search

NICMx / FORT-validator

RPKI cache validator
MIT License
50 stars 24 forks source link

Fort Initiation problem #110

Open emrggul opened 7 months ago

emrggul commented 7 months ago

Hello,

Do you have any idea how can i solve the below issue. I am using Ubuntu, followed the official documentation but it returned the error that the IP can not assigned so i decided to use config file and now i got the below logs. 

ubuntu@ubuntu-cloud:/home/fort/fort-1.6.1$ sudo fort --configuration-file=config.json
Mar  6 14:44:59 ERR: /home/fort/fort-1.6.1/tal/apnic.tal: None of the URIs of the TAL '/home/fort/fort-1.6.1/tal/apnic.tal' yielded a successful traversal.
Mar  6 14:46:39 ERR: /home/fort/fort-1.6.1/tal/afrinic.tal: None of the URIs of the TAL '/home/fort/fort-1.6.1/tal/afrinic.tal' yielded a successful traversal.
Mar  6 14:46:39 ERR: /home/fort/fort-1.6.1/tal/lacnic.tal: None of the URIs of the TAL '/home/fort/fort-1.6.1/tal/lacnic.tal' yielded a successful traversal.
Mar  6 14:46:39 ERR: /home/fort/fort-1.6.1/tal/arin.tal: None of the URIs of the TAL '/home/fort/fort-1.6.1/tal/arin.tal' yielded a successful traversal.
Mar  6 14:46:39 WRN: Validation from TAL '/home/fort/fort-1.6.1/tal/arin.tal' yielded error 3 (No such process); discarding all validation results.
Mar  6 14:46:39 WRN: Validation from TAL '/home/fort/fort-1.6.1/tal/apnic.tal' yielded error 3 (No such process); discarding all validation results.
Mar  6 14:46:39 WRN: Validation from TAL '/home/fort/fort-1.6.1/tal/afrinic.tal' yielded error 3 (No such process); discarding all validation results.
Mar  6 14:46:39 WRN: Validation from TAL '/home/fort/fort-1.6.1/tal/lacnic.tal' yielded error 3 (No such process); discarding all validation results.
Mar  6 14:46:39 ERR: /home/fort/fort-1.6.1/tal/ripe-ncc.tal: None of the URIs of the TAL '/home/fort/fort-1.6.1/tal/ripe-ncc.tal' yielded a successful traversal.
Mar  6 14:46:39 WRN: Validation from TAL '/home/fort/fort-1.6.1/tal/ripe-ncc.tal' yielded error 3 (No such process); discarding all validation results.
Mar  6 14:46:39 ERR: Main loop: Validation unsuccessful; results unusable.

My config file is as below:

 {
  "tal": "/home/fort/fort-1.6.1/tal",
  "local-repository": "/tmp/fort/repository/",
  "work-offline": false,
  "shuffle-uris": false,
  "maximum-certificate-depth": 32,
  "mode": "server",
  "daemon": false,
  "server": {
    "address": [
      "127.0.0.1"
    ],
    "port": "8323",
    "backlog": 64,
    "interval": {
      "validation": 3600,
      "refresh": 3600,
      "retry": 600,
      "expire": 7200
    }
  },
  "output": {
    "roa": "/tmp/fort/roas.csv",
    "bgpsec": "/tmp/fort/bgpsec.csv",
    "format": "csv"
  }
}
ydahhrk commented 7 months ago

Works for me.

  ,
  "log": {
    "enabled": true,
    "level": "info"
  },
  "validation-log": {
    "enabled": true,
    "level": "info"
  }

validation-log is not enabled by default, and it's probably the one you want in this situation.

emrggul commented 6 months ago

@ydahhrk thanks for the answer. According to logs, I was using a proxy and apparently rsync had connection problems. I moved the VM where i don't have to use proxy however i am stuck again and the logs are as follows. Do you have any idea? Since it is quite long logs i attach to the file.

logs.txt

ydahhrk commented 6 months ago

You're getting a few error messages like this:

https://rrdp.arin.net/4a394319-7460-4141-a416-1addb69284ff/57348/snapshot.xml: Error requesting URL: Operation too slow. Less than 100000 bytes/sec transferred the last 10 seconds.

These validations exist to prevent potentially malicious servers from slowing Fort down to the point it cannot finish the validation cycle. However, it seems your connection is too slow for the default tolerances:

Try adjusting them. Notice you can do a manual download of the file to figure out your normal download speed (and whether it's reasonable):

$ wget https://rrdp.arin.net/4a394319-7460-4141-a416-1addb69284ff/57348/snapshot.xml
--2024-03-14 10:05:35--  https://rrdp.arin.net/4a394319-7460-4141-a416-1addb69284ff/57348/snapshot.xml
Resolving rrdp.arin.net (rrdp.arin.net)... 2001:500:13::149, 2001:500:31::149, 2001:500:a9::149, ...
Connecting to rrdp.arin.net (rrdp.arin.net)|2001:500:13::149|:443... connected.
HTTP request sent, awaiting response... 200 
Length: unspecified [text/xml]
Saving to: ‘snapshot.xml’

snapshot.xml          [                                         <=>   ] 136.77M  1.31MB/s

Notice Fort spawns one validation thread per TAL, which means if you have 5 TALs, Fort will be downloading a maximum of 5 files at the same time.

https://rrdp.lacnic.net/ta/rta-lacnic-rpki.cer: [RSYNC exec]: rsync error: timeout waiting for daemon connection (code 35) at socket.c(278) [Receiver=3.2.7]

rsync is having the same problem. rsync's timeouts can be controlled by tweaking rsync.arguments-recursive.

ydahhrk commented 6 months ago

rsync: getaddrinfo: rpki.arin.net 873: Temporary failure in name resolution

Hm. It seems your DNS isn't working wonders either.

C165257CC18511EE82771584775412E6.roa: Certificate validation failed: certificate has expired

These are more normal; it's not terribly uncommon for the repositories to hold some invalid objects. But check your clock anyway, just in case.