diff options
| -rw-r--r-- | docs/OPERATION | 121 |
1 files changed, 113 insertions, 8 deletions
diff --git a/docs/OPERATION b/docs/OPERATION index 2c50631f..51665833 100644 --- a/docs/OPERATION +++ b/docs/OPERATION @@ -44,7 +44,9 @@ testpoke.py A simple client for the up-down protocol, mostly Most of these programs take configuration files in a common format similar to that used by the OpenSSL command line tool. The test -programs also take input in YAML format to drive the tests. +programs also take input in YAML format to drive the tests. Runs of +the testbed.py test tool will generate a fairly complete set +configuration files which may be useful as examples. Basic operation consists of creating the appropriate MySQL databases, starting rpkid, rootd, and irdbd, using the left-right control @@ -127,7 +129,7 @@ https-ta: Name of file containing trust anchor to use when verifying irdbd's HTTPS server certificate. -irdb-url: Service URL for irdbd. Must be a https// URL. +irdb-url: Service URL for irdbd. Must be a https:// URL. https-server-host: Hostname or IP address on which to listen for HTTPS connections. Default is localhost. @@ -145,7 +147,7 @@ publication-kludge-base: [TEMPORARY] Local directory under which rootd.py config file: -The default config file is rootd.conf, start rpkid with "-c filename" +The default config file is rootd.conf, start rootd with "-c filename" to choose a different config file. All options are in the section "[rootd]". Certificates, keys, and trust anchors may be in either DER or PEM format. @@ -200,7 +202,7 @@ rpki-pkcs10-filename: Name of file that rootd should use when saving irdbd.py config file: -The default config file is irdbd.conf, start rpkid with "-c filename" +The default config file is irdbd.conf, start irdbd with "-c filename" to choose a different config file. All options are in the section "[irdbd]". Certificates, keys, and trust anchors may be in either DER or PEM format. @@ -241,19 +243,122 @@ https-certs: Name(s) of file(s) containing certificate(s) more than one certificate using OpenSSL-style subscripts: https-certs.0, https-certs.1, etc. -https-url: Service URL for irdbd. Must be a https// URL. +https-url: Service URL for irdbd. Must be a https:// URL. ---------------------------------------------------------------- -irbe-cli.py +irbe-cli.py config file: + +The default config file is irbe.conf, start rpkid with "-c filename" +to choose a different config file. All options are in the section +"[irbe-cli]". Certificates, keys, and trust anchors may be in either +DER or PEM format. + +Options: + +cms-ta: Name of file containing CMS trust anchor to + use when authenticating messages from rpkid. + +cms-key: Name of file containing RSA key to use when + signing CMS messages to rpkid. + +cms-certs: Name(s) of file(s) containing certificate(s) + to include in CMS wrapper when signing + messages to rpkid. You can specify more than + one certificate using OpenSSL-style + subscripts: cms-certs.0, cms-certs.1, etc. + +https-key: Name of file containing RSA key to use in the + HTTPS client role when contacting rpkid. + +https-certs: Name(s) of file(s) containing certificate(s) + to use in the HTTPS client role when + contacting rpkid. You can specify more than + one certificate using OpenSSL-style + subscripts: https-certs.0, https-certs.1, + etc. + +https-ta: Name of file containing trust anchor to use + when verifying rpkid's HTTPS server + certificate. + +https-url: Service URL for rpkid. Must be a https:// URL. ---------------------------------------------------------------- -irbe-setup.py +irbe-setup.py config file: + +The default config file is irbe.conf, start rpkid with "-c filename" +to choose a different config file. Most options are in the section +"[irbe-cli]", but a few are in the section "[irdbd]". Certificates, +keys, and trust anchors may be in either DER or PEM format. + +Options in the "[irbe-cli] section: + +cms-ta: Name of file containing CMS trust anchor to + use when authenticating messages from rpkid. + +cms-key: Name of file containing RSA key to use when + signing CMS messages to rpkid. + +cms-certs: Name(s) of file(s) containing certificate(s) + to include in CMS wrapper when signing + messages to rpkid. You can specify more than + one certificate using OpenSSL-style + subscripts: cms-certs.0, cms-certs.1, etc. + +https-key: Name of file containing RSA key to use in the + HTTPS client role when contacting rpkid. + +https-certs: Name(s) of file(s) containing certificate(s) + to use in the HTTPS client role when + contacting rpkid. You can specify more than + one certificate using OpenSSL-style + subscripts: https-certs.0, https-certs.1, + etc. + +https-ta: Name of file containing trust anchor to use + when verifying rpkid's HTTPS server + certificate. + +https-url: Service URL for rpkid. Must be a https:// URL. + +Options in the "[irdbd] section: + +sql-username: Username to hand to MySQL when connecting to + irdbd's database. + +sql-database: MySQL's database name for irdbd's database. + +sql-password: Password to hand to MySQL when connecting to + irdbd's database. ---------------------------------------------------------------- -cronjob.py +cronjob.py config file: + +The default config file is cronjob.conf, start cronjob with "-c +filename" to choose a different config file. All options are in the +section "[cronjob]". Certificates, keys, and trust anchors may be in +either DER or PEM format. + +Options: + +https-key: Name of file containing RSA key to use in the + HTTPS client role when contacting rpkid. + +https-certs: Name(s) of file(s) containing certificate(s) + to use in the HTTPS client role when + contacting rpkid. You can specify more than + one certificate using OpenSSL-style + subscripts: https-certs.0, https-certs.1, + etc. + +https-ta: Name of file containing trust anchor to use + when verifying rpkid's HTTPS server + certificate. + +https-url: Service URL for rpkid. Must be a https:// URL. ---------------------------------------------------------------- |