Checkpoint

svn path=/docs/OPERATION; revision=1464

1 files changed, 72 insertions, 5 deletions

diff --git a/docs/OPERATION b/docs/OPERATION
index 49db075f..272e251c 100644
--- a/docs/OPERATION
+++ b/docs/OPERATION
@@ -279,12 +279,79 @@ https-url:		Service URL for irdbd.  Must be a https:// URL.
 
 ----------------------------------------------------------------
 
-irbe-cli.py config file:
+irbe-cli.py:
 
-The default config file is irbe.conf, start rpkid with "-c filename"
-to choose a different config file.  All options are in the section
-"[irbe-cli]".  Certificates, keys, and trust anchors may be in either
-DER or PEM format.
+irbe-cli is a simple command line client for the control subset of the
+left-right protocol.  In production use this functionality would be
+part of the IRBE stub.
+
+Basic configuration of irbe-cli is handled via a config file.  The
+specific action or actions to be performed are specified on the
+command line, and map closely to the left-right protocol itself.
+
+At present the user is assumed to be able to read the (XML) left-right
+protocol messages, and with one exception, no attempt is made to
+interpret the responses other than to check for errors.  The one
+exception is that, if the --pem_out option is specified on the command
+line, any PKCS #10 requests received from rpkid will be written in PEM
+format to that file; this makes it easier to hand these requests off
+to the business PKI in order to issue signing certs corresponding to
+newly generated business keys.
+
+Usage: irbe-cli.py --config= --help --pem_out=
+
+  parent	--action= --type= --tag= --self_id= --parent_id=
+		--bsc_id= --repository_id= --peer_contact_uri=
+		--sia_base= --sender_name= --recipient_name=
+		--cms_ta= --https_ta= --rekey --reissue --revoke
+
+  repository	--action= --type= --tag= --self_id= --repository_id=
+		--bsc_id= --peer_contact_uri= --cms_ta= --https_ta= 
+
+  self		--action= --type= --tag= --self_id= --crl_interval=
+		--extension_preference= --rekey --reissue --revoke
+		 --run_now --publish_world_now
+		 --clear_extension_preferences
+
+  child		--action= --type= --tag= --self_id= --child_id=
+		--bsc_id= --cms_ta= --reissue
+
+  route_origin	--action= --type= --tag= --self_id= --route_origin_id=
+		 --as_number= --ipv4= --ipv6= --suppress_publication
+
+  bsc		--action= --type= --tag= --self_id= --bsc_id=
+		--key_type= --hash_alg= --key_length= --signing_cert=
+		--generate_keypair --clear_signing_certs
+
+Global options (--config, --help, --pem_out) come first, then zero or
+more commands (parent, repository, self, child, route_origin, bsc),
+each followed by its own set of options.   The commands map to
+elements in the left-right protocol, and the command-specific options
+map to attributes or subelements for those commands.
+
+--action is one of create, set, get, list, or destroy; exactly one of
+these must be specified for each command.
+
+--type is query or reply; since irbe-cli is a client, query is the
+default. 
+
+--tag is an optional arbitrary tag (think IMAP) to simplify matching
+up replies with batched queries.
+
+--*_id options refer to the primary keys of previously created
+objects.
+
+The remaining options are specific to the particular commands, and
+follow directly from the left-right protocol specification.
+
+A trailing "=" in the above option summary indicates that an option
+takes a value, eg, "--action create" or "--action=create".  Options
+without a trailing "=" correspond to boolean control attributes.
+
+The default config file for irbe-cli is irbe.conf, start rpkid with
+"-c filename" (or "--config filename") to choose a different config
+file.  All options are in the section "[irbe-cli]".  Certificates,
+keys, and trust anchors may be in either DER or PEM format.
 
 Config file options: