Merge pull request #292 from kevgliss/docs
Fixes #285 Renames sync_sources function to sync to align documentation.
This commit is contained in:
commit
c914ba946f
|
@ -588,24 +588,33 @@ All commands default to `~/.lemur/lemur.conf.py` if a configuration is not speci
|
||||||
|
|
||||||
Traverses every certificate that Lemur is aware of and attempts to understand its validity.
|
Traverses every certificate that Lemur is aware of and attempts to understand its validity.
|
||||||
It utilizes both OCSP and CRL. If Lemur is unable to come to a conclusion about a certificates
|
It utilizes both OCSP and CRL. If Lemur is unable to come to a conclusion about a certificates
|
||||||
validity its status is marked 'unknown'
|
validity its status is marked 'unknown'.
|
||||||
|
|
||||||
|
|
||||||
.. data:: sync
|
.. data:: sync
|
||||||
|
|
||||||
Sync attempts to discover certificates in the environment that were not created by Lemur. If you wish to only sync
|
Sync attempts to discover certificates in the environment that were not created by Lemur. If you wish to only sync
|
||||||
a few sources you can pass a comma delimited list of sources to sync
|
a few sources you can pass a comma delimited list of sources to sync.
|
||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
lemur sync source1,source2
|
lemur sync -s source1,source2
|
||||||
|
|
||||||
|
|
||||||
Additionally you can also list the available sources that Lemur can sync
|
Additionally you can also list the available sources that Lemur can sync.
|
||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
lemur sync -list
|
lemur sync
|
||||||
|
|
||||||
|
|
||||||
|
.. data:: notify
|
||||||
|
|
||||||
|
Will traverse all current notifications and see if any of them need to be triggered.
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
lemur notify
|
||||||
|
|
||||||
|
|
||||||
Sub-commands
|
Sub-commands
|
||||||
|
|
|
@ -295,3 +295,25 @@ Then you can manage the process by running::
|
||||||
It will start a shell from which you can start/stop/restart the service.
|
It will start a shell from which you can start/stop/restart the service.
|
||||||
|
|
||||||
You can read all errors that might occur from /tmp/lemur.log.
|
You can read all errors that might occur from /tmp/lemur.log.
|
||||||
|
|
||||||
|
|
||||||
|
Periodic Tasks
|
||||||
|
==============
|
||||||
|
|
||||||
|
Lemur contains a few tasks that are run and scheduled basis, currently the recommend way to run these tasks is to create
|
||||||
|
a cron job that runs the commands.
|
||||||
|
|
||||||
|
There are currently three commands that could/should be run on a periodic basis:
|
||||||
|
|
||||||
|
- `notify`
|
||||||
|
- `check_revoked`
|
||||||
|
- `sync`
|
||||||
|
|
||||||
|
How often you run these commands is largely up to the user. `notify` and `check_revoked` are typically run at least once a day.
|
||||||
|
`sync` is typically run every 15 minutes.
|
||||||
|
|
||||||
|
Example cron entries::
|
||||||
|
|
||||||
|
0 22 * * * lemuruser export LEMUR_CONF=/Users/me/.lemur/lemur.conf.py; /www/lemur/bin/lemur notify
|
||||||
|
*/15 * * * * lemuruser export LEMUR_CONF=/Users/me/.lemur/lemur.conf.py; /www/lemur/bin/lemur sync -s all
|
||||||
|
0 22 * * * lemuruser export LEMUR_CONF=/Users/me/.lemur/lemur.conf.py; /www/lemur/bin/lemur check_revoked
|
|
@ -243,13 +243,14 @@ See :ref:`Using Supervisor <UsingSupervisor>` for more details on using Supervis
|
||||||
Syncing
|
Syncing
|
||||||
-------
|
-------
|
||||||
|
|
||||||
Lemur uses periodic sync tasks to make sure it is up-to-date with its environment. As always, things can change outside of Lemur, but we do our best to reconcile those changes, for example, using Cron:
|
Lemur uses periodic sync tasks to make sure it is up-to-date with its environment. Things change outside of Lemur we do our best to reconcile those changes. The recommended method is to use CRON:
|
||||||
|
|
||||||
.. code-block:: bash
|
.. code-block:: bash
|
||||||
|
|
||||||
$ crontab -e
|
$ crontab -e
|
||||||
* 3 * * * lemur sync --all
|
*/15 * * * * lemur sync -s all
|
||||||
* 3 * * * lemur check_revoked
|
0 22 * * * lemur check_revoked
|
||||||
|
0 22 * * * lemur notify
|
||||||
|
|
||||||
|
|
||||||
Additional Utilities
|
Additional Utilities
|
||||||
|
|
|
@ -30,7 +30,7 @@ from lemur.certificates.verify import verify_string
|
||||||
|
|
||||||
from lemur.plugins.lemur_aws import elb
|
from lemur.plugins.lemur_aws import elb
|
||||||
|
|
||||||
from lemur.sources.service import sync
|
from lemur.sources.service import sync as source_sync
|
||||||
|
|
||||||
from lemur import create_app
|
from lemur import create_app
|
||||||
|
|
||||||
|
@ -189,7 +189,7 @@ def generate_settings():
|
||||||
|
|
||||||
|
|
||||||
@manager.option('-s', '--sources', dest='labels')
|
@manager.option('-s', '--sources', dest='labels')
|
||||||
def sync_sources(labels):
|
def sync(labels):
|
||||||
"""
|
"""
|
||||||
Attempts to run several methods Certificate discovery. This is
|
Attempts to run several methods Certificate discovery. This is
|
||||||
run on a periodic basis and updates the Lemur datastore with the
|
run on a periodic basis and updates the Lemur datastore with the
|
||||||
|
@ -218,9 +218,9 @@ def sync_sources(labels):
|
||||||
labels = labels.split(",")
|
labels = labels.split(",")
|
||||||
|
|
||||||
if labels[0] == 'all':
|
if labels[0] == 'all':
|
||||||
sync()
|
source_sync()
|
||||||
else:
|
else:
|
||||||
sync(labels=labels)
|
source_sync(labels=labels)
|
||||||
|
|
||||||
sys.stdout.write(
|
sys.stdout.write(
|
||||||
"[+] Finished syncing sources. Run Time: {time}\n".format(
|
"[+] Finished syncing sources. Run Time: {time}\n".format(
|
||||||
|
|
Loading…
Reference in New Issue