1client_addr = "0.0.0.0"
2bind_addr = "10.55.55.10"
3log_level = "ERROR"
4// When set, uses a subset of the agent's TLS configuration (key_file,
5// cert_file, ca_file, ca_path, and server_name) to set up the client for HTTP
6// or gRPC health checks. This allows services requiring 2-way TLS to be checked
7// using the agent's credentials.
8enable_agent_tls_for_checks = true
9tls {
10 defaults {
11 ca_file = "test/grpc-creds/minica.pem"
12 ca_path = "test/grpc-creds/minica-key.pem"
13 cert_file = "test/grpc-creds/consul.boulder/cert.pem"
14 key_file = "test/grpc-creds/consul.boulder/key.pem"
15 verify_incoming = false
16 }
17}
18ui_config {
19 enabled = true
20}
21ports {
22 dns = 53
23 grpc_tls = 8503
24}
25
26services {
27 id = "akamai-purger-a"
28 name = "akamai-purger"
29 address = "10.77.77.77"
30 port = 9099
31 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
32}
33
34services {
35 id = "akamai-purger-b"
36 name = "akamai-purger"
37 address = "10.88.88.88"
38 port = 9099
39 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
40}
41
42services {
43 id = "boulder-a"
44 name = "boulder"
45 address = "10.77.77.77"
46}
47
48services {
49 id = "boulder-a"
50 name = "boulder"
51 address = "10.88.88.88"
52}
53
54services {
55 id = "ca-a"
56 name = "ca"
57 address = "10.77.77.77"
58 port = 9093
59 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
60}
61
62services {
63 id = "ca-b"
64 name = "ca"
65 address = "10.88.88.88"
66 port = 9093
67 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
68}
69
70services {
71 id = "ca1"
72 name = "ca1"
73 address = "10.77.77.77"
74 port = 9093
75 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
76}
77
78services {
79 id = "ca2"
80 name = "ca2"
81 address = "10.88.88.88"
82 port = 9093
83 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
84}
85
86services {
87 id = "crl-storer-a"
88 name = "crl-storer"
89 address = "10.77.77.77"
90 port = 9109
91 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
92}
93
94services {
95 id = "crl-storer-b"
96 name = "crl-storer"
97 address = "10.88.88.88"
98 port = 9109
99 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
100}
101
102services {
103 id = "dns-a"
104 name = "dns"
105 address = "10.77.77.77"
106 port = 8053
107 tags = ["udp"] // Required for SRV RR support in VA RVA.
108}
109
110services {
111 id = "dns-b"
112 name = "dns"
113 address = "10.88.88.88"
114 port = 8054
115 tags = ["udp"] // Required for SRV RR support in VA RVA.
116}
117
118services {
119 id = "nonce-a"
120 name = "nonce"
121 address = "10.77.77.77"
122 port = 9101
123 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
124}
125
126services {
127 id = "nonce-b"
128 name = "nonce"
129 address = "10.88.88.88"
130 port = 9101
131 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
132}
133
134services {
135 id = "nonce1"
136 name = "nonce1"
137 address = "10.77.77.77"
138 port = 9101
139 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
140}
141
142services {
143 id = "nonce2"
144 name = "nonce2"
145 address = "10.88.88.88"
146 port = 9101
147 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
148}
149
150services {
151 id = "publisher-a"
152 name = "publisher"
153 address = "10.77.77.77"
154 port = 9091
155 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
156}
157
158services {
159 id = "publisher-b"
160 name = "publisher"
161 address = "10.88.88.88"
162 port = 9091
163 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
164}
165
166services {
167 id = "publisher1"
168 name = "publisher1"
169 address = "10.77.77.77"
170 port = 9091
171 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
172}
173
174services {
175 id = "publisher2"
176 name = "publisher2"
177 address = "10.88.88.88"
178 port = 9091
179 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
180}
181
182services {
183 id = "ra-a"
184 name = "ra"
185 address = "10.77.77.77"
186 port = 9094
187 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
188}
189
190services {
191 id = "ra-b"
192 name = "ra"
193 address = "10.88.88.88"
194 port = 9094
195 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
196}
197
198services {
199 id = "ra1"
200 name = "ra1"
201 address = "10.77.77.77"
202 port = 9094
203 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
204}
205
206services {
207 id = "ra2"
208 name = "ra2"
209 address = "10.88.88.88"
210 port = 9094
211 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
212}
213
214services {
215 id = "rva1-a"
216 name = "rva1"
217 address = "10.77.77.77"
218 port = 9097
219 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
220}
221
222services {
223 id = "rva1-b"
224 name = "rva1"
225 address = "10.77.77.77"
226 port = 9098
227 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
228}
229
230services {
231 id = "sa-a"
232 name = "sa"
