diff options
| author | Rob Austein <sra@hactrn.net> | 2008-06-10 04:19:08 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-06-10 04:19:08 +0000 |
| commit | 30f9b0e54b02ea5f14edcbe8a000c68caa9c468b (patch) | |
| tree | 625768186933e52cc5b9b2affdb3b2879f6edb66 | |
| parent | 69ed9a4579f1256abd14ac1f11e58302ca93f29f (diff) | |
regen
svn path=/rpkid/INSTALLATION; revision=1858
| -rw-r--r-- | rpkid/INSTALLATION | 2 | ||||
| -rw-r--r-- | rpkid/OPERATION | 230 |
2 files changed, 116 insertions, 116 deletions
diff --git a/rpkid/INSTALLATION b/rpkid/INSTALLATION index 5659f10f..f2dfb082 100644 --- a/rpkid/INSTALLATION +++ b/rpkid/INSTALLATION @@ -70,5 +70,5 @@ Installation __________________________________________________________________ - Generated on Tue Apr 29 23:31:33 2008 for Resource PKI Engine by + Generated on Tue Jun 10 04:18:59 2008 for Resource PKI Engine by doxygen 1.5.5 diff --git a/rpkid/OPERATION b/rpkid/OPERATION index 8b859021..c3c9f953 100644 --- a/rpkid/OPERATION +++ b/rpkid/OPERATION @@ -19,31 +19,31 @@ Operation In addition to the library routines in the rpkid/rpki/ directory, the package includes the following programs: - * rpkid.py The main RPKI engine daemon + * rpkid.py: The main RPKI engine daemon - * rootd.py A separate daemon for handling the root of an RPKI + * rootd.py: A separate daemon for handling the root of an RPKI certificate tree. This is essentially a stripped down version of rpkid with no SQL database, no left-right protocol implementation, and only the parent side of the up-down protocol. It's separate because the root is a special case in several ways and it was simpler to keep the special cases out of the main daemon. - * irdbd.py A sample implementation of an IR database daemon. rpkid + * irdbd.py: A sample implementation of an IR database daemon. rpkid calls into this to perform lookups via the left-right protocol. - * irbe-cli.py A command-line client for the left-right control + * irbe-cli.py: A command-line client for the left-right control protocol. - * irbe-setup.py An example of a script to set up the mappings between - the IRDB and rpkid's own database, using the left-right control - protocol. + * irbe-setup.py: An example of a script to set up the mappings + between the IRDB and rpkid's own database, using the left-right + control protocol. - * cronjob.py A trivial HTTP client used to drive rpkid cron events. + * cronjob.py: A trivial HTTP client used to drive rpkid cron events. - * testbed.py A test tool for running a collection of rpkid and irdb + * testbed.py: A test tool for running a collection of rpkid and irdb instances under common control, driven by a unified test script. - * testpoke.py A simple client for the up-down protocol, mostly + * testpoke.py: A simple client for the up-down protocol, mostly compatable with APNIC's rpki_poke.pl tool. Most of these programs take configuration files in a common format @@ -99,53 +99,53 @@ rpkid.py Config file options: - * startup-message String to log on startup, useful when debugging a + * startup-message: String to log on startup, useful when debugging a collection of rpkid instances at once. - * sql-username Username to hand to MySQL when connecting to rpkid's + * sql-username: Username to hand to MySQL when connecting to rpkid's database. - * sql-database MySQL's database name for rpkid's database. + * sql-database: MySQL's database name for rpkid's database. - * sql-password Password to hand to MySQL when connecting to rpkid's + * sql-password: Password to hand to MySQL when connecting to rpkid's database. - * cms-ta-irdb Name of file containing CMS trust anchor to use when + * cms-ta-irdb: Name of file containing CMS trust anchor to use when authenticating messages from irdbd. - * cms-ta-irbe Name of file containing CMS trust anchor to use when + * cms-ta-irbe: Name of file containing CMS trust anchor to use when authenticating control messages from IRBE. - * cms-key Name of file containing RSA key to use when signing CMS + * cms-key: Name of file containing RSA key to use when signing CMS messages to IRBE or irdbd. - * cms-cert Name(s) of file(s) containing certificate(s) to include in - CMS wrapper when signing messages to IRBE or irdbd. You can specify - more than one certificate using OpenSSL-style subscripts: + * cms-cert: Name(s) of file(s) containing certificate(s) to include + in CMS wrapper when signing messages to IRBE or irdbd. You can + specify more than one certificate using OpenSSL-style subscripts: cms-cert.0, cms-cert.1, etc. - * https-key Name of file containing RSA key to use, both in the HTTPS - server role (for both up-down and left-right protocols) and in the - HTTPS client role (left-right protocol only). + * https-key: Name of file containing RSA key to use, both in the + HTTPS server role (for both up-down and left-right protocols) and + in the HTTPS client role (left-right protocol only). - * https-cert Name(s) of file(s) containing