NASP/rpki
63
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改部署文件

Browse Source
This commit is contained in:
xiuting.xu 2026-05-09 10:12:51 +08:00
parent ddeff71618
commit 84866c1d86
16 changed files with 117 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/bird/Dockerfile
View File

@ -36,6 +36,7 @@ FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y --no-install-recommends \ RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \ ca-certificates \
gettext-base \ gettext-base \
tzdata \
netcat-openbsd \ netcat-openbsd \
libreadline8 \ libreadline8 \
libncurses6 \ libncurses6 \
@ -46,6 +47,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
COPY --from=builder /usr/sbin/bird /usr/sbin/bird COPY --from=builder /usr/sbin/bird /usr/sbin/bird
COPY --from=builder /usr/sbin/birdc /usr/sbin/birdc COPY --from=builder /usr/sbin/birdc /usr/sbin/birdc
COPY --from=builder /etc/bird /etc/bird COPY --from=builder /etc/bird /etc/bird
ENV TZ=Asia/Shanghai
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh \ RUN chmod +x /entrypoint.sh \

9
deploy/bird/docker-compose.ssh.yml
View File

@ -2,9 +2,16 @@ services:
bird-rpki-client: bird-rpki-client:
environment: environment:
BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.ssh.template" BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.ssh.template"
RPKI_HOST: "0.0.0.0" RPKI_HOST: "rpki-rtr"
RPKI_PORT: "${RPKI_RTR_SSH_PORT:-22}" RPKI_PORT: "${RPKI_RTR_SSH_PORT:-22}"
OBSERVE_PROTO: "rpki_ssh" OBSERVE_PROTO: "rpki_ssh"
volumes: volumes:
- ./bird.conf.ssh.template:/config/bird.conf.ssh.template:ro - ./bird.conf.ssh.template:/config/bird.conf.ssh.template:ro
- ../../certs:/config/ssh:ro - ../../certs:/config/ssh:ro
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

10
deploy/bird/docker-compose.yml
View File

@ -7,11 +7,10 @@ services:
BIRD_VERSION: "3.2.1" BIRD_VERSION: "3.2.1"
container_name: bird-rpki-client container_name: bird-rpki-client
restart: unless-stopped restart: unless-stopped
network_mode: host
environment: environment:
BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.template" BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.template"
RPKI_HOST: "0.0.0.0" RPKI_HOST: "rpki-rtr-tcp"
RPKI_PORT: "323" RPKI_PORT: "323"
OBSERVE_PROTO: "rpki_tcp" OBSERVE_PROTO: "rpki_tcp"
@ -33,3 +32,10 @@ services:
volumes: volumes:
- ./bird.conf.template:/config/bird.conf.template:ro - ./bird.conf.template:/config/bird.conf.template:ro
- ../../logs/bird:/app/logs - ../../logs/bird:/app/logs
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

2
deploy/bird/entrypoint.sh
View File

@ -120,7 +120,7 @@ print_first_n_objects() {
} }
print_snapshot() { print_snapshot() {
echo "==== $(date -u +"%Y-%m-%dT%H:%M:%SZ") RPKI snapshot ($PROTO) ====" echo "==== $(date +"%Y-%m-%dT%H:%M:%S%:z") RPKI snapshot ($PROTO) ===="
birdc -s "$SOCK_PATH" show protocols all "$PROTO" || true birdc -s "$SOCK_PATH" show protocols all "$PROTO" || true
if [ "$SHOW_ASPA" = "1" ]; then if [ "$SHOW_ASPA" = "1" ]; then

3
deploy/client/Dockerfile
View File

@ -14,10 +14,11 @@ RUN cargo build --release --bin rtr_debug_client
FROM debian:bookworm-slim AS runtime FROM debian:bookworm-slim AS runtime
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates \ && apt-get install -y --no-install-recommends ca-certificates tzdata \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
WORKDIR /app WORKDIR /app
ENV TZ=Asia/Shanghai
COPY --from=builder /build/target/release/rtr_debug_client /usr/local/bin/rtr_debug_client COPY --from=builder /build/target/release/rtr_debug_client /usr/local/bin/rtr_debug_client
COPY --chmod=755 deploy/client/entrypoint.sh /usr/local/bin/rtr-debug-client-entrypoint.sh COPY --chmod=755 deploy/client/entrypoint.sh /usr/local/bin/rtr-debug-client-entrypoint.sh

