func setupContext(c config) (core.RegistrationAuthority, blog.Logger, *gorp.DbMap, core.StorageAuthority, metrics.Scope) { stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "AdminRevoker") amqpConf := c.Revoker.AMQP var rac core.RegistrationAuthority if c.Revoker.RAService != nil { conn, err := bgrpc.ClientSetup(c.Revoker.RAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") rac = bgrpc.NewRegistrationAuthorityClient(rapb.NewRegistrationAuthorityClient(conn)) } else { var err error rac, err = rpc.NewRegistrationAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create RA AMQP client") } dbURL, err := c.Revoker.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, c.Revoker.DBConfig.MaxDBConns) cmd.FailOnError(err, "Couldn't setup database connection") go sa.ReportDbConnCount(dbMap, scope) var sac core.StorageAuthority if c.Revoker.SAService != nil { conn, err := bgrpc.ClientSetup(c.Revoker.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Failed to create SA client") } return rac, logger, dbMap, sac, scope }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") conf := c.OCSPUpdater stats, auditlogger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "OCSPUpdater") defer auditlogger.AuditPanic() auditlogger.Info(cmd.VersionString(clientName)) // Configure DB dbURL, err := conf.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, conf.DBConfig.MaxDBConns) cmd.FailOnError(err, "Could not connect to database") go sa.ReportDbConnCount(dbMap, scope) cac, pubc, sac := setupClients(conf, scope) updater, err := newUpdater( scope, clock.Default(), dbMap, cac, pubc, sac, // Necessary evil for now conf, c.Common.CT.Logs, c.Common.IssuerCert, auditlogger, ) cmd.FailOnError(err, "Failed to create updater") for _, l := range updater.loops { go func(loop *looper) { err = loop.loop() if err != nil { auditlogger.AuditErr(err.Error()) } }(l) } go cmd.DebugServer(conf.DebugAddr) go cmd.ProfileCmd(scope) // Sleep forever (until signaled) select {} }
func main() { dryRun := flag.Bool("dryRun", true, "Whether to do a dry run.") sleep := flag.Duration("sleep", 60*time.Second, "How long to sleep between batches.") batchSize := flag.Uint("batchSize", 1000, "Number of certificates to process between sleeps.") numBatches := flag.Uint("numBatches", 999999, "Stop processing after N batches.") type config struct { NotAfterBackFiller struct { cmd.DBConfig } Statsd cmd.StatsdConfig Syslog cmd.SyslogConfig } configFile := flag.String("config", "", "File containing a JSON config.") flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n\n", usageIntro) fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) flag.PrintDefaults() } flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } configData, err := ioutil.ReadFile(*configFile) cmd.FailOnError(err, fmt.Sprintf("Reading %q", *configFile)) var cfg config err = json.Unmarshal(configData, &cfg) cmd.FailOnError(err, "Unmarshaling config") stats, log := cmd.StatsAndLogging(cfg.Statsd, cfg.Syslog) defer log.AuditPanic() dbURL, err := cfg.NotAfterBackFiller.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, 10) cmd.FailOnError(err, "Could not connect to database") go sa.ReportDbConnCount(dbMap, metrics.NewStatsdScope(stats, "NotAfterBackfiller")) b := backfiller{ dbMap: dbMap, log: log, clk: cmd.Clock(), dryRun: *dryRun, batchSize: *batchSize, numBatches: *numBatches, sleep: *sleep, } err = b.processForever() cmd.FailOnError(err, "Could not process certificate batches") }
func setup(c *cli.Context) (statsd.Statter, *blog.AuditLogger, *rpc.StorageAuthorityClient) { configJSON, err := ioutil.ReadFile(c.GlobalString("config")) cmd.FailOnError(err, "Failed to read config file") var conf config err = json.Unmarshal(configJSON, &conf) cmd.FailOnError(err, "Failed to parse config file") stats, logger := cmd.StatsAndLogging(conf.Statsd, conf.Syslog) sa, err := rpc.NewStorageAuthorityClient("orphan-finder", &conf.AMQP, stats) cmd.FailOnError(err, "Failed to create SA client") return stats, logger, sa }
func main() { outFile := flag.String("outfile", "", "File to write contacts to (defaults to stdout).") grace := flag.Duration("grace", 2*24*time.Hour, "Include contacts with certificates that expired in < grace ago") type config struct { ContactExporter struct { cmd.DBConfig cmd.PasswordConfig } } configFile := flag.String("config", "", "File containing a JSON config.") flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n\n", usageIntro) fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) flag.PrintDefaults() } flag.Parse() if *outFile == "" || *configFile == "" { flag.Usage() os.Exit(1) } _, log := cmd.StatsAndLogging(cmd.StatsdConfig{}, cmd.SyslogConfig{StdoutLevel: 7}) configData, err := ioutil.ReadFile(*configFile) cmd.FailOnError(err, fmt.Sprintf("Reading %q", *configFile)) var cfg config err = json.Unmarshal(configData, &cfg) cmd.FailOnError(err, "Unmarshaling config") dbURL, err := cfg.ContactExporter.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, 10) cmd.FailOnError(err, "Could not connect to database") exporter := contactExporter{ log: log, dbMap: dbMap, clk: cmd.Clock(), grace: *grace, } contacts, err := exporter.findContacts() cmd.FailOnError(err, "Could not find contacts") err = writeContacts(contacts, *outFile) cmd.FailOnError(err, fmt.Sprintf("Could not write contacts to outfile %q", *outFile)) }