certificate(s) to use in + * https-cert: Name(s) of file(s) containing certificate(s) to use in same contexts where https-key is used. You can specify more than one certificate using OpenSSL-style subscripts: https-cert.0, https-cert.1, etc. - * https-ta Name of file containing trust anchor to use when verifying - irdbd's HTTPS server certificate. + * https-ta: Name of file containing trust anchor to use when + verifying irdbd's HTTPS server certificate. - * irdb-url Service URL for irdbd. Must be a https:// URL. + * irdb-url: Service URL for irdbd. Must be a https:// URL. - * https-server-host Hostname or IP address on which to listen for + * https-server-host: Hostname or IP address on which to listen for HTTPS connections. Current default is INADDR_ANY (IPv4 0.0.0.0); this will need to be hacked to support IPv6 for production. - * https-server-port TCP port on which to listen for HTTPS + * https-server-port: TCP port on which to listen for HTTPS connections. - * publication-kludge-base [TEMPORARY] Local directory under which + * publication-kludge-base: [TEMPORARY] Local directory under which generated certificates etc should be published. This is a temporary expedient until the publication protocol is defined and implemented. Default is "publication/" @@ -166,44 +166,44 @@ rootd.py Config file options: - * cms-ta Name of file containing trust anchor to use when verifying + * cms-ta: Name of file containing trust anchor to use when verifying CMS up-down queries. - * cms-key Name of file containing RSA key to use when signing CMS + * cms-key: Name of file containing RSA key to use when signing CMS up-down replies. - * cms-cert Name(s) of file(s) containing certificate(s) to include in - CMS wrapper when signing up-down replies. You can specify more than - one certificate using OpenSSL-style subscripts: cms-cert.0, + * cms-cert: Name(s) of file(s) containing certificate(s) to include + in CMS wrapper when signing up-down replies. You can specify more + than one certificate using OpenSSL-style subscripts: cms-cert.0, cms-cert.1, etc. - * https-key Name of file containing RSA key to use in the HTTPS + * https-key: Name of file containing RSA key to use in the HTTPS server role for the up-down protocol. - * https-cert Name(s) of file(s) containing certificate(s) to use in + * https-cert: Name(s) of file(s) containing certificate(s) to use in the HTTPS server role for the up-down protocol. You can specify more than one certificate using OpenSSL-style subscripts: https-cert.0, https-cert.1, etc. - * https-server-host Hostname or IP address on which to listen for + * https-server-host: Hostname or IP address on which to listen for HTTPS connections. Default is localhost. - * https-server-port TCP port on which to listen for HTTPS + * https-server-port: TCP port on which to listen for HTTPS connections. - * rpki-key Name of file containing RSA key to use in signing resource - certificates. + * rpki-key: Name of file containing RSA key to use in signing + resource certificates. - * rpki-issuer Name of file containing self-signed root resource + * rpki-issuer: Name of file containing self-signed root resource certificate corresponding to rpki-key. - rpki-subject-filename: Name of file that rootd should use to save the - one and only certificate it issues. + * rpki-subject-filename: Name of file that rootd should use to save + the one and only certificate it issues. - rpki-pkcs10-filename: Name of file that rootd should use when saving a - copy of the received PKCS #10 request for a resource certificate. This - is only used for debugging. Default is not to save the PKCS #10 - request. + * rpki-pkcs10-filename: Name of file that rootd should use when + saving a copy of the received PKCS #10 request for a resource + certificate. This is only used for debugging. Default is not to + save the PKCS #10 request. irdbd.py @@ -228,37 +228,37 @@ irdbd.py Config file options: - * startup-message String to log on startup, useful when debugging a + * startup-message: String to log on startup, useful when debugging a collection of irdbd instances at once. - * sql-username Username to hand to MySQL when connecting to irdbd's + * sql-username: Username to hand to MySQL when connecting to irdbd's database. - * sql-database MySQL's database name for irdbd's database. + * sql-database: MySQL's database name for irdbd's database. - * sql-password Password to hand to MySQL when connecting to irdbd's + * sql-password: Password to hand to MySQL when connecting to irdbd's database. - * cms-ta Name of file containing CMS trust anchor to use when + * cms-ta: Name of file containing CMS trust anchor to use when authenticating messages from rpkid. - * cms-key Name of file containing RSA key to use when signing CMS + * cms-key: Name of file containing RSA key to use when signing CMS messages to rpkid. - * cms-cert Name(s) of file(s) containing certificate(s) to include in - CMS wrapper when