增加环境变量
This commit is contained in:
xiuting.xu
parent
a11f2bc864
commit
cdf9372929
33
deploy/bird/.env
Normal file
33
deploy/bird/.env
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# Build-time image knob.
|
||||||
|
RPKI_BIRD_VERSION=3.2.1
|
||||||
|
|
||||||
|
# TCP mode target endpoint.
|
||||||
|
RPKI_BIRD_RPKI_HOST=rpki-rtr-tcp
|
||||||
|
RPKI_BIRD_RPKI_PORT=323
|
||||||
|
|
||||||
|
# SSH mode target endpoint.
|
||||||
|
RPKI_BIRD_SSH_RPKI_HOST=rpki-rtr
|
||||||
|
RPKI_RTR_SSH_PORT=22
|
||||||
|
|
||||||
|
# Config template paths in container.
|
||||||
|
RPKI_BIRD_CONFIG_TEMPLATE_PATH=/config/bird.conf.template
|
||||||
|
RPKI_BIRD_SSH_CONFIG_TEMPLATE_PATH=/config/bird.conf.ssh.template
|
||||||
|
|
||||||
|
# Observation and output knobs.
|
||||||
|
RPKI_BIRD_OBSERVE_PROTO=rpki_tcp
|
||||||
|
RPKI_BIRD_OBSERVE_MODE=interval
|
||||||
|
RPKI_BIRD_OBSERVE_DEBOUNCE_SECS=1
|
||||||
|
RPKI_BIRD_OBSERVE_INTERVAL=30
|
||||||
|
RPKI_BIRD_OBSERVE_ASPA_TABLE=rtr_aspa
|
||||||
|
RPKI_BIRD_OBSERVE_ROA4_TABLE=rtr_roa_v4
|
||||||
|
RPKI_BIRD_OBSERVE_ROA6_TABLE=rtr_roa_v6
|
||||||
|
RPKI_BIRD_OBSERVE_ASPA_COUNT=3
|
||||||
|
RPKI_BIRD_OBSERVE_ROA4_COUNT=3
|
||||||
|
RPKI_BIRD_OBSERVE_ROA6_COUNT=3
|
||||||
|
RPKI_BIRD_SHOW_ASPA=1
|
||||||
|
RPKI_BIRD_SHOW_ROA4=1
|
||||||
|
RPKI_BIRD_SHOW_ROA6=1
|
||||||
|
|
||||||
|
# Host volume mounts.
|
||||||
|
RPKI_BIRD_LOG_HOST_DIR=../../logs/bird
|
||||||
|
RPKI_BIRD_SSH_CERTS_HOST_DIR=../../certs
|
||||||
@ -1,13 +1,13 @@
|
|||||||
services:
|
services:
|
||||||
bird-rpki-client:
|
bird-rpki-client:
|
||||||
environment:
|
environment:
|
||||||
BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.ssh.template"
|
BIRD_CONFIG_TEMPLATE_PATH: "${RPKI_BIRD_SSH_CONFIG_TEMPLATE_PATH:-/config/bird.conf.ssh.template}"
|
||||||
RPKI_HOST: "rpki-rtr"
|
RPKI_HOST: "${RPKI_BIRD_SSH_RPKI_HOST:-rpki-rtr}"
|
||||||
RPKI_PORT: "${RPKI_RTR_SSH_PORT:-22}"
|
RPKI_PORT: "${RPKI_RTR_SSH_PORT:-22}"
|
||||||
OBSERVE_PROTO: "rpki_ssh"
|
OBSERVE_PROTO: "rpki_ssh"
|
||||||
volumes:
|
volumes:
|
||||||
- ./bird.conf.ssh.template:/config/bird.conf.ssh.template:ro
|
- ./bird.conf.ssh.template:/config/bird.conf.ssh.template:ro
|
||||||
- ../../certs:/config/ssh:ro
|
- ${RPKI_BIRD_SSH_CERTS_HOST_DIR:-../../certs}:/config/ssh:ro
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
|
|
||||||
|
|||||||
@ -4,34 +4,34 @@ services:
|
|||||||
context: .
|
context: .
