Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

‘routinator --tal nlnetlabs-testbed’ --> [ERROR] Failed: a command is required. #900

Open
hhm-call opened this issue Sep 27, 2023 · 3 comments
Open

‘routinator --tal nlnetlabs-testbed’ --> [ERROR] Failed: a command is required. #900

hhm-call opened this issue Sep 27, 2023 · 3 comments

Comments

@hhm-call
Copy link

In the same virtual machine, I installed routinator and krill. v0.13
In https://testbed.krill.cloud/ui/testbed, I created a CA in testbed using krill.
I think the command routinator --tal nlnetlabs-testbed can be used to connect routinator and krill.
I don't know if that's right

[root@PC1 ~]# routinator --tal list
 .---- RIR TALs
 |  .- RIR test TALs
 V  V

 X      afrinic             AFRINIC production TAL
 X      apnic               APNIC production TAL
 X      arin                ARIN production TAL
 X      lacnic              LACNIC production TAL
 X      ripe                RIPE production TAL
    X   apnic-testbed       APNIC RPKI Testbed
    X   arin-ote            ARIN Operational Test and Evaluation Environment
    X   ripe-pilot          RIPE NCC RPKI Test Environment
        nlnetlabs-testbed   NLnet Labs RPKI Testbed


[root@PC1 ~]# routinator --tal nlnetlabs-testbed
[ERROR] Failed: a command is required.
Commonly used commands are:
   vrps      Produces a list of validated ROA payload
   validate  Perform origin validation for an annoucement
   server    Start the RTR server
   man       Show the manual page

See routinator -h for a usage summary or routinator man for detailed help.
[ERROR] Fatal error. Exiting.

But it's error. So I changed my approach.

[root@PC1 ~]# ls /var/lib/routinator/tals/
nlnetlabs-testbed.tal

[root@PC1 ~]# routinator --extra-tals-dir="/var/lib/routinator/tals"
[ERROR] Failed: a command is required.
Commonly used commands are:
   vrps      Produces a list of validated ROA payload
   validate  Perform origin validation for an annoucement
   server    Start the RTR server
   man       Show the manual page

See routinator -h for a usage summary or routinator man for detailed help.
[ERROR] Fatal error. Exiting.

Why? Or how to connect routinator and krill?

?_?
@partim
Copy link
Member

partim commented Sep 27, 2023

You need to tell Routinator what to do. If you just want it to run once and print a list of VRPs, you can use the vrps command, i.e., with the testbed TAL added:

routinator --tal nlnetlabs-testbed vrps

If you want to run it permanently, you can use the server command with some extra arguments so you can access the data. The manual has more information.

@hhm-call
Copy link
Author

You need to tell Routinator what to do. If you just want it to run once and print a list of VRPs, you can use the vrps command, i.e., with the testbed TAL added:

routinator --tal nlnetlabs-testbed vrps

If you want to run it permanently, you can use the server command with some extra arguments so you can access the data. The manual has more information.

[root@PC1 ~]# routinator --tal nlnetlabs-testbed vrps
[WARN] RRDP https://rrdp.afrinic.net/notification.xml: Getting notification file failed with status 204 No Content
[WARN] rsync://rpki.afrinic.net/repository/afrinic/V00kEnto5oHJEhRaMMayIbP4KlA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/V00kEnto5oHJEhRaMMayIbP4KlA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F36C06CB/D8FF6538D4F311ECB3714BD3F1222468/BAD292FE050511EE9502F55D4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/STmJqI9ygR8i60Gk6wwSdOHx2pA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/STmJqI9ygR8i60Gk6wwSdOHx2pA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/FB0E15F8CAB911E9AA072951F8AEA228.roa: certificate is overclaiming IPv4 resources.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/0YiYIkQP2ghuQ_3L-e-Gb9Uepbw.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/0YiYIkQP2ghuQ_3L-e-Gb9Uepbw.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/6n6vYSDTEzssFOqYEf97HcuEQhE.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/6n6vYSDTEzssFOqYEf97HcuEQhE.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/z1Kz6_gz2w85Tz77x4mC_9aJbxA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36505B2/0569917622D711ED862FD6E0F1222468/z1Kz6_gz2w85Tz77x4mC_9aJbxA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/BpTOBmDPIzc01Obno4jqMUHuRbk.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/BpTOBmDPIzc01Obno4jqMUHuRbk.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/YmFCTuhQuS5FxpB3tvSkzniKeJM.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/YmFCTuhQuS5FxpB3tvSkzniKeJM.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/D6E05488587811EEAA1EAD554AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/S4D0bEIIq3jyH3EKKWI1-QYyTis.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/S4D0bEIIq3jyH3EKKWI1-QYyTis.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/4E784C9E543711EEAB9B72464AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/535AC336544111EE938070694AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C59ACA62543811EEA76CEF4A4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/758A74EA543911EE94DA1C4D4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BFB19DB4543411EE906A753B4AD9E6FC.roa: certificate is not yet valid.