func main() { yes := flag.Bool("yes", false, "Skips the purge confirmation") configPath := flag.String("config", "config.json", "Path to Boulder configuration file") flag.Parse() configJSON, err := ioutil.ReadFile(*configPath) if err != nil { fmt.Fprintf(os.Stderr, "Failed to read config file '%s': %s\n", *configPath, err) os.Exit(1) } var config eapConfig err = json.Unmarshal(configJSON, &config) cmd.FailOnError(err, "Failed to parse config") // Set up logging stats, auditlogger := cmd.StatsAndLogging(config.ExpiredAuthzPurger.Statsd, config.ExpiredAuthzPurger.Syslog) auditlogger.Info(cmd.Version()) // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 defer auditlogger.AuditPanic() // Configure DB dbURL, err := config.ExpiredAuthzPurger.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, config.ExpiredAuthzPurger.DBConfig.MaxDBConns) cmd.FailOnError(err, "Could not connect to database") go sa.ReportDbConnCount(dbMap, metrics.NewStatsdScope(stats, "AuthzPurger")) purger := &expiredAuthzPurger{ stats: stats, log: auditlogger, clk: cmd.Clock(), db: dbMap, batchSize: int64(config.ExpiredAuthzPurger.BatchSize), } if config.ExpiredAuthzPurger.GracePeriod.Duration == 0 { fmt.Fprintln(os.Stderr, "Grace period is 0, refusing to purge all pending authorizations") os.Exit(1) } purgeBefore := purger.clk.Now().Add(-config.ExpiredAuthzPurger.GracePeriod.Duration) _, err = purger.purgeAuthzs(purgeBefore, *yes) cmd.FailOnError(err, "Failed to purge authorizations") }
func setupContext(context *cli.Context) (rpc.RegistrationAuthorityClient, *blog.AuditLogger, *gorp.DbMap, rpc.StorageAuthorityClient) { c, err := loadConfig(context) cmd.FailOnError(err, "Failed to load Boulder configuration") stats, auditlogger := cmd.StatsAndLogging(c.Statsd, c.Syslog) amqpConf := c.Revoker.AMQP rac, err := rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Unable to create CA client") dbMap, err := sa.NewDbMap(c.Revoker.DBConnect) cmd.FailOnError(err, "Couldn't setup database connection") sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create SA client") return *rac, auditlogger, dbMap, *sac }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadJSONFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") go cmd.DebugServer(c.SA.DebugAddr) stats, logger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig) defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) saConf := c.SA dbURL, err := saConf.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, saConf.DBConfig.MaxDBConns) cmd.FailOnError(err, "Couldn't connect to SA database") go sa.ReportDbConnCount(dbMap, metrics.NewStatsdScope(stats, "SA")) sai, err := sa.NewSQLStorageAuthority(dbMap, clock.Default(), logger) cmd.FailOnError(err, "Failed to create SA impl") go cmd.ProfileCmd("SA", stats) amqpConf := saConf.AMQP sas, err := rpc.NewAmqpRPCServer(amqpConf, c.SA.MaxConcurrentRPCServerRequests, stats, logger) cmd.FailOnError(err, "Unable to create SA RPC server") err = rpc.NewStorageAuthorityServer(sas, sai) cmd.FailOnError(err, "Unable to setup SA RPC server") err = sas.Start(amqpConf) cmd.FailOnError(err, "Unable to run SA RPC server") }
func main() { outFile := flag.String("outfile", "", "File to write contacts to (defaults to stdout).") type config struct { ContactExporter struct { cmd.DBConfig cmd.PasswordConfig } } configFile := flag.String("config", "", "File containing a JSON config.") flag.Parse() if outFile == nil { flag.Usage() os.Exit(1) } _, log := cmd.StatsAndLogging(cmd.StatsdConfig{}, cmd.SyslogConfig{StdoutLevel: 7}) configData, err := ioutil.ReadFile(*configFile) cmd.FailOnError(err, fmt.Sprintf("Reading %s", *configFile)) var cfg config err = json.Unmarshal(configData, &cfg) cmd.FailOnError(err, "Unmarshaling config") dbURL, err := cfg.ContactExporter.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, 10) cmd.FailOnError(err, "Could not connect to database") exporter := contactExporter{ log: log, dbMap: dbMap, clk: cmd.Clock(), } contacts, err := exporter.findContacts() cmd.FailOnError(err, "Could not find contacts") err = writeContacts(contacts, *outFile) cmd.FailOnError(err, fmt.Sprintf("Could not write contacts to outfile '%s'", *outFile)) }
func setupContext(context *cli.Context) (rpc.RegistrationAuthorityClient, blog.Logger, *gorp.DbMap, rpc.StorageAuthorityClient, statsd.Statter) { c, err := loadConfig(context) cmd.FailOnError(err, "Failed to load Boulder configuration") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) amqpConf := c.Revoker.AMQP rac, err := rpc.NewRegistrationAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Unable to create CA client") dbURL, err := c.Revoker.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, c.Revoker.DBConfig.MaxDBConns) cmd.FailOnError(err, "Couldn't setup database connection") go sa.ReportDbConnCount(dbMap, metrics.NewStatsdScope(stats, "AdminRevoker")) sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create SA client") return *rac, logger, dbMap, *sac, stats }
func setupContext(context *cli.Context) (rpc.RegistrationAuthorityClient, *blog.AuditLogger, *gorp.DbMap, rpc.StorageAuthorityClient) { c, err := loadConfig(context) cmd.FailOnError(err, "Failed to load Boulder configuration") stats, auditlogger := cmd.StatsAndLogging(c.Statsd, c.Syslog) raRPC, err := rpc.NewAmqpRPCClient("AdminRevoker->RA", c.AMQP.RA.Server, c, stats) cmd.FailOnError(err, "Unable to create RPC client") rac, err := rpc.NewRegistrationAuthorityClient(raRPC) cmd.FailOnError(err, "Unable to create CA client") dbMap, err := sa.NewDbMap(c.Revoker.DBConnect) cmd.FailOnError(err, "Couldn't setup database connection") saRPC, err := rpc.NewAmqpRPCClient("AdminRevoker->SA", c.AMQP.SA.Server, c, stats) cmd.FailOnError(err, "Unable to create RPC client") sac, err := rpc.NewStorageAuthorityClient(saRPC) cmd.FailOnError(err, "Failed to create SA client") return rac, auditlogger, dbMap, sac }