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
args:
|
args:
|
||||||
BIRD_VERSION: "3.2.1"
|
BIRD_VERSION: "${RPKI_BIRD_VERSION:-3.2.1}"
|
||||||
container_name: bird-rpki-client
|
container_name: bird-rpki-client
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.template"
|
BIRD_CONFIG_TEMPLATE_PATH: "${RPKI_BIRD_CONFIG_TEMPLATE_PATH:-/config/bird.conf.template}"
|
||||||
|
|
||||||
RPKI_HOST: "rpki-rtr-tcp"
|
RPKI_HOST: "${RPKI_BIRD_RPKI_HOST:-rpki-rtr-tcp}"
|
||||||
RPKI_PORT: "323"
|
RPKI_PORT: "${RPKI_BIRD_RPKI_PORT:-323}"
|
||||||
|
|
||||||
OBSERVE_PROTO: "rpki_tcp"
|
OBSERVE_PROTO: "${RPKI_BIRD_OBSERVE_PROTO:-rpki_tcp}"
|
||||||
OBSERVE_MODE: "interval"
|
OBSERVE_MODE: "${RPKI_BIRD_OBSERVE_MODE:-interval}"
|
||||||
OBSERVE_DEBOUNCE_SECS: "1"
|
OBSERVE_DEBOUNCE_SECS: "${RPKI_BIRD_OBSERVE_DEBOUNCE_SECS:-1}"
|
||||||
OBSERVE_INTERVAL: "30"
|
OBSERVE_INTERVAL: "${RPKI_BIRD_OBSERVE_INTERVAL:-30}"
|
||||||
|
|
||||||
OBSERVE_ASPA_TABLE: "rtr_aspa"
|
OBSERVE_ASPA_TABLE: "${RPKI_BIRD_OBSERVE_ASPA_TABLE:-rtr_aspa}"
|
||||||
OBSERVE_ROA4_TABLE: "rtr_roa_v4"
|
OBSERVE_ROA4_TABLE: "${RPKI_BIRD_OBSERVE_ROA4_TABLE:-rtr_roa_v4}"
|
||||||
OBSERVE_ROA6_TABLE: "rtr_roa_v6"
|
OBSERVE_ROA6_TABLE: "${RPKI_BIRD_OBSERVE_ROA6_TABLE:-rtr_roa_v6}"
|
||||||
|
|
||||||
OBSERVE_ASPA_COUNT: "3"
|
OBSERVE_ASPA_COUNT: "${RPKI_BIRD_OBSERVE_ASPA_COUNT:-3}"
|
||||||
OBSERVE_ROA4_COUNT: "3"
|
OBSERVE_ROA4_COUNT: "${RPKI_BIRD_OBSERVE_ROA4_COUNT:-3}"
|
||||||
OBSERVE_ROA6_COUNT: "3"
|
OBSERVE_ROA6_COUNT: "${RPKI_BIRD_OBSERVE_ROA6_COUNT:-3}"
|
||||||
|
|
||||||
SHOW_ASPA: "1"
|
SHOW_ASPA: "${RPKI_BIRD_SHOW_ASPA:-1}"
|
||||||
SHOW_ROA4: "1"
|
SHOW_ROA4: "${RPKI_BIRD_SHOW_ROA4:-1}"
|
||||||
SHOW_ROA6: "1"
|
SHOW_ROA6: "${RPKI_BIRD_SHOW_ROA6:-1}"
|
||||||
volumes:
|
volumes:
