[RPKI] Krill testbed redeployed
Tim Bruijnzeels
tim at nlnetlabs.nl
Fri Feb 25 15:10:00 UTC 2022
Dear all,
I realised I could have been a bit more informative about
the following:
> On 25 Feb 2022, at 13:41, Tim Bruijnzeels <tim at nlnetlabs.nl> wrote:
>
> If you had a test instance running under the testbed, then
> you will have to re-do the setup. Our apologies for the
> inconvenience, but fortunately we could catch the issue
> on this test system rather than after a public release.
>
The easiest way to achieve this with a krill client would
be to delete your current CA instance in krill and then
re-do the setup. You can delete a CA from your instance
using the CLI:
https://krill.docs.nlnetlabs.nl/en/stable/cli.html#krillc-delete
Of course, the above is rather destructive but it's easiest
and may be fine in a testing context.
A more careful way to achieve a similar result would be
to first remove the old testbed parent, and then reconfigure
your CA to use the new repo.
Removing the old parent can be done using the command
line, e.g.:
# krillc parents remove --ca <your-ca> --parent testbed
Then you can reconfigure the testbed as the repository.
First generate your CA's repository request:
# krillc repo request --ca <your-ca>
Upload the XML in the testlab, and copy the new repository
response. Then configure your CA to use this:
# krillc repo configure --ca <your-ca> --response ./repo-res.xml
If your CA had no other parents, then it will now just use
the new repo:
# krillc issues
no issues found
If your CA had other parents, then you should now be able
to activate the new key which will publish in the new
repo:
# krillc keyroll activate --ca <your-ca>
Now you can re-add the testbed as a parent using the UI,
or CLI as described here:
https://krill.docs.nlnetlabs.nl/en/stable/get-started.html#parent-setup
I hope this helps, if you have any issues please let me
know.
Kind regards,
Tim
More information about the RPKI
mailing list