修改bird配置

2026-05-08 09:54:00 +08:00 · 2026-05-08 09:54:00 +08:00 · ca0cf4800a
commit ca0cf4800a
parent 897d168ceb
7 changed files with 75 additions and 6 deletions
--- a/deploy/bird/Dockerfile
+++ b/deploy/bird/Dockerfile
@ -35,6 +35,7 @@ FROM debian:bookworm-slim
 RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    gettext-base \
    netcat-openbsd \
    libreadline8 \
    libncurses6 \
--- a/deploy/bird/README.md
+++ b/deploy/bird/README.md
@ -73,7 +73,8 @@ docker logs -f bird-rpki-client
 ## Notes
- This setup targets RTR over TCP (`remote "host.docker.internal" port 323`).
+- This setup renders `bird.conf.template` at startup and uses `RPKI_HOST` / `RPKI_PORT`
  for the RTR endpoint.
 - `network_mode: host` expects your RTR server to be reachable at
  `host.docker.internal:323` from the container.
 - Observation is controlled by env vars:
--- a/deploy/bird/bird.conf.ssh.template
+++ b/deploy/bird/bird.conf.ssh.template
@ -0,0 +1,30 @@
 log stderr all;
 router id 192.0.2.2;
 roa4 table rtr_roa_v4;
 roa6 table rtr_roa_v6;
 aspa table rtr_aspa;
 protocol device {
 }
 protocol rpki rpki_ssh {
  roa4 { table rtr_roa_v4; };
  roa6 { table rtr_roa_v6; };
  aspa { table rtr_aspa; };
  remote "${RPKI_HOST}" port ${RPKI_PORT};
  min version 2;
  max version 2;
  refresh 3600;
  retry 600;
  expire 7200;
  transport ssh {
    user "rpki-rtr";
    bird private key "/config/ssh/bird-rtr-client-rsa.pem";
    remote public key "/run/bird/known_hosts";
  };
 }
--- a/deploy/bird/bird.conf.template
+++ b/deploy/bird/bird.conf.template
@ -0,0 +1,28 @@
 log stderr all;
 router id 192.0.2.2;
 roa4 table rtr_roa_v4;
 roa6 table rtr_roa_v6;
 aspa table rtr_aspa;
 protocol device {
 }
 protocol rpki rpki_tcp {
  roa4 { table rtr_roa_v4; };
  roa6 { table rtr_roa_v6; };
  aspa { table rtr_aspa; };
  remote "${RPKI_HOST}" port ${RPKI_PORT};
  min version 2;
  max version 2;
  refresh 3600;
  retry 600;
  expire 7200;
  transport tcp {
    authentication none;
  };
 }
--- a/deploy/bird/docker-compose.ssh.yml
+++ b/deploy/bird/docker-compose.ssh.yml
@ -1,9 +1,10 @@
 services:
  bird-rpki-client:
    environment:
-      RPKI_HOST: "host.docker.internal"
+      BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.ssh.template"
      RPKI_HOST: "0.0.0.0"
      RPKI_PORT: "${RPKI_RTR_SSH_PORT:-22}"
      OBSERVE_PROTO: "rpki_ssh"
    volumes:
-      - ./bird.conf.ssh.example:/config/bird.conf:ro
+      - ./bird.conf.ssh.template:/config/bird.conf.ssh.template:ro
      - ../../certs:/config/ssh:ro
--- a/deploy/bird/docker-compose.yml
+++ b/deploy/bird/docker-compose.yml
@ -9,9 +9,9 @@ services:
    restart: unless-stopped
    network_mode: host
    environment:
-      BIRD_CONFIG_PATH: "/config/bird.conf"
+      BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.template"
-      RPKI_HOST: "host.docker.internal"
+      RPKI_HOST: "0.0.0.0"
      RPKI_PORT: "323"
      OBSERVE_PROTO: "rpki_tcp"
@ -31,5 +31,5 @@ services:
      SHOW_ROA4: "1"
      SHOW_ROA6: "1"
    volumes:
-      - ./bird.conf:/config/bird.conf:ro
+      - ./bird.conf.template:/config/bird.conf.template:ro
      - ../../logs/bird:/app/logs
--- a/deploy/bird/entrypoint.sh
+++ b/deploy/bird/entrypoint.sh
@ -12,6 +12,7 @@ RPKI_HOST="${RPKI_HOST:-host.docker.internal}"
 RPKI_PORT="${RPKI_PORT:-323}"
 BIRD_CONFIG_PATH="${BIRD_CONFIG_PATH:-/config/bird.conf}"
 BIRD_CONFIG_TEMPLATE_PATH="${BIRD_CONFIG_TEMPLATE_PATH:-/config/bird.conf.template}"
 ASPA_TABLE="${OBSERVE_ASPA_TABLE:-rtr_aspa}"
 ROA4_TABLE="${OBSERVE_ROA4_TABLE:-rtr_roa_v4}"
@ -35,6 +36,13 @@ STDERR_LOG="${LOG_DIR}/${LOG_NAME}.stderr.log"
 mkdir -p "$LOG_DIR"
 exec >>"$STDOUT_LOG" 2>>"$STDERR_LOG"
 if [ -r "$BIRD_CONFIG_TEMPLATE_PATH" ]; then
  RENDERED_CONFIG_PATH="/run/bird/bird.generated.conf"
  envsubst '${RPKI_HOST} ${RPKI_PORT}' < "$BIRD_CONFIG_TEMPLATE_PATH" > "$RENDERED_CONFIG_PATH"
  BIRD_CONFIG_PATH="$RENDERED_CONFIG_PATH"
  echo "[entrypoint] rendered config  : $BIRD_CONFIG_TEMPLATE_PATH -> $BIRD_CONFIG_PATH"
 fi
 ensure_ssh_known_hosts() {
  if [ -s "$SSH_KNOWN_HOSTS_PATH" ]; then
    return