From fc94644e28f0af3ce765ec3f87138b264125dee0 Mon Sep 17 00:00:00 2001 From: John Eckersberg Date: Wed, 18 Mar 2009 13:30:31 -0400 Subject: [certmaster] Documentation and cleanup for minion-to-minion * Add man page for certmaster-sync * Symlink certmaster-sync into triggers for post-sign and post-clean (doesn't execute by default) * Add sync_certs setting to default certmaster.conf * Create the empty /var/lib/certmaster/peers directory --- docs/certmaster-sync.pod | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 docs/certmaster-sync.pod (limited to 'docs/certmaster-sync.pod') diff --git a/docs/certmaster-sync.pod b/docs/certmaster-sync.pod new file mode 100644 index 0000000..1519387 --- /dev/null +++ b/docs/certmaster-sync.pod @@ -0,0 +1,44 @@ +=head1 NAME + +certmaster-sync -- syncronize client certificates with Func. + +=head1 SYNOPSIS + +certmaster-sync [-f|--force] + +=head1 DESCRIPTION + +certmaster-sync syncronizes client certificates amongst certmaster clients via Func. It is assumed that the hosts who have requested certificates are reachable via Func for syncronization operations. + +certmaster-sync by default is called as a post-sign and post-clean trigger. In order to enable syncronization you must set B to B, see B below. + +The syncronization occurs by querying remote Func methods in B on the minion hosts. This will gather information, copy any new certificates, and remove any certificates that have been cleaned. + +=head1 OPTIONS + +=over + +=item -f, --force + +Override the configuration value for B in F + +=back + +=head1 CONFIGURATION VALUES + +=over + +=item sync_certs + +B determines whether or not the script will actually syncronize or if it will exit with no operation. You can use -f|--force to override this configuration value. (Default: False) + +=back + +=head1 ADDITONAL RESOURCES + +See https://fedorahosted.org/certmaster. It's a Wiki. +See also https://fedorahosted.org/func + +=head1 AUTHOR + +John Eckersberg -- cgit