Merge branch 'master' into remove-test-secrets
This commit is contained in:
commit
17218cbf02
@ -328,6 +328,54 @@ Lemur supports sending certification expiration notifications through SES and SM
|
||||
LEMUR_SECURITY_TEAM_EMAIL_INTERVALS = [15, 2]
|
||||
|
||||
|
||||
Celery Options
|
||||
---------------
|
||||
To make use of automated tasks within lemur (e.g. syncing source/destinations, or reissuing ACME certificates), you
|
||||
need to configure celery. See :ref:`Periodic Tasks <PeriodicTasks>` for more in depth documentation.
|
||||
|
||||
.. data:: CELERY_RESULT_BACKEND
|
||||
:noindex:
|
||||
|
||||
The url to your redis backend (needs to be in the format `redis://<host>:<port>/<database>`)
|
||||
|
||||
.. data:: CELERY_BROKER_URL
|
||||
:noindex:
|
||||
|
||||
The url to your redis broker (needs to be in the format `redis://<host>:<port>/<database>`)
|
||||
|
||||
.. data:: CELERY_IMPORTS
|
||||
:noindex:
|
||||
|
||||
The module that celery needs to import, in our case thats `lemur.common.celery`
|
||||
|
||||
.. data:: CELERY_TIMEZONE
|
||||
:noindex:
|
||||
|
||||
The timezone for celery to work with
|
||||
|
||||
|
||||
.. data:: CELERYBEAT_SCHEDULE
|
||||
:noindex:
|
||||
|
||||
This defines the schedule, with which the celery beat makes the worker run the specified tasks.
|
||||
|
||||
Since the celery module, relies on the RedisHandler, the following options also need to be set.
|
||||
|
||||
.. data:: REDIS_HOST
|
||||
:noindex:
|
||||
|
||||
Hostname of your redis instance
|
||||
|
||||
.. data:: REDIS_PORT
|
||||
:noindex:
|
||||
|
||||
Port on which redis is running (default: 6379)
|
||||
|
||||
.. data:: REDIS_DB
|
||||
:noindex:
|
||||
|
||||
Which redis database to be used, by default redis offers databases 0-15 (default: 0)
|
||||
|
||||
Authentication Options
|
||||
----------------------
|
||||
Lemur currently supports Basic Authentication, LDAP Authentication, Ping OAuth2, and Google out of the box. Additional flows can be added relatively easily.
|
||||
|
@ -49,9 +49,11 @@ The amount of effort you wish to expend ensuring that Lemur has good entropy to
|
||||
|
||||
If you wish to generate more entropy for your system we would suggest you take a look at the following resources:
|
||||
|
||||
- `WES-entropy-client <https://github.com/WhitewoodCrypto/WES-entropy-client>`_
|
||||
- `WES-entropy-client <https://github.com/Virginian/WES-entropy-client>`_
|
||||
- `haveged <http://www.issihosts.com/haveged/>`_
|
||||
|
||||
The original *WES-entropy-client* repository by WhitewoodCrypto was removed, the link now points to a fork of it.
|
||||
|
||||
For additional information about OpenSSL entropy issues:
|
||||
|
||||
- `Managing and Understanding Entropy Usage <https://www.blackhat.com/docs/us-15/materials/us-15-Potter-Understanding-And-Managing-Entropy-Usage.pdf>`_
|
||||
@ -313,6 +315,7 @@ It will start a shell from which you can start/stop/restart the service.
|
||||
|
||||
You can read all errors that might occur from /tmp/lemur.log.
|
||||
|
||||
.. _PeriodicTasks:
|
||||
|
||||
Periodic Tasks
|
||||
==============
|
||||
@ -386,10 +389,17 @@ To enable celery support, you must also have configuration values that tell Cele
|
||||
Here are the Celery configuration variables that should be set::
|
||||
|
||||
CELERY_RESULT_BACKEND = 'redis://your_redis_url:6379'
|
||||
CELERY_BROKER_URL = 'redis://your_redis_url:6379'
|
||||
CELERY_BROKER_URL = 'redis://your_redis_url:6379/0'
|
||||
CELERY_IMPORTS = ('lemur.common.celery')
|
||||
CELERY_TIMEZONE = 'UTC'
|
||||
|
||||
REDIS_HOST="your_redis_url"
|
||||
REDIS_PORT=6379
|
||||
REDIS_DB=0
|
||||
|
||||
Out of the box, every Redis instance supports 16 databases. The default database (`REDIS_DB`) is set to 0, however, you can use any of the databases from 0-15. Via `redis.conf` more databases can be supported.
