @@ services { address = "10.77.77.77" port = 9491 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "publisher-b-grpc" + name = "publisher-b-grpc" + grpc = "10.77.77.77:9491" + grpc_use_tls = true + tls_server_name = "publisher.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -158,6 +278,18 @@ services { address = "10.77.77.77" port = 9594 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "ra-sct-provider-a-grpc" + name = "ra-sct-provider-a-grpc" + grpc = "10.77.77.77:9594" + grpc_use_tls = true + tls_server_name = "ra.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -166,6 +298,18 @@ services { address = "10.77.77.77" port = 9694 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "ra-sct-provider-b-grpc" + name = "ra-sct-provider-b-grpc" + grpc = "10.77.77.77:9694" + grpc_use_tls = true + tls_server_name = "ra.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -174,6 +318,18 @@ services { address = "10.77.77.77" port = 9394 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "ra-a-grpc" + name = "ra-a-grpc" + grpc = "10.77.77.77:9394" + grpc_use_tls = true + tls_server_name = "ra.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -182,6 +338,18 @@ services { address = "10.77.77.77" port = 9494 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "ra-b-grpc" + name = "ra-b-grpc" + grpc = "10.77.77.77:9494" + grpc_use_tls = true + tls_server_name = "ra.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -190,6 +358,18 @@ services { address = "10.77.77.77" port = 9397 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "rva1-a-grpc" + name = "rva1-a-grpc" + grpc = "10.77.77.77:9397" + grpc_use_tls = true + tls_server_name = "rva.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -198,6 +378,18 @@ services { address = "10.77.77.77" port = 9498 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "rva1-b-grpc" + name = "rva1-b-grpc" + grpc = "10.77.77.77:9498" + grpc_use_tls = true + tls_server_name = "rva.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -206,23 +398,18 @@ services { address = "10.77.77.77" port = 9499 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. -} - -# TODO(#5294) Remove rva2-a/b in favor of rva1-a/b -services { - id = "rva2-a" - name = "rva2" - address = "10.77.77.77" - port = 9897 - tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. -} - -services { - id = "rva2-b" - name = "rva2" - address = "10.77.77.77" - port = 9998 - tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "rva1-c-grpc" + name = "rva1-c-grpc" + grpc = "10.77.77.77:9499" + grpc_use_tls = true + tls_server_name = "rva.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -239,7 +426,8 @@ services { grpc_use_tls = true tls_server_name = "sa.boulder" tls_skip_verify = false - interval = "2s" + interval = "1s" + timeout = "500ms" }, { id = "sa-a-grpc-sa" @@ -248,7 +436,8 @@ services { grpc_use_tls = true tls_server_name = "sa.boulder" tls_skip_verify = false - interval = "2s" + interval = "1s" + timeout = "500ms" }, { id = "sa-a-grpc-saro" @@ -257,7 +446,8 @@ services { grpc_use_tls = true tls_server_name = "sa.boulder" tls_skip_verify = false - interval = "2s" + interval = "1s" + timeout = "500ms" } ] } @@ -276,7 +466,8 @@ services { grpc_use_tls = true tls_server_name = "sa.boulder" tls_skip_verify = false - interval = "2s" + interval = "1s" + timeout = "500ms" }, { id = "sa-b-grpc-sa" @@ -285,7 +476,8 @@ services { grpc_use_tls = true tls_server_name = "sa.boulder" tls_skip_verify = false - interval = "2s" + interval = "1s" + timeout = "500ms" }, { id = "sa-b-grpc-saro" @@ -294,7 +486,8 @@ services { grpc_use_tls = true tls_server_name = "sa.boulder" tls_skip_verify = false - interval = "2s" + interval = "1s" + timeout = "500ms" } ] } @@ -305,6 +498,18 @@ services { address = "10.77.77.77" port = 9392 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "va-a-grpc" + name = "va-a-grpc" + grpc = "10.77.77.77:9392" + grpc_use_tls = true + tls_server_name = "va.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -313,6 +518,18 @@ services { address = "10.77.77.77" port = 9492 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. + checks = [ + { + id = "va-b-grpc" + name = "va-b-grpc" + grpc = "10.77.77.77:9492" + grpc_use_tls = true + tls_server_name = "va.boulder" + tls_skip_verify = false + interval = "1s" + timeout = "500ms" + } + ] } services { @@ -351,7 +568,7 @@ services { name = "case1a-failing" http = "http://localhost:12345" // invalid url method = "GET" - interval = "2s" + interval = "500ms" } ] } diff --git a/test/integration/testdata/akamai-purger-queue-drain-config.json b/test/integration/testdata/akamai-purger-queue-drain-config.json index 0a09d857e1b..e1e02f5a7db 100644 --- a/test/integration/testdata/akamai-purger-queue-drain-config.json +++ b/test/integration/testdata/akamai-purger-queue-drain-config.json @@ -28,6 +28,7 @@ }, "grpc.health.v1.Health": { "clientNames": [ + "consul.boulder", "health-checker.boulder" ] } diff --git a/test/startservers.py b/test/startservers.py index ea98c0aea38..9580daf409d 100644 --- a/test/startservers.py +++ b/test/startservers.py @@ -214,9 +214,11 @@ def start(): signal.signal(signal.SIGINT, lambda _, __: stop()) # Check that we can resolve the service names before we try to start any - # services. This prevents a confusing error (timed out health check). + # services. This prevents a confusing error (timed out health check). We use + # the boulder.service.consul name because it has no health check, and thus + # will be served by the DNS server even if it's non-responsive. try: - socket.getaddrinfo('publisher.service.consul', None) + socket.getaddrinfo('boulder.service.consul', None) except Exception as e: print("Error querying DNS. Is consul running? `docker compose ps bconsul`. %s" % (e)) return False