1version: '3'
2services:
3 boulder:
4 # Should match one of the GO_DEV_VERSIONS in test/boulder-tools/tag_and_upload.sh.
5 image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.21.3_2023-10-12}
6 environment:
7 # To solve HTTP-01 and TLS-ALPN-01 challenges, change the IP in FAKE_DNS
8 # to the IP address where your ACME client's solver is listening.
9 # FAKE_DNS: 172.17.0.1
10 FAKE_DNS: 10.77.77.77
11 BOULDER_CONFIG_DIR: &boulder_config_dir test/config
12 GOFLAGS: -mod=vendor
13 # Forward the parent env's GOEXPERIMENT value into the container.
14 GOEXPERIMENT: ${GOEXPERIMENT}
15 volumes:
16 - .:/boulder:cached
17 - ./.gocache:/root/.cache/go-build:cached
18 - ./.hierarchy:/hierarchy/:cached
19 - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
20 networks:
21 bluenet:
22 ipv4_address: 10.77.77.77
23 rednet:
24 ipv4_address: 10.88.88.88
25 redisnet:
26 ipv4_address: 10.33.33.33
27 consulnet:
28 ipv4_address: 10.55.55.55
29 # Use consul as a backup to Docker's embedded DNS server. If there's a name
30 # Docker's DNS server doesn't know about, it will forward the query to this
31 # IP (running consul).
32 # (https://docs.docker.com/config/containers/container-networking/#dns-services).
33 # This is used to look up service names via A records (like ra.service.consul) that
34 # are configured via the ServerAddress field of cmd.GRPCClientConfig.
35 # TODO: Remove this when ServerAddress is deprecated in favor of SRV records
36 # and DNSAuthority.
37 dns: 10.55.55.10
38 ports:
39 - 4001:4001 # ACMEv2
40 - 4002:4002 # OCSP
41 - 4003:4003 # OCSP
42 depends_on:
43 - bmysql
44 - bproxysql
45 - bredis_1
46 - bredis_2
47 - bredis_3
48 - bredis_4
49 - bconsul
50 - bjaeger
51 entrypoint: test/entrypoint.sh
52 working_dir: &boulder_working_dir /boulder
53
54 bmysql:
55 image: mariadb:10.5
56 networks:
57 bluenet:
58 aliases:
59 - boulder-mysql
60 environment:
61 MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
62 # Send slow queries to a table so we can check for them in the
63 # integration tests. For now we ignore queries not using indexes,
64 # because that seems to trigger based on the optimizer's choice to not
65 # use an index for certain queries, particularly when tables are still
66 # small.
67 command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
68 logging:
69 driver: none
70 bproxysql:
71 image: proxysql/proxysql:2.5.4
72 # The --initial flag force resets the ProxySQL database on startup. By
73 # default, ProxySQL ignores new configuration if the database already
74 # exists. Without this flag, new configuration wouldn't be applied until you
75 # ran `docker compose down`.
76 entrypoint: proxysql -f --idle-threads -c /test/proxysql/proxysql.cnf --initial
77 volumes:
78 - ./test/:/test/:cached
79 depends_on:
80 - bmysql
81 networks:
82 bluenet:
83 aliases:
84 - boulder-proxysql
85
86 bredis_1:
87 image: redis:6.2.7
88 volumes:
89 - ./test/:/test/:cached
90 command: redis-server /test/redis-ocsp.config
91 networks:
92 redisnet:
93 ipv4_address: 10.33.33.2
94
95 bredis_2:
96 image: redis:6.2.7
97 volumes:
98 - ./test/:/test/:cached
99 command: redis-server /test/redis-ocsp.config
100 networks:
101 redisnet:
102 ipv4_address: 10.33.33.3
103
104 bredis_3:
105 image: redis:6.2.7
106 volumes:
107 - ./test/:/test/:cached
108 command: redis-server /test/redis-ratelimits.config
109 networks:
110 redisnet:
111 ipv4_address: 10.33.33.4
112
113 bredis_4:
114 image: redis:6.2.7
115 volumes:
116 - ./test/:/test/:cached
117 command: redis-server /test/redis-ratelimits.config
118 networks:
119 redisnet:
120 ipv4_address: 10.33.33.5
121
122 bconsul:
123 image: hashicorp/consul:1.15.4
124 volumes:
125 - ./test/:/test/:cached
126 networks:
127 consulnet:
128 ipv4_address: 10.55.55.10
129 bluenet:
130 ipv4_address: 10.77.77.10
131 rednet:
132 ipv4_address: 10.88.88.10
133 command: "consul agent -dev -config-format=hcl -config-file=/test/consul/config.hcl"
134
135 netaccess:
136 image: *boulder_image
137 environment:
138 GO111MODULE: "on"
139 GOFLAGS: -mod=vendor
140 BOULDER_CONFIG_DIR: *boulder_config_dir
141 networks:
142 - bluenet
143 volumes:
144 - .:/boulder
145 working_dir: *boulder_working_dir
146 entrypoint: test/entrypoint-netaccess.sh
147
148 bjaeger:
149 image: jaegertracing/all-in-one:1.44
150 environment:
151 COLLECTOR_OTLP_ENABLED: "true"
152 networks:
153 bluenet:
154 ipv4_address: 10.77.77.17
155
156networks:
157 bluenet:
158 driver: bridge
159 ipam:
160 driver: default
161 config:
162 - subnet: 10.77.77.0/24
163
164 rednet:
165 driver: bridge
166 ipam:
167 driver: default
168 config:
169 - subnet: 10.88.88.0/24
170
171 redisnet:
172 driver: bridge
173 ipam:
174 driver: default
175 config:
176 - subnet: 10.33.33.0/24
177
178 consulnet:
179 driver: bridge
180 ipam:
181 driver: default
182 config:
183 - subnet: 10.55.55.0/24
View as plain text