Automatic pull of documentation from Wiki.

svn path=/trunk/; revision=4447

3 files changed, 62 insertions, 4 deletions

diff --git a/doc/doc.RPKI.CA.Configuration b/doc/doc.RPKI.CA.Configuration
index 24c6d17b..01dba4f0 100644
--- a/doc/doc.RPKI.CA.Configuration
+++ b/doc/doc.RPKI.CA.Configuration
@@ -42,8 +42,7 @@ Someday Real Soon Now.
   [myrpki]
 
 The [myrpki] section of rpki.conf contains all the parameters that you really
-need to configure. The name myrpki] is historical and really should become
-[rpkic] or something like that.
+need to configure. The name myrpki] is historical and may change in the future.
 
   # Handle naming hosted resource-holding entity (<self/>) represented
   # by this myrpki instance.  Syntax is an identifier (ASCII letters,
@@ -75,6 +74,13 @@ You shouldn't need to change this unless you used the --datarootdir option to
 tell ./configure; if you did, you'll need to adjust the setting of
 bpki_servers_directory to match whatever you told ./configure.
 
+  # Whether you want to run your own copy of rpkid (and irdbd).  You
+  # want this on unless somebody else is hosting rpkid service for you.
+
+  run_rpkid                      = true
+
+You probably don't need to change this.
+
   # DNS hostname and server port numbers for rpkid and irdbd.  rpkid's
   # server host has to be a publicly reachable name to be useful;
   # irdbd's server host should always be localhost unless you really
@@ -176,6 +182,31 @@ the directory in which the programs in question were started. It's probably
 better to use an absolute pathname, since this pathname must also appear in
 rsyncd.conf.
 
+  # Startup control.  These all default to the values of the
+  # corresponding run_* options, to keep things simple.  The only case
+  # where you would want to change these is when you are running the
+  # back-end code on a different machine from one or more of the
+  # daemons, in which case you need finer control over which daemons to
+  # start on which machines.  In such cases, "run_*" controls whether
+  # the back-end code is doing things to manage the daemon in question,
+  # while "start_*" controls whether rpki-start-servers attempts to
+  # start the daemon in question.
+
+  start_rpkid                     = ${myrpki::run_rpkid}
+  start_irdbd                     = ${myrpki::run_rpkid}
+  start_pubd                      = ${myrpki::run_pubd}
+  start_rootd                     = ${myrpki::run_rootd}
+
+You don't need to change these unless for some reason you need to run rpkid,
+pubd, or both on different machines from your back end code. In such cases, you
+can use these options to control which daemons start on which hosts, and to
+tell the back end code (rpkic and the GUI) that they're responsible for talking
+to rpkid and pubd even though those daemons are running on other hosts.
+
+The main reason why you might want to do this would be cases where you might
+want to run rpkid and pubd in a DMZ while keeping all of the back end code
+behind a firewall.
+
   # SQL configuration.  You can ignore this if you're not running any of
   # the daemons yourself.
 
@@ -217,8 +248,24 @@ If you're running pubd, you'll also need to run rsyncd. Your rsyncd
 configuration will need to match your pubd configuration in order for relying
 parties to find the RPKI objects managed by pubd.
 
-There's a sample rsync configuration file in rpkid/examples/rsyncd.conf, but
-you may need to do something more complicated if you are already running rsyncd
+Here's a sample rsyncd.conf file:
+
+  pid file        = /var/run/rsyncd.pid
+  uid             = nobody
+  gid             = nobody
+
+  [rpki]
+      use chroot          = no
+      read only           = yes
+      transfer logging    = yes
+      path                = /some/where/publication
+      comment             = RPKI publication
+
+You may need to adapt this to your system. In particular, you will need to set
+the path option to match the directory you named as publication_base_directory
+in rpki.conf.
+
+You may need to do something more complicated if you are already running rsyncd
 for other purposes. See the rsync(1) and rsyncd.conf(5) manual pages for more
 details.
 
diff --git a/doc/doc.RPKI.CA.UI.rpkic b/doc/doc.RPKI.CA.UI.rpkic
index 62ba98f5..22f322c5 100644
--- a/doc/doc.RPKI.CA.UI.rpkic
+++ b/doc/doc.RPKI.CA.UI.rpkic
@@ -83,3 +83,14 @@ validation failures.
 
 rpkic's "update_bpki" command takes care of this. Usually one will want to run
 this periodically (perhaps once per month), under cron.
+
+***** Forcing synchronization *****
+
+Most rpkic commands synchronize the back end database with the daemons
+automatically, so in general it should not be necessary to synchronize
+manually. However, since these are separate databases, it is theoretically
+possible for them to get out of synch, perhaps because something crashed at
+exactly the wrong time.
+
+rpkic's "synchronize" command runs a synchronization cycle with rpkid (if
+run_rpkic is set) and pubd (if run_pubd is set).
diff --git a/doc/manual.pdf b/doc/manual.pdf
index 324c4306..a4b46c59 100644
--- a/doc/manual.pdf
+++ b/doc/manual.pdf