Merge branch 'master' into remove-test-secrets

2020-09-23 10:34:19 -07:00 · 2020-09-23 10:34:19 -07:00 · 17218cbf02
parent 19a678dcc2 2c477ae8e7
commit 17218cbf02
5 changed files with 67 additions and 11 deletions
--- a/docs/administration.rst
+++ b/docs/administration.rst
@ -328,6 +328,54 @@ Lemur supports sending certification expiration notifications through SES and SM
          LEMUR_SECURITY_TEAM_EMAIL_INTERVALS = [15, 2]


+Celery Options
+---------------
+To make use of automated tasks within lemur (e.g. syncing source/destinations, or reissuing ACME certificates), you
+need to configure celery. See :ref:`Periodic Tasks <PeriodicTasks>` for more in depth documentation.
+
+.. data:: CELERY_RESULT_BACKEND
+    :noindex:
+
+        The url to your redis backend (needs to be in the format `redis://<host>:<port>/<database>`)
+
+.. data:: CELERY_BROKER_URL
+    :noindex:
+
+        The url to your redis broker (needs to be in the format `redis://<host>:<port>/<database>`)
+
+.. data:: CELERY_IMPORTS
+    :noindex:
+
+        The module that celery needs to import, in our case thats `lemur.common.celery`
+
+.. data:: CELERY_TIMEZONE
+    :noindex:
+
+        The timezone for celery to work with
+
+
+.. data:: CELERYBEAT_SCHEDULE
+    :noindex:
+
+        This defines the schedule, with which the celery beat makes the worker run the specified tasks.
+
+Since the celery module, relies on the RedisHandler, the following options also need to be set.
+
+.. data:: REDIS_HOST
+    :noindex:
+
+        Hostname of your redis instance
+
+.. data:: REDIS_PORT
+    :noindex:
+
+        Port on which redis is running (default: 6379)
+
+.. data:: REDIS_DB
+    :noindex:
+
+        Which redis database to be used, by default redis offers databases 0-15 (default: 0)
+
 Authentication Options
 ----------------------
 Lemur currently supports Basic Authentication, LDAP Authentication, Ping OAuth2, and Google out of the box. Additional flows can be added relatively easily.
--- a/docs/production/index.rst
+++ b/docs/production/index.rst
@ -49,9 +49,11 @@ The amount of effort you wish to expend ensuring that Lemur has good entropy to

 If you wish to generate more entropy for your system we would suggest you take a look at the following resources:

- `WES-entropy-client <https://github.com/WhitewoodCrypto/WES-entropy-client>`_
+- `WES-entropy-client <https://github.com/Virginian/WES-entropy-client>`_
 - `haveged <http://www.issihosts.com/haveged/>`_

+The original *WES-entropy-client* repository by WhitewoodCrypto was removed, the link now points to a fork of it.
+
 For additional information about OpenSSL entropy issues:

 - `Managing and Understanding Entropy Usage <https://www.blackhat.com/docs/us-15/materials/us-15-Potter-Understanding-And-Managing-Entropy-Usage.pdf>`_
@ -313,6 +315,7 @@ It will start a shell from which you can start/stop/restart the service.

 You can read all errors that might occur from /tmp/lemur.log.

+.. _PeriodicTasks:

 Periodic Tasks
 ==============
@ -386,10 +389,17 @@ To enable celery support, you must also have configuration values that tell Cele
 Here are the Celery configuration variables that should be set::

    CELERY_RESULT_BACKEND = 'redis://your_redis_url:6379'
-    CELERY_BROKER_URL = 'redis://your_redis_url:6379'
+    CELERY_BROKER_URL = 'redis://your_redis_url:6379/0'
    CELERY_IMPORTS = ('lemur.common.celery')
    CELERY_TIMEZONE = 'UTC'

+    REDIS_HOST="your_redis_url"
+    REDIS_PORT=6379
+    REDIS_DB=0
+
+Out of the box, every Redis instance supports 16 databases. The default database (`REDIS_DB`) is  set to 0, however, you can use any of the databases from 0-15. Via `redis.conf` more databases can be supported.
+In the `redis://` url, the database number can be added with a slash after the port. (defaults to 0, if omitted)
+
 Do not forget to import crontab module in your configuration file::

    from celery.task.schedules import crontab
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@ -17,8 +17,8 @@ bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
-boto3==1.14.61            # via -r requirements.txt
-botocore==1.17.61         # via -r requirements.txt, boto3, s3transfer
+boto3==1.15.2             # via -r requirements.txt
+botocore==1.18.2          # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
 certsrv==2.1.1            # via -r requirements.txt
@ -29,7 +29,7 @@ cloudflare==2.8.13        # via -r requirements.txt
 cryptography==3.1         # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.txt
 dnspython==1.15.0         # via -r requirements.txt, dnspython3
-docutils==0.15.2          # via -r requirements.txt, botocore, sphinx
+docutils==0.15.2          # via sphinx
 dyn==1.8.1                # via -r requirements.txt
 flask-bcrypt==0.7.1       # via -r requirements.txt
 flask-cors==3.0.9         # via -r requirements.txt
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@ -10,9 +10,9 @@ aws-sam-translator==1.22.0  # via cfn-lint
 aws-xray-sdk==2.5.0       # via moto
 bandit==1.6.2             # via -r requirements-tests.in
 black==20.8b1             # via -r requirements-tests.in
-boto3==1.14.61            # via aws-sam-translator, moto
+boto3==1.15.2             # via aws-sam-translator, moto
 boto==2.49.0              # via moto
-botocore==1.17.61         # via aws-xray-sdk, boto3, moto, s3transfer
+botocore==1.18.2          # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
 cffi==1.14.0              # via cryptography
 cfn-lint==0.29.5          # via moto
@ -22,7 +22,6 @@ coverage==5.3             # via -r requirements-tests.in
 cryptography==3.1         # via moto, python-jose, sshpubkeys
 decorator==4.4.2          # via networkx
 docker==4.2.0             # via moto
-docutils==0.15.2          # via botocore
 ecdsa==0.14.1             # via moto, python-jose, sshpubkeys
 factory-boy==3.0.1        # via -r requirements-tests.in
 faker==4.1.3              # via -r requirements-tests.in, factory-boy
--- a/requirements.txt
+++ b/requirements.txt
@ -15,8 +15,8 @@ bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.14.61            # via -r requirements.in
-botocore==1.17.61         # via -r requirements.in, boto3, s3transfer
+boto3==1.15.2             # via -r requirements.in
+botocore==1.18.2          # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests
 certsrv==2.1.1            # via -r requirements.in
@ -27,7 +27,6 @@ cloudflare==2.8.13        # via -r requirements.in
 cryptography==3.1         # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.in
 dnspython==1.15.0         # via dnspython3
-docutils==0.15.2          # via botocore
 dyn==1.8.1                # via -r requirements.in
 flask-bcrypt==0.7.1       # via -r requirements.in
 flask-cors==3.0.9         # via -r requirements.in