Aggregate command sets

defaults/krill-pubd.conf

@@ -4,11 +4,74 @@
 #                                                                                    #
 ######################################################################################
 
-# Specify the directory where the publication server will store its data.
-# Note that clustering through a shared data directory is not supported.
-# But, we plan to look into a proper clustering solution later.
+# Specify the storage used by Krill.
 #
-### data_dir = "./data"
+# Currently, Krill supports two flavours of storage: disk
+# or a Postgresql database. Support for other databases or
+# key value store implementations may be added in future.
+#
+# If you use disk-backed storage, you MUST ensure that
+# only one Krill node using this storage is active at any
+# given moment. Transactionality is not guaranteed across nodes
+# when using this option.
+#
+# If a database back-end is used, it is possible to have multiple
+# concurrent active Krill instances use it. Database replication
+# can further improve availability as long as this is transparent to Krill.
+#
+# Example configurations:
+# storage_uri = "/var/lib/krill/data/"
+# storage_uri = "postgres://postgres@localhost/postgres" 
+#
+# Default:
+# storage_uri = "./data"
+#
+# For backward compatibility 'data_dir' is accepted as an
+# alternative to 'storage_uri'.
+#
+### storage_uri = "./data"
+
+# TLS Keys Dir
+#
+# Specify the location of the TLS directory for Krill's
+# built-in HTTPS server. This MUST be set in case the
+# storage_uri maps to a database.
+#
+# Default:
+# tls_keys_dir = $storage_uri/ssl
+
+# Repository Directory
+#
+# This is the directory used by the Krill Publication Server
+# for the publication of RPKI objects.
+#
+# This defaults a directory called "repo" under your server's
+# data directory. If your server uses a database for storage,
+# this value MUST be set - even if you do not use Krill as a
+# Publication Server. This will change when issues #1092 and
+# #1093 are implemented.
+#
+# repo_dir = /path/to/repo/
+
+# Upgrade Storage Uri
+#
+# This MUST be set if a database is used. We will remove this
+# when we implement issue #1094.
+#
+# upgrade_storage_uri = $data_dir/upgrade-data/
+
+# History Cache
+#
+# Krill keeps meta-information on all past changes for each CA
+# and the Publication Server. This information is cached by default
+# to ensure that the history (audit log) API is fast.
+#
+# However, this data can add up over time, so operators of
+# instances with many CAs or a lot of historical may choose
+# to turn this off to save memory. Note that memory will still
+# be used temporarily in case the history API is accessed.
+#
+### use_history_cache = true
 
 # Specify the path to the PID file for Krill.
 #

defaults/krill-testbed.conf

@@ -34,11 +34,74 @@
 #                                                                                    #
 ######################################################################################
 
-# Specify the directory where the publication server will store its data.
-# Note that clustering through a shared data directory is not supported.
-# But, we plan to look into a proper clustering solution later.
+# Specify the storage used by Krill.
 #
-### data_dir = "./data"
+# Currently, Krill supports two flavours of storage: disk
+# or a Postgresql database. Support for other databases or
+# key value store implementations may be added in future.
+#
+# If you use disk-backed storage, you MUST ensure that
+# only one Krill node using this storage is active at any
+# given moment. Transactionality is not guaranteed across nodes
+# when using this option.
+#
+# If a database back-end is used, it is possible to have multiple
+# concurrent active Krill instances use it. Database replication
+# can further improve availability as long as this is transparent to Krill.
+#
+# Example configurations:
+# storage_uri = "/var/lib/krill/data/"
+# storage_uri = "postgres://postgres@localhost/postgres" 
+#
+# Default:
+# storage_uri = "./data"
+#
+# For backward compatibility 'data_dir' is accepted as an
+# alternative to 'storage_uri'.
+#
+### storage_uri = "./data"
+
+# TLS Keys Dir
+#
+# Specify the location of the TLS directory for Krill's
+# built-in HTTPS server. This MUST be set in case the
+# storage_uri maps to a database.
+#
+# Default:
+# tls_keys_dir = $storage_uri/ssl
+
+# Repository Directory
+#
+# This is the directory used by the Krill Publication Server
+# for the publication of RPKI objects.
+#
+# This defaults a directory called "repo" under your server's
+# data directory. If your server uses a database for storage,
+# this value MUST be set - even if you do not use Krill as a
+# Publication Server. This will change when issues #1092 and
+# #1093 are implemented.
+#
+# repo_dir = /path/to/repo/
+
+# Upgrade Storage Uri
+#
+# This MUST be set if a database is used. We will remove this
+# when we implement issue #1094.
+#
+# upgrade_storage_uri = $data_dir/upgrade-data/
+
+# History Cache
+#
+# Krill keeps meta-information on all past changes for each CA
+# and the Publication Server. This information is cached by default
+# to ensure that the history (audit log) API is fast.
+#
+# However, this data can add up over time, so operators of
+# instances with many CAs or a lot of historical may choose
+# to turn this off to save memory. Note that memory will still
+# be used temporarily in case the history API is accessed.
+#
+### use_history_cache = true
 
 # Specify the path to the PID file for Krill.
 #

defaults/krill.conf

@@ -4,11 +4,74 @@
 #                                                                                    #
 ######################################################################################
 