func main() { from := flag.String("from", "", "From header for emails. Must be a bare email address.") subject := flag.String("subject", "", "Subject of emails") toFile := flag.String("toFile", "", "File containing a JSON array of registration IDs to send to.") bodyFile := flag.String("body", "", "File containing the email body in plain text format.") dryRun := flag.Bool("dryRun", true, "Whether to do a dry run.") sleep := flag.Duration("sleep", 60*time.Second, "How long to sleep between emails.") start := flag.Int("start", 0, "Line of input file to start from.") end := flag.Int("end", 99999999, "Line of input file to end before.") reconnBase := flag.Duration("reconnectBase", 1*time.Second, "Base sleep duration between reconnect attempts") reconnMax := flag.Duration("reconnectMax", 5*60*time.Second, "Max sleep duration between reconnect attempts after exponential backoff") type config struct { NotifyMailer struct { cmd.DBConfig cmd.PasswordConfig cmd.SMTPConfig } Statsd cmd.StatsdConfig Syslog cmd.SyslogConfig } configFile := flag.String("config", "", "File containing a JSON config.") flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n\n", usageIntro) fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) flag.PrintDefaults() } flag.Parse() if *from == "" || *subject == "" || *bodyFile == "" || *configFile == "" { flag.Usage() os.Exit(1) } configData, err := ioutil.ReadFile(*configFile) cmd.FailOnError(err, fmt.Sprintf("Reading %q", *configFile)) var cfg config err = json.Unmarshal(configData, &cfg) cmd.FailOnError(err, "Unmarshaling config") stats, log := cmd.StatsAndLogging(cfg.Statsd, cfg.Syslog) scope := metrics.NewStatsdScope(stats, "NotificationMailer") defer log.AuditPanic() dbURL, err := cfg.NotifyMailer.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, 10) cmd.FailOnError(err, "Could not connect to database") go sa.ReportDbConnCount(dbMap, scope) // Load email body body, err := ioutil.ReadFile(*bodyFile) cmd.FailOnError(err, fmt.Sprintf("Reading %q", *bodyFile)) address, err := mail.ParseAddress(*from) cmd.FailOnError(err, fmt.Sprintf("Parsing %q", *from)) toBody, err := ioutil.ReadFile(*toFile) cmd.FailOnError(err, fmt.Sprintf("Reading %q", *toFile)) checkpointRange := interval{ start: *start, end: *end, } var mailClient bmail.Mailer if *dryRun { mailClient = bmail.NewDryRun(*address, log) } else { smtpPassword, err := cfg.NotifyMailer.PasswordConfig.Pass() cmd.FailOnError(err, "Failed to load SMTP password") mailClient = bmail.New( cfg.NotifyMailer.Server, cfg.NotifyMailer.Port, cfg.NotifyMailer.Username, smtpPassword, *address, log, scope, *reconnBase, *reconnMax) } m := mailer{ clk: cmd.Clock(), log: log, dbMap: dbMap, mailer: mailClient, subject: *subject, destinations: toBody, emailTemplate: string(body), checkpoint: checkpointRange, sleepInterval: *sleep, } err = m.run() cmd.FailOnError(err, "mailer.send returned error") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "VA") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) pc := &cmd.PortConfig{ HTTPPort: 80, HTTPSPort: 443, TLSPort: 443, } if c.VA.PortConfig.HTTPPort != 0 { pc.HTTPPort = c.VA.PortConfig.HTTPPort } if c.VA.PortConfig.HTTPSPort != 0 { pc.HTTPSPort = c.VA.PortConfig.HTTPSPort } if c.VA.PortConfig.TLSPort != 0 { pc.TLSPort = c.VA.PortConfig.TLSPort } sbc := newGoogleSafeBrowsing(c.VA.GoogleSafeBrowsing) var cdrClient *cdr.CAADistributedResolver if c.VA.CAADistributedResolver != nil { var err error cdrClient, err = cdr.New( scope, c.VA.CAADistributedResolver.Timeout.Duration, c.VA.CAADistributedResolver.MaxFailures, c.VA.CAADistributedResolver.Proxies, logger) cmd.FailOnError(err, "Failed to create CAADistributedResolver") } dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout) cmd.FailOnError(err, "Couldn't parse DNS timeout") dnsTries := c.VA.DNSTries if dnsTries < 1 { dnsTries = 1 } clk := clock.Default() caaSERVFAILExceptions, err := bdns.ReadHostList(c.VA.CAASERVFAILExceptions) cmd.FailOnError(err, "Couldn't read CAASERVFAILExceptions file") var resolver bdns.DNSResolver if !c.Common.DNSAllowLoopbackAddresses { r := bdns.NewDNSResolverImpl( dnsTimeout, []string{c.Common.DNSResolver}, caaSERVFAILExceptions, scope, clk, dnsTries) resolver = r } else { r := bdns.NewTestDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scope, clk, dnsTries) resolver = r } vai := va.NewValidationAuthorityImpl( pc, sbc, cdrClient, resolver, c.VA.UserAgent, c.VA.IssuerDomain, scope, clk, logger) amqpConf := c.VA.AMQP var grpcSrv *grpc.Server if c.VA.GRPC != nil { s, l, err := bgrpc.NewServer(c.VA.GRPC, scope) cmd.FailOnError(err, "Unable to setup VA gRPC server") err = bgrpc.RegisterValidationAuthorityGRPCServer(s, vai) cmd.FailOnError(err, "Unable to register VA gRPC server") go func() { err = s.Serve(l) cmd.FailOnError(err, "VA gRPC service failed") }() grpcSrv = s } vas, err := rpc.NewAmqpRPCServer(amqpConf, c.VA.MaxConcurrentRPCServerRequests, scope, logger) cmd.FailOnError(err, "Unable to create VA RPC server") go cmd.CatchSignals(logger, func() { vas.Stop() if grpcSrv != nil { grpcSrv.GracefulStop() } }) err = rpc.NewValidationAuthorityServer(vas, vai) cmd.FailOnError(err, "Unable to setup VA RPC server") go cmd.DebugServer(c.VA.DebugAddr) go cmd.ProfileCmd(scope) err = vas.Start(amqpConf) cmd.FailOnError(err, "Unable to run VA RPC server") }
