Merge pull request #292 from kevgliss/docs

Fixes #285 Renames sync_sources function to sync to align documentation.
This commit is contained in:
kevgliss 2016-04-25 12:16:47 -07:00
commit c914ba946f
4 changed files with 44 additions and 12 deletions

View File

@ -588,24 +588,33 @@ All commands default to `~/.lemur/lemur.conf.py` if a configuration is not speci
Traverses every certificate that Lemur is aware of and attempts to understand its validity.
It utilizes both OCSP and CRL. If Lemur is unable to come to a conclusion about a certificates
validity its status is marked 'unknown'
validity its status is marked 'unknown'.
.. data:: sync
Sync attempts to discover certificates in the environment that were not created by Lemur. If you wish to only sync
a few sources you can pass a comma delimited list of sources to sync
a few sources you can pass a comma delimited list of sources to sync.
::
lemur sync source1,source2
lemur sync -s source1,source2
Additionally you can also list the available sources that Lemur can sync
Additionally you can also list the available sources that Lemur can sync.
::
lemur sync -list
lemur sync
.. data:: notify
Will traverse all current notifications and see if any of them need to be triggered.
::
lemur notify
Sub-commands

View File

@ -295,3 +295,25 @@ Then you can manage the process by running::
It will start a shell from which you can start/stop/restart the service.
You can read all errors that might occur from /tmp/lemur.log.
Periodic Tasks
==============
Lemur contains a few tasks that are run and scheduled basis, currently the recommend way to run these tasks is to create
a cron job that runs the commands.
There are currently three commands that could/should be run on a periodic basis:
- `notify`
- `check_revoked`
- `sync`
How often you run these commands is largely up to the user. `notify` and `check_revoked` are typically run at least once a day.
`sync` is typically run every 15 minutes.
Example cron entries::
0 22 * * * lemuruser export LEMUR_CONF=/Users/me/.lemur/lemur.conf.py; /www/lemur/bin/lemur notify
*/15 * * * * lemuruser export LEMUR_CONF=/Users/me/.lemur/lemur.conf.py; /www/lemur/bin/lemur sync -s all
0 22 * * * lemuruser export LEMUR_CONF=/Users/me/.lemur/lemur.conf.py; /www/lemur/bin/lemur check_revoked

View File

@ -243,13 +243,14 @@ See :ref:`Using Supervisor <UsingSupervisor>` for more details on using Supervis
Syncing
-------
Lemur uses periodic sync tasks to make sure it is up-to-date with its environment. As always, things can change outside of Lemur, but we do our best to reconcile those changes, for example, using Cron:
Lemur uses periodic sync tasks to make sure it is up-to-date with its environment. Things change outside of Lemur we do our best to reconcile those changes. The recommended method is to use CRON:
.. code-block:: bash
$ crontab -e
* 3 * * * lemur sync --all
* 3 * * * lemur check_revoked
*/15 * * * * lemur sync -s all
0 22 * * * lemur check_revoked
0 22 * * * lemur notify
Additional Utilities

View File

@ -30,7 +30,7 @@ from lemur.certificates.verify import verify_string
from lemur.plugins.lemur_aws import elb
from lemur.sources.service import sync
from lemur.sources.service import sync as source_sync
from lemur import create_app
@ -189,7 +189,7 @@ def generate_settings():
@manager.option('-s', '--sources', dest='labels')
def sync_sources(labels):
def sync(labels):
"""
Attempts to run several methods Certificate discovery. This is
run on a periodic basis and updates the Lemur datastore with the
@ -218,9 +218,9 @@ def sync_sources(labels):
labels = labels.split(",")
if labels[0] == 'all':
sync()
source_sync()
else:
sync(labels=labels)
source_sync(labels=labels)
sys.stdout.write(
"[+] Finished syncing sources. Run Time: {time}\n".format(