diff options
| author | Rob Austein <sra@hactrn.net> | 2013-04-01 23:33:11 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2013-04-01 23:33:11 +0000 |
| commit | 0352b46e0e73f30e11eae412b5ca6b5c0546db3f (patch) | |
| tree | 095bdb2d9a1528af941ae04a5de372eaa2d95841 /rpkid | |
| parent | e6a8ae4ca901ff460fc5ae25e36c7c4b6484a308 (diff) | |
Clean up various old messes in how we configure listener server and
port in daemons.
svn path=/trunk/; revision=5251
Diffstat (limited to 'rpkid')
| -rw-r--r-- | rpkid/examples/rpki.conf | 103 | ||||
| -rw-r--r-- | rpkid/rpki/irdbd.py | 29 | ||||
| -rw-r--r-- | rpkid/rpki/pubd.py | 10 | ||||
| -rw-r--r-- | rpkid/rpki/rootd.py | 2 | ||||
| -rw-r--r-- | rpkid/rpki/rpkid.py | 2 |
5 files changed, 78 insertions, 68 deletions
diff --git a/rpkid/examples/rpki.conf b/rpkid/examples/rpki.conf index 3b798667..04e22369 100644 --- a/rpkid/examples/rpki.conf +++ b/rpkid/examples/rpki.conf @@ -30,7 +30,7 @@ bpki_servers_directory = @DATAROOTDIR@/rpki # Whether you want to run your own copy of rpkid (and irdbd). You # want this on unless somebody else is hosting rpkid service for you. -run_rpkid = true +run_rpkid = true # DNS hostname and server port numbers for rpkid and irdbd, if you're # running them. rpkid's server host has to be a publicly reachable @@ -38,8 +38,8 @@ run_rpkid = true # unless you really know what you are doing. Port numbers can be any # legal TCP port number that you're not using for something else. -rpkid_server_host = rpkid.example.org -rpkid_server_port = 4404 +rpkid_server_host = rpkid.example.org +rpkid_server_port = 4404 irdbd_server_host = localhost irdbd_server_port = 4403 @@ -55,8 +55,8 @@ run_pubd = false # be any legal TCP port number that you're not using for something # else. -pubd_server_host = pubd.example.org -pubd_server_port = 4402 +pubd_server_host = pubd.example.org +pubd_server_port = 4402 # Contact information to include in offers of repository service. # This only matters when we're running pubd. This should be a human @@ -72,6 +72,7 @@ run_rootd = false # Server port number for rootd, if you're running it. This can be any # legal TCP port number that you're not using for something else. +rootd_server_host = localhost rootd_server_port = 4401 # Root of local directory tree where pubd (and rootd, sigh) should @@ -82,7 +83,7 @@ rootd_server_port = 4401 # generated certificates match up with the published objects so that # relying parties can find and verify rpkid's published outputs. -publication_base_directory = @DATAROOTDIR@/rpki/publication +publication_base_directory = @DATAROOTDIR@/rpki/publication publication_root_cert_directory = ${myrpki::publication_base_directory}.root # rsyncd module name corresponding to publication_base_directory. @@ -164,29 +165,29 @@ pubd_sql_password = ${myrpki::shared_sql_password} sql-database = ${myrpki::rpkid_sql_database} sql-username = ${myrpki::rpkid_sql_username} -sql-password = ${myrpki::rpkid_sql_password} +sql-password = ${myrpki::rpkid_sql_password} # Host and port on which rpkid should listen for HTTP service # requests. -server-host = ${myrpki::rpkid_server_host} -server-port = ${myrpki::rpkid_server_port} +server-host = ${myrpki::rpkid_server_host} +server-port = ${myrpki::rpkid_server_port} # HTTP service URL rpkid should use to contact irdbd. If irdbd is # running on the same machine as rpkid, this can and probably should # be a loopback URL, since nobody but rpkid needs to talk to irdbd. -irdb-url = http://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/ +irdb-url = http://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/ # Where rpkid should look for BPKI certs and keys used in the # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer -rpkid-key = ${myrpki::bpki_servers_directory}/rpkid.key -rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer -irdb-cert = ${myrpki::bpki_servers_directory}/irdbd.cer -irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rpkid-key = ${myrpki::bpki_servers_directory}/rpkid.key +rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer +irdb-cert = ${myrpki::bpki_servers_directory}/irdbd.cer +irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer ################################################################# @@ -197,21 +198,22 @@ irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer sql-database = ${myrpki::irdbd_sql_database} sql-username = ${myrpki::irdbd_sql_username} -sql-password = ${myrpki::irdbd_sql_password} +sql-password = ${myrpki::irdbd_sql_password} -# HTTP