func main() { from := flag.String("from", "", "From header for emails. Must be a bare email address.") subject := flag.String("subject", "", "Subject of emails") toFile := flag.String("toFile", "", "File containing a list of email addresses to send to, one per file.") bodyFile := flag.String("body", "", "File containing the email body in plain text format.") dryRun := flag.Bool("dryRun", true, "Whether to do a dry run.") sleep := flag.Duration("sleep", 60*time.Second, "How long to sleep between emails.") start := flag.Int("start", 0, "Line of input file to start from.") end := flag.Int("end", 99999999, "Line of input file to end before.") type config struct { NotifyMailer struct { cmd.DBConfig cmd.PasswordConfig cmd.SMTPConfig } } configFile := flag.String("config", "", "File containing a JSON config.") flag.Parse() if from == nil || subject == nil || bodyFile == nil || configFile == nil { flag.Usage() os.Exit(1) } _, log := cmd.StatsAndLogging(cmd.StatsdConfig{}, cmd.SyslogConfig{StdoutLevel: 7}) configData, err := ioutil.ReadFile(*configFile) cmd.FailOnError(err, fmt.Sprintf("Reading %s", *configFile)) var cfg config err = json.Unmarshal(configData, &cfg) cmd.FailOnError(err, "Unmarshaling config") dbURL, err := cfg.NotifyMailer.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, 10) cmd.FailOnError(err, "Could not connect to database") // Load email body body, err := ioutil.ReadFile(*bodyFile) cmd.FailOnError(err, fmt.Sprintf("Reading %s", *bodyFile)) address, err := mail.ParseAddress(*from) cmd.FailOnError(err, fmt.Sprintf("Parsing %s", *from)) toBody, err := ioutil.ReadFile(*toFile) cmd.FailOnError(err, fmt.Sprintf("Reading %s", *toFile)) destinations := strings.Split(string(toBody), "\n") checkpointRange := interval{ start: *start, end: *end, } var mailClient bmail.Mailer if *dryRun { mailClient = bmail.NewDryRun(*address, log) } else { smtpPassword, err := cfg.NotifyMailer.PasswordConfig.Pass() cmd.FailOnError(err, "Failed to load SMTP password") mailClient = bmail.New( cfg.NotifyMailer.Server, cfg.NotifyMailer.Port, cfg.NotifyMailer.Username, smtpPassword, *address) } err = mailClient.Connect() cmd.FailOnError(err, fmt.Sprintf("Connecting to %s:%s", cfg.NotifyMailer.Server, cfg.NotifyMailer.Port)) defer func() { err = mailClient.Close() cmd.FailOnError(err, "Closing mail client") }() m := mailer{ clk: cmd.Clock(), log: log, dbMap: dbMap, mailer: mailClient, subject: *subject, destinations: destinations, emailTemplate: string(body), checkpoint: checkpointRange, sleepInterval: *sleep, } err = m.run() cmd.FailOnError(err, "mailer.send returned error") }
func main() { app := cli.NewApp() app.Name = "akamai-purger" app.Usage = "Purge a resource from the Akamai CDN cache" app.Version = cmd.Version() app.Author = "Boulder contributors" app.Email = "*****@*****.**" app.Flags = []cli.Flag{ cli.StringFlag{ Name: "config", Value: "config.json", EnvVar: "BOULDER_CONFIG", Usage: "Path to Boulder JSON configuration file", }, cli.StringFlag{ Name: "url", Usage: "URL to purge from CDN", }, } app.Action = func(c *cli.Context) { configFileName := c.GlobalString("config") url := c.GlobalString("url") if url == "" || configFileName == "" { fmt.Println("Both -url -config (or BOULDER_CONFIG) are required") return } configJSON, err := ioutil.ReadFile(configFileName) if err != nil { fmt.Printf("Failed to read config file: %s\n", err) return } var config cmd.Config err = json.Unmarshal(configJSON, &config) // Set up logging stats, auditlogger := cmd.StatsAndLogging(config.Statsd, config.Syslog) auditlogger.Info(app.Version) // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 defer auditlogger.AuditPanic() akamaiClient, err := akamai.NewCachePurgeClient( config.OCSPUpdater.AkamaiBaseURL, config.OCSPUpdater.AkamaiClientToken, config.OCSPUpdater.AkamaiClientSecret, config.OCSPUpdater.AkamaiAccessToken, config.OCSPUpdater.AkamaiPurgeRetries, config.OCSPUpdater.AkamaiPurgeRetryBackoff.Duration, auditlogger, stats, ) cmd.FailOnError(err, "Failed to create Akamai CachePurgeClient") err = akamaiClient.Purge([]string{url}) cmd.FailOnError(err, "Failed to purge requested resource") } err := app.Run(os.Args) cmd.FailOnError(err, "Failed to run application") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") err = features.Set(c.SA.Features) cmd.FailOnError(err, "Failed to set feature flags") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "SA") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) saConf := c.SA dbURL, err := saConf.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, saConf.DBConfig.MaxDBConns) cmd.FailOnError(err, "Couldn't connect to SA database") go sa.ReportDbConnCount(dbMap, scope) sai, err := sa.NewSQLStorageAuthority(dbMap, clock.Default(), logger) cmd.FailOnError(err, "Failed to create SA impl") var grpcSrv *grpc.Server if c.SA.GRPC != nil { var listener net.Listener grpcSrv, listener, err = bgrpc.NewServer(c.SA.GRPC, scope) cmd.FailOnError(err, "Unable to setup SA gRPC server") gw := bgrpc.NewStorageAuthorityServer(sai) sapb.RegisterStorageAuthorityServer(grpcSrv, gw) go func() { err = grpcSrv.Serve(listener) cmd.FailOnError(err, "SA gRPC service failed") }() } amqpConf := saConf.AMQP sas, err := rpc.NewAmqpRPCServer(amqpConf, c.SA.MaxConcurrentRPCServerRequests, scope, logger) cmd.FailOnError(err, "Unable to create SA RPC server") go cmd.CatchSignals(logger, func() { sas.Stop() if grpcSrv != nil { grpcSrv.GracefulStop() } }) err = rpc.NewStorageAuthorityServer(sas, sai) cmd.FailOnError(err, "Unable to setup SA RPC server") go cmd.DebugServer(c.SA.DebugAddr) go cmd.ProfileCmd(scope) err = sas.Start(amqpConf) cmd.FailOnError(err, "Unable to run SA RPC server") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { fmt.Fprintf(os.Stderr, `Usage of %s: Config JSON should contain either