@hhm-call
Copy link
Author

########################### install #############################

vi /etc/yum.repos.d/nlnetlabs.repo
###
[nlnetlabs]
name=NLnet Labs
baseurl=https://packages.nlnetlabs.nl/linux/centos/8/main/x86_64
enabled=1
###

sudo rpm --import https://packages.nlnetlabs.nl/aptkey.asc

sudo yum install -y routinator
sudo yum install -y krill

########################### routinator conf #############################

vi /etc/routinator/routinator.conf
###
repository-dir = "/var/lib/routinator/rpki-cache"
rtr-listen = ["172.16.0.251:3323"]
http-listen = ["172.16.0.251:8323"]
###

routinator --config /etc/routinator/routinator.conf config

########################### krill conf #############################

vi /etc/krill.conf
###
service_uri =  "https://localhost:3000/"
###

##################################################

yum install -y nginx
vi /etc/nginx/conf.d/krillexampleorg.conf

server {
      server_name RPKI_TEST_HHM;
      client_max_body_size 100M;

      location / {
              proxy_pass https://localhost:3000/;
      }

  listen 80;
}


vi /etc/ssh/sshd_config
###
AllowTcpForwarding yes
###
systemctl restart sshd

##############################################
Windows input-->ssh -L 3000:localhost:3000 root@xx.xx.xx.xx

Open https://localhost:3000/, input the admin_token in /etc/krill.conf.Add an additional parent,copy <child_request> and <publisher_request>.

###
<child_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" child_handle="RPKI_TEST_HHM">
  <child_bpki_ta>
...
  </child_bpki_ta>
</child_request>
###
###
<publisher_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" publisher_handle="RPKI_TEST_HHM">
  <publisher_bpki_ta>
...
  </publisher_bpki_ta>
</publisher_request>
###

Open https://testbed.krill.cloud/ui/testbed, paste <child_request>,copy <parent_response> and <repository_response>.

###
<parent_response xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" parent_handle="testbed" child_handle="RPKI_TEST_HHM" service_uri="https://testbed.krill.cloud/rfc6492/testbed">
  <parent_bpki_ta>
   ...
  </parent_bpki_ta>
</parent_response>
###
###
<repository_response xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" publisher_handle="RPKI_TEST_HHM" service_uri="https://testbed.krill.cloud/rfc8181/RPKI_TEST_HHM/" sia_base="rsync://testbed.krill.cloud/repo/RPKI_TEST_HHM/" rrdp_notification_uri="https://testbed.krill.cloud/rrdp/notification.xml">
    <repository_bpki_ta>
 ...
    </repository_bpki_ta>
</repository_response>
###

Certificate Authority RPKI_TEST_HHM

	    Parents
testbed_hhm
Parents		https://testbed.krill.cloud/rfc6492/testbed
Last Exchange	27-09-2023 06:56:06 UTC (1 hour ago)
All Resources	ASN: AS6551-AS6552
		IPv4: 192.168.110.0/24, 192.168.220.0/24
		IPv6:

	    Repository
URI		https://testbed.krill.cloud/rfc8181/RPKI_TEST_HHM/
Last Exchange	27-09-2023 06:49:57 UTC (1 hour ago)

But after Add ROAs,

ASN	Prefix			Comment		State	
6551	192.168.110.0/24-32			NOT SEEN

I would like to know if there are problems with these operations, and how to fix them. Also, How do I get Routinator to use only krill content?

?_?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@partim @hhm-call