[RPKI] Krill 0.9.0 'One for All' released

Tim Bruijnzeels tim at nlnetlabs.nl
Tue Jun 1 14:41:18 UTC 2021


Dear list,

We just released the first major release of Krill in a while: Krill 0.9.0 'One for All'. 

While basic ROA management is unchanged, there were many changes under the hood:

 * Multi-user support in the User Interface (local users or OpenID Connect)
 * Reduce disk space usage and growth over time
 * API and naming consistency (in preparation for 1.0 in future)
 * Publication Server improvements (to whom it may concern)
 * Many small improvements and minor bug fixes

For a full list of issues that were included in this release see:
https://github.com/NLnetLabs/krill/projects/4

Updated documentation is available here:
https://krill.docs.nlnetlabs.nl/en/stable/index.html

With multi-user support you can now give people in your organisation individual access rights to your CA - and they no longer need to share a password. If you have an OpenID Connect provider then you can integrate Krill with it. Read more here:
https://krill.docs.nlnetlabs.nl/en/stable/multi-user.html

Krill versions before 0.9.0 keep a lot of data around that is not strictly needed. This can clog up your system and it makes the Krill history difficult to parse. History can seen using "krillc history". We will include support for inspecting history in the UI soon.

There were some API and CLI changes introduced in this release. Over time things had become a bit inconsistent and we felt we needed to fix that before we can consider going for the Krill 1.0 release. If you are using automation then these changes may break your current integrations. Please have a look at the following page to see if and how this affects you:
https://krill.docs.nlnetlabs.nl/en/stable/upgrade.html

Note that your Krill data store will be upgraded automatically if you upgrade to this release. This upgrade can take some time, up to around 30 minutes dependent on the amount of history which accumulated over time and the speed of your system. During the migration you will not be able to update your ROAs, but your existing ROAs will remain available to RPKI validators. I.e. there is no downtime expected with regards to RPKI validation.

We have tested this on various (big) Krill instances running CAs as well as Publication Servers. Still, we recommend that you make a backup of your data store before upgrading. In case the upgrade should unexpectedly fail for you, please restore your old data, run the previous binary, and contact us so that we can make a fix. Alternatively, copy your data except for the keys directory to a test system and then use the new Krill binary there with the following env variable set so you can test the data migration: KRILL_UPGRADE_ONLY=1

Finally, note that you need to run at least Krill 0.6.0 in order to upgrade. If you run an older version you will need to upgrade to version 0.8.2 first.


On behalf of the NLnet Labs RPKI Team,

Tim


More information about the RPKI mailing list