****** GUI Installation ****** These steps assume that you have already installed and configured the other CA tools. rpki-manage is a shell script wrapper around the django-admin command which sets $PYTHONPATH and $DJANGO_SETTINGS_MODULE. ***** Prerequisites ***** * Django * Django South * Apache 2 * mod_wsgi 3 ***** Upgrading from a Previous Release ***** If you had previously installed the web portal before the database migration support was added, you will need to take some additional steps. **** Edit settings.py **** You will need to edit /usr/local/etc/rpki/settings.py and edit the INSTALLED_APPS list to include 'south'. **** Sync databases **** $ rpki-manage syncdb **** Database Migration **** If you have not previously run the new database migration step, you will need to run this command. Note that you only need to run this command the first time you upgrade. $ rpki-manage migrate app 0001 --fake Now bring your database up to date with the current release: $ rpki-manage migrate app ***** New Installation ***** **** Create the initial tables **** $ rpki-manage syncdb Answer "yes" when asked if you want to create superuser Enter username for superuser Enter password If you need to create superuser at a later time, you can run $ rpki-manage createsuperuser If you need to change superuser's password $ rpki-manage changepassword **** Perform Database Migration **** If there were any changes to the database schema, this command will bring your existing database up to date with the current software. $ rpki-manage migrate app ***** Configure Apache ***** Now configure apache, using /usr/local/etc/rpki/apache.conf, e.g. $ cp apache.conf /usr/local/etc/apache22/Includes/rpki.conf You can put it in a virtual host if you wish. Restart apache $ apachectl restart Go to the URL for your web server and enter the superuser and password in login form. If you've only done the above bootstrap, there will only be a single handle to manage, so the GUI will automatically bring you to the dashboard for that handle. ****** Installation of Route Views Support for the GUI ****** If you want ROA creation to tell the user what routes are in the global routing table for what they are about to create, Be sure you have curl installed. On FreeBSD it is in /usr/ports/ftp/curl Install a script such as the following as /usr/locl/bin/do-routeviews #!/bin/sh # Fetch the full bgp dump from routeviews.org and update the web # portal's database i=oix-full-snapshot-latest.dat.bz2 o=/tmp/$i curl -s -S -o $o http://archive.routeviews.org/oix-route-views/$i if [ $? -eq 0 ]; then /usr/local/sbin/rpkigui-import-routes -l error $o fi and create an entry in root's crontab such as 30 */2 * * * root /usr/local/sbin/do-routeviews If you want the GUI's "routes" page to see ROAs when you click those buttons, you will need to run rcynic. see the instructions for setting up rcynic. If you are running rootd, you may want to run with only your local trust anchor. In this case, to have the GUI be fairly responsive to changes, you may want to run the rcynic often. In this case, you may want to look at the value of jitter in rcynic.conf. In addition, your rcynic script should also have /usr/local/sbin/rpkigui-rcynic -l error after the rcynic run. ****** GUI Installation to Work With rootd ****** Some of the commands depend on whether your are upgrading your existing database, or starting a new installation from scratch. [All users] First step is you will need to install Django South. For FreeBSD this is /usr/ports/databases/py-south. The code is currently in the tk316 branch, so in order to play, you will need to check it out: $ svn co https://subvert-rpki.hactrn.net/branches/tk316 $ cd tk316 $ ./configure $ make $ make install [Upgrading users] You will need to edit /usr/local/etc/rpki/settings.py and add 'south' to the INSTALLED_APPS list. See /usr/local/etc/rpki/settings.py.new for an example (we don't automatically overwrite settings.py). [All users] Run syncdb: $ django-admin syncdb --pythonpath=/usr/local/etc/rpki --settings=settings Verify that Django South is installed: $ django-admin migrate --list --pythonpath=/usr/local/etc/rpki -- settings=settings [Upgrading Users] Since you already have an existing db, you need to fake doing the initial migration step: $ django-admin migrate app 0001 --fake --pythonpath=/usr/local/etc/rpki -- settings=settings [All users] Perform the database migrations new to this release: $ django-admin migrate app --pythonpath=/usr/local/etc/rpki -- settings=settings [All users] Restart apache so that the web portal picks up the newly installed code: $ apachectl restart Now head back to the gui. Click on the 'refresh' link when viewing the altCA dashboard, and it should now pick up the resources from the root cert. ****** Using the GUI ****** ****** GUI Examples ****** ***** Logging in to the GUI ***** 01-login.jpg ***** The Dashboard - Let's Make a ROA ***** 02-dashboard.jpg ***** ROA List Currently Empty, So Let's Create One ***** 03-roas.jpg ***** Choose an AS and Prefix - Let MaxLen? Default ***** 04-create-roa.jpg ***** What Will the Consequences Be? - Confirm OK ***** 05-are-you-sure.jpg ***** Now We Can See ROAs - Let's Look at Routes ***** 06-roa-list.jpg ***** Real Effect on Routing Table ***** 07-route view.jpg ***** Ghostbusters etc. are Similar *****