service URL irdbd should listen on. This should match the -# irdb-url parameter in the [rpkid] section; see comments there. +# Host and port on which irdbd should listen for HTTP service +# requests. -http-url = http://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/ +server-host = ${myrpki::irdbd_server_host} +server-port = ${myrpki::irdbd_server_port} # Where irdbd should look for BPKI certs and keys used in the # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer -rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer -irdbd-cert = ${myrpki::bpki_servers_directory}/irdbd.cer -irdbd-key = ${myrpki::bpki_servers_directory}/irdbd.key +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer +irdbd-cert = ${myrpki::bpki_servers_directory}/irdbd.cer +irdbd-key = ${myrpki::bpki_servers_directory}/irdbd.key ################################################################# @@ -222,7 +224,7 @@ irdbd-key = ${myrpki::bpki_servers_directory}/irdbd.key sql-database = ${myrpki::pubd_sql_database} sql-username = ${myrpki::pubd_sql_username} -sql-password = ${myrpki::pubd_sql_password} +sql-password = ${myrpki::pubd_sql_password} # Root of directory tree where pubd should write out published data. # You need to configure this, and the configuration should match up @@ -232,22 +234,22 @@ sql-password = ${myrpki::pubd_sql_password} # with the published objects so that relying parties can find and # verify rpkid's published outputs. -publication-base = ${myrpki::publication_base_directory} +publication-base = ${myrpki::publication_base_directory} # Host and port on which pubd should listen for HTTP service # requests. -server-host = ${myrpki::pubd_server_host} -server-port = ${myrpki::pubd_server_port} +server-host = ${myrpki::pubd_server_host} +server-port = ${myrpki::pubd_server_port} # Where pubd should look for BPKI certs and keys used in the # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer -pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer -pubd-key = ${myrpki::bpki_servers_directory}/pubd.key -irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer +pubd-key = ${myrpki::bpki_servers_directory}/pubd.key +irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer ################################################################# @@ -264,65 +266,66 @@ irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer # BPKI certificates and keys for rootd -bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer -rootd-bpki-crl = ${myrpki::bpki_servers_directory}/ca.crl -rootd-bpki-cert = ${myrpki::bpki_servers_directory}/rootd.cer -rootd-bpki-key = ${myrpki::bpki_servers_directory}/rootd.key -child-bpki-cert = ${myrpki::bpki_servers_directory}/child.cer +bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer +rootd-bpki-crl = ${myrpki::bpki_servers_directory}/ca.crl +rootd-bpki-cert = ${myrpki::bpki_servers_directory}/rootd.cer +rootd-bpki-key = ${myrpki::bpki_servers_directory}/rootd.key +child-bpki-cert = ${myrpki::bpki_servers_directory}/child.cer -# Server port on which rootd should listen. +# Server host and port on which rootd should listen. -server-port = ${myrpki::rootd_server_port} +server-host = ${myrpki::rootd_server_host} +server-port = ${myrpki::rootd_server_port} # Where rootd should write its output. Yes, rootd should be using # pubd instead of publishing directly, but it doesn't. -rpki-root-dir = ${myrpki::publication_base_directory} +rpki-root-dir = ${myrpki::publication_base_directory} # rsync URI for directory containing rootd's outputs -rpki-base-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/ +rpki-base-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/ # rsync URI for rootd's root (self-signed) RPKI certificate -rpki-root-cert-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_root_module}/root.cer +rpki-root-cert-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_root_module}/root.cer # Private key corresponding to rootd's root RPKI certificate -rpki-root-key = ${myrpki::bpki_servers_directory}/root.key +rpki-root-key = ${myrpki::bpki_servers_directory}/root.key # Filename (as opposed to rsync URI) of rootd's root RPKI certificate -rpki-root-cert = ${myrpki::publication_root_cert_directory}/root.cer +rpki-root-cert = ${myrpki::publication_root_cert_directory}/root.cer # Where rootd should stash a copy of the PKCS #10 request it gets from # its one (and only) child -rpki-subject-pkcs10 = ${myrpki::bpki_servers_directory}/rootd.subject.pkcs10 +rpki-subject-pkcs10 = ${myrpki::bpki_servers_directory}/rootd.subject.pkcs10 # Lifetime of the one and only certificate rootd issues -rpki-subject-lifetime = 30d +rpki-subject-lifetime = 30d # Filename (relative to rootd-base-uri and rpki-root-dir) of the CRL # for rootd's root RPKI certificate -rpki-root-crl = root.crl +rpki-root-crl = root.crl # Filename (relative to rootd-base-uri and rpki-root-dir) of the # manifest for rootd's root RPKI certificate -rpki-root-manifest = root.mft +rpki-root-manifest = root.mft # Up-down protocol class name for RPKI certificate rootd issues to its # one (and only) child -rpki-class-name = ${myrpki::handle} +rpki-class-name = ${myrpki::handle} # Filename (relative to rootd-base-uri and rpki-root-dir) of the one # (and only) RPKI certificate rootd issues -rpki-subject-cert = ${myrpki::handle}.cer +rpki-subject-cert = ${myrpki::handle}.cer # The last four paramters in this section are really parameters for # myirbe.py to use when constructing rootd's root RPKI certificate, @@ -355,7 +358,7 @@ root_cert_manifest = rsync://${myrpki::publication_rsync_server}/${myrpki::publ [web_portal] sql-database = ${myrpki::irdbd_sql_database} sql-username = ${myrpki::irdbd_sql_username} -sql-password = ${myrpki::irdbd_sql_password} +sql-password = ${myrpki::irdbd_sql_password} ################################################################# diff --git a/rpkid/rpki/irdbd.py b/rpkid/rpki/irdbd.py index 4e9c6b5c..4da6f5e1 100644 --- a/rpkid/rpki/irdbd.py +++ b/rpkid/rpki/irdbd.py @@ -249,18 +249,25 @@ class main(object): rpki.left_right.list_roa_requests_elt : self.handle_list_roa_requests, rpki.left_right.list_ghostbuster_requests_elt : self.handle_list_ghostbuster_requests } - u = urlparse.urlparse(self.cfg.get("http-url")) - - assert u.scheme in ("", "http") and \ - u.username is None and \ - u.password is None and \ - u.params == "" and \ - u.query == "" and \ - u.fragment == "" + try: + self.http_server_host = self.cfg.get("server-host", "") + self.http_server_port = self.cfg.getint("server-port") + except: + # + # Backwards compatibility, remove this eventually. + # + u = urlparse.urlparse(self.cfg.get("http-url")) + if (u.scheme not in ("", "http") or + u.username is not None or + u.password is not None or + u.params or u.query or u.fragment): + raise + self.http_server_host = u.hostname + self.http_server_port = int(u.port) self.cms_timestamp = None rpki.http.server( - host = u.hostname or "localhost", - port = u.port or 443, - handlers = ((u.path, self.handler),)) + host = self.http_server_host, + port = self.http_server_port, + handlers = self.handler) diff --git a/rpkid/rpki/pubd.py b/rpkid/rpki/pubd.py index a5e0781f..7c5426bd 100644 --- a/rpkid/rpki/pubd.py +++ b/rpkid/rpki/pubd.py @@ -122,17 +122,17 @@ class main(object): self.pubd_key = rpki.x509.RSA( Auto_update = self.cfg.get("pubd-key")) self.http_server_host = self.cfg.get("server-host", "") - self.http_server_port = int(self.cfg.get("server-port", "4434")) + self.http_server_port = self.cfg.getint("server-port") self.publication_base = self.cfg.get("publication-base", "publication/") self.publication_multimodule = self.cfg.getboolean("publication-multimodule", False) rpki.http.server( - host = self.http_server_host, - port = self.http_server_port, - handlers = (("/control", self.control_handler), - ("/client/", self.client_handler))) + host = self.http_server_host, + port = self.http_server_port, + handlers = (("/control", self.control_handler), + ("/client/", self.client_handler))) def handler_common(self, query, client, cb, certs, crl = None): """ diff --git a/rpkid/rpki/rootd.py b/rpkid/rpki/rootd.py index a686235d..6ad5bb39 100644 --- a/rpkid/rpki/rootd.py +++ b/rpkid/rpki/rootd.py @@ -365,7 +365,7 @@ class main(object): self.child_bpki_cert = rpki.x509.X509(Auto_update = self.cfg.get("child-bpki-cert")) self.http_server_host = self.cfg.get("server-host", "") - self.http_server_port = int(self.cfg.get("server-port")) + self.http_server_port = self.cfg.getint("server-port") self.rpki_class_name = self.cfg.get("rpki-class-name", "wombat") diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py index 9594f668..2a0b7c4b 100644 --- a/rpkid/rpki/rpkid.py +++ b/rpkid/rpki/rpkid.py @@ -134,7 +134,7 @@ class main(object): self.irdb_url = self.cfg.get("irdb-url") self.http_server_host = self.cfg.get("server-host", "") - self.http_server_port = self.cfg.getint("server-port", 4433) + self.http_server_port = self.cfg.getint("server-port") self.publication_kludge_base = self.cfg.get("publication-kludge-base", "publication/") |