|
||||
In the `redis://` url, the database number can be added with a slash after the port. (defaults to 0, if omitted)
|
||||
|
||||
Do not forget to import crontab module in your configuration file::
|
||||
|
||||
from celery.task.schedules import crontab
|
||||
|
@ -17,8 +17,8 @@ bcrypt==3.1.7 # via -r requirements.txt, flask-bcrypt, paramiko
|
||||
beautifulsoup4==4.9.1 # via -r requirements.txt, cloudflare
|
||||
billiard==3.6.3.0 # via -r requirements.txt, celery
|
||||
blinker==1.4 # via -r requirements.txt, flask-mail, flask-principal, raven
|
||||
boto3==1.14.61 # via -r requirements.txt
|
||||
botocore==1.17.61 # via -r requirements.txt, boto3, s3transfer
|
||||
boto3==1.15.2 # via -r requirements.txt
|
||||
botocore==1.18.2 # via -r requirements.txt, boto3, s3transfer
|
||||
celery[redis]==4.4.2 # via -r requirements.txt
|
||||
certifi==2020.6.20 # via -r requirements.txt, requests
|
||||
certsrv==2.1.1 # via -r requirements.txt
|
||||
@ -29,7 +29,7 @@ cloudflare==2.8.13 # via -r requirements.txt
|
||||
cryptography==3.1 # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
|
||||
dnspython3==1.15.0 # via -r requirements.txt
|
||||
dnspython==1.15.0 # via -r requirements.txt, dnspython3
|
||||
docutils==0.15.2 # via -r requirements.txt, botocore, sphinx
|
||||
docutils==0.15.2 # via sphinx
|
||||
dyn==1.8.1 # via -r requirements.txt
|
||||
flask-bcrypt==0.7.1 # via -r requirements.txt
|
||||
flask-cors==3.0.9 # via -r requirements.txt
|
||||
|
@ -10,9 +10,9 @@ aws-sam-translator==1.22.0 # via cfn-lint
|
||||
aws-xray-sdk==2.5.0 # via moto
|
||||
bandit==1.6.2 # via -r requirements-tests.in
|
||||
black==20.8b1 # via -r requirements-tests.in
|
||||
boto3==1.14.61 # via aws-sam-translator, moto
|
||||
boto3==1.15.2 # via aws-sam-translator, moto
|
||||
boto==2.49.0 # via moto
|
||||
botocore==1.17.61 # via aws-xray-sdk, boto3, moto, s3transfer
|
||||
botocore==1.18.2 # via aws-xray-sdk, boto3, moto, s3transfer
|
||||
certifi==2020.6.20 # via requests
|
||||
cffi==1.14.0 # via cryptography
|
||||
cfn-lint==0.29.5 # via moto
|
||||
@ -22,7 +22,6 @@ coverage==5.3 # via -r requirements-tests.in
|
||||
cryptography==3.1 # via moto, python-jose, sshpubkeys
|
||||
decorator==4.4.2 # via networkx
|
||||
docker==4.2.0 # via moto
|
||||
docutils==0.15.2 # via botocore
|
||||
ecdsa==0.14.1 # via moto, python-jose, sshpubkeys
|
||||
factory-boy==3.0.1 # via -r requirements-tests.in
|
||||
faker==4.1.3 # via -r requirements-tests.in, factory-boy
|
||||
|
@ -15,8 +15,8 @@ bcrypt==3.1.7 # via flask-bcrypt, paramiko
|
||||
beautifulsoup4==4.9.1 # via cloudflare
|
||||
billiard==3.6.3.0 # via celery
|
||||
blinker==1.4 # via flask-mail, flask-principal, raven
|
||||
boto3==1.14.61 # via -r requirements.in
|
||||
botocore==1.17.61 # via -r requirements.in, boto3, s3transfer
|
||||
boto3==1.15.2 # via -r requirements.in
|
||||
botocore==1.18.2 # via -r requirements.in, boto3, s3transfer
|
||||
celery[redis]==4.4.2 # via -r requirements.in
|
||||
certifi==2020.6.20 # via -r requirements.in, requests
|
||||
certsrv==2.1.1 # via -r requirements.in
|
||||
@ -27,7 +27,6 @@ cloudflare==2.8.13 # via -r requirements.in
|
||||
cryptography==3.1 # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
|
||||
dnspython3==1.15.0 # via -r requirements.in
|
||||
dnspython==1.15.0 # via dnspython3
|
||||
docutils==0.15.2 # via botocore
|
||||
dyn==1.8.1 # via -r requirements.in
|
||||
flask-bcrypt==0.7.1 # via -r requirements.in
|
||||
flask-cors==3.0.9 # via -r requirements.in
|
||||
|
Loading…
Reference in New Issue
Block a user