30
deploy/client/docker-compose.clients.yml
View File

@ -3,40 +3,50 @@ version: "3.9"
services: services:
rtr-client-1: rtr-client-1:
image: rpki-rtr-debug-client:latest image: rpki-rtr-debug-client:latest
network_mode: host command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
volumes: volumes:
- ../../logs/client:/app/logs - ../../logs/client:/app/logs
restart: no restart: no
networks:
- rpki_net
rtr-client-2: rtr-client-2:
image: rpki-rtr-debug-client:latest image: rpki-rtr-debug-client:latest
network_mode: host command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
volumes: volumes:
- ../../logs/client:/app/logs - ../../logs/client:/app/logs
restart: no restart: no
networks:
- rpki_net
rtr-client-3: rtr-client-3:
image: rpki-rtr-debug-client:latest image: rpki-rtr-debug-client:latest
network_mode: host command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
volumes: volumes:
- ../../logs/client:/app/logs - ../../logs/client:/app/logs
restart: no restart: no
networks:
- rpki_net
rtr-client-4: rtr-client-4:
image: rpki-rtr-debug-client:latest image: rpki-rtr-debug-client:latest
network_mode: host command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
volumes: volumes:
- ../../logs/client:/app/logs - ../../logs/client:/app/logs
restart: no restart: no
networks:
- rpki_net
rtr-client-5: rtr-client-5:
image: rpki-rtr-debug-client:latest image: rpki-rtr-debug-client:latest
network_mode: host command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
volumes: volumes:
- ../../logs/client:/app/logs - ../../logs/client:/app/logs
restart: no restart: no
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

10
deploy/client/docker-compose.ssh.yml
View File

@ -6,10 +6,9 @@ services:
context: ../.. context: ../..
dockerfile: deploy/client/Dockerfile dockerfile: deploy/client/Dockerfile
image: rpki-rtr-debug-client:latest image: rpki-rtr-debug-client:latest
network_mode: host
command: command:
[ [
"127.0.0.1:${RPKI_RTR_SSH_PORT:-22}", "rpki-rtr-ssh:${RPKI_RTR_SSH_PORT:-22}",
"2", "2",
"reset", "reset",
"--ssh", "--ssh",
@ -28,3 +27,10 @@ services:
restart: no restart: no
stdin_open: true stdin_open: true
tty: true tty: true
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

10
deploy/client/docker-compose.tcp.yml
View File

@ -4,10 +4,16 @@ services:
context: ../.. context: ../..
dockerfile: deploy/client/Dockerfile dockerfile: deploy/client/Dockerfile
image: rpki-rtr-debug-client:latest image: rpki-rtr-debug-client:latest
network_mode: host command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
volumes: volumes:
- ../../logs/client:/app/logs - ../../logs/client:/app/logs
restart: no restart: no
stdin_open: true stdin_open: true
tty: true tty: true
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

10
deploy/client/docker-compose.tls.yml
View File

@ -6,10 +6,9 @@ services:
context: ../.. context: ../..
dockerfile: deploy/client/Dockerfile dockerfile: deploy/client/Dockerfile
image: rpki-rtr-debug-client:latest image: rpki-rtr-debug-client:latest
network_mode: host
command: command:
[ [
"127.0.0.1:324", "rpki-rtr-tls:324",
"2", "2",
"reset", "reset",
"--tls", "--tls",
@ -30,3 +29,10 @@ services:
restart: no restart: no
stdin_open: true stdin_open: true
tty: true tty: true
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

10
deploy/client/docker-compose.yml
View File

@ -4,10 +4,16 @@ services:
context: ../.. context: ../..
dockerfile: deploy/client/Dockerfile dockerfile: deploy/client/Dockerfile
image: rpki-rtr-debug-client:latest image: rpki-rtr-debug-client:latest
network_mode: host command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
volumes: volumes:
- ../../logs/client:/app/logs - ../../logs/client:/app/logs
restart: no restart: no
stdin_open: true stdin_open: true
tty: true tty: true
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