233 address = "10.77.77.77"
234 port = 9095
235 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
236 checks = [
237 {
238 id = "sa-a-grpc"
239 name = "sa-a-grpc"
240 grpc = "10.77.77.77:9095"
241 grpc_use_tls = true
242 tls_server_name = "sa.boulder"
243 tls_skip_verify = false
244 interval = "2s"
245 },
246 {
247 id = "sa-a-grpc-sa"
248 name = "sa-a-grpc-sa"
249 grpc = "10.77.77.77:9095/sa.StorageAuthority"
250 grpc_use_tls = true
251 tls_server_name = "sa.boulder"
252 tls_skip_verify = false
253 interval = "2s"
254 },
255 {
256 id = "sa-a-grpc-saro"
257 name = "sa-a-grpc-saro"
258 grpc = "10.77.77.77:9095/sa.StorageAuthorityReadOnly"
259 grpc_use_tls = true
260 tls_server_name = "sa.boulder"
261 tls_skip_verify = false
262 interval = "2s"
263 }
264 ]
265}
266
267services {
268 id = "sa-b"
269 name = "sa"
270 address = "10.88.88.88"
271 port = 9095
272 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
273 checks = [
274 {
275 id = "sa-b-grpc"
276 name = "sa-b-grpc"
277 grpc = "10.88.88.88:9095"
278 grpc_use_tls = true
279 tls_server_name = "sa.boulder"
280 tls_skip_verify = false
281 interval = "2s"
282 },
283 {
284 id = "sa-b-grpc-sa"
285 name = "sa-b-grpc-sa"
286 grpc = "10.88.88.88:9095/sa.StorageAuthority"
287 grpc_use_tls = true
288 tls_server_name = "sa.boulder"
289 tls_skip_verify = false
290 interval = "2s"
291 },
292 {
293 id = "sa-b-grpc-saro"
294 name = "sa-b-grpc-saro"
295 grpc = "10.88.88.88:9095/sa.StorageAuthorityReadOnly"
296 grpc_use_tls = true
297 tls_server_name = "sa.boulder"
298 tls_skip_verify = false
299 interval = "2s"
300 }
301 ]
302}
303
304services {
305 id = "sa1"
306 name = "sa1"
307 address = "10.77.77.77"
308 port = 9095
309 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
310}
311
312services {
313 id = "sa2"
314 name = "sa2"
315 address = "10.88.88.88"
316 port = 9095
317 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
318}
319
320services {
321 id = "va-a"
322 name = "va"
323 address = "10.77.77.77"
324 port = 9092
325 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
326}
327
328services {
329 id = "va-b"
330 name = "va"
331 address = "10.88.88.88"
332 port = 9092
333 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
334}
335
336services {
337 id = "va1"
338 name = "va1"
339 address = "10.77.77.77"
340 port = 9092
341 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
342}
343
344services {
345 id = "va2"
346 name = "va2"
347 address = "10.88.88.88"
348 port = 9092
349 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
350}
351
352services {
353 id = "bredis3"
354 name = "redisratelimits"
355 address = "10.33.33.4"
356 port = 4218
357 tags = ["tcp"] // Required for SRV RR support in DNS resolution.
358}
359
360services {
361 id = "bredis4"
362 name = "redisratelimits"
363 address = "10.33.33.5"
364 port = 4218
365 tags = ["tcp"] // Required for SRV RR support in DNS resolution.
366}
367
368//
369// The following services are used for testing the gRPC DNS resolver.
370//
371
372// CaseOne config will have 2 SRV records. The first will have 0 backends, the
373// second will have 1.
374services {
375 id = "case1a"
376 name = "case1a"
377 address = "10.77.77.77"
378 port = 9101
379 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
380 checks = [
381 {
382 id = "case1a-failing"
383 name = "case1a-failing"
384 http = "http://localhost:12345" // invalid url
385 method = "GET"
386 interval = "2s"
387 }
388 ]
389}
390
391services {
392 id = "case1b"
393 name = "case1b"
394 address = "10.88.88.88"
395 port = 9101
396 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
397}
398
399// CaseTwo config will have 2 SRV records. The first will not be configured in
400// Consul, the second will have 1 backend.
401services {
402 id = "case2b"
403 name = "case2b"
404 address = "10.88.88.88"
405 port = 9101
406 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
407}
408
409// CaseThree config will have 2 SRV records. Neither will be configured in
410// Consul.
411
412
413// CaseFour config will have 2 SRV records. Neither will have backends.
414services {
415 id = "case4a"
416 name = "case4a"
417 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
418 address = "10.77.77.77"
419 port = 9101
420 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
421 checks = [
422 {
423 id = "case4a-failing"
424 name = "case4a-failing"
425 http = "http://localhost:12345" // invalid url
426 method = "GET"
427 interval = "2s"
428 }
429 ]
430}
431
432services {
433 id = "case4b"
434 name = "case4b"
435 address = "10.88.88.88"
436 port = 9101
437 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution.
438 checks = [
439 {
440 id = "case4b-failing"
441 name = "case4b-failing"
442 http = "http://localhost:12345" // invalid url
443 method = "GET"
444 interval = "2s"
445 }
446 ]
447}
View as plain text