pod2man --center="certmaster-request" --release="" ./docs/certmaster-request.pod | gzip -c > ./docs/certmaster-request.1.gz
pod2man --center="certmaster" --release="" ./docs/certmaster.pod | gzip -c > ./docs/certmaster.1.gz
pod2man --center="certmaster-ca" --release="" ./docs/certmaster-ca.pod | gzip -c > ./docs/certmaster-ca.1.gz
+ pod2man --center="certmaster-sync" --release="" ./docs/certmaster-sync.pod | gzip -c > ./docs/certmaster-sync.1.gz
messages: certmaster/*.py
touch $(MESSAGESPOT)
%install
test "x$RPM_BUILD_ROOT" != "x" && rm -rf $RPM_BUILD_ROOT
%{__python} setup.py install --prefix=/usr --root=$RPM_BUILD_ROOT
+ln -s %{_bindir}/certmaster-sync $RPM_BUILD_ROOT/var/lib/certmaster/triggers/sign/post/certmaster-sync
+ln -s %{_bindir}/certmaster-sync $RPM_BUILD_ROOT/var/lib/certmaster/triggers/remove/post/certmaster-sync
%clean
rm -fr $RPM_BUILD_ROOT
%dir /var/lib/certmaster/triggers/remove/
%dir /var/lib/certmaster/triggers/remove/pre
%dir /var/lib/certmaster/triggers/remove/post
+/var/lib/certmaster/triggers/sign/post/certmaster-sync
+/var/lib/certmaster/triggers/remove/post/certmaster-sync
%doc AUTHORS README LICENSE
%{_mandir}/man1/*.1.gz
--- /dev/null
+=head1 NAME
+
+certmaster-sync -- syncronize client certificates with Func.
+
+=head1 SYNOPSIS
+
+certmaster-sync [-f|--force]
+
+=head1 DESCRIPTION
+
+certmaster-sync syncronizes client certificates amongst certmaster clients via Func. It is assumed that the hosts who have requested certificates are reachable via Func for syncronization operations.
+
+certmaster-sync by default is called as a post-sign and post-clean trigger. In order to enable syncronization you must set B<sync_certs> to B<True>, see B<CONFIGURATION VALUES> below.
+
+The syncronization occurs by querying remote Func methods in B<certmastermod> on the minion hosts. This will gather information, copy any new certificates, and remove any certificates that have been cleaned.
+
+=head1 OPTIONS
+
+=over
+
+=item -f, --force
+
+Override the configuration value for B<sync_certs> in F</etc/certmaster/certmaster.conf>
+
+=back
+
+=head1 CONFIGURATION VALUES
+
+=over
+
+=item sync_certs
+
+B<sync_certs> determines whether or not the script will actually syncronize or if it will exit with no operation. You can use -f|--force to override this configuration value. (Default: False)
+
+=back
+
+=head1 ADDITONAL RESOURCES
+
+See https://fedorahosted.org/certmaster. It's a Wiki.
+See also https://fedorahosted.org/func
+
+=head1 AUTHOR
+
+John Eckersberg <jeckersb@redhat.com>
certroot = /var/lib/certmaster/certmaster/certs
csrroot = /var/lib/certmaster/certmaster/csrs
cert_extension = cert
-
+sync_certs = False
(manpath, ["docs/certmaster.1.gz"]),
(manpath, ["docs/certmaster-request.1.gz"]),
(manpath, ["docs/certmaster-ca.1.gz"]),
+ (manpath, ["docs/certmaster-sync.1.gz"]),
(rotpath, ['etc/certmaster_rotate']),
(logpath, []),
(certdir, []),
(etcpath, []),
(pkipath, []),
(aclpath, []),
+ ("%s/peers" % certdir, []),
("%s/sign/pre/" % trigpath, []),
("%s/sign/post/" % trigpath, []),
("%s/remove/pre/" % trigpath, []),