1 files changed, 25 insertions, 29 deletions

diff --git a/myrpki.rototill/examples/myrpki.conf b/myrpki.rototill/examples/myrpki.conf
index 1bf48869..24bcb2a7 100644
--- a/myrpki.rototill/examples/myrpki.conf
+++ b/myrpki.rototill/examples/myrpki.conf
@@ -1,19 +1,12 @@
 # $Id: myrpki.conf 2722 2009-08-31 22:24:48Z sra $
 #
 # Config file for myrpki.py, myirbe.py, and RPKI daemons when used
-# with myrpki.py etc.  Notes:
+# with myrpki.py etc.
 #
-# - There's some duplication of settings between some of the sections,
-#   because each of the several daemons and control programs was
-#   written as a free-standing program.  Lumping all of the config for
-#   all of them into a single config file is just a convenience for
-#   simple configurations; in complex cases you might not have any two
-#   of them running on the same machine.
-#
-# - This config file is also read by the OpenSSL command line tool
-#   running under mypki.py, so syntax must remain compatable with both
-#   OpenSSL and Python config file parsers, and there's a big chunk of
-#   OpenSSL voodoo towards the end of this file.
+# NB: This config file is read both by Python code and also by the
+# OpenSSL command line tool (running under mypki), so syntax must
+# remain compatable with both parsers, and there's a big chunk of
+# OpenSSL voodoo towards the end of this file.
 
 ################################################################
 
@@ -52,15 +45,10 @@ rpkid_server_port     		= 4404
 irdbd_server_host		= localhost
 irdbd_server_port		= 4403
 
-# Whether you want myirbe.py to attempt to configure your own copy of
-# pubd.  In general, it's best to use your parent's pubd if you can,
-# to reduce the overall number of publication sites that relying
-# parties need to check, so don't enable this unless you have a good
-# reason.  See the [pubd] section if you do enable this.
-#
-# Enabling this when you are -not- running your own copy of pubd will
-# cause myirbe.py to fail when it attempts to perform runtime
-# configuration of your nonexistant pubd.
+# Whether you want to run your own copy of pubd.  In general, it's
+# best to use your parent's pubd if you can, to reduce the overall
+# number of publication sites that relying parties need to check, so
+# don't enable this unless you have a good reason.
 
 run_pubd			= true
 
@@ -81,12 +69,12 @@ pubd_contact_info		= repo-man@rpki.example.org
 # Whether to offer repository service to our children.
 # This only matters when we're running pubd.
 
-pubd_offer_service_to_children	= true
+pubd_offer_service_to_children	= false
 
 # Whether you want to run your very own copy of rootd.  Don't enable
 # this unless you really know what you're doing.
 
-run_rootd			= true
+run_rootd			= false
 
 # Server port number for rootd, if you're running it.  This can be any
 # legal TCP port number that you're not using for something else.
@@ -110,7 +98,7 @@ publication_base_directory     	= publication/
 publication_rsync_module	= rpki
 
 # Hostname and optional port number for rsync:// URIs.  In most cases
-# this should just be the same value as pubd_server_name.
+# this should just be the same value as pubd_server_host.
 
 publication_rsync_server	= ${myrpki::pubd_server_host}
 
@@ -150,10 +138,18 @@ openssl				= openssl
 
 #################################################################
 
+# In theory it should not be necessary to modify anything below this
+# point, at least not if you're within the boundaries of the
+# simplified configuration that the myrpki tool is intended to
+# support.  If you do have to modify anything below this point, please
+# report it.
+
+#################################################################
+
 [rpkid]
 
 # MySQL database name, user name, and password for rpkid to use to
-# store its data.  You need  to configure these.
+# store its data.
 
 sql-database			= ${myrpki::rpkid_sql_database}
 sql-username			= ${myrpki::rpkid_sql_username}
@@ -186,7 +182,7 @@ irbe-cert       		= ${myrpki::bpki_servers_directory}/irbe.cer
 [irdbd]
 
 # MySQL database name, user name, and password for irdbd to use to
-# store its data.  You need to configure these.
+# store its data.
 
 sql-database			= ${myrpki::irdbd_sql_database}
 sql-username			= ${myrpki::irdbd_sql_username}
@@ -211,7 +207,7 @@ irdbd-key       		= ${myrpki::bpki_servers_directory}/irdbd.key
 [pubd]
 
 # MySQL database name, user name, and password for pubd to use to
-# store (some of) its data.  You need to configure these.
+# store (some of) its data.
 
 sql-database			= ${myrpki::pubd_sql_database}
 sql-username			= ${myrpki::pubd_sql_username}
@@ -270,6 +266,8 @@ pubd-cert                       = ${myrpki::bpki_servers_directory}/pubd.cer
 
 #################################################################
 
+[rootd]
+
 # You don't need to run rootd unless you're IANA, are certifying
 # private address space, or are an RIR which refuses to accept IANA as
 # the root of the public address hierarchy.
@@ -279,8 +277,6 @@ pubd-cert                       = ${myrpki::bpki_servers_directory}/pubd.cer
 # number of things wrong, and requires far too many configuration
 # parameters.  You have been warned....
 
-[rootd]
-
 # BPKI certificates and keys for rootd
 
 bpki-ta                 	= ${myrpki::bpki_servers_directory}/ca.cer