diff --git a/patch-cfg.sh b/patch-cfg.sh index 6fa0e81..25aa1f2 100755 --- a/patch-cfg.sh +++ b/patch-cfg.sh @@ -73,6 +73,13 @@ perl -i -p0e "s/(services {\s*id\s*=\s*\"bredis4\".*?}\n\n)//igs" consul/config. sed -i -e "s|test/certs|/opt/boulder/labca/certs|" consul/config.hcl sed -i -e "s|/test/certs|/opt/boulder/labca/certs|" redis-ratelimits.config +perl -i -p0e "s/(\s*)(\"passwordFile\":.*?,).*(\"shardAddrs\": {)/\1\2\1\"db\": 0,\1\3/igs" config/ocsp-responder.json +perl -i -p0e "s/(\"shardAddrs\": {\n)(\s*).*?(\s*},)/\1\2\"shard1\": \"10.33.33.4:4218\"\3/igs" config/ocsp-responder.json +perl -i -p0e "s/(\s*)(\"passwordFile\":.*?,).*(\"lookups\": \[)/\1\2\1\"db\": 1,\1\3/igs" config/ra.json +perl -i -p0e "s/(\s*)(\"passwordFile\":.*?,).*(\"shardAddrs\": {)/\1\2\1\"db\": 0,\1\3/igs" config/rocsp-tool.json +perl -i -p0e "s/(\"shardAddrs\": {\n)(\s*).*?(\s*},)/\1\2\"shard1\": \"10.33.33.4:4218\"\3/igs" config/rocsp-tool.json +perl -i -p0e "s/,(\s*)(\"passwordFile\":.*?,).*(\"lookups\": \[)/,\1\2\1\"db\": 1,\1\3/igs" config/wfe2.json + for file in `find . -type f | grep -v .git`; do sed -i -e "s|test/|labca/|g" $file done diff --git a/patch.sh b/patch.sh index 611b3bf..c5af52d 100755 --- a/patch.sh +++ b/patch.sh @@ -27,6 +27,7 @@ $SUDO patch -p1 < $cloneDir/patches/ceremony_rsa.patch $SUDO patch -p1 < $cloneDir/patches/cert-checker_main.patch $SUDO patch -p1 < $cloneDir/patches/cmd_config.patch $SUDO patch -p1 < $cloneDir/patches/config_duration.patch +$SUDO patch -p1 < $cloneDir/patches/config_rocsp_config.patch $SUDO patch -p1 < $cloneDir/patches/contact-auditor_main.patch $SUDO patch -p1 < $cloneDir/patches/core_interfaces.patch $SUDO patch -p1 < $cloneDir/patches/crl-storer_main.patch @@ -48,6 +49,7 @@ $SUDO patch -p1 < $cloneDir/patches/ocsp-responder_main.patch $SUDO patch -p1 < $cloneDir/patches/policy_pa.patch $SUDO patch -p1 < $cloneDir/patches/ra_ra.patch $SUDO patch -p1 < $cloneDir/patches/ratelimits_names.patch +$SUDO patch -p1 < $cloneDir/patches/redis_config.patch $SUDO patch -p1 < $cloneDir/patches/remoteva_main.patch $SUDO patch -p1 < $cloneDir/patches/start.patch if [ "$SUDO" == "" ]; then @@ -57,6 +59,7 @@ fi $SUDO patch -p1 < $cloneDir/patches/sfe_templates_layout.patch $SUDO patch -p1 < $cloneDir/patches/storer_storer.patch $SUDO patch -p1 < $cloneDir/patches/test_health-checker_main.patch +$SUDO patch -p1 < $cloneDir/patches/test_ocsp_helper_helper.patch $SUDO patch -p1 < $cloneDir/patches/updater_updater.patch $SUDO patch -p1 < $cloneDir/patches/updater_continuous.patch $SUDO patch -p1 < $cloneDir/patches/va_http.patch diff --git a/patches/config_rocsp_config.patch b/patches/config_rocsp_config.patch new file mode 100644 index 0000000..72c7c85 --- /dev/null +++ b/patches/config_rocsp_config.patch @@ -0,0 +1,21 @@ +diff --git a/rocsp/config/rocsp_config.go b/rocsp/config/rocsp_config.go +index c5416a499..d23091b53 100644 +--- a/rocsp/config/rocsp_config.go ++++ b/rocsp/config/rocsp_config.go +@@ -31,6 +31,8 @@ type RedisConfig struct { + TLS cmd.TLSConfig + // Username is a Redis username. + Username string `validate:"required"` ++ // DB is the database number in Redis ++ DB int `validate:"min=0"` + // ShardAddrs is a map of shard names to IP address:port pairs. The go-redis + // `Ring` client will shard reads and writes across the provided Redis + // Servers based on a consistent hashing algorithm. +@@ -114,6 +116,7 @@ func MakeClient(c *RedisConfig, clk clock.Clock, stats prometheus.Registerer) (* + + rdb := redis.NewRing(&redis.RingOptions{ + Addrs: c.ShardAddrs, ++ DB: c.DB, + Username: c.Username, + Password: password, + TLSConfig: tlsConfig, diff --git a/patches/redis_config.patch b/patches/redis_config.patch new file mode 100644 index 0000000..68b3396 --- /dev/null +++ b/patches/redis_config.patch @@ -0,0 +1,22 @@ +diff --git a/redis/config.go b/redis/config.go +index c858a4beb..2ec26aab1 100644 +--- a/redis/config.go ++++ b/redis/config.go +@@ -24,6 +24,9 @@ type Config struct { + // authenticate to each Redis instance. + cmd.PasswordConfig + ++ // DB is the database number in Redis ++ DB int `validate:"min=0"` ++ + // ShardAddrs is a map of shard names to IP address:port pairs. The go-redis + // `Ring` client will shard reads and writes across the provided Redis + // Servers based on a consistent hashing algorithm. +@@ -134,6 +137,7 @@ func NewRingFromConfig(c Config, stats prometheus.Registerer, log blog.Logger) ( + + inner := redis.NewRing(&redis.RingOptions{ + Addrs: c.ShardAddrs, ++ DB: c.DB, + Username: c.Username, + Password: password, + TLSConfig: tlsConfig, diff --git a/patches/test_ocsp_helper_helper.patch b/patches/test_ocsp_helper_helper.patch new file mode 100644 index 0000000..fe2234c --- /dev/null +++ b/patches/test_ocsp_helper_helper.patch @@ -0,0 +1,21 @@ +diff --git a/test/ocsp/helper/helper.go b/test/ocsp/helper/helper.go +index a223f5fa6..96ab34aa7 100644 +--- a/test/ocsp/helper/helper.go ++++ b/test/ocsp/helper/helper.go +@@ -15,6 +15,7 @@ import ( + "net/http" + "net/url" + "os" ++ "path" + "strings" + "sync" + "time" +@@ -317,7 +318,7 @@ func sendHTTPRequest( + var httpRequest *http.Request + var err error + if method == "GET" { +- ocspURL.Path = encodedReq ++ ocspURL.Path = path.Join(ocspURL.Path, encodedReq) + fmt.Fprintf(output, "Fetching %s\n", ocspURL.String()) + httpRequest, err = http.NewRequest("GET", ocspURL.String(), http.NoBody) + } else if method == "POST" {