a DBConnectFile or a Source value containing a file: URL. If Source is a file: URL, the file should contain a list of OCSP responses in base64-encoded DER, as generated by Boulder's single-ocsp command. `, os.Args[0]) flag.PrintDefaults() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "OCSPResponder") defer logger.AuditPanic() logger.Info(cmd.VersionString("ocsp-responder")) config := c.OCSPResponder var source cfocsp.Source if strings.HasPrefix(config.Source, "file:") { url, err := url.Parse(config.Source) cmd.FailOnError(err, "Source was not a URL") filename := url.Path // Go interprets cwd-relative file urls (file:test/foo.txt) as having the // relative part of the path in the 'Opaque' field. if filename == "" { filename = url.Opaque } source, err = cfocsp.NewSourceFromFile(filename) cmd.FailOnError(err, fmt.Sprintf("Couldn't read file: %s", url.Path)) } else { // For databases, DBConfig takes precedence over Source, if present. dbConnect, err := config.DBConfig.URL() cmd.FailOnError(err, "Reading DB config") if dbConnect == "" { dbConnect = config.Source } logger.Info(fmt.Sprintf("Loading OCSP Database for CA Cert: %s", c.Common.IssuerCert)) dbMap, err := sa.NewDbMap(dbConnect, config.DBConfig.MaxDBConns) cmd.FailOnError(err, "Could not connect to database") sa.SetSQLDebug(dbMap, logger) go sa.ReportDbConnCount(dbMap, scope) source, err = makeDBSource(dbMap, c.Common.IssuerCert, logger) cmd.FailOnError(err, "Couldn't load OCSP DB") } stopTimeout, err := time.ParseDuration(c.OCSPResponder.ShutdownStopTimeout) cmd.FailOnError(err, "Couldn't parse shutdown stop timeout") killTimeout, err := time.ParseDuration(c.OCSPResponder.ShutdownKillTimeout) cmd.FailOnError(err, "Couldn't parse shutdown kill timeout") m := mux(scope, c.OCSPResponder.Path, source) srv := &http.Server{ Addr: c.OCSPResponder.ListenAddress, Handler: m, } go cmd.DebugServer(c.OCSPResponder.DebugAddr) go cmd.ProfileCmd(scope) hd := &httpdown.HTTP{ StopTimeout: stopTimeout, KillTimeout: killTimeout, Stats: metrics.NewFBAdapter(scope, clock.Default()), } hdSrv, err := hd.ListenAndServe(srv) cmd.FailOnError(err, "Error starting HTTP server") go cmd.CatchSignals(logger, func() { _ = hdSrv.Stop() }) forever := make(chan struct{}, 1) <-forever }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") err = features.Set(c.RA.Features) cmd.FailOnError(err, "Failed to set feature flags") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "RA") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) // Validate PA config and set defaults if needed cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") pa, err := policy.New(c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") if c.RA.HostnamePolicyFile == "" { cmd.FailOnError(fmt.Errorf("HostnamePolicyFile must be provided."), "") } err = pa.SetHostnamePolicyFile(c.RA.HostnamePolicyFile) cmd.FailOnError(err, "Couldn't load hostname policy file") amqpConf := c.RA.AMQP var vac core.ValidationAuthority if c.RA.VAService != nil { conn, err := bgrpc.ClientSetup(c.RA.VAService, scope) cmd.FailOnError(err, "Unable to create VA client") vac = bgrpc.NewValidationAuthorityGRPCClient(conn) } else { vac, err = rpc.NewValidationAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create VA client") } var cac core.CertificateAuthority if c.RA.CAService != nil { conn, err := bgrpc.ClientSetup(c.RA.CAService, scope) cmd.FailOnError(err, "Unable to create CA client") cac = bgrpc.NewCertificateAuthorityClient(caPB.NewCertificateAuthorityClient(conn)) } else { cac, err = rpc.NewCertificateAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create CA client") } var pubc core.Publisher if c.RA.PublisherService != nil { conn, err := bgrpc.ClientSetup(c.RA.PublisherService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to Publisher") pubc = bgrpc.NewPublisherClientWrapper(pubPB.NewPublisherClient(conn)) } var sac core.StorageAuthority if c.RA.SAService != nil { conn, err := bgrpc.ClientSetup(c.RA.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create SA client") } // TODO(patf): remove once RA.authorizationLifetimeDays is deployed authorizationLifetime := 300 * 24 * time.Hour if c.RA.AuthorizationLifetimeDays != 0 { authorizationLifetime = time.Duration(c.RA.AuthorizationLifetimeDays) * 24 * time.Hour } // TODO(patf): remove once RA.pendingAuthorizationLifetimeDays is deployed pendingAuthorizationLifetime := 7 * 24 * time.Hour if c.RA.PendingAuthorizationLifetimeDays != 0 { pendingAuthorizationLifetime = time.Duration(c.RA.PendingAuthorizationLifetimeDays) * 24 * time.Hour } rai := ra.NewRegistrationAuthorityImpl( clock.Default(), logger, scope, c.RA.MaxContactsPerRegistration, goodkey.NewKeyPolicy(), c.RA.MaxNames, c.RA.DoNotForceCN, c.RA.ReuseValidAuthz, authorizationLifetime, pendingAuthorizationLifetime, pubc) policyErr := rai.SetRateLimitPoliciesFile(c.RA.RateLimitPoliciesFilename) cmd.FailOnError(policyErr, "Couldn't load rate limit policies file") rai.PA = pa raDNSTimeout, err := time.ParseDuration(c.Common.DNSTimeout) cmd.FailOnError(err, "Couldn't parse RA DNS timeout") dnsTries := c.RA.DNSTries if dnsTries < 1 { dnsTries = 1 } if !c.Common.DNSAllowLoopbackAddresses { rai.DNSResolver = bdns.NewDNSResolverImpl( raDNSTimeout, []string{c.Common.DNSResolver}, nil, scope, clock.Default(), dnsTries) } else { rai.DNSResolver = bdns.NewTestDNSResolverImpl( raDNSTimeout, []string{c.Common.DNSResolver}, scope, clock.Default(), dnsTries) } rai.VA = vac rai.CA = cac rai.SA = sac err = rai.UpdateIssuedCountForever() cmd.FailOnError(err, "Updating total issuance count") var grpcSrv *grpc.Server