NASP/rpki
64
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rpki/deploy/server/DEPLOYMENT.md
xiuting.xu b70bad4721 增加必要的数据记录
2026-06-16 14:05:26 +08:00

2.8 KiB
Raw Blame History

Deployment (Docker Compose)

This project runs src/main.rs as a long-running server that:

  1. loads latest .ccr from a configured directory,
  2. applies optional SLURM filtering,
  3. starts RTR server.

The container runs rpki directly as PID 1.

Files

  • deploy/server/Dockerfile
  • deploy/server/docker-compose.yml

Runtime Paths in Container

  • CCR directory: /app/data
  • RocksDB directory: /app/rtr-db
  • SLURM directory: /app/slurm
  • Report directory: /app/report
  • TLS cert directory (optional): /app/certs

Path Configuration via .env

  • RPKI_RTR_CCR_HOST_DIR: host CCR directory mounted into container
  • RPKI_RTR_SLURM_HOST_DIR: host SLURM directory mounted into container
  • RPKI_RTR_CCR_DIR: in-container CCR directory path
  • RPKI_RTR_SLURM_DIR: in-container SLURM directory path
  • RPKI_RTR_DB_HOST_DIR: host RocksDB directory
  • RPKI_RTR_LOG_HOST_DIR: host log directory
  • RPKI_RTR_REPORT_HOST_DIR: host directory receiving rtr-server.json
  • RPKI_RTR_DB_PATH: in-container RocksDB directory
  • RPKI_RTR_REPORT_DIR: in-container report directory

Runtime Configuration via .env

  • Core: RPKI_RTR_STRICT_CCR_VALIDATION, RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS, RPKI_RTR_MAX_DELTA, RPKI_RTR_MAX_CONCURRENT_HANDSHAKES, RPKI_RTR_REPORT_INTERVAL_SECS, RPKI_RTR_TIMEZONE, RUST_LOG
  • TCP mode: RPKI_RTR_MAX_CONNECTIONS
  • TLS mode: RPKI_RTR_ENFORCE_TLS_CLIENT_SAN_IP_MATCH, RPKI_RTR_TLS_CERT_PATH, RPKI_RTR_TLS_KEY_PATH, RPKI_RTR_TLS_CLIENT_CA_PATH, RPKI_RTR_TLS_CERTS_HOST_DIR
  • SSH mode: RPKI_RTR_SSH_HOST_PORT, RPKI_RTR_SSH_CONTAINER_PORT, RPKI_RTR_SSH_AUTH_MODE, RPKI_RTR_SSH_USERNAME, RPKI_RTR_SSH_SUBSYSTEM_NAME, RPKI_RTR_SSH_HOST_KEY_PATH, RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH, RPKI_RTR_SSH_KEYS_VOLUME, RPKI_RTR_SSH_CERTS_HOST_DIR

Start

docker compose -f deploy/server/docker-compose.yml up -d --build

Stop

docker compose -f deploy/server/docker-compose.yml down

Logs

docker compose -f deploy/server/docker-compose.yml logs -f rpki-rtr

Runtime Report

The server creates report/rtr-server.json on startup and replaces it after cache refreshes and at the configured interval. The default interval is 60 seconds. The file contains service connection counts, process RSS, cache timestamps, and per-protocol-version snapshot and delta counts. Schema version 2 also includes:

  • CCR and SLURM source file metadata
  • latest refresh status, duration, failure count, and error
  • CCR validation and SLURM before/after payload counts
  • service start time and uptime
  • non-sensitive runtime configuration

Timestamps in logs and rtr-server.json use RPKI_RTR_TIMEZONE, which defaults to Asia/Shanghai. Use IANA timezone names such as Asia/Shanghai, Europe/London, America/New_York, or UTC; Shanghai is accepted as a convenience alias for Asia/Shanghai.