routinator icon indicating copy to clipboard operation
routinator copied to clipboard
verified publisher icon NLnetLabs

‘routinator --tal nlnetlabs-testbed’ --> [ERROR] Failed: a command is required.

Open hhm-call opened this issue 2 years ago • 3 comments

In the same virtual machine, I installed routinator and krill. v0.13 In https://testbed.krill.cloud/ui/testbed, I created a CA in testbed using krill. I think the command routinator --tal nlnetlabs-testbed can be used to connect routinator and krill. I don't know if that's right

[root@PC1 ~]# routinator --tal list
 .---- RIR TALs
 |  .- RIR test TALs
 V  V

 X      afrinic             AFRINIC production TAL
 X      apnic               APNIC production TAL
 X      arin                ARIN production TAL
 X      lacnic              LACNIC production TAL
 X      ripe                RIPE production TAL
    X   apnic-testbed       APNIC RPKI Testbed
    X   arin-ote            ARIN Operational Test and Evaluation Environment
    X   ripe-pilot          RIPE NCC RPKI Test Environment
        nlnetlabs-testbed   NLnet Labs RPKI Testbed


[root@PC1 ~]# routinator --tal nlnetlabs-testbed
[ERROR] Failed: a command is required.
Commonly used commands are:
   vrps      Produces a list of validated ROA payload
   validate  Perform origin validation for an annoucement
   server    Start the RTR server
   man       Show the manual page

See routinator -h for a usage summary or routinator man for detailed help.
[ERROR] Fatal error. Exiting.

But it's error. So I changed my approach.

[root@PC1 ~]# ls /var/lib/routinator/tals/
nlnetlabs-testbed.tal

[root@PC1 ~]# routinator --extra-tals-dir="/var/lib/routinator/tals"
[ERROR] Failed: a command is required.
Commonly used commands are:
   vrps      Produces a list of validated ROA payload
   validate  Perform origin validation for an annoucement
   server    Start the RTR server
   man       Show the manual page

See routinator -h for a usage summary or routinator man for detailed help.
[ERROR] Fatal error. Exiting.

Why? Or how to connect routinator and krill?

?_?

hhm-call avatar Sep 27 '23 07:09 hhm-call

You need to tell Routinator what to do. If you just want it to run once and print a list of VRPs, you can use the vrps command, i.e., with the testbed TAL added:

routinator --tal nlnetlabs-testbed vrps

If you want to run it permanently, you can use the server command with some extra arguments so you can access the data. The manual has more information.

partim avatar Sep 27 '23 07:09 partim

You need to tell Routinator what to do. If you just want it to run once and print a list of VRPs, you can use the vrps command, i.e., with the testbed TAL added:

routinator --tal nlnetlabs-testbed vrps

If you want to run it permanently, you can use the server command with some extra arguments so you can access the data. The manual has more information.

[root@PC1 ~]# routinator --tal nlnetlabs-testbed vrps
[WARN] RRDP https://rrdp.afrinic.net/notification.xml: Getting notification file failed with status 204 No Content
[WARN] rsync://rpki.afrinic.net/repository/afrinic/V00kEnto5oHJEhRaMMayIbP4KlA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/V00kEnto5oHJEhRaMMayIbP4KlA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F36C06CB/D8FF6538D4F311ECB3714BD3F1222468/BAD292FE050511EE9502F55D4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/STmJqI9ygR8i60Gk6wwSdOHx2pA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/STmJqI9ygR8i60Gk6wwSdOHx2pA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/FB0E15F8CAB911E9AA072951F8AEA228.roa: certificate is overclaiming IPv4 resources.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/0YiYIkQP2ghuQ_3L-e-Gb9Uepbw.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/0YiYIkQP2ghuQ_3L-e-Gb9Uepbw.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/6n6vYSDTEzssFOqYEf97HcuEQhE.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/6n6vYSDTEzssFOqYEf97HcuEQhE.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/z1Kz6_gz2w85Tz77x4mC_9aJbxA.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36505B2/0569917622D711ED862FD6E0F1222468/z1Kz6_gz2w85Tz77x4mC_9aJbxA.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/BpTOBmDPIzc01Obno4jqMUHuRbk.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/BpTOBmDPIzc01Obno4jqMUHuRbk.mft found.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/YmFCTuhQuS5FxpB3tvSkzniKeJM.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/YmFCTuhQuS5FxpB3tvSkzniKeJM.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F3621C06/58C9B78C205911EC991B6877D8A014CE/D6E05488587811EEAA1EAD554AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/afrinic/S4D0bEIIq3jyH3EKKWI1-QYyTis.cer: no valid manifest rsync://rpki.afrinic.net/repository/member_repository/F36EE1C1/050BE1D635B311ED9721E3F0F1222468/S4D0bEIIq3jyH3EKKWI1-QYyTis.mft found.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/4E784C9E543711EEAB9B72464AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/535AC336544111EE938070694AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/C59ACA62543811EEA76CEF4A4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/758A74EA543911EE94DA1C4D4AD9E6FC.roa: certificate is not yet valid.
[WARN] rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/BFB19DB4543411EE906A753B4AD9E6FC.roa: certificate is not yet valid.