|
||||||
- ./bird.conf.template:/config/bird.conf.template:ro
|
- ./bird.conf.template:/config/bird.conf.template:ro
|
||||||
- ../../logs/bird:/app/logs
|
- ${RPKI_BIRD_LOG_HOST_DIR:-../../logs/bird}:/app/logs
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
|
|
||||||
|
|||||||
@ -4,18 +4,24 @@
|
|||||||
# SSH example: 10.0.0.12:22
|
# SSH example: 10.0.0.12:22
|
||||||
RPKI_RTR_SERVER_ADDR=rpki-rtr-tcp:323
|
RPKI_RTR_SERVER_ADDR=rpki-rtr-tcp:323
|
||||||
|
|
||||||
|
|
||||||
# RTR protocol version used as client command second argument (supported: 0,1,2)
|
# RTR protocol version used as client command second argument (supported: 0,1,2)
|
||||||
RPKI_RTR_PROTOCOL_VERSION=2
|
RPKI_RTR_PROTOCOL_VERSION=2
|
||||||
|
|
||||||
# TLS server name used by --server-name in TLS mode
|
# TLS server name used by --server-name in TLS mode
|
||||||
# Must match server certificate SAN dNSName.
|
# Must match server certificate SAN dNSName.
|
||||||
RPKI_RTR_TLS_SERVER_NAME=localhost
|
RPKI_RTR_TLS_SERVER_NAME=localhost
|
||||||
|
RPKI_RTR_TLS_CA_CERT_PATH=/app/certs/client-ca.crt
|
||||||
|
RPKI_RTR_TLS_CLIENT_CERT_PATH=/app/certs/client-good.crt
|
||||||
|
RPKI_RTR_TLS_CLIENT_KEY_PATH=/app/certs/client-good.key
|
||||||
|
RPKI_RTR_TLS_CERTS_HOST_DIR=../../tests/fixtures/tls
|
||||||
|
|
||||||
|
# Shared client logs mount on host.
|
||||||
|
RPKI_RTR_CLIENT_LOG_HOST_DIR=../../logs/client
|
||||||
|
|
||||||
# SSH mode examples:
|
# SSH mode examples:
|
||||||
# RPKI_RTR_SERVER_ADDR=10.0.0.12:2222
|
# RPKI_RTR_SERVER_ADDR=10.0.0.12:2222
|
||||||
# RPKI_RTR_CLIENT_KEYS_VOLUME=../../certs:/app/certs:ro
|
RPKI_RTR_CLIENT_KEYS_VOLUME=../../certs:/app/certs:ro
|
||||||
# RPKI_RTR_CLIENT_KEY_PATH=/app/certs/rtr-client.key
|
RPKI_RTR_CLIENT_KEY_PATH=/app/certs/rtr-client.key
|
||||||
# RPKI_RTR_SSH_SERVER_PUBKEY_PATH=/app/certs/ssh_host_rsa_key.pub
|
RPKI_RTR_SSH_SERVER_PUBKEY_PATH=/app/certs/ssh_host_rsa_key.pub
|
||||||
# RPKI_RTR_SSH_USERNAME=rpki-rtr
|
RPKI_RTR_SSH_USERNAME=rpki-rtr
|
||||||
# RPKI_RTR_SSH_PASSWORD=your-password
|
RPKI_RTR_SSH_PASSWORD=
|
||||||
|
|||||||
@ -5,7 +5,7 @@ services:
|
|||||||
image: rpki-rtr-debug-client:latest
|
image: rpki-rtr-debug-client:latest
|
||||||
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
||||||
volumes:
|
volumes:
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
@ -14,7 +14,7 @@ services:
|
|||||||
image: rpki-rtr-debug-client:latest
|
image: rpki-rtr-debug-client:latest
|
||||||
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
||||||
volumes:
|
volumes:
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
@ -23,7 +23,7 @@ services:
|
|||||||
image: rpki-rtr-debug-client:latest
|
image: rpki-rtr-debug-client:latest
|
||||||
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
||||||
volumes:
|
volumes:
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
@ -32,7 +32,7 @@ services:
|
|||||||
image: rpki-rtr-debug-client:latest
|
image: rpki-rtr-debug-client:latest
|
||||||
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
||||||
volumes:
|
volumes:
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
@ -41,7 +41,7 @@ services:
|
|||||||
image: rpki-rtr-debug-client:latest
|
image: rpki-rtr-debug-client:latest
|
||||||
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
||||||
volumes:
|
volumes:
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
|
|||||||
@ -23,7 +23,7 @@ services:
|
|||||||
]
|
]
|
||||||
volumes:
|
volumes:
|
||||||
- ${RPKI_RTR_CLIENT_KEYS_VOLUME:-../../certs:/app/certs:ro}
|
- ${RPKI_RTR_CLIENT_KEYS_VOLUME:-../../certs:/app/certs:ro}
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
stdin_open: true
|
stdin_open: true
|
||||||
tty: true
|
tty: true
|
||||||
|
|||||||
@ -23,7 +23,7 @@ services:
|
|||||||
]
|
]
|
||||||
volumes:
|
volumes:
|
||||||
- ${RPKI_RTR_CLIENT_KEYS_VOLUME:-../../certs:/app/certs:ro}
|
- ${RPKI_RTR_CLIENT_KEYS_VOLUME:-../../certs:/app/certs:ro}
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
stdin_open: true
|
stdin_open: true
|
||||||
tty: true
|
tty: true
|
||||||
