-
-
Notifications
You must be signed in to change notification settings - Fork 71
/
routinator.conf.example
217 lines (189 loc) · 6.63 KB
/
routinator.conf.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
# Routinator Configuration
#
# The configuration file is a TOML file. It consists of a sequence of
# key-value pairs, each on its own line. Strings are to be enclosed in
# double quotes. Lists of values can be given by enclosing a
# comma-separated sequence of these values in square brackets.
#
# See https://github.com/toml-lang/toml for detailed information on the
# format.
#
# This file contains all configuration settings with explanations and their
# default values.
# Repository directory
#
# This is where Routinator stores the local copy of the RPKI repository.
# Any relative path is interpreted with respect to the directory this config
# lives in.
#
# This setting is mandatory.
#
repository-dir = "..."
# Do not use bundled RIR TALs.
#no-rir-tals = false
# Use additional bundled TALs.
#tals = [ "apnic-testbed", "nlnetlabs-testbed" ]
# Directory with additional TALs.
#
# All the files with the extension ".tal" in this directory are treated as
# trust anchor locators for RPKI validation.
#
# A relative path is interpreted with respect to the directory this config
# lives in.
#
#extra-tals-dir = "..."
# Local exceptions files
#
# This settings contains a array of paths to files that contain local
# exceptions. The files are JSON files according to RFC 8416 (aka SLURM).
#exceptions = []
# Strict mode
#
# If strict mode, Routinator will stick to the requirements in the respective
# RFCs very strictly. See
# https://github.com/NLnetLabs/rpki-rs/blob/master/doc/relaxed-validation.md
# for information on what is allowed when strict mode is off.
#strict = false
# Policy for stale objects
#
# Manifests and CRLs have a field called next-update which states the time
# when a new object should be published. If an object remains past that time,
# it is considered stale.
#
# This options defines how to deal with such stale objects. It can be one of
# three values: "reject" means all stale objects are rejected as invalid,
# "warn" means that they are accepted but a warning is logged, and "accept"
# means the are just accepted.
#
# Note that rejecting stale manifests and CRLs results on all objects of the
# issuing CA to be rejected, too, including all child CAs.
#stale = "warn"
# Allow dubious host names in rsync and RRDP URIs.
#
# By default, Routinator will filter out URIs with host names that shouldn't
# appear in public URIs. This option can be used to disable this filtering.
#allow-dubious-hosts = false
# Disable rsync
#
# If you don't want to use rsync -- which is not advices as there are rsync
# only repositories -- you can set this to true.
#disable-rsync = false
# Rsync command
#
# This is the command to run as rsync. This is only command, no options.
#rsync-command = "rsync"
# Rsync arguments
#
# This is a list of arguments to give to rsync.
#rsync-args = []
# Number of parallel rsync commands
#
# This is the maximum number of rsync commands that are run in parallel.
# We are not sure, if the current default is any good. Some feedback whether
# it is causing trouble or whether a higher value would even be fine is very
# much appreciated.
#
#rsync-count = 4
# Number of validation threads
#
# The number of threads that are used for validating the repository. The
# default value is the number of CPUs.
#validation-threads = NUMBER
# Refresh interval
#
# How often the repository should be updated and validated in RTR mode.
# Specifically, this is the number of seconds the process will wait after
# having finished validation before starting the next update.
#
# The default is the value indirectly recommended by RFC 8210.
#refresh = 3600
# RTR retry interval
#
# This is the time an RTR client is told to wait before retrying a failed
# query in seconds.
#retry = 600
# RTR expire interval
#
# This is the time an RTR client is told to keep using data if it can't
# refresh it.
#expire = 7200
# History size
#
# The number of deltas to keep. If a client requests an older delta, it is
# served the entire set again.
#
# There was no particular reason for choosing the default ...
#history-size = 10
# Listen addresses for RTR TCP transport.
#
# This is an array of strings, each string a socket address of the form
# "address:port" with IPv6 address in square brackets.
#rtr-listen = ["127.0.0.1:3323"]
# Listen addresses for Prometheus HTTP monitoring endpoint.
#
# This is an array of strings, each string a socket address of the form
# "address:port" with IPv6 address in square brackets.
#
# Port 9556 is allocated for the routinator exporter.
# https://github.com/prometheus/prometheus/wiki/Default-port-allocations
#
#http-listen = ...
# Log level
#
# The maximum log level ("off", "error", "warn", "info", or "debug") for
# which to log messages.
#log-level = "warn"
# Log target
#
# Where to log to. One of "stderr" for stderr, "syslog" for syslog, or "file"
# for a file. If "file" is given, the "log-file" field needs to be given, too.
#
# Can also be "default", in which case "syslog" is used in daemon mode and
# "stderr" otherwise
#log = "default"
# Syslog facility
#
# The syslog facility to log to if syslog logging is used.
#syslog-facility = "daemon"
# Log file
#
# The path to the file to log to if file logging is used. If the path is
# relative, it is relative to the directory this config file lives in.
#log-file = ...
# Daemon PID file
#
# When in daemon mode, Routinator can store its process ID in a file given
# through this entry. It will keep that file locked while running. By default,
# no pid file is used.
#pid-file = ...
# Daemon working directory
#
# If this entry is given, the daemon process will change its working directory
# to this directory. Otherwise it remains in the current directory.
#working-dir = ...
# Daemon Chroot
#
# If this entry is given, the daemon process will change its root directory to
# this directory. Startup will fail if any of the other directories given is
# not within this directory.
#chroot = ...
# TAL Labels
#
# In some output formats, such as CSV, the trust anchor a statement is derived
# from is included for each statement. Normally, it is represented by the
# name of its TAL file sans the exctension (i.e., "foo.tal" will be
# represented by "foo").
#
# In order to allow full compatibility with the RIPE NCC Validator's output,
# you can use this options to provide alternative labels. The value maps the
# file name (this time including the extension) to its label.
#
# The following will result in the same TAL labels as used by default by the
# RIPE NCC Validator for the TALs included with Routinator.
#tal-labels = [
# ["afrinic.tal", "AFRINIC RPKI Root"],
# ["apnic.tal", "APNIC RPKI Root"],
# ["arin.tal", "ARIN RPKI Root"],
# ["lacnic.tal", "LACNIC RPKI Root"],
# ["ripe.tal", "RIPE NCC RPKI Root"],
#]