修改dockerfile及docker-compose，失败后不要重新启动，方便测试

.gitignore

@@ -2,3 +2,4 @@ target/
 Cargo.lock
 rtr-db/
 .idea/
+logs/

certs/rtr-authorized_keys

@@ -1,3 +1,5 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9MkggFr9ic5Ply9tPzsldgut9WAb0bgdDomFtBezDC4rzi/8vWUhzZv+lezWnyKYnMPHe80FEZ8+5QrNjS2GV6KMDxQZN7Wr4Lzh+eQv3hcT+TG6CUa7KjXvuq8P6UYGW9LCn8d36YGmxXkbEtUJlmA2dRemx6xlrpXavCaXLgTph+3eoe2mWTMukwHjzuu4PXhElfCFGZnTMXAkjimCfrH+11YMb1NpMosm/8H8aYZZGAkGPljKAjOLPwAXgn77hoIlRKlslesCmTBJCnmyp/0raIXAW3nkuMnkW9ORdt1Ti7yXsRv+flFBhFh7hM9SfqgbMAkDem1TugDTFTBRkiesh2Y+sQbgk0YO2T5PF+NVLZuuTssog3JyMbRYADZGjzdnvVSG4ICR+1fVehelOnMo1tgSsk3M8WkM5wgfn5HATYcBXaiHo97Q0CHzGKI4KrOqvTc4Bb/uh0VQIecpQajGuZqsWDlxkwk1hd1/s84Qo6kk/iZWKk+S+8uXlHRc= xuxiuting@LAPTOP-A2IH6TNR
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9gxH/EK68bxW8dKY/cTV54Ek4VV2lCMv9pcrSwi4w2tg1Vu4uMYizyWxkRpT3gI5NexNu/d2riAvTLFEJTuD2eaCWa4PuuVpKVNvCjhAXYhu+E0X0QZj3iDdmtSQioEGcYBzvFeADjp8R/JMv8RTDZVEuIZGSS5e7xmZQ45CvWBcrD9EstaOX3oA9reYm3ucE2wHGS8tEXFLik3qh52l3trKY0b+Hkd26P7BreoELPegQK/Cek9KJBtp9rRvRuOuzx5VixnLIgyz9TII+1O3x3c3hHullKQ3DSl6CDHpNnujPetvPbldIwUR1GfkjG/AxKjHtc2yZ915XfFi/qaMc6ehmPKO+t3geEjcL6W4sArzs8xkYs204daz1f9/CLtpJVBhsUNkhoz1lRbnaqZr8LuwjlujX3te0UltX3u7D00gKUwRZHw8GE1ksIO2USvZaTggscBykJzq7oG6FvrNy/L8htHWEzDlJZKDUriR6ZxaufcRwK3RFGx0307NQCVE=
 
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8D3Wi1t5zBkW0OJlxXab8DxE/0L6vUOZoOL/W0FqqV41G3dZQJ0w8QXk0YIFar/na1bAvesFcQSnSBwQdihNnl2MCUCMtpCmFsUZBT+HdZYMRU6UYWcYJzgM/bpJGn+gLTVCk6WBP1n+bbGQxkaFmj2hHa/v4BGYX1CvGWP0eO4NaZkg6eXkMZeZsjSwE6zU8y06+ZTZok0pVTeEPfflnQn1zk25u5BC1L++XRclBiBsIyH3gGVsQGmknovLNwgttQB9rKXZT2xAYSt/0KOTA64hOlEE75/XQFBKkaPOdFgJfhh/vWWEfWuLqU4qG6k5bXCALqSRBNy8j2G5vV48u2Y6JZQJ+etzZ5mWM2yyopZgL37m/1hrr5qKRKU6F5Sgwk/ULnQ9MycypF80YuffIUpNP8JpAHDVMw7/5F+xvzQ6P07fIX3MIdMWtSxif1Pa26lGL9phZ8t7dySpMEsuFJYt+Jj1Lj1T990/lKTyXgmwDLET2gfpGiQkitnFHT2k=
+

deploy/README.md

@@ -14,7 +14,6 @@
 路径：
 - `deploy/server/Dockerfile`
 - `deploy/server/docker-compose.yml`
-- `deploy/server/supervisord.conf`
 - `deploy/server/DEPLOYMENT.md`
 
 单独 build 镜像：

deploy/bird/_debug_ssh.conf

@@ -1,4 +1,5 @@
 log stderr all;
+debug protocols all;
 router id 192.0.2.2;
 
 roa4 table rtr_roa_v4;
@@ -24,8 +25,7 @@ protocol rpki rpki_ssh {
 
   transport ssh {
     user "rpki-rtr";
-    bird private key "/config/ssh/rtr-client.key";
+    bird private key "/config/ssh/bird-rtr-client-rsa.pem";
     remote public key "/run/bird/known_hosts";
-    subsystem "rpki-rtr";
   };
 }

deploy/bird/bird.conf.ssh.example

@@ -24,7 +24,7 @@ protocol rpki rpki_ssh {
 
   transport ssh {
     user "rpki-rtr";
-    bird private key "/config/ssh/bird-rtr-client.pem";
+    bird private key "/config/ssh/bird-rtr-client-rsa.pem";
     remote public key "/run/bird/known_hosts";
   };
 }

deploy/client/docker-compose.clients.yml

@@ -7,7 +7,7 @@ services:
     command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
-    restart: unless-stopped
+    restart: no
 
