Merge branch 'master' into remove-test-secrets
This commit is contained in:
commit
17218cbf02
|
@ -328,6 +328,54 @@ Lemur supports sending certification expiration notifications through SES and SM
|
||||||
LEMUR_SECURITY_TEAM_EMAIL_INTERVALS = [15, 2]
|
LEMUR_SECURITY_TEAM_EMAIL_INTERVALS = [15, 2]
|
||||||
|
|
||||||
|
|
||||||
|
Celery Options
|
||||||
|
---------------
|
||||||
|
To make use of automated tasks within lemur (e.g. syncing source/destinations, or reissuing ACME certificates), you
|
||||||
|
need to configure celery. See :ref:`Periodic Tasks <PeriodicTasks>` for more in depth documentation.
|
||||||
|
|
||||||
|
.. data:: CELERY_RESULT_BACKEND
|
||||||
|
:noindex:
|
||||||
|
|
||||||
|
The url to your redis backend (needs to be in the format `redis://<host>:<port>/<database>`)
|
||||||
|
|
||||||
|
.. data:: CELERY_BROKER_URL
|
||||||
|
:noindex:
|
||||||
|
|
||||||
|
The url to your redis broker (needs to be in the format `redis://<host>:<port>/<database>`)
|
||||||
|
|
||||||
|
.. data:: CELERY_IMPORTS
|
||||||
|
:noindex:
|
||||||
|
|
||||||
|
The module that celery needs to import, in our case thats `lemur.common.celery`
|
||||||
|
|
||||||
|
.. data:: CELERY_TIMEZONE
|
||||||
|
:noindex:
|
||||||
|
|
||||||
|
The timezone for celery to work with
|
||||||
|
|
||||||
|
|
||||||
|
.. data:: CELERYBEAT_SCHEDULE
|
||||||
|
:noindex:
|
||||||
|
|
||||||
|
This defines the schedule, with which the celery beat makes the worker run the specified tasks.
|
||||||
|
|
||||||
|
Since the celery module, relies on the RedisHandler, the following options also need to be set.
|
||||||
|
|
||||||
|
.. data:: REDIS_HOST
|
||||||
|
:noindex:
|
||||||
|
|
||||||
|
Hostname of your redis instance
|
||||||
|
|
||||||
|
.. data:: REDIS_PORT
|
||||||
|
:noindex:
|
||||||
|
|
||||||
|
Port on which redis is running (default: 6379)
|
||||||
|
|
||||||
|
.. data:: REDIS_DB
|
||||||
|
:noindex:
|
||||||
|
|
||||||
|
Which redis database to be used, by default redis offers databases 0-15 (default: 0)
|
||||||
|
|
||||||
Authentication Options
|
Authentication Options
|
||||||
----------------------
|
----------------------
|
||||||
Lemur currently supports Basic Authentication, LDAP Authentication, Ping OAuth2, and Google out of the box. Additional flows can be added relatively easily.
|
Lemur currently supports Basic Authentication, LDAP Authentication, Ping OAuth2, and Google out of the box. Additional flows can be added relatively easily.
|
||||||
|
|
|
@ -49,9 +49,11 @@ The amount of effort you wish to expend ensuring that Lemur has good entropy to
|
||||||
|
|
||||||
If you wish to generate more entropy for your system we would suggest you take a look at the following resources:
|
If you wish to generate more entropy for your system we would suggest you take a look at the following resources:
|
||||||
|
|
||||||
- `WES-entropy-client <https://github.com/WhitewoodCrypto/WES-entropy-client>`_
|
- `WES-entropy-client <https://github.com/Virginian/WES-entropy-client>`_
|
||||||
- `haveged <http://www.issihosts.com/haveged/>`_
|
- `haveged <http://www.issihosts.com/haveged/>`_
|
||||||
|
|
||||||
|
The original *WES-entropy-client* repository by WhitewoodCrypto was removed, the link now points to a fork of it.
|
||||||
|
|
||||||
For additional information about OpenSSL entropy issues:
|
For additional information about OpenSSL entropy issues:
|
||||||
|
|
||||||
- `Managing and Understanding Entropy Usage <https://www.blackhat.com/docs/us-15/materials/us-15-Potter-Understanding-And-Managing-Entropy-Usage.pdf>`_
|
- `Managing and Understanding Entropy Usage <https://www.blackhat.com/docs/us-15/materials/us-15-Potter-Understanding-And-Managing-Entropy-Usage.pdf>`_
|
||||||
|
@ -313,6 +315,7 @@ It will start a shell from which you can start/stop/restart the service.
