rootd enabled but not yet configured

[sraustein]

rpki.conf identity is TestRoot

{{{ rpki.dfw.rg.net:/root# rpkic rpkic> select_identity TestRoot rpkic> initialize Wrote /root/TestRoot.TestRoot.repository-request.xml This is the "repository offer" file for you to use if you want to publish in your own repository Writing /usr/share/rpki/ca.crl Writing /usr/share/rpki/rootd.key Writing /usr/share/rpki/rootd.cer Writing /usr/share/rpki/child.cer }}}

but a child identity creation whines rootd not configured.

{{{ rpki.dfw.rg.net:/root# rpkic rpkic> select_identity test rpkic> initialize Wrote /root/test.identity.xml This is the "identity" file you will need to send to your parent rootd enabled but not yet configured, skipping rootd setup }}}

wtf am i missing this time?

Trac ticket #770 component rpkid priority blocker, owner None, created by randy on 2015-08-07T00:18:57Z, last modified 2016-05-09T05:39:57Z

[sraustein]

here is a clue {{{ rpkic> select_identity TestRoot rpkic> initialize Wrote /root/TestRoot.TestRoot.repository-request.xml This is the "repository offer" file for you to use if you want to publish in your own repository Writing /usr/share/rpki/ca.crl Writing /usr/share/rpki/rootd.key Writing /usr/share/rpki/rootd.cer Writing /usr/share/rpki/child.cer rpkic> configure_child /root/test.identity.xml Child calls itself 'test', we call it 'test' Couldn't find any usable repositories, not giving referral Wrote /root/TestRoot.test.parent-response.xml Send this file back to the child you just configured Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/rpki/cli.py", line 70, in onecmd return cmd.Cmd.onecmd(self, line) File "/usr/lib/python2.7/cmd.py", line 221, in onecmd return func(arg) File "/usr/lib/python2.7/dist-packages/rpki/cli.py", line 259, in wrapped return func(self, parser.parse_args(shlex.split(arg))) File "/usr/lib/python2.7/dist-packages/rpki/rpkic.py", line 330, in do_configure_child self.zoo.synchronize_ca() File "/usr/lib/python2.7/dist-packages/django/db/transaction.py", line 399, in inner return func(_args, *_kwargs) File "/usr/lib/python2.7/dist-packages/rpki/irdb/zookeeper.py", line 1235, in synchronize_ca self.synchronize_rpkid_one_ca_core(ca, poke) File "/usr/lib/python2.7/dist-packages/rpki/irdb/zookeeper.py", line 1469, in synchronize_rpkid_one_ca_core sia_base = ca.rootd.repository.sia_base, File "/usr/lib/python2.7/dist-packages/django/db/models/fields/related.py", line 206, in get self.related.get_accessor_name())) DoesNotExist: Rootd has no repository. }}}

rootd has no repo. yet we have a pubd. {{{ rpki.dfw.rg.net:/etc/rpki# psg rootd root 17890 0.0 2.4 24108 12560 ? Ss 00:15 0:00 /usr/bin/python /usr/lib/rpki/rootd --config /etc/rpki.conf --log-level warning --log-syslog daemon rpki.dfw.rg.net:/etc/rpki# psg pubd root 17887 0.0 2.8 33200 14292 ? Ss 00:15 0:00 /usr/bin/python /usr/lib/rpki/pubd --config /etc/rpki.conf --log-level warning --log-syslog daemon }}}

Trac comment by randy on 2015-08-07T00:25:33Z

[sraustein]

rpkic configure_root

Trac comment by sra on 2015-08-07T00:28:09Z

[sraustein]

did confiure_root long ago

Trac comment by randy on 2015-08-07T00:29:00Z

[sraustein]

rpkic> select_identity TestRoot rpkic> initialize Wrote /root/TestRoot.TestRoot.repository-request.xml This is the "repository offer" file for you to use if you want to publish in your own repository Writing /usr/share/rpki/ca.crl Writing /usr/share/rpki/rootd.key Writing /usr/share/rpki/rootd.cer Writing /usr/share/rpki/child.cer rpkic> configure_child /root/test.identity.xml

So you ignored the repository offer and jumped straight to configuring a child.

{{{ rpkic> configure_publication_client TestRoot.TestRoot.repository-request.xml }}}

Then configure_repository with whatever XML file that spits out (I don't recall what name it will use, but it will say).

Trac comment by sra on 2015-08-07T00:37:08Z

[sraustein]

i thought the repo offer was for me to send my child. doh.

{{{ rpkic> configure_publication_client /root/TestRoot.TestRoot.repository-request.xml This looks like an offer, checking This client's parent is rootd Don't know where to nest this client, defaulting to top-level Client calls itself 'TestRoot', we call it 'TestRoot' Client says its parent handle is 'TestRoot' Wrote /root/TestRoot.repository-response.xml Send this file back to the publication client you just configured rpkic> configure_repository /root/TestRoot.repository-response.xml Repository calls us 'TestRoot' Repository response associated with parent_handle 'TestRoot' }}}

child still whines that rootd not configured

{{{ rpkic> initialize Wrote /root/test.identity.xml This is the "identity" file you will need to send to your parent rootd enabled but not yet configured, skipping rootd setup }}}

but rootd can

{{{ rpkic> configure_child /root/test.identity.xml Child calls itself 'test', we call it 'test' Wrote /root/TestRoot.test.parent-response.xml Send this file back to the child you just configured }}}

and child can configure

{{{ rpkic> configure_parent /root/TestRoot.test.parent-response.xml Parent calls itself 'TestRoot', we call it 'TestRoot' Parent calls us 'test' Wrote /root/test.TestRoot.repository-request.xml This is the file to send to the repository operator }}}

root can configure pub client

{{{ rpkic> configure_publication_client /root/test.TestRoot.repository-request.xml This looks like an offer, checking Found client and its parent, nesting Client calls itself 'test', we call it u'TestRoot/test' Client says its parent handle is 'TestRoot' Wrote /root/TestRoot.test.repository-response.xml Send this file back to the publication client you just configured }}}

but that u'TestRoot/test' looks a bit strange

{{{ rpkic> configure_repository /root/TestRoot.test.repository-response.xml Repository calls us 'TestRoot/test' Repository response associated with parent_handle 'TestRoot' }}}

and the dance claims to be done

Trac comment by randy on 2015-08-07T00:44:32Z

[sraustein]

Code in question went away with rpkic rootd support.

Trac comment by sra on 2016-05-09T05:39:57Z

[sraustein]

Closed with resolution wontfix