1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
$Id$ -*- Text -*-
Preliminary operation instructions for rpkid et al. These are the
production-side RPKI tools, for Internet Registries (RIRs, LIRs, etc).
See ../rcynic/README for relying party tools.
See INSTALLATION for how to install the software.
At present the package is intended to be run out of the scripts
directory.
In addition to the library routines in the scripts/rpki/ directory,
the package includes the following programs:
rpkid.py The main RPKI engine daemon
rootd.py A separate daemon for handling the root of an RPKI
certificate tree. This is essentially a stripped down
version of rpkid with no SQL database, no left-right
protocol implementation, and only the parent side of
the up-down protocol. It's separate because the root
is a special case in several ways and it was simpler
to keep the special cases out of the main daemon.
irdb.py A sample implementation of an IR database daemon.
rpkid calls into this to perform lookups via the
left-right protocol.
irbe-cli.py A command-line client for the left-right control
protocol.
irbe-setup.py An example of a script to set up the mappings between
the IRDB and rpkid's own database, using the
left-right control protocol.
http-client.py A trivial HTTP client, originally written for testing,
now used to drive rpkid cron events.
testbed.py A test tool for running a collection of rpkid and irdb
instances under common control, driven by a unified
test script.
testpoke.py A simple client for the up-down protocol, mostly
compatable with APNIC's rpki_poke.pl tool.
Most of these programs take configuration files in a common format.
The test programs also take input in YAML format to drive the tests.
Configuration files are described below.
Basic operation consists of creating the appropriate MySQL databases,
starting rpkid, rootd, and irdbd, using the left-right control
protocol to set up rpkid's internal state, and setting up a cron job
to invoke rpkid's cron action at regular intervals. All other
operations should occur either as a result of cron events or as a
result of incoming left-right and up-down protocol requests.
Note that the publication protocol hasn't yet been written. At the
moment rpkid just writes its outputs to a local directory.
Note that the full event-driven model for rpkid hasn't yet been
implemented. The design is intended to allow an arbitrary number of
hosted RPKI engines to run in a single rpkid instance, but without the
event-driven tasking model one has to set up a separate rpkid instance
for each hosted RPKI engine.
|