|
|||||||
@ -6,7 +6,7 @@ services:
|
|||||||
image: rpki-rtr-debug-client:latest
|
image: rpki-rtr-debug-client:latest
|
||||||
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
||||||
volumes:
|
volumes:
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
stdin_open: true
|
stdin_open: true
|
||||||
tty: true
|
tty: true
|
||||||
|
|||||||
@ -13,19 +13,19 @@ services:
|
|||||||
"reset",
|
"reset",
|
||||||
"--tls",
|
"--tls",
|
||||||
"--ca-cert",
|
"--ca-cert",
|
||||||
"/app/certs/client-ca.crt",
|
"${RPKI_RTR_TLS_CA_CERT_PATH:-/app/certs/client-ca.crt}",
|
||||||
"--server-name",
|
"--server-name",
|
||||||
"${RPKI_RTR_TLS_SERVER_NAME:-localhost}",
|
"${RPKI_RTR_TLS_SERVER_NAME:-localhost}",
|
||||||
"--client-cert",
|
"--client-cert",
|
||||||
"/app/certs/client-good.crt",
|
"${RPKI_RTR_TLS_CLIENT_CERT_PATH:-/app/certs/client-good.crt}",
|
||||||
"--client-key",
|
"--client-key",
|
||||||
"/app/certs/client-good.key",
|
"${RPKI_RTR_TLS_CLIENT_KEY_PATH:-/app/certs/client-good.key}",
|
||||||
"--keep-after-error",
|
"--keep-after-error",
|
||||||
"--summary-only"
|
"--summary-only"
|
||||||
]
|
]
|
||||||
volumes:
|
volumes:
|
||||||
- ../../tests/fixtures/tls:/app/certs:ro
|
- ${RPKI_RTR_TLS_CERTS_HOST_DIR:-../../tests/fixtures/tls}:/app/certs:ro
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
stdin_open: true
|
stdin_open: true
|
||||||
tty: true
|
tty: true
|
||||||
|
|||||||
@ -6,7 +6,7 @@ services:
|
|||||||
image: rpki-rtr-debug-client:latest
|
image: rpki-rtr-debug-client:latest
|
||||||
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
command: ["${RPKI_RTR_SERVER_ADDR:-rpki-rtr-tcp:323}", "${RPKI_RTR_PROTOCOL_VERSION:-2}", "reset", "--keep-after-error", "--summary-only"]
|
||||||
volumes:
|
volumes:
|
||||||
- ../../logs/client:/app/logs
|
- ${RPKI_RTR_CLIENT_LOG_HOST_DIR:-../../logs/client}:/app/logs
|
||||||
restart: no
|
restart: no
|
||||||
stdin_open: true
|
stdin_open: true
|
||||||
tty: true
|
tty: true
|
||||||
|
|||||||
@ -1,8 +1,40 @@
|
|||||||
# Host directory containing CCR files to mount into the server container.
|
# Data source directories on host.
|
||||||
RPKI_RTR_CCR_HOST_DIR=../../data
|
RPKI_RTR_CCR_HOST_DIR=../../data
|
||||||
|
RPKI_RTR_SLURM_HOST_DIR=../../data
|
||||||
|
|
||||||
# In-container directory used by rpki_rtr as CCR input directory.
|
# In-container data source directories.
|
||||||
RPKI_RTR_CCR_DIR=/app/data
|
RPKI_RTR_CCR_DIR=/app/data
|
||||||
|
RPKI_RTR_SLURM_DIR=/app/slurm
|
||||||
|
|
||||||
# Max retained delta count in RTR cache.
|
# Persistent directories on host.
|
||||||
|
RPKI_RTR_DB_HOST_DIR=../../rtr-db
|
||||||
|
RPKI_RTR_LOG_HOST_DIR=../../logs/server
|
||||||
|
|
||||||
|
# In-container runtime paths.
|
||||||
|
RPKI_RTR_DB_PATH=/app/rtr-db
|
||||||
|
|
||||||
|
# Core runtime knobs.
|
||||||
|
RPKI_RTR_STRICT_CCR_VALIDATION=false
|
||||||
|
RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS=300
|
||||||
RPKI_RTR_MAX_DELTA=10
|
RPKI_RTR_MAX_DELTA=10
|
||||||
|
RPKI_RTR_MAX_CONNECTIONS=100000
|
||||||
|
RPKI_RTR_MAX_CONCURRENT_HANDSHAKES=128
|
||||||
|
RUST_LOG=info
|
||||||
|
|
||||||
|
# TLS mode knobs.
|
||||||
|
RPKI_RTR_ENFORCE_TLS_CLIENT_SAN_IP_MATCH=false
|
||||||
|
RPKI_RTR_TLS_CERT_PATH=/app/certs/server-dns.crt
|
||||||
|
RPKI_RTR_TLS_KEY_PATH=/app/certs/server-dns.key
|
||||||
|
RPKI_RTR_TLS_CLIENT_CA_PATH=/app/certs/client-ca.crt
|
||||||
|
RPKI_RTR_TLS_CERTS_HOST_DIR=../../tests/fixtures/tls
|
||||||
|
|
||||||
|
# SSH mode knobs.
|
||||||
|
RPKI_RTR_SSH_HOST_PORT=2222
|
||||||
|
RPKI_RTR_SSH_CONTAINER_PORT=22
|
||||||
|
RPKI_RTR_SSH_AUTH_MODE=key
|
||||||
|
RPKI_RTR_SSH_USERNAME=rpki-rtr
|
||||||
|
RPKI_RTR_SSH_SUBSYSTEM_NAME=rpki-rtr
|
||||||
|
RPKI_RTR_SSH_HOST_KEY_PATH=/host-ssh/ssh_host_ed25519_key
|
||||||
|
RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH=/app/certs/rtr-authorized_keys
|
||||||
|
RPKI_RTR_SSH_KEYS_VOLUME=/etc/ssh:/host-ssh:ro
|
||||||
|
RPKI_RTR_SSH_CERTS_HOST_DIR=../../certs
|
||||||
|
|||||||
@ -20,6 +20,23 @@ The container runs `rpki` directly as PID 1.
