# Routinator Configuration # # The configuration file is a TOML file. It consists of a sequence of # key-value pairs, each on its own line. Strings are to be enclosed in # double quotes. Lists of values can be given by enclosing a # comma-separated sequence of these values in square brackets. # # See https://github.com/toml-lang/toml for detailed information on the # format. # # This file contains all configuration settings with explanations and their # default values. # Repository directory # # This is where Routinator stores the local copy of the RPKI repository. # Any relative path is interpreted with respect to the directory this config # lives in. # # This setting is mandatory. # repository-dir = "..." # Do not use bundled RIR TALs. #no-rir-tals = false # Use additional bundled TALs. #tals = [ "apnic-testbed", "nlnetlabs-testbed" ] # Directory with additional TALs. # # All the files with the extension ".tal" in this directory are treated as # trust anchor locators for RPKI validation. # # A relative path is interpreted with respect to the directory this config # lives in. # #extra-tals-dir = "..." # Local exceptions files # # This settings contains a array of paths to files that contain local # exceptions. The files are JSON files according to RFC 8416 (aka SLURM). #exceptions = [] # Strict mode # # If strict mode, Routinator will stick to the requirements in the respective # RFCs very strictly. See # https://github.com/NLnetLabs/rpki-rs/blob/master/doc/relaxed-validation.md # for information on what is allowed when strict mode is off. #strict = false # Policy for stale objects # # Manifests and CRLs have a field called next-update which states the time # when a new object should be published. If an object remains past that time, # it is considered stale. # # This options defines how to deal with such stale objects. It can be one of # three values: "reject" means all stale objects are rejected as invalid, # "warn" means that they are accepted but a warning is logged, and "accept" # means the are just accepted. # # Note that rejecting stale manifests and CRLs results on all objects of the # issuing CA to be rejected, too, including all child CAs. #stale = "warn" # Allow dubious host names in rsync and RRDP URIs. # # By default, Routinator will filter out URIs with host names that shouldn't # appear in public URIs. This option can be used to disable this filtering. #allow-dubious-hosts = false # Disable rsync # # If you don't want to use rsync -- which is not advices as there are rsync # only repositories -- you can set this to true. #disable-rsync = false # Rsync command # # This is the command to run as rsync. This is only command, no options. #rsync-command = "rsync" # Rsync arguments # # This is a list of arguments to give to rsync. #rsync-args = [] # Number of parallel rsync commands # # This is the maximum number of rsync commands that are run in parallel. # We are not sure, if the current default is any good. Some feedback whether # it is causing trouble or whether a higher value would even be fine is very # much appreciated. # #rsync-count = 4 # Number of validation threads # # The number of threads that are used for validating the repository. The # default value is the number of CPUs. #validation-threads = NUMBER # Refresh interval # # How often the repository should be updated and validated in RTR mode. # Specifically, this is the number of seconds the process will wait after # having finished validation before starting the next update. # # The default is the value indirectly recommended by RFC 8210. #refresh = 3600 # RTR retry interval # # This is the time an RTR client is told to wait before retrying a failed # query in seconds. #retry = 600 # RTR expire interval # # This is the time an RTR client is told to keep using data if it can't # refresh it. #expire = 7200 # History size # # The number of deltas to keep. If a client requests an older delta, it is # served the entire set again. # # There was no particular reason for choosing the default ... #history-size = 10 # Listen addresses for RTR TCP transport. # # This is an array of strings, each string a socket address of the form # "address:port" with IPv6 address in square brackets. #rtr-listen = ["127.0.0.1:3323"] # Listen addresses for Prometheus HTTP monitoring endpoint. # # This is an array of strings, each string a socket address of the form # "address:port" with IPv6 address in square brackets. # # Port 9556 is allocated for the routinator exporter. # https://github.com/prometheus/prometheus/wiki/Default-port-allocations # #http-listen = ... # Log level # # The maximum log level ("off", "error", "warn", "info", or "debug") for # which to log messages. #log-level = "warn" # Log target # # Where to log to. One of "stderr" for stderr, "syslog" for syslog, or "file" # for a file. If "file" is given, the "log-file" field needs to be given, too. # # Can also be "default", in which case "syslog" is used in daemon mode and # "stderr" otherwise #log = "default" # Syslog facility # # The syslog facility to log to if syslog logging is used. #syslog-facility = "daemon" # Log file # # The path to the file to log to if file logging is used. If the path is # relative, it is relative to the directory this config file lives in. #log-file = ... # Daemon PID file # # When in daemon mode, Routinator can store its process ID in a file given # through this entry. It will keep that file locked while running. By default, # no pid file is used. #pid-file = ... # Daemon working directory # # If this entry is given, the daemon process will change its working directory # to this directory. Otherwise it remains in the current directory. #working-dir = ... # Daemon Chroot # # If this entry is given, the daemon process will change its root directory to # this directory. Startup will fail if any of the other directories given is # not within this directory. #chroot = ... # TAL Labels # # In some output formats, such as CSV, the trust anchor a statement is derived # from is included for each statement. Normally, it is represented by the # name of its TAL file sans the exctension (i.e., "foo.tal" will be # represented by "foo"). # # In order to allow full compatibility with the RIPE NCC Validator's output, # you can use this options to provide alternative labels. The value maps the # file name (this time including the extension) to its label. # # The following will result in the same TAL labels as used by default by the # RIPE NCC Validator for the TALs included with Routinator. #tal-labels = [ # ["afrinic.tal", "AFRINIC RPKI Root"], # ["apnic.tal", "APNIC RPKI Root"], # ["arin.tal", "ARIN RPKI Root"], # ["lacnic.tal", "LACNIC RPKI Root"], # ["ripe.tal", "RIPE NCC RPKI Root"], #]