|
||||||
|
|
||||||
You can read all errors that might occur from /tmp/lemur.log.
|
You can read all errors that might occur from /tmp/lemur.log.
|
||||||
|
|
||||||
|
.. _PeriodicTasks:
|
||||||
|
|
||||||
Periodic Tasks
|
Periodic Tasks
|
||||||
==============
|
==============
|
||||||
|
@ -386,10 +389,17 @@ To enable celery support, you must also have configuration values that tell Cele
|
||||||
Here are the Celery configuration variables that should be set::
|
Here are the Celery configuration variables that should be set::
|
||||||
|
|
||||||
CELERY_RESULT_BACKEND = 'redis://your_redis_url:6379'
|
CELERY_RESULT_BACKEND = 'redis://your_redis_url:6379'
|
||||||
CELERY_BROKER_URL = 'redis://your_redis_url:6379'
|
CELERY_BROKER_URL = 'redis://your_redis_url:6379/0'
|
||||||
CELERY_IMPORTS = ('lemur.common.celery')
|
CELERY_IMPORTS = ('lemur.common.celery')
|
||||||
CELERY_TIMEZONE = 'UTC'
|
CELERY_TIMEZONE = 'UTC'
|
||||||
|
|
||||||
|
REDIS_HOST="your_redis_url"
|
||||||
|
REDIS_PORT=6379
|
||||||
|
REDIS_DB=0
|
||||||
|
|
||||||
|
Out of the box, every Redis instance supports 16 databases. The default database (`REDIS_DB`) is set to 0, however, you can use any of the databases from 0-15. Via `redis.conf` more databases can be supported.
|
||||||
|
In the `redis://` url, the database number can be added with a slash after the port. (defaults to 0, if omitted)
|
||||||
|
|
||||||
Do not forget to import crontab module in your configuration file::
|
Do not forget to import crontab module in your configuration file::
|
||||||
|
|
||||||
from celery.task.schedules import crontab
|
from celery.task.schedules import crontab
|
||||||
|
|
|
@ -17,8 +17,8 @@ bcrypt==3.1.7 # via -r requirements.txt, flask-bcrypt, paramiko
|
||||||
beautifulsoup4==4.9.1 # via -r requirements.txt, cloudflare
|
beautifulsoup4==4.9.1 # via -r requirements.txt, cloudflare
|
||||||
billiard==3.6.3.0 # via -r requirements.txt, celery
|
billiard==3.6.3.0 # via -r requirements.txt, celery
|
||||||
blinker==1.4 # via -r requirements.txt, flask-mail, flask-principal, raven
|
blinker==1.4 # via -r requirements.txt, flask-mail, flask-principal, raven
|
||||||
boto3==1.14.61 # via -r requirements.txt
|
boto3==1.15.2 # via -r requirements.txt
|
||||||
botocore==1.17.61 # via -r requirements.txt, boto3, s3transfer
|
botocore==1.18.2 # via -r requirements.txt, boto3, s3transfer
|
||||||
celery[redis]==4.4.2 # via -r requirements.txt
|
celery[redis]==4.4.2 # via -r requirements.txt
|
||||||
certifi==2020.6.20 # via -r requirements.txt, requests
|
certifi==2020.6.20 # via -r requirements.txt, requests
|
||||||
certsrv==2.1.1 # via -r requirements.txt
|
certsrv==2.1.1 # via -r requirements.txt
|
||||||
|
@ -29,7 +29,7 @@ cloudflare==2.8.13 # via -r requirements.txt
|
||||||
cryptography==3.1 # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
|
cryptography==3.1 # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
|
||||||
dnspython3==1.15.0 # via -r requirements.txt
|
dnspython3==1.15.0 # via -r requirements.txt
|
||||||
dnspython==1.15.0 # via -r requirements.txt, dnspython3
|
dnspython==1.15.0 # via -r requirements.txt, dnspython3
|
||||||
docutils==0.15.2 # via -r requirements.txt, botocore, sphinx
|
docutils==0.15.2 # via sphinx
|
||||||
dyn==1.8.1 # via -r requirements.txt
|
dyn==1.8.1 # via -r requirements.txt
|
||||||
flask-bcrypt==0.7.1 # via -r requirements.txt
|