|
|||||||
- SLURM directory: `/app/slurm`
|
- SLURM directory: `/app/slurm`
|
||||||
- TLS cert directory (optional): `/app/certs`
|
- TLS cert directory (optional): `/app/certs`
|
||||||
|
|
||||||
|
## Path Configuration via `.env`
|
||||||
|
|
||||||
|
- `RPKI_RTR_CCR_HOST_DIR`: host CCR directory mounted into container
|
||||||
|
- `RPKI_RTR_SLURM_HOST_DIR`: host SLURM directory mounted into container
|
||||||
|
- `RPKI_RTR_CCR_DIR`: in-container CCR directory path
|
||||||
|
- `RPKI_RTR_SLURM_DIR`: in-container SLURM directory path
|
||||||
|
- `RPKI_RTR_DB_HOST_DIR`: host RocksDB directory
|
||||||
|
- `RPKI_RTR_LOG_HOST_DIR`: host log directory
|
||||||
|
- `RPKI_RTR_DB_PATH`: in-container RocksDB directory
|
||||||
|
|
||||||
|
## Runtime Configuration via `.env`
|
||||||
|
|
||||||
|
- Core: `RPKI_RTR_STRICT_CCR_VALIDATION`, `RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS`, `RPKI_RTR_MAX_DELTA`, `RPKI_RTR_MAX_CONCURRENT_HANDSHAKES`, `RUST_LOG`
|
||||||
|
- TCP mode: `RPKI_RTR_MAX_CONNECTIONS`
|
||||||
|
- TLS mode: `RPKI_RTR_ENFORCE_TLS_CLIENT_SAN_IP_MATCH`, `RPKI_RTR_TLS_CERT_PATH`, `RPKI_RTR_TLS_KEY_PATH`, `RPKI_RTR_TLS_CLIENT_CA_PATH`, `RPKI_RTR_TLS_CERTS_HOST_DIR`
|
||||||
|
- SSH mode: `RPKI_RTR_SSH_HOST_PORT`, `RPKI_RTR_SSH_CONTAINER_PORT`, `RPKI_RTR_SSH_AUTH_MODE`, `RPKI_RTR_SSH_USERNAME`, `RPKI_RTR_SSH_SUBSYSTEM_NAME`, `RPKI_RTR_SSH_HOST_KEY_PATH`, `RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH`, `RPKI_RTR_SSH_KEYS_VOLUME`, `RPKI_RTR_SSH_CERTS_HOST_DIR`
|
||||||
|
|
||||||
## Start
|
## Start
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|||||||
@ -24,21 +24,21 @@ services:
|
|||||||
RPKI_RTR_SSH_AUTH_MODE: "${RPKI_RTR_SSH_AUTH_MODE:-key}"
|
RPKI_RTR_SSH_AUTH_MODE: "${RPKI_RTR_SSH_AUTH_MODE:-key}"
|
||||||
# Optional: enable password authentication in addition to publickey
|
# Optional: enable password authentication in addition to publickey
|
||||||
# RPKI_RTR_SSH_PASSWORD: "test-password"
|
# RPKI_RTR_SSH_PASSWORD: "test-password"
|
||||||
RPKI_RTR_DB_PATH: "/app/rtr-db"
|
RPKI_RTR_DB_PATH: "${RPKI_RTR_DB_PATH:-/app/rtr-db}"
|
||||||
RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
|
RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
|
||||||
RPKI_RTR_SLURM_DIR: "/app/slurm"
|
RPKI_RTR_SLURM_DIR: "${RPKI_RTR_SLURM_DIR:-/app/slurm}"
|
||||||
RPKI_RTR_STRICT_CCR_VALIDATION: "false"
|
RPKI_RTR_STRICT_CCR_VALIDATION: "${RPKI_RTR_STRICT_CCR_VALIDATION:-false}"
|
||||||
RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300"
|
RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "${RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS:-300}"
|
||||||
RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
|
RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
|
||||||
RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "128"
|
RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "${RPKI_RTR_MAX_CONCURRENT_HANDSHAKES:-128}"
|
||||||
RUST_LOG: "info"
|
RUST_LOG: "${RUST_LOG:-info}"
|
||||||
volumes:
|
volumes:
|
||||||
- ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
|
- ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
|
||||||
- ../../rtr-db:/app/rtr-db
|
- ${RPKI_RTR_DB_HOST_DIR:-../../rtr-db}:${RPKI_RTR_DB_PATH:-/app/rtr-db}
|
||||||
- ../../data:/app/slurm:ro
|
- ${RPKI_RTR_SLURM_HOST_DIR:-../../data}:${RPKI_RTR_SLURM_DIR:-/app/slurm}:ro
|
||||||
- ${RPKI_RTR_SSH_KEYS_VOLUME:-/etc/ssh:/host-ssh:ro}
|
- ${RPKI_RTR_SSH_KEYS_VOLUME:-/etc/ssh:/host-ssh:ro}
