velp/ rpki-validator-docker_instructions.md

## rpki-validator-docker_instructions.md

      
    Raw
  

               rpki-validator-docker_instructions.md
            
          
    Create docker container with RIPE NCC RPKI validator


Install docker-engine
Download files Dockerfile and rpki-validator.conf in the server directory.
Change user and password settings:

ui.kiosk.user=admin
ui.kiosk.pass=password

Create docker image:

cd <path_with_Dockerfile>
sudo docker build -t noc/rpki-validator .

Create log directory:

sudo mkdir -p /var/log/rpki-validator

Run container with name "rpki-validator"

sudo docker run --detach --restart=always -p 8080:8080 -p8282:8282 -m1024m -v /var/log:/var/log/rpki-validator --name rpki-validator noc/rpki-validator

Create autorun script


## Dockerfile
FROM domblack/scala
RUN yum update -y && \
    yum -y install rsync && \
    yum -y install tar

WORKDIR /opt/rpki-validator
ADD https://rrdp.ripe.net/certification/content/static/validator/rpki-validator-app-2.23-dist.tar.gz .
RUN tar -xzf rpki-validator-app-*-dist.tar.gz
COPY rpki-validator.conf ./

VOLUME ["/var/log"]

EXPOSE 8080

CMD /opt/rpki-validator/rpki-validator-app-*/rpki-validator.sh run -c /opt/rpki-validator/rpki-validator.conf

## rpki-validator.conf
# You can edit this file to override default settings of the RPKI Validator, for example
# to use a different port for the HTTP and router interface, or the location of resources
# used by this application.
#
# By default the start script will expect this file at the following location:
#    conf/rpki-validator.conf
#
# Override the default name and location of this configuration file using the -c flag:
#    ./rpki-validator.sh start -c /path/to/my-configuration.conf


# Start the web user interface on the specified port.
ui.http.port=8080

# In kiosk mode the application will be accessible read-only to anyone, but any action or
# update will require authentication with a username and password.
ui.kiosk.enable=false
ui.kiosk.user=admin
ui.kiosk.pass=password

# Allow RPKI-capable routers to connect on the specified port.
rtr.port=8282

# Stop this application from sending 'notify' messages to the router when it has updates.
# When set to true, routers will fetch new data at the interval specified on the device.
rtr.send-notify=true

# Stop this application from closing connections when it receives fatal errors.
rtr.close-on-error=true

# Change the location of any of the files and working directories this application uses.
# All paths are relative to where the rpki-validator.sh script is installed.
locations.workdir=tmp
locations.datadir=data
locations.rsyncdir=data/rsync
locations.taldir=conf/tal
#locations.trusted.ssl.dir=conf/ssl
locations.libdir=lib
locations.pidfile=validator.pid

logging.application.file=/var/log/rpki-validator/validator.log
logging.rtr.file=/var/log/rpki-validator/rtr.log
# if contains 'yyyy_MM_dd', will be rotated daily
#logging.access.file=/var/log/rpki-validator/access.log.yyyy_MM_dd

# Use the following settings to change JVM parameters
#
# Change the minimum and maximum memory for the JVM
#
# Notes:
# - 1GB of memory is needed for the current size of the combined RPKI repositories
# - You may want to raise this value if you see 'out of memory' errors in the log
# - A higher maximum will allow the JVM to use more system memory and spend less time on
#   garbage collection (slight speed improvements possible)
jvm.memory.initial=512m      # -Xms jvm option -> initial memory claimed by the jvm
jvm.memory.maximum=1024m      # -Xmx jvm option -> maximum memory for the jvm

# Proxy settings are used by the JVM when fetching data for the BGP Preview and
# notifications about new RPKI Validator releases.
#
# Notes:
# - rsync is used as an external program and will not use this proxy
# - you should only specify one type of proxy, if you specify both 'socks' is preferred
jvm.proxy.socks.host=''         # leave empty if you don't use a socks proxy
jvm.proxy.socks.port=''         # leave empty if you don't use a socks proxy

jvm.proxy.http.host=''          # leave empty if you don't use a http proxy
jvm.proxy.http.port=''          # leave empty if you don't use a http proxy
	FROM domblack/scala
	RUN yum update -y && \
	yum -y install rsync && \
	yum -y install tar

	WORKDIR /opt/rpki-validator
	ADD https://rrdp.ripe.net/certification/content/static/validator/rpki-validator-app-2.23-dist.tar.gz .
	RUN tar -xzf rpki-validator-app-*-dist.tar.gz
	COPY rpki-validator.conf ./

	VOLUME ["/var/log"]

	EXPOSE 8080

	CMD /opt/rpki-validator/rpki-validator-app-*/rpki-validator.sh run -c /opt/rpki-validator/rpki-validator.conf
	# You can edit this file to override default settings of the RPKI Validator, for example
	# to use a different port for the HTTP and router interface, or the location of resources
	# used by this application.
	#
	# By default the start script will expect this file at the following location:
	# conf/rpki-validator.conf
	#
	# Override the default name and location of this configuration file using the -c flag:
	# ./rpki-validator.sh start -c /path/to/my-configuration.conf


	# Start the web user interface on the specified port.
	ui.http.port=8080

	# In kiosk mode the application will be accessible read-only to anyone, but any action or
	# update will require authentication with a username and password.
	ui.kiosk.enable=false
	ui.kiosk.user=admin
	ui.kiosk.pass=password

	# Allow RPKI-capable routers to connect on the specified port.
	rtr.port=8282

	# Stop this application from sending 'notify' messages to the router when it has updates.
	# When set to true, routers will fetch new data at the interval specified on the device.
	rtr.send-notify=true

	# Stop this application from closing connections when it receives fatal errors.
	rtr.close-on-error=true

	# Change the location of any of the files and working directories this application uses.
	# All paths are relative to where the rpki-validator.sh script is installed.
	locations.workdir=tmp
	locations.datadir=data
	locations.rsyncdir=data/rsync
	locations.taldir=conf/tal
	#locations.trusted.ssl.dir=conf/ssl
	locations.libdir=lib
	locations.pidfile=validator.pid

	logging.application.file=/var/log/rpki-validator/validator.log
	logging.rtr.file=/var/log/rpki-validator/rtr.log
	# if contains 'yyyy_MM_dd', will be rotated daily
	#logging.access.file=/var/log/rpki-validator/access.log.yyyy_MM_dd

	# Use the following settings to change JVM parameters
	#
	# Change the minimum and maximum memory for the JVM
	#
	# Notes:
	# - 1GB of memory is needed for the current size of the combined RPKI repositories
	# - You may want to raise this value if you see 'out of memory' errors in the log
	# - A higher maximum will allow the JVM to use more system memory and spend less time on
	# garbage collection (slight speed improvements possible)
	jvm.memory.initial=512m # -Xms jvm option -> initial memory claimed by the jvm
	jvm.memory.maximum=1024m # -Xmx jvm option -> maximum memory for the jvm

	# Proxy settings are used by the JVM when fetching data for the BGP Preview and
	# notifications about new RPKI Validator releases.
	#
	# Notes:
	# - rsync is used as an external program and will not use this proxy
	# - you should only specify one type of proxy, if you specify both 'socks' is preferred
	jvm.proxy.socks.host='' # leave empty if you don't use a socks proxy
	jvm.proxy.socks.port='' # leave empty if you don't use a socks proxy

	jvm.proxy.http.host='' # leave empty if you don't use a http proxy
	jvm.proxy.http.port='' # leave empty if you don't use a http proxy