if c.RA.GRPC != nil { var listener net.Listener grpcSrv, listener, err = bgrpc.NewServer(c.RA.GRPC, scope) cmd.FailOnError(err, "Unable to setup RA gRPC server") gw := bgrpc.NewRegistrationAuthorityServer(rai) rapb.RegisterRegistrationAuthorityServer(grpcSrv, gw) go func() { err = grpcSrv.Serve(listener) cmd.FailOnError(err, "RA gRPC service failed") }() } ras, err := rpc.NewAmqpRPCServer(amqpConf, c.RA.MaxConcurrentRPCServerRequests, scope, logger) cmd.FailOnError(err, "Unable to create RA RPC server") go cmd.CatchSignals(logger, func() { ras.Stop() if grpcSrv != nil { grpcSrv.GracefulStop() } }) err = rpc.NewRegistrationAuthorityServer(ras, rai, logger) cmd.FailOnError(err, "Unable to setup RA RPC server") go cmd.DebugServer(c.RA.DebugAddr) go cmd.ProfileCmd(scope) err = ras.Start(amqpConf) cmd.FailOnError(err, "Unable to run RA RPC server") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") err = features.Set(c.WFE.Features) cmd.FailOnError(err, "Failed to set feature flags") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "WFE") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) wfe, err := wfe.NewWebFrontEndImpl(scope, clock.Default(), goodkey.NewKeyPolicy(), logger) cmd.FailOnError(err, "Unable to create WFE") rac, sac := setupWFE(c, logger, scope) wfe.RA = rac wfe.SA = sac // TODO: remove this check once the production config uses the SubscriberAgreementURL in the wfe section if c.WFE.SubscriberAgreementURL != "" { wfe.SubscriberAgreementURL = c.WFE.SubscriberAgreementURL } else { wfe.SubscriberAgreementURL = c.SubscriberAgreementURL } wfe.AllowOrigins = c.WFE.AllowOrigins wfe.AcceptRevocationReason = c.WFE.AcceptRevocationReason wfe.AllowAuthzDeactivation = c.WFE.AllowAuthzDeactivation wfe.CertCacheDuration = c.WFE.CertCacheDuration.Duration wfe.CertNoCacheExpirationWindow = c.WFE.CertNoCacheExpirationWindow.Duration wfe.IndexCacheDuration = c.WFE.IndexCacheDuration.Duration wfe.IssuerCacheDuration = c.WFE.IssuerCacheDuration.Duration wfe.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert) cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert)) logger.Info(fmt.Sprintf("WFE using key policy: %#v", goodkey.NewKeyPolicy())) // Set up paths wfe.BaseURL = c.Common.BaseURL h := wfe.Handler() httpMonitor := metrics.NewHTTPMonitor(scope, h) logger.Info(fmt.Sprintf("Server running, listening on %s...\n", c.WFE.ListenAddress)) srv := &http.Server{ Addr: c.WFE.ListenAddress, Handler: httpMonitor, } go cmd.DebugServer(c.WFE.DebugAddr) go cmd.ProfileCmd(scope) hd := &httpdown.HTTP{ StopTimeout: c.WFE.ShutdownStopTimeout.Duration, KillTimeout: c.WFE.ShutdownKillTimeout.Duration, Stats: metrics.NewFBAdapter(scope, clock.Default()), } hdSrv, err := hd.ListenAndServe(srv) cmd.FailOnError(err, "Error starting HTTP server") go cmd.CatchSignals(logger, func() { _ = hdSrv.Stop() }) forever := make(chan struct{}, 1) <-forever }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadJSONFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") go cmd.DebugServer(c.CA.DebugAddr) stats, logger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig) defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") pa, err := policy.New(c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") if c.CA.HostnamePolicyFile == "" { cmd.FailOnError(fmt.Errorf("HostnamePolicyFile was empty."), "") } err = pa.SetHostnamePolicyFile(c.CA.HostnamePolicyFile) cmd.FailOnError(err, "Couldn't load hostname policy file") issuers, err := loadIssuers(c) cmd.FailOnError(err, "Couldn't load issuers") cai, err := ca.NewCertificateAuthorityImpl( c.CA, clock.Default(), stats, issuers, c.KeyPolicy(), logger) cmd.FailOnError(err, "Failed to create CA impl") cai.PA = pa go cmd.ProfileCmd("CA", stats) amqpConf := c.CA.AMQP cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create SA client") if c.CA.PublisherService != nil { conn, err := bgrpc.ClientSetup(c.CA.PublisherService) cmd.FailOnError(err, "Failed to load credentials and create connection to service") cai.Publisher = bgrpc.NewPublisherClientWrapper(pubPB.NewPublisherClient(conn), c.CA.PublisherService.Timeout.Duration) } else { cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Failed to create Publisher client") } cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, stats, logger) cmd.FailOnError(err, "Unable to create CA RPC server") err = rpc.NewCertificateAuthorityServer(cas, cai) cmd.FailOnError(err, "Failed to create Certificate Authority RPC server") err = cas.Start(amqpConf) cmd.FailOnError(err, "Unable to run CA RPC server") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") certLimit := flag.Int("cert_limit", 0, "Count of certificates to process per expiration period") reconnBase := flag.Duration("reconnectBase", 1*time.Second, "Base sleep duration between reconnect attempts") reconnMax := flag.Duration("reconnectMax", 5*60*time.Second, "Max sleep duration between reconnect attempts after exponential backoff") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "Expiration") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) if *certLimit > 0 { c.Mailer.CertLimit = *certLimit } // Default to 100 if no certLimit is set if c.Mailer.CertLimit == 0 { c.Mailer.CertLimit = 100 } // Configure DB dbURL, err := c.Mailer.DBConfig.URL() cmd.FailOnError(err, "Couldn't load DB URL") dbMap, err := sa.NewDbMap(dbURL, c.Mailer.DBConfig.MaxDBConns) sa.SetSQLDebug(dbMap, logger) cmd.FailOnError(err, "Could not connect to database") go sa.ReportDbConnCount(dbMap, scope) var sac core.StorageAuthority if c.Mailer.SAService != nil { conn, err := bgrpc.ClientSetup(c.Mailer.