1 package notmain
2
3 import (
4 "context"
5 "flag"
6 "os"
7 "time"
8
9 "github.com/letsencrypt/boulder/bdns"
10 "github.com/letsencrypt/boulder/cmd"
11 "github.com/letsencrypt/boulder/config"
12 "github.com/letsencrypt/boulder/features"
13 bgrpc "github.com/letsencrypt/boulder/grpc"
14 "github.com/letsencrypt/boulder/va"
15 vapb "github.com/letsencrypt/boulder/va/proto"
16 )
17
18 type Config struct {
19 VA struct {
20 cmd.ServiceConfig
21
22 UserAgent string
23
24 IssuerDomain string
25
26
27
28
29 DNSTries int
30 DNSProvider *cmd.DNSProvider `validate:"required"`
31 DNSTimeout config.Duration `validate:"required"`
32 DNSAllowLoopbackAddresses bool
33
34 RemoteVAs []cmd.GRPCClientConfig `validate:"omitempty,dive"`
35 MaxRemoteValidationFailures int
36
37 Features map[string]bool
38
39 AccountURIPrefixes []string `validate:"min=1,dive,required,url"`
40 }
41
42 Syslog cmd.SyslogConfig
43 OpenTelemetry cmd.OpenTelemetryConfig
44 }
45
46 func main() {
47 grpcAddr := flag.String("addr", "", "gRPC listen address override")
48 debugAddr := flag.String("debug-addr", "", "Debug server address override")
49 configFile := flag.String("config", "", "File path to the configuration file for this service")
50 flag.Parse()
51 if *configFile == "" {
52 flag.Usage()
53 os.Exit(1)
54 }
55
56 var c Config
57 err := cmd.ReadConfigFile(*configFile, &c)
58 cmd.FailOnError(err, "Reading JSON config file into config structure")
59
60 err = features.Set(c.VA.Features)
61 cmd.FailOnError(err, "Failed to set feature flags")
62
63 if *grpcAddr != "" {
64 c.VA.GRPC.Address = *grpcAddr
65 }
66 if *debugAddr != "" {
67 c.VA.DebugAddr = *debugAddr
68 }
69
70 scope, logger, oTelShutdown := cmd.StatsAndLogging(c.Syslog, c.OpenTelemetry, c.VA.DebugAddr)
71 defer oTelShutdown(context.Background())
72 logger.Info(cmd.VersionString())
73
74 if c.VA.DNSTimeout.Duration == 0 {
75 cmd.Fail("'dnsTimeout' is required")
76 }
77 dnsTries := c.VA.DNSTries
78 if dnsTries < 1 {
79 dnsTries = 1
80 }
81 clk := cmd.Clock()
82
83 if c.VA.DNSProvider == nil {
84 cmd.Fail("Must specify dnsProvider")
85 }
86
87 var servers bdns.ServerProvider
88 servers, err = bdns.StartDynamicProvider(c.VA.DNSProvider, 60*time.Second)
89 cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver")
90 defer servers.Stop()
91
92 var resolver bdns.Client
93 if !c.VA.DNSAllowLoopbackAddresses {
94 resolver = bdns.New(
95 c.VA.DNSTimeout.Duration,
96 servers,
97 scope,
98 clk,
99 dnsTries,
100 logger)
101 } else {
102 resolver = bdns.NewTest(
103 c.VA.DNSTimeout.Duration,
104 servers,
105 scope,
106 clk,
107 dnsTries,
108 logger)
109 }
110
111 tlsConfig, err := c.VA.TLS.Load(scope)
112 cmd.FailOnError(err, "tlsConfig config")
113
114 var remotes []va.RemoteVA
115 if len(c.VA.RemoteVAs) > 0 {
116 for _, rva := range c.VA.RemoteVAs {
117 rva := rva
118 vaConn, err := bgrpc.ClientSetup(&rva, tlsConfig, scope, clk)
119 cmd.FailOnError(err, "Unable to create remote VA client")
120 remotes = append(
121 remotes,
122 va.RemoteVA{
123 VAClient: vapb.NewVAClient(vaConn),
124 Address: rva.ServerAddress,
125 },
126 )
127 }
128 }
129
130 vai, err := va.NewValidationAuthorityImpl(
131 resolver,
132 remotes,
133 c.VA.MaxRemoteValidationFailures,
134 c.VA.UserAgent,
135 c.VA.IssuerDomain,
136 scope,
137 clk,
138 logger,
139 c.VA.AccountURIPrefixes)
140 cmd.FailOnError(err, "Unable to create VA server")
141
142 start, err := bgrpc.NewServer(c.VA.GRPC, logger).Add(
143 &vapb.VA_ServiceDesc, vai).Add(
144 &vapb.CAA_ServiceDesc, vai).Build(tlsConfig, scope, clk)
145 cmd.FailOnError(err, "Unable to setup VA gRPC server")
146
147 cmd.FailOnError(start(), "VA gRPC service failed")
148 }
149
150 func init() {
151 cmd.RegisterCommand("boulder-va", main, &cmd.ConfigValidator{Config: &Config{}})
152
153
154 cmd.RegisterCommand("boulder-remoteva", main, &cmd.ConfigValidator{Config: &Config{}})
155 }
156
View as plain text