flask-bcrypt==0.7.1 # via -r requirements.txt
|
||||||
flask-cors==3.0.9 # via -r requirements.txt
|
flask-cors==3.0.9 # via -r requirements.txt
|
||||||
|
|
|
@ -10,9 +10,9 @@ aws-sam-translator==1.22.0 # via cfn-lint
|
||||||
aws-xray-sdk==2.5.0 # via moto
|
aws-xray-sdk==2.5.0 # via moto
|
||||||
bandit==1.6.2 # via -r requirements-tests.in
|
bandit==1.6.2 # via -r requirements-tests.in
|
||||||
black==20.8b1 # via -r requirements-tests.in
|
black==20.8b1 # via -r requirements-tests.in
|
||||||
boto3==1.14.61 # via aws-sam-translator, moto
|
boto3==1.15.2 # via aws-sam-translator, moto
|
||||||
boto==2.49.0 # via moto
|
boto==2.49.0 # via moto
|
||||||
botocore==1.17.61 # via aws-xray-sdk, boto3, moto, s3transfer
|
botocore==1.18.2 # via aws-xray-sdk, boto3, moto, s3transfer
|
||||||
certifi==2020.6.20 # via requests
|
certifi==2020.6.20 # via requests
|
||||||
cffi==1.14.0 # via cryptography
|
cffi==1.14.0 # via cryptography
|
||||||
cfn-lint==0.29.5 # via moto
|
cfn-lint==0.29.5 # via moto
|
||||||
|
@ -22,7 +22,6 @@ coverage==5.3 # via -r requirements-tests.in
|
||||||
cryptography==3.1 # via moto, python-jose, sshpubkeys
|
cryptography==3.1 # via moto, python-jose, sshpubkeys
|
||||||
decorator==4.4.2 # via networkx
|
decorator==4.4.2 # via networkx
|
||||||
docker==4.2.0 # via moto
|
docker==4.2.0 # via moto
|
||||||
docutils==0.15.2 # via botocore
|
|
||||||
ecdsa==0.14.1 # via moto, python-jose, sshpubkeys
|
ecdsa==0.14.1 # via moto, python-jose, sshpubkeys
|
||||||
factory-boy==3.0.1 # via -r requirements-tests.in
|
factory-boy==3.0.1 # via -r requirements-tests.in
|
||||||
faker==4.1.3 # via -r requirements-tests.in, factory-boy
|
faker==4.1.3 # via -r requirements-tests.in, factory-boy
|
||||||
|
|
|
@ -15,8 +15,8 @@ bcrypt==3.1.7 # via flask-bcrypt, paramiko
|
||||||
beautifulsoup4==4.9.1 # via cloudflare
|
beautifulsoup4==4.9.1 # via cloudflare
|
||||||
billiard==3.6.3.0 # via celery
|
billiard==3.6.3.0 # via celery
|
||||||
blinker==1.4 # via flask-mail, flask-principal, raven
|
blinker==1.4 # via flask-mail, flask-principal, raven
|
||||||
boto3==1.14.61 # via -r requirements.in
|
boto3==1.15.2 # via -r requirements.in
|
||||||
botocore==1.17.61 # via -r requirements.in, boto3, s3transfer
|
botocore==1.18.2 # via -r requirements.in, boto3, s3transfer
|
||||||
celery[redis]==4.4.2 # via -r requirements.in
|
celery[redis]==4.4.2 # via -r requirements.in
|
||||||
certifi==2020.6.20 # via -r requirements.in, requests
|
certifi==2020.6.20 # via -r requirements.in, requests
|
||||||
certsrv==2.1.1 # via -r requirements.in
|
certsrv==2.1.1 # via -r requirements.in
|
||||||
|
@ -27,7 +27,6 @@ cloudflare==2.8.13 # via -r requirements.in
|
||||||
cryptography==3.1 # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
|
cryptography==3.1 # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
|
||||||
dnspython3==1.15.0 # via -r requirements.in
|
dnspython3==1.15.0 # via -r requirements.in
|
||||||
dnspython==1.15.0 # via dnspython3
|
dnspython==1.15.0 # via dnspython3
|
||||||
docutils==0.15.2 # via botocore
|
|
||||||
dyn==1.8.1 # via -r requirements.in
|
dyn==1.8.1 # via -r requirements.in
|
||||||
flask-bcrypt==0.7.1 # via -r requirements.in
|
flask-bcrypt==0.7.1 # via -r requirements.in
|
||||||
flask-cors==3.0.9 # via -r requirements.in
|
flask-cors==3.0.9 # via -r requirements.in
|
||||||
|
|
Loading…
Reference in New Issue