hhm-call avatar Sep 27 '23 07:09 hhm-call

########################### install #############################

vi /etc/yum.repos.d/nlnetlabs.repo
###
[nlnetlabs]
name=NLnet Labs
baseurl=https://packages.nlnetlabs.nl/linux/centos/8/main/x86_64
enabled=1
###

sudo rpm --import https://packages.nlnetlabs.nl/aptkey.asc

sudo yum install -y routinator
sudo yum install -y krill

########################### routinator conf #############################

vi /etc/routinator/routinator.conf
###
repository-dir = "/var/lib/routinator/rpki-cache"
rtr-listen = ["172.16.0.251:3323"]
http-listen = ["172.16.0.251:8323"]
###

routinator --config /etc/routinator/routinator.conf config

########################### krill conf #############################

vi /etc/krill.conf
###
service_uri =  "https://localhost:3000/"
###

##################################################

yum install -y nginx
vi /etc/nginx/conf.d/krillexampleorg.conf

server {
      server_name RPKI_TEST_HHM;
      client_max_body_size 100M;

      location / {
              proxy_pass https://localhost:3000/;
      }

  listen 80;
}


vi /etc/ssh/sshd_config
###
AllowTcpForwarding yes
###
systemctl restart sshd

############################################## Windows input-->ssh -L 3000:localhost:3000 [email protected]

Open https://localhost:3000/, input the admin_token in /etc/krill.conf.Add an additional parent,copy <child_request> and <publisher_request>.

###
<child_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" child_handle="RPKI_TEST_HHM">
  <child_bpki_ta>
...
  </child_bpki_ta>
</child_request>
###
###
<publisher_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" publisher_handle="RPKI_TEST_HHM">
  <publisher_bpki_ta>
...
  </publisher_bpki_ta>
</publisher_request>
###

Open https://testbed.krill.cloud/ui/testbed, paste <child_request>,copy <parent_response> and <repository_response>.

###
<parent_response xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" parent_handle="testbed" child_handle="RPKI_TEST_HHM" service_uri="https://testbed.krill.cloud/rfc6492/testbed">
  <parent_bpki_ta>
   ...
  </parent_bpki_ta>
</parent_response>
###
###
<repository_response xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" publisher_handle="RPKI_TEST_HHM" service_uri="https://testbed.krill.cloud/rfc8181/RPKI_TEST_HHM/" sia_base="rsync://testbed.krill.cloud/repo/RPKI_TEST_HHM/" rrdp_notification_uri="https://testbed.krill.cloud/rrdp/notification.xml">
    <repository_bpki_ta>
 ...
    </repository_bpki_ta>
</repository_response>
###

Certificate Authority RPKI_TEST_HHM

	    Parents
testbed_hhm
Parents		https://testbed.krill.cloud/rfc6492/testbed
Last Exchange	27-09-2023 06:56:06 UTC (1 hour ago)
All Resources	ASN: AS6551-AS6552
		IPv4: 192.168.110.0/24, 192.168.220.0/24
		IPv6:

	    Repository
URI		https://testbed.krill.cloud/rfc8181/RPKI_TEST_HHM/
Last Exchange	27-09-2023 06:49:57 UTC (1 hour ago)

But after Add ROAs,

ASN	Prefix			Comment		State	
6551	192.168.110.0/24-32			NOT SEEN

I would like to know if there are problems with these operations, and how to fix them. Also, How do I get Routinator to use only krill content?

?_?

hhm-call avatar Sep 27 '23 08:09 hhm-call