mirror of
https://github.com/NLnetLabs/routinator.git
synced 2024-05-19 06:50:04 +00:00
214 lines
6.5 KiB
Plaintext
214 lines
6.5 KiB
Plaintext
# Routinator Configuration
|
|
#
|
|
# The configuration file is a TOML file. It consists of a sequence of
|
|
# key-value pairs, each on its own line. Strings are to be enclosed in
|
|
# double quotes. Lists of values can be given by enclosing a
|
|
# comma-separated sequence of these values in square brackets.
|
|
#
|
|
# See https://github.com/toml-lang/toml for detailed information on the
|
|
# format.
|
|
#
|
|
# This file contains all configuration settings with explanations and their
|
|
# default values.
|
|
|
|
# Repository directory
|
|
#
|
|
# This is where Routinator stores the local copy of the RPKI repository.
|
|
# Any relative path is interpreted with respect to the directory this config
|
|
# lives in.
|
|
#
|
|
# This setting is mandatory.
|
|
#
|
|
repository-dir = "..."
|
|
|
|
# Trust Anchor Locator (TAL) directory
|
|
#
|
|
# All the files with the extension ".tal" in this directory are treated as
|
|
# trust anchor locators for RPKI validation.
|
|
#
|
|
# A relative path is interpreted with respect to the directory this config
|
|
# lives in.
|
|
#
|
|
# This setting is mandatory.
|
|
#
|
|
tal-dir = "..."
|
|
|
|
# Local exceptions files
|
|
#
|
|
# This settings contains a array of paths to files that contain local
|
|
# exceptions. The files are JSON files according to RFC 8416 (aka SLURM).
|
|
#exceptions = []
|
|
|
|
# Strict mode
|
|
#
|
|
# If strict mode, Routinator will stick to the requirements in the respective
|
|
# RFCs very strictly. See
|
|
# https://github.com/NLnetLabs/rpki-rs/blob/master/doc/relaxed-validation.md
|
|
# for information on what is allowed when strict mode is off.
|
|
#strict = false
|
|
|
|
# Policy for stale objects
|
|
#
|
|
# Manifests and CRLs have a field called next-update which states the time
|
|
# when a new object should be published. If an object remains past that time,
|
|
# it is considered stale.
|
|
#
|
|
# This options defines how to deal with such stale objects. It can be one of
|
|
# three values: "reject" means all stale objects are rejected as invalid,
|
|
# "warn" means that they are accepted but a warning is logged, and "accept"
|
|
# means the are just accepted.
|
|
#
|
|
# Note that rejecting stale manifests and CRLs results on all objects of the
|
|
# issuing CA to be rejected, too, including all child CAs.
|
|
#stale = "warn"
|
|
|
|
# Allow dubious host names in rsync and RRDP URIs.
|
|
#
|
|
# By default, Routinator will filter out URIs with host names that shouldn't
|
|
# appear in public URIs. This option can be used to disable this filtering.
|
|
#allow-dubious-hosts = false
|
|
|
|
# Disable rsync
|
|
#
|
|
# If you don't want to use rsync -- which is not advices as there are rsync
|
|
# only repositories -- you can set this to true.
|
|
#disable-rsync = false
|
|
|
|
# Rsync command
|
|
#
|
|
# This is the command to run as rsync. This is only command, no options.
|
|
#rsync-command = "rsync"
|
|
|
|
# Rsync arguments
|
|
#
|
|
# This is a list of arguments to give to rsync.
|
|
#rsync-args = []