signing messages to rpkid. You can specify more + * cms-cert: Name(s) of file(s) containing certificate(s) to include + in CMS wrapper when signing messages to rpkid. You can specify more than one certificate using OpenSSL-style subscripts: cms-cert.0, cms-cert.1, etc. - * https-key Name of file containing RSA key to use in the HTTPS + * https-key: Name of file containing RSA key to use in the HTTPS server role when listening for connections from rpkid. - * https-cert Name(s) of file(s) containing certificate(s) to use in + * https-cert: Name(s) of file(s) containing certificate(s) to use in the HTTPS server role when listening for connections from rpkid. You can specify more than one certificate using OpenSSL-style subscripts: https-cert.0, https-cert.1, etc. - * https-url Service URL for irdbd. Must be a https:// URL. + * https-url: Service URL for irdbd. Must be a https:// URL. irbe-cli.py @@ -281,33 +281,32 @@ irbe-cli.py Usage: irbe-cli.py --config= --help --pem_out= - parent --action= --type= --tag= --self_id= --parent_id= + parent --action= --tag= --self_id= --parent_id= --bsc_id= --repository_id= --peer_contact_uri= --sia_base= --sender_name= --recipient_name= --bpki_cms_cert= --bpki_cms_glue= --bpki_https_cert= --bpki_https_glue= --rekey --reissue --revoke - repository --action= --type= --tag= --self_id= --repository_id= + repository --action= --tag= --self_id= --repository_id= --bsc_id= --peer_contact_uri= --bpki_cms_cert= --bpki_cms_glue= --bpki_https_cert= --bpki_https_glue= - self --action= --type= --tag= --self_id= --crl_interval= + self --action= --tag= --self_id= --crl_interval= --bpki_cert= --bpki_glue= - --extension_preference= --rekey --reissue --revoke + --rekey --reissue --revoke --run_now --publish_world_now - --clear_extension_preferences - child --action= --type= --tag= --self_id= --child_id= + child --action= --tag= --self_id= --child_id= --bsc_id= --bpki_cms_cert= --bpki_cms_glue= --reissue - route_origin --action= --type= --tag= --self_id= --route_origin_id= + route_origin --action= --tag= --self_id= --route_origin_id= --as_number= --ipv4= --ipv6= --suppress_publication - bsc --action= --type= --tag= --self_id= --bsc_id= + bsc --action= --tag= --self_id= --bsc_id= --key_type= --hash_alg= --key_length= --signing_cert= - --generate_keypair --clear_signing_certs + --signing_cert_crl= --generate_keypair Global options (--config, --help, --pem_out) come first, then zero or more commands (parent, repository, self, child, route_origin, bsc), @@ -340,29 +339,29 @@ irbe-cli.py Config file options: - * cms-ta Name of file containing CMS trust anchor to use when + * cms-ta: Name of file containing CMS trust anchor to use when authenticating messages from rpkid. - * cms-key Name of file containing RSA key to use when signing CMS + * cms-key: Name of file containing RSA key to use when signing CMS messages to rpkid. - * cms-cert Name(s) of file(s) containing certificate(s) to include in - CMS wrapper when signing messages to rpkid. You can specify more + * cms-cert: Name(s) of file(s) containing certificate(s) to include + in CMS wrapper when signing messages to rpkid. You can specify more than one certificate using OpenSSL-style subscripts: cms-cert.0, cms-cert.1, etc. - * https-key Name of file containing RSA key to use in the HTTPS + * https-key: Name of file containing RSA key to use in the HTTPS client role when contacting rpkid. - * https-cert Name(s) of file(s) containing certificate(s) to use in + * https-cert: Name(s) of file(s) containing certificate(s) to use in the HTTPS client role when contacting rpkid. You can specify more than one certificate using OpenSSL-style subscripts: https-cert.0, https-cert.1, etc. - * https-ta Name of file containing trust anchor to use when verifying - rpkid's HTTPS server certificate. + * https-ta: Name of file containing trust anchor to use when + verifying rpkid's HTTPS server certificate. - * https-url Service URL for rpkid. Must be a https:// URL. + * https-url: Service URL for rpkid. Must be a https:// URL. irbe-setup.py config file @@ -373,38 +372,38 @@ irbe-setup.py config file Options in the "[irbe-cli]" section: - * cms-ta Name of file containing CMS trust anchor to use when + * cms-ta: Name of file containing CMS trust anchor to use when authenticating messages from rpkid. - * cms-key Name of file containing RSA key to use when signing CMS + * cms-key: Name of file containing RSA key to use when signing CMS messages to rpkid. - * cms-cert Name(s) of file(s) containing certificate(s) to include in - CMS wrapper when signing messages to rpkid. You can specify more + * cms-cert: Name(s) of file(s) containing certificate(s) to include + in CMS wrapper when signing messages to rpkid. You can specify more than one certificate using OpenSSL-style subscripts: cms-cert.0, cms-cert.1, etc. - * https-key Name of file containing RSA key to use in the HTTPS + * https-key: Name of file containing RSA key