|
||||||
- ../../certs:/app/certs:ro
|
- ${RPKI_RTR_SSH_CERTS_HOST_DIR:-../../certs}:/app/certs:ro
|
||||||
- ../../logs/server:/app/logs
|
- ${RPKI_RTR_LOG_HOST_DIR:-../../logs/server}:/app/logs
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
|
|
||||||
|
|||||||
@ -14,20 +14,20 @@ services:
|
|||||||
RPKI_RTR_ENABLE_TLS: "false"
|
RPKI_RTR_ENABLE_TLS: "false"
|
||||||
RPKI_RTR_ENABLE_SSH: "false"
|
RPKI_RTR_ENABLE_SSH: "false"
|
||||||
RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
|
RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
|
||||||
RPKI_RTR_DB_PATH: "/app/rtr-db"
|
RPKI_RTR_DB_PATH: "${RPKI_RTR_DB_PATH:-/app/rtr-db}"
|
||||||
RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
|
RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
|
||||||
RPKI_RTR_SLURM_DIR: "/app/slurm"
|
RPKI_RTR_SLURM_DIR: "${RPKI_RTR_SLURM_DIR:-/app/slurm}"
|
||||||
RPKI_RTR_STRICT_CCR_VALIDATION: "false"
|
RPKI_RTR_STRICT_CCR_VALIDATION: "${RPKI_RTR_STRICT_CCR_VALIDATION:-false}"
|
||||||
RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "60"
|
RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "${RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS:-60}"
|
||||||
RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
|
RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
|
||||||
RPKI_RTR_MAX_CONNECTIONS: "100000"
|
RPKI_RTR_MAX_CONNECTIONS: "${RPKI_RTR_MAX_CONNECTIONS:-100000}"
|
||||||
RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "128"
|
RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "${RPKI_RTR_MAX_CONCURRENT_HANDSHAKES:-128}"
|
||||||
RUST_LOG: "info"
|
RUST_LOG: "${RUST_LOG:-info}"
|
||||||
volumes:
|
volumes:
|
||||||
- ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
|
- ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
|
||||||
- ../../rtr-db:/app/rtr-db
|
- ${RPKI_RTR_DB_HOST_DIR:-../../rtr-db}:${RPKI_RTR_DB_PATH:-/app/rtr-db}
|
||||||
- ../../data:/app/slurm:ro
|
- ${RPKI_RTR_SLURM_HOST_DIR:-../../data}:${RPKI_RTR_SLURM_DIR:-/app/slurm}:ro
|
||||||
- ../../logs/server:/app/logs
|
- ${RPKI_RTR_LOG_HOST_DIR:-../../logs/server}:/app/logs
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
|
|
||||||
|
|||||||
@ -16,24 +16,24 @@ services:
|
|||||||
RPKI_RTR_ENABLE_SSH: "false"
|
RPKI_RTR_ENABLE_SSH: "false"
|
||||||
RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
|
RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
|
||||||
RPKI_RTR_TLS_ADDR: "0.0.0.0:324"
|
RPKI_RTR_TLS_ADDR: "0.0.0.0:324"
|
||||||
RPKI_RTR_TLS_CERT_PATH: "/app/certs/server-dns.crt"
|
RPKI_RTR_TLS_CERT_PATH: "${RPKI_RTR_TLS_CERT_PATH:-/app/certs/server-dns.crt}"
|
||||||
RPKI_RTR_TLS_KEY_PATH: "/app/certs/server-dns.key"
|
RPKI_RTR_TLS_KEY_PATH: "${RPKI_RTR_TLS_KEY_PATH:-/app/certs/server-dns.key}"
|
||||||
RPKI_RTR_TLS_CLIENT_CA_PATH: "/app/certs/client-ca.crt"
|
RPKI_RTR_TLS_CLIENT_CA_PATH: "${RPKI_RTR_TLS_CLIENT_CA_PATH:-/app/certs/client-ca.crt}"
|
||||||
RPKI_RTR_ENFORCE_TLS_CLIENT_SAN_IP_MATCH: "false"
|
RPKI_RTR_ENFORCE_TLS_CLIENT_SAN_IP_MATCH: "${RPKI_RTR_ENFORCE_TLS_CLIENT_SAN_IP_MATCH:-false}"
|
||||||
RPKI_RTR_DB_PATH: "/app/rtr-db"
|
RPKI_RTR_DB_PATH: "${RPKI_RTR_DB_PATH:-/app/rtr-db}"
|
||||||
RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
|
RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
|
||||||
RPKI_RTR_SLURM_DIR: "/app/slurm"
|
RPKI_RTR_SLURM_DIR: "${RPKI_RTR_SLURM_DIR:-/app/slurm}"
|
||||||
RPKI_RTR_STRICT_CCR_VALIDATION: "false"
|