11
deploy/server/docker-compose.ssh.yml
View File

@ -10,12 +10,12 @@ services:
restart: no restart: no
ports: ports:
- "323:323" - "323:323"
- "${RPKI_RTR_SSH_PORT:-22}:${RPKI_RTR_SSH_PORT:-22}" - "${RPKI_RTR_SSH_HOST_PORT:-2222}:22"
environment: environment:
RPKI_RTR_ENABLE_TLS: "false" RPKI_RTR_ENABLE_TLS: "false"
RPKI_RTR_ENABLE_SSH: "true" RPKI_RTR_ENABLE_SSH: "true"
RPKI_RTR_TCP_ADDR: "0.0.0.0:323" RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
RPKI_RTR_SSH_ADDR: "0.0.0.0:${RPKI_RTR_SSH_PORT:-22}" RPKI_RTR_SSH_ADDR: "0.0.0.0:22"
RPKI_RTR_SSH_HOST_KEY_PATH: "/app/certs/ssh_host_rsa_key" RPKI_RTR_SSH_HOST_KEY_PATH: "/app/certs/ssh_host_rsa_key"
RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH: "/app/certs/rtr-authorized_keys" RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH: "/app/certs/rtr-authorized_keys"
RPKI_RTR_SSH_USERNAME: "rpki-rtr" RPKI_RTR_SSH_USERNAME: "rpki-rtr"
@ -35,3 +35,10 @@ services:
- ../../data:/app/slurm:ro - ../../data:/app/slurm:ro
- ../../certs:/app/certs:ro - ../../certs:/app/certs:ro
- ../../logs/server:/app/logs - ../../logs/server:/app/logs
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

7
deploy/server/docker-compose.tcp.yml
View File

@ -27,3 +27,10 @@ services:
- ../../rtr-db:/app/rtr-db - ../../rtr-db:/app/rtr-db
- ../../data:/app/slurm:ro - ../../data:/app/slurm:ro
- ../../logs/server:/app/logs - ../../logs/server:/app/logs
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

7
deploy/server/docker-compose.tls.yml
View File

@ -33,3 +33,10 @@ services:
- ../../data:/app/slurm:ro - ../../data:/app/slurm:ro
- ../../tests/fixtures/tls:/app/certs:ro - ../../tests/fixtures/tls:/app/certs:ro
- ../../logs/server:/app/logs - ../../logs/server:/app/logs
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

7
deploy/server/docker-compose.yml
View File

@ -41,3 +41,10 @@ services:
- ../../logs/server:/app/logs - ../../logs/server:/app/logs
# TLS mode example: # TLS mode example:
# - ../../certs:/app/certs:ro # - ../../certs:/app/certs:ro
networks:
- rpki_net
networks:
rpki_net:
name: rpki_net
driver: bridge

5
tests/test_server_transports.rs
View File

@ -1,8 +1,9 @@
use arc_swap::ArcSwap;
use std::fs; use std::fs;
use std::io::BufReader; use std::io::BufReader;
use std::net::SocketAddr; use std::net::SocketAddr;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::sync::{Arc, RwLock}; use std::sync::Arc;
use std::time::Duration; use std::time::Duration;
use rustls::{ClientConfig, RootCertStore}; use rustls::{ClientConfig, RootCertStore};
@ -45,7 +46,7 @@ fn load_pem_key(path: &Path) -> PrivateKeyDer<'static> {
} }
fn test_cache() -> SharedRtrCache { fn test_cache() -> SharedRtrCache {
Arc::new(RwLock::new( Arc::new(ArcSwap::from_pointee(
RtrCacheBuilder::new() RtrCacheBuilder::new()
.session_ids(SessionIds::from_array([42, 42, 42])) .session_ids(SessionIds::from_array([42, 42, 42]))
.serials([100, 100, 100]) .serials([100, 100, 100])

14
tests/test_session.rs
View File

@ -157,9 +157,17 @@ async fn start_tls_session_server_with_cert(
return; return;
}; };
let _ = let _ = handle_tls_connection(
handle_tls_connection(cache, stream, peer_addr, acceptor, notify_rx, shutdown_rx, None) cache,
.await; stream,
peer_addr,
acceptor,
true,
notify_rx,
shutdown_rx,
None,
)
.await;
}); });
(addr, shutdown_tx, handle) (addr, shutdown_tx, handle)