Can't Add Publishers，Error: No embedded repository configured

[YuYanDev]

After I installed Krill and finished creating CA.

krillc repo request --token xx --ca XXCA
<publisher_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" publisher_handle="XXCA">
  <publisher_bpki_ta>...=</publisher_bpki_ta>
</publisher_request>

Then I saved the xml locally. And tried to add

krillc publishers add --request ./thiskrill.xml --token xx

Error: No embedded repository configured

I don't know why and didn't find a solution. Both rsync and rrdp http directory access looks normal. And it is also configured according to the document.

[timbru]

Did you set up your own, separate Krill instance, as a publication server? I.e. are you looking to self-host the repository?

The set up for Krill 0.8.X is explained here: https://rpki.readthedocs.io/en/latest/krill/publication-server.html

The error you are getting is most likely caused by using krillc publishers add on your Krill CA instance, instead of your Publication Server instance.

One more thing. With the coming Krill 0.9 release we will make the separation between Krill CAs and Publication Servers more strict. There will then be separate binaries for both servers (krill/krillpubd) and CLIs (krillc/krillpubc). If you make sure that you use separate Krill instances for both functions today, then the migration should be easy once 0.9 is released.

Please let us know if this did not solve your issue.

[YuYanDev]

Thank you for your reply.

My idea is to build a server to host my ROA, just like the Repositories list under page https://rpki-validator.ripe.net/trust-anchors/monitor/3

The configuration uses the above 0.8.x document, rrdp and rsync access are both available.

You are right, I am using krillc publishers add on mine Krill CA instance

My understanding is that the Child request should be provided to RIR, and the Publisher request should be submitted to the local instance.

So should I submit both Child request and Publisher request to RIR?

In addition, there seems to be a lack of documentation regarding the procedures for Krill and RIR.

[timbru]

The general setup for your Krill CA, using the UI, is explained here: https://rpki.readthedocs.io/en/latest/krill/get-started.html#

Indeed the the Child Request XML needs to be provided to your RIR, and the Publisher Request XML needs to be provided to your publication server. If you can use a publication server provided by your RIR then that could be preferable, although this is currently only offered by nic.br and apnic - and the latter had an issue a few days ago that they are looking into.

For your self-hosted publication server you will need to use the CLI on your publication server Krill instance. You need to download the Publisher Request XML from your Krill CA using either the UI, or krillc repo request on your CA instance, and then present it to your Publication Server as described here:

https://rpki.readthedocs.io/en/latest/krill/publication-server.html#publishing-in-the-repository

The CLI command is as follows, but note that the --server option is left out for brevity. krillc publishers add --request <path-to-xml>

If you do not specify --server then the CLI will look at environment variables, and use value set in 'KRILL_CLI_SERVER'. See here. Make sure that you are connecting the right server instance.

As mentioned, the setup will be revised when we release Krill 0.9. I am working on improving the documentation on setting up your own local repository is updated as a part of that. For now I hope that these pointers can help you.

Make sure you connect to the right Krill instance, perhaps you will need to use --server to connect to it.

[Showfom]

Hi Tim,

On your publication server documentation page https://krill.docs.nlnetlabs.nl/en/stable/publication-server.html

If you need to run your own Publication Server, then you can use the separate krillpubd binary for the server, and the krillpubcbinary as its command line interface (CLI).

Both additional binaries are built when you install Krill, but they are only used if you need to run your own Publication Server.

After install krill using apt install krill, I can't find where are the krillpubd and krillpubc binary

root@rpki ~ # krillpubd
-bash: krillpubd: command not found
root@rpki ~ # krillpubc
-bash: krillpubc: command not found

Also there's no krillc publishers command

root@rpki ~ # krillc publishers
error: The subcommand 'publishers' wasn't recognized
    Did you mean 'pubserver'?

[timbru]

Oh dear.. I forgot to update this section after reverting the split of the krill and krillpubc, and krill and krillc binaries..

If you are after some quick testing you could set up a krill instance in testbed mode: https://krill.docs.nlnetlabs.nl/en/stable/testbed.html

But of course that would not be a recommended setup for production. I will fix this first thing on Monday!

For now.. you could try to explore the CLI using krillc pubserver help. Some quick pointers below.. essentially this has not changed from what's currently documented - except for the binary to call and the path of subcommands for the CLI:

# krillc pubserver help
krillc-pubserver 
Manage your Publication Server (only needed if you run your own)

USAGE:
    krillc pubserver [SUBCOMMAND]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

SUBCOMMANDS:
    help          Prints this message or the help of the given subcommand(s)
    publishers    Manage the publishers in your Publication Server
    server        Manage the Publication Server (init/stats)

You will need to use the server subcommand to initialise your publication server with the public URI that it will use for publishers, e.g.:

krillc pubserver server init --rrdp https://rpki-rrdp.example.com/rrdp/ --rsync rsync://rpki-rsync.example.com/repo/ 

Then you will be able to add your CAs as publisher using the publisher subcommand:

# krillc pubserver publishers add --publisher myca --request path/to/request.xml

[Showfom]

Thanks, I have successfully published our RPKI repo.

[AlexanderBand]

Thanks, I have successfully published our RPKI repo.

Awesome, is it https://rpki.e15f.net/rrdp/notification.xml ?

[Showfom]

Ours is https://rpki.roa.net/rrdp/notification.xml

[timbru]

closing this issue, if you run into anything else please let us know.