diff options
Diffstat (limited to 'rp')
| -rw-r--r-- | rp/config/rpki-confgen.xml | 272 |
1 files changed, 0 insertions, 272 deletions
diff --git a/rp/config/rpki-confgen.xml b/rp/config/rpki-confgen.xml index e05d486c..5f641161 100644 --- a/rp/config/rpki-confgen.xml +++ b/rp/config/rpki-confgen.xml @@ -148,31 +148,6 @@ </doc> </option> - <option name = "run_rootd" - value = "no"> - <doc> - Whether you want to run your very own copy of rootd. Don't - enable this unless you really know what you're doing. - </doc> - </option> - - <option name = "rootd_server_host" - value = "localhost"> - <doc> - DNS hostname for rootd, if you're running it. This should be - localhost unless you really know what you are doing. - </doc> - </option> - - <option name = "rootd_server_port" - value = "4401"> - <doc> - Server port number for rootd, if you're running it. This can - be any legal TCP port number that you're not using for - something else. - </doc> - </option> - <option name = "publication_base_directory" value = "${autoconf::datarootdir}/rpki/publication"> <doc> @@ -275,20 +250,6 @@ </doc> </option> - <option name = "start_rootd" - value = "${myrpki::run_rootd}"> - <doc> - rootd startup control. This should usually have the same value as - run_rootd: the only case where you would want to change this is - when you are running the back-end code on a different machine from - one or more of the daemons, in which case you need finer control - over which daemons to start on which machines. In such cases, - run_rootd controls whether the back-end code is doing things to - manage rootd, while start_rootd controls whether - rpki-start-servers attempts to start rootd on this machine. - </doc> - </option> - <option name = "shared_sql_engine" value = "mysql"> <doc> @@ -805,239 +766,6 @@ </section> - <section name = "rootd"> - - <doc> - You don't need to run rootd unless you're IANA, are certifying - private address space, or are an RIR which refuses to accept IANA as - the root of the public address hierarchy. - </doc> - - <doc> - Ok, if that wasn't enough to scare you off: rootd is a mess, - needs to be rewritten, or, better, merged into rpkid, and - requires far too many configuration parameters. - </doc> - - <doc> - rootd was originally intended to be a very simple program which - simplified rpkid enormously by moving one specific task (acting - as the root CA of an RPKI certificate hierarchy) out of rpkid. - As the specifications and code (mostly the latter) have evolved, - however, this task has become more complicated, and rootd would - have to become much more complicated to keep up. - </doc> - - <doc> - Don't run rootd unless you're sure that you need to do so. - </doc> - - <doc> - Still think you need to run rootd? OK, but remember, you have - been warned.... - </doc> - - <doc> - rootd's default configuration file is the system `rpki.conf` - file. Start rootd with "`-c filename`" to choose a different - configuration file. All options are in the "`[rootd]`" section. - Certificates and keys may be in either DER or PEM format. - </doc> - - <option name = "bpki-ta" - value = "${myrpki::bpki_servers_directory}/ca.cer"> - <doc> - Where rootd should look for the BPKI trust anchor. All BPKI - certificate verification within rootd traces back to this - trust anchor. Don't change this unless you really know what - you are doing. - </doc> - </option> - - <option name = "rootd-bpki-crl" - value = "${myrpki::bpki_servers_directory}/ca.crl"> - <doc> - BPKI CRL. Don't change this unless you really know what you are - doing. - </doc> - </option> - - <option name = "rootd-bpki-cert" - value = "${myrpki::bpki_servers_directory}/rootd.cer"> - <doc> - rootd's own BPKI EE certificate. Don't change this unless you - really know what you are doing. - </doc> - </option> - - <option name = "rootd-bpki-key" - value = "${myrpki::bpki_servers_directory}/rootd.key"> - <doc> - Private key corresponding to rootd's own BPKI EE certificate. - Don't change this unless you really know what you are doing. - </doc> - </option> - - <option name = "child-bpki-cert" - value = "${myrpki::bpki_servers_directory}/child.cer"> - <doc> - BPKI