|
|
|
|
# Number of parallel rsync commands
|
|
#
|
|
# This is the maximum number of rsync commands that are run in parallel.
|
|
# We are not sure, if the current default is any good. Some feedback whether
|
|
# it is causing trouble or whether a higher value would even be fine is very
|
|
# much appreciated.
|
|
#
|
|
#rsync-count = 4
|
|
|
|
# Number of validation threads
|
|
#
|
|
# The number of threads that are used for validating the repository. The
|
|
# default value is the number of CPUs.
|
|
#validation-threads = NUMBER
|
|
|
|
# Refresh interval
|
|
#
|
|
# How often the repository should be updated and validated in RTR mode.
|
|
# Specifically, this is the number of seconds the process will wait after
|
|
# having finished validation before starting the next update.
|
|
#
|
|
# The default is the value indirectly recommended by RFC 8210.
|
|
#refresh = 3600
|
|
|
|
# RTR retry interval
|
|
#
|
|
# This is the time an RTR client is told to wait before retrying a failed
|
|
# query in seconds.
|
|
#retry = 600
|
|
|
|
# RTR expire interval
|
|
#
|
|
# This is the time an RTR client is told to keep using data if it can't
|
|
# refresh it.
|
|
#expire = 7200
|
|
|
|
# History size
|
|
#
|
|
# The number of deltas to keep. If a client requests an older delta, it is
|
|
# served the entire set again.
|
|
#
|
|
# There was no particular reason for choosing the default ...
|
|
#history-size = 10
|
|
|
|
# Listen addresses for RTR TCP transport.
|
|
#
|
|
# This is an array of strings, each string a socket address of the form
|
|
# "address:port" with IPv6 address in square brackets.
|
|
#rtr-listen = ["127.0.0.1:3323"]
|
|
|
|
# Listen addresses for Prometheus HTTP monitoring endpoint.
|
|
#
|
|
# This is an array of strings, each string a socket address of the form
|
|
# "address:port" with IPv6 address in square brackets.
|
|
#
|
|
# Port 9556 is allocated for the routinator exporter.
|
|
# https://github.com/prometheus/prometheus/wiki/Default-port-allocations
|
|
#
|
|
#http-listen = ...
|
|
|
|
# Log level
|
|
#
|
|
# The maximum log level ("off", "error", "warn", "info", or "debug") for
|
|
# which to log messages.
|
|
#log-level = "warn"
|
|
|
|
# Log target
|
|
#
|
|
# Where to log to. One of "stderr" for stderr, "syslog" for syslog, or "file"
|
|
# for a file. If "file" is given, the "log-file" field needs to be given, too.
|
|
#
|
|
# Can also be "default", in which case "syslog" is used in daemon mode and
|
|
# "stderr" otherwise
|
|
#log = "default"
|
|
|
|
# Syslog facility
|
|
#
|
|
# The syslog facility to log to if syslog logging is used.
|
|
#syslog-facility = "daemon"
|
|
|
|
# Log file
|
|
#
|
|
# The path to the file to log to if file logging is used. If the path is
|
|
# relative, it is relative to the directory this config file lives in.
|
|
#log-file = ...
|
|
|
|
# Daemon PID file
|
|
#
|
|
# When in daemon mode, Routinator can store its process ID in a file given
|
|
# through this entry. It will keep that file locked while running. By default,
|
|
# no pid file is used.
|
|
#pid-file = ...
|
|
|
|
# Daemon working directory
|
|
#
|
|
# If this entry is given, the daemon process will change its working directory
|
|
# to this directory. Otherwise it remains in the current directory.
|
|
#working-dir = ...
|
|
|
|
# Daemon Chroot
|
|
#
|
|
# If this entry is given, the daemon process will change its root directory to
|
|
# this directory. Startup will fail if any of the other directories given is
|
|
# not within this directory.
|
|
#chroot = ...
|
|
|
|
# TAL Labels
|
|
#
|
|
# In some output formats, such as CSV, the trust anchor a statement is derived
|
|
# from is included for each statement. Normally, it is represented by the
|
|
# name of its TAL file sans the exctension (i.e., "foo.tal" will be
|
|
# represented by "foo").
|
|
#
|
|
# In order to allow full compatibility with the RIPE NCC Validator's output,
|
|
# you can use this options to provide alternative labels. The value maps the
|
|
# file name (this time including the extension) to its label.
|
|
#
|
|
# The following will result in the same TAL labels as used by default by the
|
|
# RIPE NCC Validator for the TALs included with Routinator.
|
|
tal-labels = [
|
|
["afrinic.tal", "AfriNIC RPKI Root"],
|
|
["apnic.tal", "APNIC RPKI Root"],
|
|
["arin.tal", "ARIN"],
|
|
["lacnic.tal", "LACNIC RPKI Root"],
|
|
["ripe.tal", "RIPE NCC RPKI Root"],
|
|
]
|
|
|