diff options
| author | Paul Bütow <pbuetow@mimecast.com> | 2020-02-08 18:50:39 +0000 |
|---|---|---|
| committer | Paul Bütow <pbuetow@mimecast.com> | 2020-02-08 18:50:39 +0000 |
| commit | 6c3ddb7746c062e967b44af568077f5ce2c9ec39 (patch) | |
| tree | 24dcf6ca242e7606c68128a8893eaf281f1afd61 /doc/installation.md | |
| parent | d38502e109fc3bcdac5a904f3a65a3017174058b (diff) | |
| parent | ca28ba95a74706ad3620f6a1980db45c1a92ad4a (diff) | |
Merge branch 'master' of https://github.com/mimecast/dtailv2.0.2
Diffstat (limited to 'doc/installation.md')
| -rw-r--r-- | doc/installation.md | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/doc/installation.md b/doc/installation.md index d09392f..6f946c4 100644 --- a/doc/installation.md +++ b/doc/installation.md @@ -38,14 +38,14 @@ uid=1001(dserver) 1001=670(dserver) groups=1001(dserver) ```console % sudo mkdir /etc/dserver % curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dtail.json.sample | - sudo tee /etc/dserver/dtail.json >/dev/null + sudo tee /etc/dserver/dtail.json ``` 5. It is recommended to configure DTail server as a service to ``systemd``. An example unit file for ``systemd`` can be found [here](../samples/dserver.service.sample). ```console % curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver.service.sample | - sudo tee /etc/systemd/system/dserver.service >/dev/null + sudo tee /etc/systemd/system/dserver.service % sudo systemctl daemon-reload % sudo systemctl enable dserver ``` @@ -77,7 +77,21 @@ To start the DTail server via ``systemd`` run: The DTail server now runs as a ``systemd`` service under system user ``dserver``. The system user ``dserver`` however has no permissions to read the SSH public keys from ``/home/USER/.ssh/authorized_keys``. Therefore, no user would be able to establish a SSH session to DTail server. As an alternative path DTail server also checks for public SSH key files in ``/var/run/dserver/cache/USER.authorized_keys``. -It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.sh.sample) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job to run every once in a while. +It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.sh.sample) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job or a systemd timer to run every once in a while, e.g. every 30 minutes: + +```console +% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/update_key_cache.sh.sample | + sudo tee /var/run/dserver/update_key_cache.sh +% sudo chmod 755 /var/run/dserver/update_key_cache.sh +% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver-update-keycache.service.sample | + sudo tee /etc/systemd/system/dserver-update-keycache.service +% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver-update-keycache.timer.sample | + sudo tee /etc/systemd/system/dserver-update-keycache.timer +% sudo systemctl daemon-reload +% sudo systemctl start dserver-update-keycache.service +% sudo systemctl enable dserver-update-keycache.timer +% sudo systemctl start dserver-update-keycache.timer +``` # Run DTail client |