NASP/rpki
63
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改bird配置

Browse Source
This commit is contained in:
xiuting.xu 2026-05-08 09:54:00 +08:00
parent 897d168ceb
commit ca0cf4800a
7 changed files with 75 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
deploy/bird/Dockerfile
View File

@ -35,6 +35,7 @@ FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
gettext-base \
netcat-openbsd \
libreadline8 \
libncurses6 \

3
deploy/bird/README.md
View File

@ -73,7 +73,8 @@ docker logs -f bird-rpki-client
## Notes
- This setup targets RTR over TCP (`remote "host.docker.internal" port 323`).
- This setup renders `bird.conf.template` at startup and uses `RPKI_HOST` / `RPKI_PORT`
for the RTR endpoint.
- `network_mode: host` expects your RTR server to be reachable at
`host.docker.internal:323` from the container.
- Observation is controlled by env vars:

30
deploy/bird/bird.conf.ssh.template Normal file
View File

@ -0,0 +1,30 @@
log stderr all;
router id 192.0.2.2;
roa4 table rtr_roa_v4;
roa6 table rtr_roa_v6;
aspa table rtr_aspa;
protocol device {
}
protocol rpki rpki_ssh {
roa4 { table rtr_roa_v4; };
roa6 { table rtr_roa_v6; };
aspa { table rtr_aspa; };
remote "${RPKI_HOST}" port ${RPKI_PORT};
min version 2;
max version 2;
refresh 3600;
retry 600;
expire 7200;
transport ssh {
user "rpki-rtr";
bird private key "/config/ssh/bird-rtr-client-rsa.pem";
remote public key "/run/bird/known_hosts";
};
}

28
deploy/bird/bird.conf.template Normal file
View File

@ -0,0 +1,28 @@
log stderr all;
router id 192.0.2.2;
roa4 table rtr_roa_v4;
roa6 table rtr_roa_v6;
aspa table rtr_aspa;
protocol device {
}
protocol rpki rpki_tcp {
roa4 { table rtr_roa_v4; };
roa6 { table rtr_roa_v6; };
aspa { table rtr_aspa; };
remote "${RPKI_HOST}" port ${RPKI_PORT};
min version 2;
max version 2;
refresh 3600;
retry 600;
expire 7200;
transport tcp {
authentication none;
};
}

5
deploy/bird/docker-compose.ssh.yml
View File

@ -1,9 +1,10 @@
services:
bird-rpki-client:
environment:
RPKI_HOST: "host.docker.internal"
BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.ssh.template"
RPKI_HOST: "0.0.0.0"
RPKI_PORT: "${RPKI_RTR_SSH_PORT:-22}"
OBSERVE_PROTO: "rpki_ssh"
volumes:
- ./bird.conf.ssh.example:/config/bird.conf:ro
- ./bird.conf.ssh.template:/config/bird.conf.ssh.template:ro
- ../../certs:/config/ssh:ro

6
deploy/bird/docker-compose.yml
View File

@ -9,9 +9,9 @@ services:
restart: unless-stopped
network_mode: host
environment:
BIRD_CONFIG_PATH: "/config/bird.conf"
BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.template"
RPKI_HOST: "host.docker.internal"
RPKI_HOST: "0.0.0.0"
RPKI_PORT: "323"
OBSERVE_PROTO: "rpki_tcp"
@ -31,5 +31,5 @@ services:
SHOW_ROA4: "1"
SHOW_ROA6: "1"
volumes:
- ./bird.conf:/config/bird.conf:ro
- ./bird.conf.template:/config/bird.conf.template:ro
- ../../logs/bird:/app/logs

8
deploy/bird/entrypoint.sh
View File

@ -12,6 +12,7 @@ RPKI_HOST="${RPKI_HOST:-host.docker.internal}"
RPKI_PORT="${RPKI_PORT:-323}"
BIRD_CONFIG_PATH="${BIRD_CONFIG_PATH:-/config/bird.conf}"
BIRD_CONFIG_TEMPLATE_PATH="${BIRD_CONFIG_TEMPLATE_PATH:-/config/bird.conf.template}"
ASPA_TABLE="${OBSERVE_ASPA_TABLE:-rtr_aspa}"
ROA4_TABLE="${OBSERVE_ROA4_TABLE:-rtr_roa_v4}"
@ -35,6 +36,13 @@ STDERR_LOG="${LOG_DIR}/${LOG_NAME}.stderr.log"
mkdir -p "$LOG_DIR"
exec >>"$STDOUT_LOG" 2>>"$STDERR_LOG"
if [ -r "$BIRD_CONFIG_TEMPLATE_PATH" ]; then
RENDERED_CONFIG_PATH="/run/bird/bird.generated.conf"
envsubst '${RPKI_HOST} ${RPKI_PORT}' < "$BIRD_CONFIG_TEMPLATE_PATH" > "$RENDERED_CONFIG_PATH"
BIRD_CONFIG_PATH="$RENDERED_CONFIG_PATH"
echo "[entrypoint] rendered config : $BIRD_CONFIG_TEMPLATE_PATH -> $BIRD_CONFIG_PATH"
fi
ensure_ssh_known_hosts() {
if [ -s "$SSH_KNOWN_HOSTS_PATH" ]; then
return