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { sac, err = rpc.NewStorageAuthorityClient(clientName, c.Mailer.AMQP, scope) cmd.FailOnError(err, "Failed to create SA client") } // Load email template emailTmpl, err := ioutil.ReadFile(c.Mailer.EmailTemplate) cmd.FailOnError(err, fmt.Sprintf("Could not read email template file [%s]", c.Mailer.EmailTemplate)) tmpl, err := template.New("expiry-email").Parse(string(emailTmpl)) cmd.FailOnError(err, "Could not parse email template") fromAddress, err := netmail.ParseAddress(c.Mailer.From) cmd.FailOnError(err, fmt.Sprintf("Could not parse from address: %s", c.Mailer.From)) smtpPassword, err := c.Mailer.PasswordConfig.Pass() cmd.FailOnError(err, "Failed to load SMTP password") mailClient := bmail.New( c.Mailer.Server, c.Mailer.Port, c.Mailer.Username, smtpPassword, *fromAddress, logger, scope, *reconnBase, *reconnMax) nagCheckInterval := defaultNagCheckInterval if s := c.Mailer.NagCheckInterval; s != "" { nagCheckInterval, err = time.ParseDuration(s) if err != nil { logger.AuditErr(fmt.Sprintf("Failed to parse NagCheckInterval string %q: %s", s, err)) return } } var nags durationSlice for _, nagDuration := range c.Mailer.NagTimes { dur, err := time.ParseDuration(nagDuration) if err != nil { logger.AuditErr(fmt.Sprintf("Failed to parse nag duration string [%s]: %s", nagDuration, err)) return } nags = append(nags, dur+nagCheckInterval) } // Make sure durations are sorted in increasing order sort.Sort(nags) m := mailer{ stats: scope, subject: c.Mailer.Subject, log: logger, dbMap: dbMap, rs: sac, mailer: mailClient, emailTemplate: tmpl, nagTimes: nags, limit: c.Mailer.CertLimit, clk: cmd.Clock(), } go cmd.DebugServer(c.Mailer.DebugAddr) err = m.findExpiringCertificates() cmd.FailOnError(err, "expiration-mailer has failed") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") err = features.Set(c.CA.Features) cmd.FailOnError(err, "Failed to set feature flags") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "CA") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") pa, err := policy.New(c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") if c.CA.HostnamePolicyFile == "" { cmd.FailOnError(fmt.Errorf("HostnamePolicyFile was empty."), "") } err = pa.SetHostnamePolicyFile(c.CA.HostnamePolicyFile) cmd.FailOnError(err, "Couldn't load hostname policy file") issuers, err := loadIssuers(c) cmd.FailOnError(err, "Couldn't load issuers") cai, err := ca.NewCertificateAuthorityImpl( c.CA, clock.Default(), scope, issuers, goodkey.NewKeyPolicy(), logger) cmd.FailOnError(err, "Failed to create CA impl") cai.PA = pa amqpConf := c.CA.AMQP if c.CA.SAService != nil { conn, err := bgrpc.ClientSetup(c.CA.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") cai.SA = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Failed to create SA client") } if amqpConf.Publisher != nil { cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Failed to create Publisher client") } var grpcSrv *grpc.Server if c.CA.GRPC != nil { s, l, err := bgrpc.NewServer(c.CA.GRPC, scope) cmd.FailOnError(err, "Unable to setup CA gRPC server") caWrapper := bgrpc.NewCertificateAuthorityServer(cai) caPB.RegisterCertificateAuthorityServer(s, caWrapper) go func() { err = s.Serve(l) cmd.FailOnError(err, "CA gRPC service failed") }() grpcSrv = s } cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, scope, logger) cmd.FailOnError(err, "Unable to create CA RPC server") go cmd.CatchSignals(logger, func() { cas.Stop() if grpcSrv != nil { grpcSrv.GracefulStop() } }) err = rpc.NewCertificateAuthorityServer(cas, cai) cmd.FailOnError(err, "Failed to create Certificate Authority RPC server") go cmd.DebugServer(c.CA.DebugAddr) go cmd.ProfileCmd(scope) err = cas.Start(amqpConf) cmd.FailOnError(err, "Unable to run CA RPC server") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadConfigFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog) scope := metrics.NewStatsdScope(stats, "Publisher") defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) logs := make([]*publisher.Log, len(c.Common.CT.Logs)) for i, ld := range c.Common.CT.Logs { logs[i], err = publisher.NewLog(ld.URI, ld.Key) cmd.FailOnError(err, "Unable to parse CT log description") } if c.Common.CT.IntermediateBundleFilename == "" { logger.AuditErr("No CT submission bundle provided") os.Exit(1) } pemBundle, err := core.LoadCertBundle(c.Common.CT.IntermediateBundleFilename) cmd.FailOnError(err, "Failed to load CT submission bundle") bundle := []ct.ASN1Cert{} for _, cert := range pemBundle { bundle = append(bundle, ct.ASN1Cert(cert.Raw)) } amqpConf := c.Publisher.AMQP var sac core.StorageAuthority if c.Publisher.SAService != nil { conn, err := bgrpc.ClientSetup(c.Publisher.SAService, scope) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac = bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn)) } else { sac, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, scope) cmd.FailOnError(err, "Unable to create SA client") } pubi := publisher.New( bundle, logs, c.Publisher.SubmissionTimeout.Duration, logger, scope, sac) var grpcSrv *grpc.Server if c.Publisher.GRPC != nil { s, l, err := bgrpc.NewServer(c.Publisher.GRPC, scope) cmd.FailOnError(err, "Unable to setup Publisher gRPC server") gw := bgrpc.NewPublisherServerWrapper(pubi) pubPB.RegisterPublisherServer(s, gw) go func() { err = s.Serve(l) cmd.FailOnError(err, "Publisher gRPC service failed") }() grpcSrv = s } pubs, err := rpc.NewAmqpRPCServer(amqpConf, c.Publisher.MaxConcurrentRPCServerRequests, scope, logger) cmd.FailOnError(err, "Unable to create Publisher