to use in the HTTPS client role when contacting rpkid. - * https-cert Name(s) of file(s) containing certificate(s) to use in + * https-cert: Name(s) of file(s) containing certificate(s) to use in the HTTPS client role when contacting rpkid. You can specify more than one certificate using OpenSSL-style subscripts: https-cert.0, https-cert.1, etc. - * https-ta Name of file containing trust anchor to use when verifying - rpkid's HTTPS server certificate. + * https-ta: Name of file containing trust anchor to use when + verifying rpkid's HTTPS server certificate. - * https-url Service URL for rpkid. Must be a https:// URL. + * https-url: Service URL for rpkid. Must be a https:// URL. Options in the "[irdbd]" section: - * sql-username Username to hand to MySQL when connecting to irdbd's + * sql-username: Username to hand to MySQL when connecting to irdbd's database. - * sql-database MySQL's database name for irdbd's database. + * sql-database: MySQL's database name for irdbd's database. - * sql-password Password to hand to MySQL when connecting to irdbd's + * sql-password: Password to hand to MySQL when connecting to irdbd's database. cronjob.py @@ -425,18 +424,18 @@ cronjob.py Config file options: - * https-key Name of file containing RSA key to use in the HTTPS + * https-key: Name of file containing RSA key to use in the HTTPS client role when contacting rpkid. - * https-cert Name(s) of file(s) containing certificate(s) to use in + * https-cert: Name(s) of file(s) containing certificate(s) to use in the HTTPS client role when contacting rpkid. You can specify more than one certificate using OpenSSL-style subscripts: https-cert.0, https-cert.1, etc. - * https-ta Name of file containing trust anchor to use when verifying - rpkid's HTTPS server certificate. + * https-ta: Name of file containing trust anchor to use when + verifying rpkid's HTTPS server certificate. - * https-url Service URL for rpkid. Must be a https:// URL. + * https-url: Service URL for rpkid. Must be a https:// URL. testbed.py: @@ -463,21 +462,22 @@ testbed.py: testbed.conf options: - testbed_dir: Working directory into which testbed should write the - (many) files it generates. Default is "testbed.dir". + * testbed_dir: Working directory into which testbed should write the + (many) files it generates. Default is "testbed.dir". - irdb_db_pass: MySQL password for the "irdb" user. Default is "fnord". - You may want to override this. + * irdb_db_pass: MySQL password for the "irdb" user. Default is + "fnord". You may want to override this. - rpki_db_pass: MySQL password for the "rpki" user. Default is "fnord". - You may want to override this. + * rpki_db_pass: MySQL password for the "rpki" user. Default is + "fnord". You may want to override this. - rootd_sia: rsync URI naming a (perhaps fictious) directory to use as - the id-ad-caRepository SIA value in the generated root resource - certificate. Default is "rsync://wombat.invalid/". You may want to - override this if you intend to run an rsync server and test against the - generated results using rcynic. This default will likely change if and - when testbed learns how to run rcynic itself as part of the test suite. + * rootd_sia: rsync URI naming a (perhaps fictious) directory to use + as the id-ad-caRepository SIA value in the generated root resource + certificate. Default is "rsync://wombat.invalid/". You may want to + override this if you intend to run an rsync server and test against + the generated results using rcynic. This default will likely change + if and when testbed learns how to run rcynic itself as part of the + test suite. The second configuration file is named testbed.yaml by default, run testbed with "-y filename" to change it. The YAML file contains @@ -529,19 +529,19 @@ testbed.py: Operators in subsequent (update) documents: - add_as, add_v4, add_v6: These add ASN, IPv4, or IPv6 resources, - respectively. + * add_as, add_v4, add_v6: These add ASN, IPv4, or IPv6 resources, + respectively. - sub_as, sub_v4, sub_v6: These subtract resources. + * sub_as, sub_v4, sub_v6: These subtract resources. - valid_until: Set an absolute expiration date. + * valid_until: Set an absolute expiration date. - valid_for: Set a relative expiration date. + * valid_for: Set a relative expiration date. - valid_add, valid_sub: Add to or subtract from validity interval. + * valid_add, valid_sub: Add to or subtract from validity interval. - sleep [interval]: Sleep for specified interval, or until testbed - receives a SIGALRM signal. + * sleep [interval]: Sleep for specified interval, or until testbed + receives a SIGALRM signal. Absolute timestamps should be in the form shown (UTC timestamp format as used in XML). @@ -623,5 +623,5 @@ testpoke.py __________________________________________________________________ - Generated on Tue Apr 29 23:31:33 2008 for Resource PKI Engine by + Generated on Tue Jun 10 04:18:59 2008 for Resource PKI Engine by doxygen 1.5.5 |