certificate for rootd's one and only up-down child (RPKI - engine to which rootd issues an RPKI certificate). Don't - change this unless you really know what you are doing. - </doc> - </option> - - <option name = "pubd-bpki-cert"> - <doc> - BPKI certificate for pubd. Don't set this unless you really - know what you are doing. - </doc> - </option> - - <option name = "server-host" - value = "${myrpki::rootd_server_host}"> - <doc> - Server host on which rootd should listen. - </doc> - </option> - - <option name = "server-port" - value = "${myrpki::rootd_server_port}"> - <doc> - Server port on which rootd should listen. - </doc> - </option> - - <option name = "rpki_data_dir" - value = "${myrpki::bpki_servers_directory}"> - <doc> - Directory where rootd should store its RPKI data files. This - is only used to construct other variables, rootd itself - doesn't read it. - </doc> - </option> - - <option name = "rpki_key_dir" - value = "${autoconf::datarootdir}/rpki"> - <doc> - Directory where rootd's root rpki key and certificate are - stored. rootd only reads these files, doesn't write them. - This variable is only used to construct other variables, rootd - itself doesn't read it. - </doc> - </option> - - <option name = "rpki_base_uri" - value = "rsync://${myrpki::publication_rsync_server}/${myrpki::publication_rsync_module}/${myrpki::handle}-root/root"> - <doc> - rsync URI corresponding to directory containing rootd's - outputs. This is only used to construct other variables, - rootd itself doesn't read it. - </doc> - </option> - - <option name = "rpki-root-cert-uri" - value = "${rootd::rpki_base_uri}.cer"> - <doc> - rsync URI for rootd's root (self-signed) RPKI certificate. - </doc> - </option> - - <option name = "rpki-root-cert-file" - value = "${rootd::rpki_key_dir}/root.cer"> - <doc> - Filename of rootd's root RPKI certificate. - </doc> - </option> - - <option name = "rpki-root-key-file" - value = "${rootd::rpki_key_dir}/root.key"> - <doc> - Private key corresponding to rootd's root RPKI certificate. - </doc> - </option> - - <option name = "rpki-root-crl-uri" - value = "${rootd::rpki_base_uri}/root.crl"> - <doc> - URI of the CRL for rootd's root RPKI certificate. - </doc> - </option> - - <option name = "rpki-root-crl-file" - value = "${rootd::rpki_data_dir}/root.crl"> - <doc> - Filename of the CRL for rootd's root RPKI certificate. - </doc> - </option> - - <option name = "rpki-root-manifest-uri" - value = "${rootd::rpki_base_uri}/root.mft"> - <doc> - URI of the manifest for rootd's root RPKI certificate. - </doc> - </option> - - <option name = "rpki-root-manifest-file" - value = "${rootd::rpki_data_dir}/root.mft"> - <doc> - Filename of the manifest for rootd's root RPKI certificate. - </doc> - </option> - - <option name = "rpki-subject-pkcs10-file" - value = "${rootd::rpki_data_dir}/subject.pkcs10"> - <doc> - Where rootd should stash a copy of the PKCS #10 request it gets - from its one (and only) child - </doc> - </option> - - <option name = "rpki-subject-lifetime" - value = "30d"> - <doc> - Lifetime of the one and only RPKI certificate rootd issues. - </doc> - </option> - - <option name = "rpki-class-name" - value = "${myrpki::handle}"> - <doc> - Up-down protocol class name for RPKI certificate rootd issues to its - one (and only) child. - </doc> - </option> - - <option name = "rpki-subject-cert-uri" - value = "${rootd::rpki_base_uri}/${myrpki::handle}.cer"> - <doc> - URI of the one (and only) RPKI certificate rootd issues. - </doc> - </option> - - <option name = "rpki-subject-cert-file" - value = "${rootd::rpki_data_dir}/${myrpki::handle}.cer"> - <doc> - Filename of the one (and only) RPKI certificate rootd issues. - </doc> - </option> - - <option name = "pubd-contact-uri" - value = "http://${myrpki::pubd_server_host}:${myrpki::pubd_server_port}/client/${myrpki::handle}-root"> - <doc> - URI at which rootd should contact pubd for service. - </doc> - </option> - - <option name = "rrdp-notification-uri" - value = "${myrpki::publication_rrdp_notification_uri"> - <doc> - RRDP URI for inclusion in generated objects. - </doc> - </option> - - </section> - <section name = "web_portal"> <doc> |