diff --git a/.gitignore b/.gitignore index 1d9b68b..c9f0091 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ target/ Cargo.lock rtr-db/ .idea/ +logs/ diff --git a/certs/rtr-authorized_keys b/certs/rtr-authorized_keys index 98408cd..b490159 100644 --- a/certs/rtr-authorized_keys +++ b/certs/rtr-authorized_keys @@ -1,3 +1,5 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9MkggFr9ic5Ply9tPzsldgut9WAb0bgdDomFtBezDC4rzi/8vWUhzZv+lezWnyKYnMPHe80FEZ8+5QrNjS2GV6KMDxQZN7Wr4Lzh+eQv3hcT+TG6CUa7KjXvuq8P6UYGW9LCn8d36YGmxXkbEtUJlmA2dRemx6xlrpXavCaXLgTph+3eoe2mWTMukwHjzuu4PXhElfCFGZnTMXAkjimCfrH+11YMb1NpMosm/8H8aYZZGAkGPljKAjOLPwAXgn77hoIlRKlslesCmTBJCnmyp/0raIXAW3nkuMnkW9ORdt1Ti7yXsRv+flFBhFh7hM9SfqgbMAkDem1TugDTFTBRkiesh2Y+sQbgk0YO2T5PF+NVLZuuTssog3JyMbRYADZGjzdnvVSG4ICR+1fVehelOnMo1tgSsk3M8WkM5wgfn5HATYcBXaiHo97Q0CHzGKI4KrOqvTc4Bb/uh0VQIecpQajGuZqsWDlxkwk1hd1/s84Qo6kk/iZWKk+S+8uXlHRc= xuxiuting@LAPTOP-A2IH6TNR ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9gxH/EK68bxW8dKY/cTV54Ek4VV2lCMv9pcrSwi4w2tg1Vu4uMYizyWxkRpT3gI5NexNu/d2riAvTLFEJTuD2eaCWa4PuuVpKVNvCjhAXYhu+E0X0QZj3iDdmtSQioEGcYBzvFeADjp8R/JMv8RTDZVEuIZGSS5e7xmZQ45CvWBcrD9EstaOX3oA9reYm3ucE2wHGS8tEXFLik3qh52l3trKY0b+Hkd26P7BreoELPegQK/Cek9KJBtp9rRvRuOuzx5VixnLIgyz9TII+1O3x3c3hHullKQ3DSl6CDHpNnujPetvPbldIwUR1GfkjG/AxKjHtc2yZ915XfFi/qaMc6ehmPKO+t3geEjcL6W4sArzs8xkYs204daz1f9/CLtpJVBhsUNkhoz1lRbnaqZr8LuwjlujX3te0UltX3u7D00gKUwRZHw8GE1ksIO2USvZaTggscBykJzq7oG6FvrNy/L8htHWEzDlJZKDUriR6ZxaufcRwK3RFGx0307NQCVE= +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8D3Wi1t5zBkW0OJlxXab8DxE/0L6vUOZoOL/W0FqqV41G3dZQJ0w8QXk0YIFar/na1bAvesFcQSnSBwQdihNnl2MCUCMtpCmFsUZBT+HdZYMRU6UYWcYJzgM/bpJGn+gLTVCk6WBP1n+bbGQxkaFmj2hHa/v4BGYX1CvGWP0eO4NaZkg6eXkMZeZsjSwE6zU8y06+ZTZok0pVTeEPfflnQn1zk25u5BC1L++XRclBiBsIyH3gGVsQGmknovLNwgttQB9rKXZT2xAYSt/0KOTA64hOlEE75/XQFBKkaPOdFgJfhh/vWWEfWuLqU4qG6k5bXCALqSRBNy8j2G5vV48u2Y6JZQJ+etzZ5mWM2yyopZgL37m/1hrr5qKRKU6F5Sgwk/ULnQ9MycypF80YuffIUpNP8JpAHDVMw7/5F+xvzQ6P07fIX3MIdMWtSxif1Pa26lGL9phZ8t7dySpMEsuFJYt+Jj1Lj1T990/lKTyXgmwDLET2gfpGiQkitnFHT2k= + diff --git a/deploy/README.md b/deploy/README.md index 093207c..daea8aa 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -14,7 +14,6 @@ 路径: - `deploy/server/Dockerfile` - `deploy/server/docker-compose.yml` -- `deploy/server/supervisord.conf` - `deploy/server/DEPLOYMENT.md` 单独 build 镜像: diff --git a/deploy/bird/_probe_subsystem.conf b/deploy/bird/_debug_ssh.conf similarity index 84% rename from deploy/bird/_probe_subsystem.conf rename to deploy/bird/_debug_ssh.conf index 5292756..d540aca 100644 --- a/deploy/bird/_probe_subsystem.conf +++ b/deploy/bird/_debug_ssh.conf @@ -1,4 +1,5 @@ log stderr all; +debug protocols all; router id 192.0.2.2; roa4 table rtr_roa_v4; @@ -24,8 +25,7 @@ protocol rpki rpki_ssh { transport ssh { user "rpki-rtr"; - bird private key "/config/ssh/rtr-client.key"; + bird private key "/config/ssh/bird-rtr-client-rsa.pem"; remote public key "/run/bird/known_hosts"; - subsystem "rpki-rtr"; }; } diff --git a/deploy/bird/bird.conf.ssh.example b/deploy/bird/bird.conf.ssh.example index e419d4a..e6facff 100644 --- a/deploy/bird/bird.conf.ssh.example +++ b/deploy/bird/bird.conf.ssh.example @@ -24,7 +24,7 @@ protocol rpki rpki_ssh { transport ssh { user "rpki-rtr"; - bird private key "/config/ssh/bird-rtr-client.pem"; + bird private key "/config/ssh/bird-rtr-client-rsa.pem"; remote public key "/run/bird/known_hosts"; }; } diff --git a/deploy/client/docker-compose.clients.yml b/deploy/client/docker-compose.clients.yml index afb6d62..bd64331 100644 --- a/deploy/client/docker-compose.clients.yml +++ b/deploy/client/docker-compose.clients.yml @@ -7,7 +7,7 @@ services: command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"] volumes: - ../../logs/client:/app/logs - restart: unless-stopped + restart: no rtr-client-2: image: rpki-rtr-debug-client:latest @@ -15,7 +15,7 @@ services: command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"] volumes: - ../../logs/client:/app/logs - restart: unless-stopped + restart: no rtr-client-3: image: rpki-rtr-debug-client:latest @@ -23,7 +23,7 @@ services: command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"] volumes: - ../../logs/client:/app/logs - restart: unless-stopped + restart: no rtr-client-4: image: rpki-rtr-debug-client:latest @@ -31,7 +31,7 @@ services: command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"] volumes: - ../../logs/client:/app/logs - restart: unless-stopped + restart: no rtr-client-5: image: rpki-rtr-debug-client:latest @@ -39,4 +39,4 @@ services: command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"] volumes: - ../../logs/client:/app/logs - restart: unless-stopped + restart: no diff --git a/deploy/client/docker-compose.ssh.yml b/deploy/client/docker-compose.ssh.yml index 3b6c569..538f011 100644 --- a/deploy/client/docker-compose.ssh.yml +++ b/deploy/client/docker-compose.ssh.yml @@ -25,6 +25,6 @@ services: volumes: - ../../certs:/app/certs:ro - ../../logs/client:/app/logs - restart: unless-stopped + restart: no stdin_open: true tty: true diff --git a/deploy/client/docker-compose.tls.yml b/deploy/client/docker-compose.tls.yml index de8204f..987a35f 100644 --- a/deploy/client/docker-compose.tls.yml +++ b/deploy/client/docker-compose.tls.yml @@ -27,6 +27,6 @@ services: volumes: - ../../tests/fixtures/tls:/app/certs:ro - ../../logs/client:/app/logs - restart: unless-stopped + restart: no stdin_open: true tty: true diff --git a/deploy/client/docker-compose.yml b/deploy/client/docker-compose.yml index 470d103..16fa4ca 100644 --- a/deploy/client/docker-compose.yml +++ b/deploy/client/docker-compose.yml @@ -8,6 +8,6 @@ services: command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"] volumes: - ../../logs/client:/app/logs - restart: unless-stopped + restart: no stdin_open: true tty: true diff --git a/deploy/server/DEPLOYMENT.md b/deploy/server/DEPLOYMENT.md index 6db9785..3adbfca 100644 --- a/deploy/server/DEPLOYMENT.md +++ b/deploy/server/DEPLOYMENT.md @@ -1,4 +1,4 @@ -# Deployment (Supervisor + Docker Compose) +# Deployment (Docker Compose) This project runs `src/main.rs` as a long-running server that: @@ -6,12 +6,11 @@ This project runs `src/main.rs` as a long-running server that: 2. applies optional SLURM filtering, 3. starts RTR server. -`supervisord` is used as PID 1 in container to keep the process managed and auto-restarted. +The container runs `rpki` directly as PID 1. ## Files - `deploy/server/Dockerfile` -- `deploy/server/supervisord.conf` - `deploy/server/docker-compose.yml` ## Runtime Paths in Container diff --git a/deploy/server/Dockerfile b/deploy/server/Dockerfile index 88b518c..501d280 100644 --- a/deploy/server/Dockerfile +++ b/deploy/server/Dockerfile @@ -56,15 +56,13 @@ RUN apt-get update \ -o Acquire::Retries=10 \ -o Acquire::http::Timeout=60 \ ca-certificates \ - supervisor \ && rm -rf /var/lib/apt/lists/* WORKDIR /app COPY --from=builder /build/target/release/rpki /usr/local/bin/rpki -COPY deploy/server/supervisord.conf /etc/supervisor/conf.d/rpki-rtr.conf -RUN mkdir -p /app/data /app/rtr-db /app/certs /app/slurm /app/logs /var/log/supervisor +RUN mkdir -p /app/data /app/rtr-db /app/certs /app/slurm /app/logs ENV RPKI_RTR_ENABLE_TLS=false \ RPKI_RTR_TCP_ADDR=0.0.0.0:323 \ @@ -77,4 +75,4 @@ ENV RPKI_RTR_ENABLE_TLS=false \ EXPOSE 323 324 -CMD ["supervisord", "-n", "-c", "/etc/supervisor/conf.d/rpki-rtr.conf"] \ No newline at end of file +CMD ["/usr/local/bin/rpki"] diff --git a/deploy/server/docker-compose.ssh.yml b/deploy/server/docker-compose.ssh.yml index 8c0b432..e047705 100644 --- a/deploy/server/docker-compose.ssh.yml +++ b/deploy/server/docker-compose.ssh.yml @@ -7,7 +7,7 @@ services: dockerfile: deploy/server/Dockerfile image: rpki-rtr:latest container_name: rpki-rtr-ssh - restart: unless-stopped + restart: no ports: - "323:323" - "${RPKI_RTR_SSH_PORT:-22}:${RPKI_RTR_SSH_PORT:-22}" diff --git a/deploy/server/docker-compose.tcp.yml b/deploy/server/docker-compose.tcp.yml index a87cd00..004fb00 100644 --- a/deploy/server/docker-compose.tcp.yml +++ b/deploy/server/docker-compose.tcp.yml @@ -7,7 +7,7 @@ services: dockerfile: deploy/server/Dockerfile image: rpki-rtr:latest container_name: rpki-rtr-tcp - restart: unless-stopped + restart: no ports: - "323:323" environment: diff --git a/deploy/server/docker-compose.tls.yml b/deploy/server/docker-compose.tls.yml index 4ecec57..ad75e50 100644 --- a/deploy/server/docker-compose.tls.yml +++ b/deploy/server/docker-compose.tls.yml @@ -7,7 +7,7 @@ services: dockerfile: deploy/server/Dockerfile image: rpki-rtr:latest container_name: rpki-rtr-tls - restart: unless-stopped + restart: no ports: - "323:323" - "324:324" diff --git a/deploy/server/docker-compose.yml b/deploy/server/docker-compose.yml index 7d55e77..46a47eb 100644 --- a/deploy/server/docker-compose.yml +++ b/deploy/server/docker-compose.yml @@ -7,7 +7,7 @@ services: dockerfile: deploy/server/Dockerfile image: rpki-rtr:latest container_name: rpki-rtr - restart: unless-stopped + restart: no ports: - "323:323" - "324:324" diff --git a/deploy/server/supervisord.conf b/deploy/server/supervisord.conf deleted file mode 100644 index 2355ce7..0000000 --- a/deploy/server/supervisord.conf +++ /dev/null @@ -1,20 +0,0 @@ -[supervisord] -nodaemon=true -logfile=/dev/null -pidfile=/tmp/supervisord.pid - -[program:rpki-rtr] -command=/usr/local/bin/rpki -autostart=true -autorestart=true -startsecs=2 -startretries=3 -stopsignal=TERM -stopasgroup=true -killasgroup=true -stdout_logfile=/app/logs/rpki-rtr.stdout.log -stdout_logfile_maxbytes=50MB -stdout_logfile_backups=10 -stderr_logfile=/app/logs/rpki-rtr.stderr.log -stderr_logfile_maxbytes=50MB -stderr_logfile_backups=10