-# Specify the directory where the publication server will store its data.
-# Note that clustering through a shared data directory is not supported.
-# But, we plan to look into a proper clustering solution later.
+# Specify the storage used by Krill.
 #
-### data_dir = "./data"
+# Currently, Krill supports two flavours of storage: disk
+# or a Postgresql database. Support for other databases or
+# key value store implementations may be added in future.
+#
+# If you use disk-backed storage, you MUST ensure that
+# only one Krill node using this storage is active at any
+# given moment. Transactionality is not guaranteed across nodes
+# when using this option.
+#
+# If a database back-end is used, it is possible to have multiple
+# concurrent active Krill instances use it. Database replication
+# can further improve availability as long as this is transparent to Krill.
+#
+# Example configurations:
+# storage_uri = "/var/lib/krill/data/"
+# storage_uri = "postgres://postgres@localhost/postgres" 
+#
+# Default:
+# storage_uri = "./data"
+#
+# For backward compatibility 'data_dir' is accepted as an
+# alternative to 'storage_uri'.
+#
+### storage_uri = "./data"
+
+# TLS Keys Dir
+#
+# Specify the location of the TLS directory for Krill's
+# built-in HTTPS server. This MUST be set in case the
+# storage_uri maps to a database.
+#
+# Default:
+# tls_keys_dir = $storage_uri/ssl
+
+# Repository Directory
+#
+# This is the directory used by the Krill Publication Server
+# for the publication of RPKI objects.
+#
+# This defaults a directory called "repo" under your server's
+# data directory. If your server uses a database for storage,
+# this value MUST be set - even if you do not use Krill as a
+# Publication Server. This will change when issues #1092 and
+# #1093 are implemented.
+#
+# repo_dir = /path/to/repo/
+
+# Upgrade Storage Uri
+#
+# This MUST be set if a database is used. We will remove this
+# when we implement issue #1094.
+#
+# upgrade_storage_uri = $data_dir/upgrade-data/
+
+# History Cache
+#
+# Krill keeps meta-information on all past changes for each CA
+# and the Publication Server. This information is cached by default
+# to ensure that the history (audit log) API is fast.
+#
+# However, this data can add up over time, so operators of
+# instances with many CAs or a lot of historical may choose
+# to turn this off to save memory. Note that memory will still
+# be used temporarily in case the history API is accessed.
+#
+### use_history_cache = true
 
 # Specify the path to the PID file for Krill.
 #

src/bin/krillup.rs

@@ -31,7 +31,8 @@ async fn main() {
 
     match Config::create(config_file, true) {
         Ok(config) => {
-            let properties_manager = match PropertiesManager::create(&config.storage_uri) {
+            let properties_manager = match PropertiesManager::create(&config.storage_uri, config.use_history_cache)
+            {
                 Ok(mgr) => mgr,
                 Err(e) => {
                     eprintln!("*** Error Preparing Data Migration ***");

src/cli/client.rs

@@ -546,8 +546,8 @@ impl KrillClient {
             &format!("service_uri = \"{}\"", self.server),
         );
 
-        if let Some(data_dir) = details.data_dir() {
-            config = config.replace("### data_dir = \"./data\"", &format!("data_dir = \"{}\"", data_dir))
+        if let Some(storage_uri) = details.data_dir() {
+            config = config.replace("### storage_uri = \"./data\"", &format!("storage_uri = \"{}\"", storage_uri))
         }
 
         if let Some(log_file) = details.log_file() {

src/cli/ta_client.rs

@@ -39,6 +39,7 @@ use crate::{
         ta::{
             TrustAnchorHandle, TrustAnchorProxySignerExchanges, TrustAnchorSignedRequest, TrustAnchorSignedResponse,
             TrustAnchorSigner, TrustAnchorSignerCommand, TrustAnchorSignerInfo, TrustAnchorSignerInitCommand,
+            TrustAnchorSignerInitCommandDetails,
         },
     },
 };
@@ -1001,8 +1002,8 @@ struct TrustAnchorSignerManager {
 
 impl TrustAnchorSignerManager {
     fn create(config: Config) -> Result<Self, Error> {
-        let store =
-            AggregateStore::create(&config.storage_uri, segment!("signer")).map_err(KrillError::AggregateStoreError)?;
+        let store = AggregateStore::create(&config.storage_uri, segment!("signer"), config.use_history_cache)
+            .map_err(KrillError::AggregateStoreError)?;
         let ta_handle = TrustAnchorHandle::new("ta".into());
         let signer = config.signer()?;
         let actor = Actor::krillta();
@@ -1019,18 +1020,20 @@ impl TrustAnchorSignerManager {
         if self.store.has(&self.ta_handle)? {
             Err(Error::other("Trust Anchor Signer was already initialised."))
         } else {
-            let signer_init_command = TrustAnchorSignerInitCommand {
-                handle: self.ta_handle.clone(),
-                proxy_id: info.proxy_id,
-                repo_info: info.repo_info,
-                tal_https: info.tal_https,
-                tal_rsync: info.tal_rsync,
-                private_key_pem: info.private_key_pem,
-                signer: self.signer.clone(),
-            };
-
-            let signer_init_event = TrustAnchorSigner::create_init(signer_init_command)?;
-            self.store.add(signer_init_event)?;
+            let cmd = TrustAnchorSignerInitCommand::new(
+                &self.ta_handle,
+                TrustAnchorSignerInitCommandDetails {
+                    proxy_id: info.proxy_id,
+                    repo_info: info.repo_info,
+                    tal_https: info.tal_https,
+                    tal_rsync: info.tal_rsync,
+                    private_key_pem: info.private_key_pem,
+                    signer: self.signer.clone(),
+                },
+                &self.actor,
+            );
+
+            self.store.add(cmd)?;
 
             Ok(TrustAnchorClientApiResponse::Empty)
         }
@@ -1090,6 +1093,9 @@ impl TrustAnchorSignerManager {
 pub struct Config {
     storage_uri: Url,
 
+    #[serde(default)]
+    use_history_cache: bool,
+
     #[serde(default = "crate::daemon::config::ConfigDefaults::log_type")]
     log_type: LogType,