RPKI_RTR_STRICT_CCR_VALIDATION: "${RPKI_RTR_STRICT_CCR_VALIDATION:-false}"
|
||||||
RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300"
|
RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "${RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS:-300}"
|
||||||
RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
|
RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
|
||||||
RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "128"
|
RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "${RPKI_RTR_MAX_CONCURRENT_HANDSHAKES:-128}"
|
||||||
RUST_LOG: "info"
|
RUST_LOG: "${RUST_LOG:-info}"
|
||||||
volumes:
|
volumes:
|
||||||
- ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
|
- ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
|
||||||
- ../../rtr-db:/app/rtr-db
|
- ${RPKI_RTR_DB_HOST_DIR:-../../rtr-db}:${RPKI_RTR_DB_PATH:-/app/rtr-db}
|
||||||
- ../../data:/app/slurm:ro
|
- ${RPKI_RTR_SLURM_HOST_DIR:-../../data}:${RPKI_RTR_SLURM_DIR:-/app/slurm}:ro
|
||||||
- ../../tests/fixtures/tls:/app/certs:ro
|
- ${RPKI_RTR_TLS_CERTS_HOST_DIR:-../../tests/fixtures/tls}:/app/certs:ro
|
||||||
- ../../logs/server:/app/logs
|
- ${RPKI_RTR_LOG_HOST_DIR:-../../logs/server}:/app/logs
|
||||||
networks:
|
networks:
|
||||||
- rpki_net
|
- rpki_net
|
||||||
|
|
||||||
|
|||||||
@ -17,14 +17,14 @@ services:
|
|||||||
RPKI_RTR_ENABLE_TLS: "false"
|
RPKI_RTR_ENABLE_TLS: "false"
|
||||||
RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
|
RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
|
||||||
RPKI_RTR_TLS_ADDR: "0.0.0.0:324"
|
RPKI_RTR_TLS_ADDR: "0.0.0.0:324"
|
||||||
RPKI_RTR_DB_PATH: "/app/rtr-db"
|
RPKI_RTR_DB_PATH: "${RPKI_RTR_DB_PATH:-/app/rtr-db}"
|
||||||
RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
|
RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
|
||||||
RPKI_RTR_SLURM_DIR: "/app/slurm"
|
RPKI_RTR_SLURM_DIR: "${RPKI_RTR_SLURM_DIR:-/app/slurm}"
|
||||||
RPKI_RTR_STRICT_CCR_VALIDATION: "false"
|
RPKI_RTR_STRICT_CCR_VALIDATION: "${RPKI_RTR_STRICT_CCR_VALIDATION:-false}"
|
||||||
RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300"
|
RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "${RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS:-300}"
|
||||||
RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
|
RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
|
||||||
RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "128"
|
RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "${RPKI_RTR_MAX_CONCURRENT_HANDSHAKES:-128}"
|
||||||
RUST_LOG: "info"
|
RUST_LOG: "${RUST_LOG:-info}"
|
||||||
# SSH mode example:
|
# SSH mode example:
|
||||||
# RPKI_RTR_ENABLE_SSH: "true"
|
# RPKI_RTR_ENABLE_SSH: "true"
|
||||||
# RPKI_RTR_SSH_ADDR: "0.0.0.0:22"
|
# RPKI_RTR_SSH_ADDR: "0.0.0.0:22"
|
||||||
@ -37,9 +37,9 @@ services:
|
|||||||
# RPKI_RTR_SSH_PASSWORD: "test-password"
|
# RPKI_RTR_SSH_PASSWORD: "test-password"
|
||||||
volumes:
|
volumes:
|
||||||
- ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
|
- ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
|
||||||
- ../../rtr-db:/app/rtr-db
|
- ${RPKI_RTR_DB_HOST_DIR:-../../rtr-db}:${RPKI_RTR_DB_PATH:-/app/rtr-db}
|
||||||
- ../../data:/app/slurm:ro
|
- ${RPKI_RTR_SLURM_HOST_DIR:-../../data}:${RPKI_RTR_SLURM_DIR:-/app/slurm}:ro
|
||||||
- ../../logs/server:/app/logs
|
- ${RPKI_RTR_LOG_HOST_DIR:-../../logs/server}:/app/logs
|
||||||
# TLS mode example:
|
# TLS mode example:
|
||||||
# - ../../certs:/app/certs:ro
|
