diff options
Diffstat (limited to 'myrpki.rototill/examples/myrpki.conf')
| -rw-r--r-- | myrpki.rototill/examples/myrpki.conf | 47 |
1 files changed, 24 insertions, 23 deletions
diff --git a/myrpki.rototill/examples/myrpki.conf b/myrpki.rototill/examples/myrpki.conf index 8ce59498..7cf80eb6 100644 --- a/myrpki.rototill/examples/myrpki.conf +++ b/myrpki.rototill/examples/myrpki.conf @@ -37,9 +37,9 @@ repository_bpki_certificate = repository-ta.cer # "handle", with the addition of "/" characters as an allowed # delimiter. You need to set this. -repository_handle = Me +repository_handle = ${myrpki::handle} -# Names of various input and output files. Don't change these without +# Names of various files and directories. Don't change these without # a good reason. roa_csv = roas.csv @@ -48,8 +48,8 @@ parents_csv = parents.csv prefix_csv = prefixes.csv asn_csv = asns.csv xml_filename = myrpki.xml - bpki_resources_directory = bpki/resources +bpki_servers_directory = bpki/servers # Whether you want to run your own copy of rpkid (and irdbd). In # general, if you're running myirbe.py at all, you want this on. @@ -108,20 +108,6 @@ run_rootd = true rootd_server_port = 4401 -# Resource class name for rootd. rootd uses this for several -# different things: it's used along with pubd_server_host to construct -# the rsync URI for the root of the publication tree; it's used by -# rootd as a resource class name in the up-down protocol; and it's -# used to construct the filename for the one and only RPKI certificate -# that rootd issues. You need to configure this. - -rootd_resource_class_name = Me - -# Where to put BPKI stuff for the IRBE operator (entity that operates -# rpkid etc). Don't change this without a reason. - -bpki_servers_directory = bpki/servers - # Root of local directory tree where pubd (and rootd, sigh) should # write out published data. You need to configure this, and the # configuration should match up with the directory where you point @@ -132,6 +118,21 @@ bpki_servers_directory = bpki/servers publication_base_directory = publication/ +# rsyncd module name corresponding to publication_base_directory, or +# empty string if you want publication_base_directory to correspond to +# the parent of multiple rsyncd modules populated by pubd. The latter +# is "multimodule mode" and is useful if you have strong opinions +# about what the rsync URLs should look like; it requires the rsyncd +# module definitions to line up with the directory names under +# publication_base_directory. + +publication_rsync_module = ${myrpki::handle} + +# Hostname and optional port number for rsync:// URIs. In most cases +# this should just be the same value as pubd_server_name. + +publication_rsync_server = ${myrpki::pubd_server_host} + # Don't touch these, they're here because I haven't yet updated all of # the myrpki tools to use the latest config file variables. These # will go away eventually, for now just leave them alone. @@ -293,11 +294,11 @@ rpki-root-dir = ${myrpki::publication_base_directory} # rsync URI for directory containing rootd's outputs -rpki-base-uri = rsync://${myrpki::pubd_server_host}/${myrpki::rootd_resource_class_name}/ +rpki-base-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/ # rsync URI for rootd's root (self-signed) RPKI certificate -rpki-root-cert-uri = rsync://${myrpki::pubd_server_host}/${myrpki::rootd_resource_class_name}/root.cer +rpki-root-cert-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/root.cer # Private key corresponding to rootd's root RPKI certificate @@ -329,12 +330,12 @@ rpki-root-manifest = root.mnf # Up-down protocol class name for RPKI certificate rootd issues to its # one (and only) child -rpki-class-name = ${myrpki::rootd_resource_class_name} +rpki-class-name = ${myrpki::handle} # Filename (relative to rootd-base-uri and rpki-root-dir) of the one # (and only) RPKI certificate rootd issues -rpki-subject-cert = ${myrpki::rootd_resource_class_name}.cer +rpki-subject-cert = ${myrpki::handle}.cer # The last four paramters in this section are really parameters for # myirbe.py to use when constructing rootd's root RPKI certificate, @@ -353,11 +354,11 @@ root_cert_addrs = IPv4:0.0.0.0/0,IPv6:0::/0 # Whatever you put in rpki-base-uri, earlier in this section -root_cert_sia = rsync://${myrpki::pubd_server_host}/${myrpki::rootd_resource_class_name}/ +root_cert_sia = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/ # root_cert_sia + rpki-root-manifest -root_cert_manifest = rsync://${myrpki::pubd_server_host}/${myrpki::rootd_resource_class_name}/root.mnf +root_cert_manifest = rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/root.mnf ################################################################# |