RPC server") go cmd.CatchSignals(logger, func() { pubs.Stop() if grpcSrv != nil { grpcSrv.GracefulStop() } }) err = rpc.NewPublisherServer(pubs, pubi) cmd.FailOnError(err, "Unable to setup Publisher RPC server") go cmd.DebugServer(c.Publisher.DebugAddr) go cmd.ProfileCmd(scope) err = pubs.Start(amqpConf) cmd.FailOnError(err, "Unable to run Publisher RPC server") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadJSONFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") go cmd.DebugServer(c.RA.DebugAddr) stats, logger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig) defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) // Validate PA config and set defaults if needed cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration") pa, err := policy.New(c.PA.Challenges) cmd.FailOnError(err, "Couldn't create PA") if c.RA.HostnamePolicyFile == "" { cmd.FailOnError(fmt.Errorf("HostnamePolicyFile must be provided."), "") } err = pa.SetHostnamePolicyFile(c.RA.HostnamePolicyFile) cmd.FailOnError(err, "Couldn't load hostname policy file") go cmd.ProfileCmd("RA", stats) amqpConf := c.RA.AMQP var vac core.ValidationAuthority if c.RA.VAService != nil { conn, err := bgrpc.ClientSetup(c.RA.VAService) cmd.FailOnError(err, "Unable to create VA client") vac = bgrpc.NewValidationAuthorityGRPCClient(conn) } else { vac, err = rpc.NewValidationAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Unable to create VA client") } cac, err := rpc.NewCertificateAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Unable to create CA client") sac, err := rpc.NewStorageAuthorityClient(clientName, amqpConf, stats) cmd.FailOnError(err, "Unable to create SA client") rai := ra.NewRegistrationAuthorityImpl( clock.Default(), logger, stats, c.RA.MaxContactsPerRegistration, c.AllowedSigningAlgos.KeyPolicy(), c.RA.MaxNames, c.RA.DoNotForceCN, c.RA.ReuseValidAuthz) policyErr := rai.SetRateLimitPoliciesFile(c.RA.RateLimitPoliciesFilename) cmd.FailOnError(policyErr, "Couldn't load rate limit policies file") rai.PA = pa raDNSTimeout, err := time.ParseDuration(c.Common.DNSTimeout) cmd.FailOnError(err, "Couldn't parse RA DNS timeout") scoped := metrics.NewStatsdScope(stats, "RA", "DNS") dnsTries := c.RA.DNSTries if dnsTries < 1 { dnsTries = 1 } if !c.Common.DNSAllowLoopbackAddresses { rai.DNSResolver = bdns.NewDNSResolverImpl( raDNSTimeout, []string{c.Common.DNSResolver}, nil, scoped, clock.Default(), dnsTries) } else { rai.DNSResolver = bdns.NewTestDNSResolverImpl( raDNSTimeout, []string{c.Common.DNSResolver}, scoped, clock.Default(), dnsTries) } rai.VA = vac rai.CA = cac rai.SA = sac ras, err := rpc.NewAmqpRPCServer(amqpConf, c.RA.MaxConcurrentRPCServerRequests, stats, logger) cmd.FailOnError(err, "Unable to create RA RPC server") err = rpc.NewRegistrationAuthorityServer(ras, rai, logger) cmd.FailOnError(err, "Unable to setup RA RPC server") err = ras.Start(amqpConf) cmd.FailOnError(err, "Unable to run RA RPC server") }
func main() { configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { flag.Usage() os.Exit(1) } var c config err := cmd.ReadJSONFile(*configFile, &c) cmd.FailOnError(err, "Reading JSON config file into config structure") go cmd.DebugServer(c.WFE.DebugAddr) stats, logger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig) defer logger.AuditPanic() logger.Info(cmd.VersionString(clientName)) wfe, err := wfe.NewWebFrontEndImpl(stats, clock.Default(), c.AllowedSigningAlgos.KeyPolicy(), logger) cmd.FailOnError(err, "Unable to create WFE") rac, sac := setupWFE(c, logger, stats) wfe.RA = rac wfe.SA = sac // TODO: remove this check once the production config uses the SubscriberAgreementURL in the wfe section if c.WFE.SubscriberAgreementURL != "" { wfe.SubscriberAgreementURL = c.WFE.SubscriberAgreementURL } else { wfe.SubscriberAgreementURL = c.SubscriberAgreementURL } wfe.AllowOrigins = c.WFE.AllowOrigins wfe.CheckMalformedCSR = c.WFE.CheckMalformedCSR wfe.CertCacheDuration, err = time.ParseDuration(c.WFE.CertCacheDuration) cmd.FailOnError(err, "Couldn't parse certificate caching duration") wfe.CertNoCacheExpirationWindow, err = time.ParseDuration(c.WFE.CertNoCacheExpirationWindow) cmd.FailOnError(err, "Couldn't parse certificate expiration no-cache window") wfe.IndexCacheDuration, err = time.ParseDuration(c.WFE.IndexCacheDuration) cmd.FailOnError(err, "Couldn't parse index caching duration") wfe.IssuerCacheDuration, err = time.ParseDuration(c.WFE.IssuerCacheDuration) cmd.FailOnError(err, "Couldn't parse issuer caching duration") wfe.ShutdownStopTimeout, err = time.ParseDuration(c.WFE.ShutdownStopTimeout) cmd.FailOnError(err, "Couldn't parse shutdown stop timeout") wfe.ShutdownKillTimeout, err = time.ParseDuration(c.WFE.ShutdownKillTimeout) cmd.FailOnError(err, "Couldn't parse shutdown kill timeout") wfe.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert) cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert)) logger.Info(fmt.Sprintf("WFE using key policy: %#v", c.KeyPolicy())) go cmd.ProfileCmd("WFE", stats) // Set up paths wfe.BaseURL = c.Common.BaseURL h, err := wfe.Handler() cmd.FailOnError(err, "Problem setting up HTTP handlers") httpMonitor := metrics.NewHTTPMonitor(stats, h, "WFE") logger.Info(fmt.Sprintf("Server running, listening on %s...\n", c.WFE.ListenAddress)) srv := &http.Server{ Addr: c.WFE.ListenAddress, Handler: httpMonitor, } hd := &httpdown.HTTP{ StopTimeout: wfe.ShutdownStopTimeout, KillTimeout: wfe.ShutdownKillTimeout, Stats: metrics.NewFBAdapter(stats, "WFE", clock.Default()), } err = httpdown.ListenAndServe(srv, hd) cmd.FailOnError(err, "Error starting HTTP server") }