   rtr-client-2:
     image: rpki-rtr-debug-client:latest
@@ -15,7 +15,7 @@ services:
     command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
-    restart: unless-stopped
+    restart: no
 
   rtr-client-3:
     image: rpki-rtr-debug-client:latest
@@ -23,7 +23,7 @@ services:
     command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
-    restart: unless-stopped
+    restart: no
 
   rtr-client-4:
     image: rpki-rtr-debug-client:latest
@@ -31,7 +31,7 @@ services:
     command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
-    restart: unless-stopped
+    restart: no
 
   rtr-client-5:
     image: rpki-rtr-debug-client:latest
@@ -39,4 +39,4 @@ services:
     command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
-    restart: unless-stopped
+    restart: no

deploy/client/docker-compose.ssh.yml

@@ -25,6 +25,6 @@ services:
     volumes:
       - ../../certs:/app/certs:ro
       - ../../logs/client:/app/logs
-    restart: unless-stopped
+    restart: no
     stdin_open: true
     tty: true

deploy/client/docker-compose.tls.yml

@@ -27,6 +27,6 @@ services:
     volumes:
       - ../../tests/fixtures/tls:/app/certs:ro
       - ../../logs/client:/app/logs
-    restart: unless-stopped
+    restart: no
     stdin_open: true
     tty: true

deploy/client/docker-compose.yml

@@ -8,6 +8,6 @@ services:
     command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
-    restart: unless-stopped
+    restart: no
     stdin_open: true
     tty: true

deploy/server/DEPLOYMENT.md

@@ -1,4 +1,4 @@
-# Deployment (Supervisor + Docker Compose)
+# Deployment (Docker Compose)
 
 This project runs `src/main.rs` as a long-running server that:
 
@@ -6,12 +6,11 @@ This project runs `src/main.rs` as a long-running server that:
 2. applies optional SLURM filtering,
 3. starts RTR server.
 
-`supervisord` is used as PID 1 in container to keep the process managed and auto-restarted.
+The container runs `rpki` directly as PID 1.
 
 ## Files
 
 - `deploy/server/Dockerfile`
-- `deploy/server/supervisord.conf`
 - `deploy/server/docker-compose.yml`
 
 ## Runtime Paths in Container

deploy/server/Dockerfile

@@ -56,15 +56,13 @@ RUN apt-get update \
         -o Acquire::Retries=10 \
         -o Acquire::http::Timeout=60 \
         ca-certificates \
-        supervisor \
     && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 
 COPY --from=builder /build/target/release/rpki /usr/local/bin/rpki
-COPY deploy/server/supervisord.conf /etc/supervisor/conf.d/rpki-rtr.conf
 
-RUN mkdir -p /app/data /app/rtr-db /app/certs /app/slurm /app/logs /var/log/supervisor
+RUN mkdir -p /app/data /app/rtr-db /app/certs /app/slurm /app/logs
 
 ENV RPKI_RTR_ENABLE_TLS=false \
     RPKI_RTR_TCP_ADDR=0.0.0.0:323 \
@@ -77,4 +75,4 @@ ENV RPKI_RTR_ENABLE_TLS=false \
 
 EXPOSE 323 324
 
-CMD ["supervisord", "-n", "-c", "/etc/supervisor/conf.d/rpki-rtr.conf"]
+CMD ["/usr/local/bin/rpki"]

deploy/server/docker-compose.ssh.yml

@@ -7,7 +7,7 @@ services:
       dockerfile: deploy/server/Dockerfile
     image: rpki-rtr:latest
     container_name: rpki-rtr-ssh
-    restart: unless-stopped
+    restart: no
     ports:
       - "323:323"
       - "${RPKI_RTR_SSH_PORT:-22}:${RPKI_RTR_SSH_PORT:-22}"

deploy/server/docker-compose.tcp.yml

@@ -7,7 +7,7 @@ services:
       dockerfile: deploy/server/Dockerfile
     image: rpki-rtr:latest
     container_name: rpki-rtr-tcp
-    restart: unless-stopped
+    restart: no
     ports:
       - "323:323"
     environment:

deploy/server/docker-compose.tls.yml

@@ -7,7 +7,7 @@ services:
       dockerfile: deploy/server/Dockerfile
     image: rpki-rtr:latest
     container_name: rpki-rtr-tls
-    restart: unless-stopped
+    restart: no
     ports:
       - "323:323"
       - "324:324"

deploy/server/docker-compose.yml

@@ -7,7 +7,7 @@ services:
       dockerfile: deploy/server/Dockerfile
     image: rpki-rtr:latest
     container_name: rpki-rtr
-    restart: unless-stopped
+    restart: no
     ports:
       - "323:323"
       - "324:324"

deploy/server/supervisord.conf

@@ -1,20 +0,0 @@
-[supervisord]
-nodaemon=true
-logfile=/dev/null
-pidfile=/tmp/supervisord.pid
-
-[program:rpki-rtr]
-command=/usr/local/bin/rpki
-autostart=true
-autorestart=true
-startsecs=2
-startretries=3
-stopsignal=TERM
-stopasgroup=true
-killasgroup=true
-stdout_logfile=/app/logs/rpki-rtr.stdout.log
-stdout_logfile_maxbytes=50MB
-stdout_logfile_backups=10
-stderr_logfile=/app/logs/rpki-rtr.stderr.log
-stderr_logfile_maxbytes=50MB
-stderr_logfile_backups=10