79 lines
2.8 KiB
Markdown
79 lines
2.8 KiB
Markdown
# Deployment (Docker Compose)
|
|
|
|
This project runs `src/main.rs` as a long-running server that:
|
|
|
|
1. loads latest `.ccr` from a configured directory,
|
|
2. applies optional SLURM filtering,
|
|
3. starts RTR server.
|
|
|
|
The container runs `rpki` directly as PID 1.
|
|
|
|
## Files
|
|
|
|
- `deploy/server/Dockerfile`
|
|
- `deploy/server/docker-compose.yml`
|
|
|
|
## Runtime Paths in Container
|
|
|
|
- CCR directory: `/app/data`
|
|
- RocksDB directory: `/app/rtr-db`
|
|
- SLURM directory: `/app/slurm`
|
|
- Report directory: `/app/report`
|
|
- TLS cert directory (optional): `/app/certs`
|
|
|
|
## Path Configuration via `.env`
|
|
|
|
- `RPKI_RTR_CCR_HOST_DIR`: host CCR directory mounted into container
|
|
- `RPKI_RTR_SLURM_HOST_DIR`: host SLURM directory mounted into container
|
|
- `RPKI_RTR_CCR_DIR`: in-container CCR directory path
|
|
- `RPKI_RTR_SLURM_DIR`: in-container SLURM directory path
|
|
- `RPKI_RTR_DB_HOST_DIR`: host RocksDB directory
|
|
- `RPKI_RTR_LOG_HOST_DIR`: host log directory
|
|
- `RPKI_RTR_REPORT_HOST_DIR`: host directory receiving `rtr-server.json`
|
|
- `RPKI_RTR_DB_PATH`: in-container RocksDB directory
|
|
- `RPKI_RTR_REPORT_DIR`: in-container report directory
|
|
|
|
## Runtime Configuration via `.env`
|
|
|
|
- Core: `RPKI_RTR_STRICT_CCR_VALIDATION`, `RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS`, `RPKI_RTR_MAX_DELTA`, `RPKI_RTR_MAX_CONCURRENT_HANDSHAKES`, `RPKI_RTR_REPORT_INTERVAL_SECS`, `RPKI_RTR_TIMEZONE`, `RUST_LOG`
|
|
- TCP mode: `RPKI_RTR_MAX_CONNECTIONS`
|
|
- TLS mode: `RPKI_RTR_ENFORCE_TLS_CLIENT_SAN_IP_MATCH`, `RPKI_RTR_TLS_CERT_PATH`, `RPKI_RTR_TLS_KEY_PATH`, `RPKI_RTR_TLS_CLIENT_CA_PATH`, `RPKI_RTR_TLS_CERTS_HOST_DIR`
|
|
- SSH mode: `RPKI_RTR_SSH_HOST_PORT`, `RPKI_RTR_SSH_CONTAINER_PORT`, `RPKI_RTR_SSH_AUTH_MODE`, `RPKI_RTR_SSH_USERNAME`, `RPKI_RTR_SSH_SUBSYSTEM_NAME`, `RPKI_RTR_SSH_HOST_KEY_PATH`, `RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH`, `RPKI_RTR_SSH_KEYS_VOLUME`, `RPKI_RTR_SSH_CERTS_HOST_DIR`
|
|
|
|
## Start
|
|
|
|
```bash
|
|
docker compose -f deploy/server/docker-compose.yml up -d --build
|
|
```
|
|
|
|
## Stop
|
|
|
|
```bash
|
|
docker compose -f deploy/server/docker-compose.yml down
|
|
```
|
|
|
|
## Logs
|
|
|
|
```bash
|
|
docker compose -f deploy/server/docker-compose.yml logs -f rpki-rtr
|
|
```
|
|
|
|
## Runtime Report
|
|
|
|
The server creates `report/rtr-server.json` on startup and replaces it after
|
|
cache refreshes and at the configured interval. The default interval is 60
|
|
seconds. The file contains service connection counts, process RSS, cache
|
|
timestamps, and per-protocol-version snapshot and delta counts. Schema version
|
|
2 also includes:
|
|
|
|
- CCR and SLURM source file metadata
|
|
- latest refresh status, duration, failure count, and error
|
|
- CCR validation and SLURM before/after payload counts
|
|
- service start time and uptime
|
|
- non-sensitive runtime configuration
|
|
|
|
Timestamps in logs and `rtr-server.json` use `RPKI_RTR_TIMEZONE`, which
|
|
defaults to `Asia/Shanghai`. Use IANA timezone names such as `Asia/Shanghai`,
|
|
`Europe/London`, `America/New_York`, or `UTC`; `Shanghai` is accepted as a
|
|
convenience alias for `Asia/Shanghai`.
|