diff options
| author | Rob Austein <sra@hactrn.net> | 2013-04-01 23:33:11 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2013-04-01 23:33:11 +0000 |
| commit | 0352b46e0e73f30e11eae412b5ca6b5c0546db3f (patch) | |
| tree | 095bdb2d9a1528af941ae04a5de372eaa2d95841 /rpkid/examples | |
| parent | e6a8ae4ca901ff460fc5ae25e36c7c4b6484a308 (diff) | |
Clean up various old messes in how we configure listener server and
port in daemons.
svn path=/trunk/; revision=5251
Diffstat (limited to 'rpkid/examples')
| -rw-r--r-- | rpkid/examples/rpki.conf | 103 |
1 files changed, 53 insertions, 50 deletions
diff --git a/rpkid/examples/rpki.conf b/rpkid/examples/rpki.conf index 3b798667..04e22369 100644 --- a/rpkid/examples/rpki.conf +++ b/rpkid/examples/rpki.conf @@ -30,7 +30,7 @@ bpki_servers_directory = @DATAROOTDIR@/rpki # Whether you want to run your own copy of rpkid (and irdbd). You # want this on unless somebody else is hosting rpkid service for you. -run_rpkid = true +run_rpkid = true # DNS hostname and server port numbers for rpkid and irdbd, if you're # running them. rpkid's server host has to be a publicly reachable @@ -38,8 +38,8 @@ run_rpkid = true # unless you really know what you are doing. Port numbers can be any # legal TCP port number that you're not using for something else. -rpkid_server_host = rpkid.example.org -rpkid_server_port = 4404 +rpkid_server_host = rpkid.example.org +rpkid_server_port = 4404 irdbd_server_host = localhost irdbd_server_port = 4403 @@ -55,8 +55,8 @@ run_pubd = false # be any legal TCP port number that you're not using for something # else. -pubd_server_host = pubd.example.org -pubd_server_port = 4402 +pubd_server_host = pubd.example.org +pubd_server_port = 4402 # Contact information to include in offers of repository service. # This only matters when we're running pubd. This should be a human @@ -72,6 +72,7 @@ run_rootd = false # Server port number for rootd, if you're running it. This can be any # legal TCP port number that you're not using for something else. +rootd_server_host = localhost rootd_server_port = 4401 # Root of local directory tree where pubd (and rootd, sigh) should @@ -82,7 +83,7 @@ rootd_server_port = 4401 # generated certificates match up with the published objects so that # relying parties can find and verify rpkid's published outputs. -publication_base_directory = @DATAROOTDIR@/rpki/publication +publication_base_directory = @DATAROOTDIR@/rpki/publication publication_root_cert_directory = ${myrpki::publication_base_directory}.root # rsyncd module name corresponding to publication_base_directory. @@ -164,29 +165,29 @@ pubd_sql_password = ${myrpki::shared_sql_password} sql-database = ${myrpki::rpkid_sql_database} sql-username = ${myrpki::rpkid_sql_username} -sql-password = ${myrpki::rpkid_sql_password} +sql-password = ${myrpki::rpkid_sql_password} # Host and port on which rpkid should listen for HTTP service # requests. -server-host = ${myrpki::rpkid_server_host} -server-port = ${myrpki::rpkid_server_port} +server-host = ${myrpki::rpkid_server_host} +server-port = ${myrpki::rpkid_server_port} # HTTP service URL rpkid should use to contact irdbd. If irdbd is # running on the same machine as rpkid, this can and probably should # be a loopback URL, since nobody but rpkid needs to talk to irdbd. -irdb-url = http://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/ +irdb-url = http://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/ # Where rpkid should look for BPKI certs and keys used in the # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer -rpkid-key = ${myrpki::bpki_servers_directory}/rpkid.key -rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer -irdb-cert = ${myrpki::bpki_servers_directory}/irdbd.cer -irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rpkid-key = ${myrpki::bpki_servers_directory}/rpkid.key +rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer +irdb-cert = ${myrpki::bpki_servers_directory}/irdbd.cer +irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer ################################################################# @@ -197,21 +198,22 @@ irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer sql-database = ${myrpki::irdbd_sql_database} sql-username = ${myrpki::irdbd_sql_username} -sql-password = ${myrpki::irdbd_sql_password} +sql-password = ${myrpki::irdbd_sql_password} -# HTTP service URL irdbd should listen on. This should match the -# irdb-url parameter in the [rpkid] section; see comments there. +# Host and port on which irdbd should listen for HTTP service +# requests. -http-url = http://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/ +server-host = ${myrpki::irdbd_server_host} +server-port = ${myrpki::irdbd_server_port} # Where irdbd should look for BPKI certs and keys used in the # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer -rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer -irdbd-cert = ${myrpki::bpki_servers_directory}/irdbd.cer -irdbd-key = ${myrpki::bpki_servers_directory}/irdbd.key +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer +irdbd-cert = ${myrpki::bpki_servers_directory}/irdbd.cer +irdbd-key = ${myrpki::bpki_servers_directory}/irdbd.key ################################################################# @@ -222,7 +224,7 @@ irdbd-key = ${myrpki::bpki_servers_directory}/irdbd.key sql-database = ${myrpki::pubd_sql_database} sql-username = ${myrpki::pubd_sql_username} -sql-password = ${myrpki::pubd_sql_password} +sql-password = ${myrpki::pubd_sql_password} # Root of directory tree where pubd should write out published data. # You need to configure this, and the configuration should match up @@ -232,22 +234,22 @@ sql-password = ${myrpki::pubd_sql_password} # with the published objects so that relying parties can find and # verify rpkid's published outputs. -publication-base = ${myrpki::publication_base_directory} +publication-base = ${myrpki::publication_base_directory} # Host and port on which pubd should listen for HTTP service # requests. -server-host = ${myrpki::pubd_server_host} -server-port = ${myrpki::pubd_server_port} +server-host = ${myrpki::pubd_server_host} +server-port = ${myrpki::pubd_server_port} # Where pubd should look for BPKI certs and keys used in the # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer -pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer -pubd-key = ${myrpki::bpki_servers_directory}/pubd.key -irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer +pubd-key = ${myrpki::bpki_servers_directory}/pubd.key +irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer ################################################################# @@ -264,65 +266,66 @@ irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer # BPKI certificates and keys for rootd -bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer -rootd-bpki-crl = ${myrpki::bpki_servers_directory}/ca.crl -rootd-bpki-cert = ${myrpki::bpki_servers_directory}/rootd.cer -rootd-bpki-key = ${myrpki::bpki_servers_directory}/rootd.key -child-bpki-cert = ${myrpki::bpki_servers_directory}/child.cer +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rootd-bpki-crl = ${myrpki::bpki_servers_directory}/ca.crl +rootd-bpki-cert = ${myrpki::bpki_servers_directory}/rootd.cer +rootd-bpki-key = ${myrpki::bpki_servers_directory}/rootd.key +child-bpki-cert = ${myrpki::bpki_servers_directory}/child.cer -# Server port on which rootd should listen. +# Server host and port on which rootd should listen. -server-port = ${myrpki::rootd_server_port} +server-host = ${myrpki::rootd_server_host} +server-port = ${myrpki::rootd_server_port} # Where rootd should write its output. Yes, rootd should be using # pubd instead of publishing directly, but it doesn't. -rpki-root-dir = ${myrpki::publication_base_directory} +rpki-root-dir = ${myrpki::publication_base_directory} # rsync URI for directory containing rootd's outputs -rpki-base-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/ +rpki-base-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/ # rsync URI for rootd's root (self-signed) RPKI certificate -rpki-root-cert-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_root_module}/root.cer +rpki-root-cert-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_root_module}/root.cer # Private key corresponding to rootd's root RPKI certificate -rpki-root-key = ${myrpki::bpki_servers_directory}/root.key +rpki-root-key = ${myrpki::bpki_servers_directory}/root.key # Filename (as opposed to rsync URI) of rootd's root RPKI certificate -rpki-root-cert = ${myrpki::publication_root_cert_directory}/root.cer +rpki-root-cert = ${myrpki::publication_root_cert_directory}/root.cer # Where rootd should stash a copy of the PKCS #10 request it gets from # its one (and only) child -rpki-subject-pkcs10 = ${myrpki::bpki_servers_directory}/rootd.subject.pkcs10 +rpki-subject-pkcs10 = ${myrpki::bpki_servers_directory}/rootd.subject.pkcs10 # Lifetime of the one and only certificate rootd issues -rpki-subject-lifetime = 30d +rpki-subject-lifetime = 30d # Filename (relative to rootd-base-uri and rpki-root-dir) of the CRL # for rootd's root RPKI certificate -rpki-root-crl = root.crl +rpki-root-crl = root.crl # Filename (relative to rootd-base-uri and rpki-root-dir) of the # manifest for rootd's root RPKI certificate -rpki-root-manifest = root.mft +rpki-root-manifest = root.mft # Up-down protocol class name for RPKI certificate rootd issues to its # one (and only) child -rpki-class-name = ${myrpki::handle} +rpki-class-name = ${myrpki::handle} # Filename (relative to rootd-base-uri and rpki-root-dir) of the one # (and only) RPKI certificate rootd issues -rpki-subject-cert = ${myrpki::handle}.cer +rpki-subject-cert = ${myrpki::handle}.cer # The last four paramters in this section are really parameters for # myirbe.py to use when constructing rootd's root RPKI certificate, @@ -355,7 +358,7 @@ root_cert_manifest = rsync://${myrpki::publication_rsync_server}/${myrpki::publ [web_portal] sql-database = ${myrpki::irdbd_sql_database} sql-username = ${myrpki::irdbd_sql_username} -sql-password = ${myrpki::irdbd_sql_password} +sql-password = ${myrpki::irdbd_sql_password} ################################################################# |