# - ../../certs:/app/certs:ro
|
||||||
networks:
|
networks:
|
||||||
|
|||||||
@ -49,7 +49,7 @@ pub fn load_ccr_payloads_from_file_with_options(
|
|||||||
|
|
||||||
pub fn find_latest_ccr_file(dir: impl AsRef<Path>) -> Result<PathBuf> {
|
pub fn find_latest_ccr_file(dir: impl AsRef<Path>) -> Result<PathBuf> {
|
||||||
let dir = dir.as_ref();
|
let dir = dir.as_ref();
|
||||||
let latest_date_dir = find_latest_subdir_by_name(dir)?;
|
let latest_date_dir = find_latest_subdir_with_ccr_by_name(dir)?;
|
||||||
let scan_dir = latest_date_dir.as_deref().unwrap_or(dir);
|
let scan_dir = latest_date_dir.as_deref().unwrap_or(dir);
|
||||||
let mut latest: Option<PathBuf> = None;
|
let mut latest: Option<PathBuf> = None;
|
||||||
|
|
||||||
@ -356,7 +356,7 @@ fn file_name_key(path: &Path) -> String {
|
|||||||
.unwrap_or_default()
|
.unwrap_or_default()
|
||||||
}
|
}
|
||||||
|
|
||||||
fn find_latest_subdir_by_name(dir: &Path) -> Result<Option<PathBuf>> {
|
fn find_latest_subdir_with_ccr_by_name(dir: &Path) -> Result<Option<PathBuf>> {
|
||||||
let mut latest: Option<PathBuf> = None;
|
let mut latest: Option<PathBuf> = None;
|
||||||
|
|
||||||
for entry in
|
for entry in
|
||||||
@ -368,6 +368,9 @@ fn find_latest_subdir_by_name(dir: &Path) -> Result<Option<PathBuf>> {
|
|||||||
if !path.is_dir() {
|
if !path.is_dir() {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
if !contains_ccr_file(&path)? {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
if latest
|
if latest
|
||||||
.as_ref()
|
.as_ref()
|
||||||
@ -379,3 +382,18 @@ fn find_latest_subdir_by_name(dir: &Path) -> Result<Option<PathBuf>> {
|
|||||||
|
|
||||||
Ok(latest)
|
Ok(latest)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn contains_ccr_file(dir: &Path) -> Result<bool> {
|
||||||
|
for entry in
|
||||||
|
fs::read_dir(dir).with_context(|| format!("failed to read CCR directory: {}", dir.display()))?
|
||||||
|
{
|
||||||
|
let entry =
|
||||||
|
entry.with_context(|| format!("failed to iterate CCR directory: {}", dir.display()))?;
|
||||||
|
let path = entry.path();
|
||||||
|
if path.is_file() && path.extension().and_then(|ext| ext.to_str()) == Some("ccr") {
|
||||||
|
return Ok(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(false)
|
||||||
|
}
|
||||||
|
|||||||
@ -62,6 +62,21 @@ fn find_latest_ccr_file_picks_latest_date_dir_first() {
|
|||||||
assert_eq!(latest, newer);
|
assert_eq!(latest, newer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn find_latest_ccr_file_skips_latest_empty_dir() {
|
||||||
|
let root = tempdir().expect("create temp root dir");
|
||||||
|
let older_dir = root.path().join("run_0011");
|
||||||
|
let newer_empty_dir = root.path().join("run_0012");
|
||||||
|
fs::create_dir_all(&older_dir).expect("create older dir");
|
||||||
|
fs::create_dir_all(&newer_empty_dir).expect("create newer empty dir");
|
||||||
|
|
||||||
|
let expected = older_dir.join("20260401T000001Z-a.ccr");
|
||||||
|
fs::write(&expected, b"older").expect("write older ccr");
|
||||||
|
|
||||||
|
let latest = find_latest_ccr_file(root.path()).expect("find latest ccr");
|
||||||
|
assert_eq!(latest, expected);
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn snapshot_to_payloads_with_options_skips_invalid_aspa_when_not_strict() {
|
fn snapshot_to_payloads_with_options_skips_invalid_aspa_when_not_strict() {
|
||||||
let snapshot = ParsedCcrSnapshot {
|
let snapshot = ParsedCcrSnapshot {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user