b86d6b5660
This change moves existing files. It is not meant to be the final word on how the main page looks or how the other files are organized, but it gets everything roughly into shape. If the barbican team wants to make changes, please do those as follow-up patches. Note this does not touch the api directory, this one needs to be migrated to the api-ref. This is part of the docs migration work for Pike. Change-Id: Ibb9d971806964ac185882272514ee9563089d69d
71 lines
2.9 KiB
ReStructuredText
71 lines
2.9 KiB
ReStructuredText
Database Cleaning
|
|
=================
|
|
|
|
Entries in the Barbican database are soft deleted and can build up over time.
|
|
These entries can be cleaned up with the clean up command. The command
|
|
can be used with a cron job to clean the database automatically on intervals.
|
|
|
|
|
|
Commands
|
|
--------
|
|
|
|
The command ```barbican-manage db clean``` can be used to clean up the database.
|
|
By default, it will remove soft deletions that are at least 90 days old since
|
|
deletion
|
|
|
|
```barbican-manage db clean --min-days 180``` (```-m```) will go
|
|
through the database and remove soft deleted entries that are at least 90 days
|
|
old since deletion. The default value is 90 days. Passing a value of
|
|
```--min-days 0``` will delete all soft-deleted entries up to today.
|
|
|
|
```barbican-manage db clean --clean-unassociated-projects``` (```-p```) will go
|
|
through the database and remove projects that have no associated resources.
|
|
The default value is False.
|
|
|
|
```barbican-manage db clean --soft-delete-expired-secrets``` (```-e```) will go
|
|
through the database and soft delete any secrets that are past
|
|
their expiration date. The default value is False. If ```-e``` is used along
|
|
with ```---min-days 0``` then all the expired secrets will be hard deleted.
|
|
|
|
```barbican-manage db clean --verbose``` (```-V```) will print more information
|
|
out into the terminal.
|
|
|
|
```barbican-manage db clean --log-file``` (```-L```) will set the log file
|
|
location. The creation of the log may fail if the user running the command
|
|
does not have access to the log file location or if the target directory
|
|
does not exist. The default value for log_file can be found in
|
|
```/etc/barbican/barbican.conf``` The log will contain the verbose
|
|
output from the command.
|
|
|
|
Cron Job
|
|
--------
|
|
|
|
A cron job can be created on linux systems to run at a given interval to
|
|
clean the barbican database.
|
|
|
|
Crontab
|
|
'''''''
|
|
|
|
1. Start the crontab editor ```crontab -e``` with the user that runs the clean up
|
|
command
|
|
2. Edit the crontab section to run the command at a given interval.
|
|
```<minute 0-59> <hour 0-23,0=midnight> <day 1-31> <month 1-12> <weekday 0-6, 0=Sunday> clean up command```
|
|
|
|
Crontab Examples
|
|
''''''''''''''''
|
|
|
|
```00 00 * * * barbican-manage db clean -p -e``` -Runs a job everyday at midnight
|
|
which will remove soft deleted entries that 90 days old since soft deletion,
|
|
will clean unassociated projects, and will soft delete secrets that are
|
|
expired.
|
|
|
|
```00 03 01 * * barbican-manage db clean -m 30``` -Runs a job every month at 3AM
|
|
which will remove soft deleted entries that are at least 30 days old since
|
|
deletion.
|
|
|
|
```05 01 07 * 6 barbican-manage db clean -m 180 -p -e -L /tmp/barbican-clean-command.log```
|
|
-Runs a job every month at 1:05AM on the 7th day of the month and every Saturday.
|
|
Entries that are 180 days old since soft deletion will be removed from the
|
|
database. Unassociated projects will be removed. Expired secrets will be
|
|
soft deleted. The log file will be saved to ```/tmp/barbican-clean-command.log```
|