[RPKI] Help to Upgrade Krill 0.5 to stable(0.96)

Tim Bruijnzeels tim at nlnetlabs.nl
Sat Jun 18 08:30:26 UTC 2022

Hi Douglas,

Indeed the instructions for this are missing. I will have a look at updating the documentation after the weekend.

Some quick pointer that I hope will help...

To upgrade Krill <0.6.0 first upgrade to 0.8.2. It would be wise do first make a backup of the data dir and then use the env variable 'KRILL_UPGRADE_ONLY=1' to make sure that you test the upgrade. Explained here:


If this upgrade should fail, then revert to the back up and keep using the previous Krill version. Please let me know (direct email is also okay) in this case.

After upgrading to this version you can do a normal upgrade to 0.9.6.

Since they are currently running 0.5 they will have installed and compiled krill manually, or they may have used Rust's cargo. In either case, this may be a good moment to switch to using the packages we have been providing since 0.7.1. If you do, be aware that the default location of the data directory, config file may have changed compared to the choices made when 0.5 was installed. We also provide a service file for starting/stopping Krill that you should have a look at.

One more word of warning: please be sure that you only have 1 krill instance running at the same time. I.e. it might be tempting to copy the current data to a new system and do an upgrade there. In itself this is fine, but beware that if you have two instances active at the same time - using the ID key and parent / publication server configuration - then they will enter in a competition to request resources and revoke unexpected keys from the parent, and publish their own objects and removing the other instance's objects. You don't want this..


> On 17 Jun 2022, at 14:37, Douglas Fischer via RPKI <rpki at lists.nlnetlabs.nl> wrote:
> A consultant customer deployed Krill 0.5 (right at the begining of Registro.BR RPKI Support).
> And kept it forgotten in the locker since that.
> Recently he is having some issues with the Key rolling.
> Roas has expired (or stale, I don't know the correct word for that)
> We did some manual rol as a Band-aid... And it is working now.
> Now we need to put it on a non-prehistoric version.
> But the Upgrade instructions do not cover that incredibly old version.
> https://krill.docs.nlnetlabs.nl/en/stable/upgrade.html
> The possibility of re-creating the CAs on the Parent is discarded by now.
> Because it would involve manually accessing the Registro.BR interface one-by-one of the ASNs hosted (Registro.BR still supply API to Handlers).
> Any suggestions?
> -- 
> Douglas Fernando Fischer
> Engº de Controle e Automação
> -- 
> RPKI mailing list
> RPKI at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/rpki

More information about the RPKI mailing list