diff options
| author | Rob Austein <sra@hactrn.net> | 2012-08-27 22:39:35 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2012-08-27 22:39:35 +0000 |
| commit | 884a764bbb9d519cf492a33121e01d334a0a53d7 (patch) | |
| tree | 8bef48138881ae1d53a0e374adece75816e98258 /rpkid/examples/rpki.conf | |
| parent | 49463eed400197bb0e0a53a66ea0f438f515a029 (diff) | |
Move root.cer to separate rsync module when building test
configurations, to avoid warnings about it being tainted. This is
really a conflict between needing to support rootd and wanting to make
the configuration clean when not running rootd: either we add an extra
directory level to the publication structure which we don't use when
not running rootd, or we move root.cer somewhere else. Since the
latter is simpler except for test configurations which are already
generated for us by programs, we do the latter.
svn path=/branches/tk274/; revision=4667
Diffstat (limited to 'rpkid/examples/rpki.conf')
| -rw-r--r-- | rpkid/examples/rpki.conf | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/rpkid/examples/rpki.conf b/rpkid/examples/rpki.conf index 880758ee..4fbfca0d 100644 --- a/rpkid/examples/rpki.conf +++ b/rpkid/examples/rpki.conf @@ -83,6 +83,7 @@ rootd_server_port = 4401 # relying parties can find and verify rpkid's published outputs. publication_base_directory = publication +publication_root_cert_directory = ${myrpki::publication_base_directory}.root # rsyncd module name corresponding to publication_base_directory. # This has to match the module you configured into rsyncd.conf. @@ -90,6 +91,12 @@ publication_base_directory = publication publication_rsync_module = rpki +# rsyncd module name corresponding to publication_root_cert_directory. +# This has to match the module you configured into rsyncd.conf. +# Leave this alone unless you have some need to change it. + +publication_root_module = root + # Hostname and optional port number for rsync:// URIs. In most cases # this should just be the same value as pubd_server_host. @@ -304,7 +311,7 @@ rpki-base-uri = rsync://${myrpki::publication_rsync_server}/${myrpki: # rsync URI for rootd's root (self-signed) RPKI certificate -rpki-root-cert-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/root.cer +rpki-root-cert-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_root_module}/root.cer # Private key corresponding to rootd's root RPKI certificate @@ -312,7 +319,7 @@ rpki-root-key = ${myrpki::bpki_servers_directory}/root.key # Filename (as opposed to rsync URI) of rootd's root RPKI certificate -rpki-root-cert = ${myrpki::publication_base_directory}/root.cer +rpki-root-cert = ${myrpki::publication_root_cert_directory}/root.cer # Where rootd should stash a copy of the PKCS #10 request it gets from # its one (and only) child |