From 6ce71e88bdcfdc343ff88ad1d4215ce026f834d3 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Sat, 8 Feb 2020 18:17:53 +0000
Subject: default to stdout log strategy

---
 samples/dtail.json.sample | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/dtail.json.sample b/samples/dtail.json.sample
index cf2c2c2..83925c6 100644
--- a/samples/dtail.json.sample
+++ b/samples/dtail.json.sample
@@ -29,7 +29,7 @@
   "Common": {
     "LogDir" : "log",
     "CacheDir" : "cache",
-    "LogStrategy": "daily",
+    "LogStrategy": "stdout",
     "SSHPort": 2222,
     "DebugEnable": false,
     "PPerfEnable": false,
-- 
cgit v1.2.3


From f2ce541c1383474b439347a22f2237c5d08899d8 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Sat, 8 Feb 2020 18:30:37 +0000
Subject: add update keycache timer examples

---
 doc/installation.md                            | 13 ++++++++++++-
 samples/dserver-update-keycache.service.sample |  6 ++++++
 samples/dserver-update-keycache.timer.sample   |  5 +++++
 3 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 samples/dserver-update-keycache.service.sample
 create mode 100644 samples/dserver-update-keycache.timer.sample

diff --git a/doc/installation.md b/doc/installation.md
index 8781130..dca7e38 100644
--- a/doc/installation.md
+++ b/doc/installation.md
@@ -77,7 +77,18 @@ To start the DTail server via ``systemd`` run:
 
 The DTail server now runs as a ``systemd`` service under system user ``dserver``. The system user ``dserver`` however has no permissions to read the SSH public keys from ``/home/USER/.ssh/authorized_keys``. Therefore, no user would be able to establish a SSH session to DTail server. As an alternative path DTail server also checks for public SSH key files in ``/var/run/dserver/cache/USER.authorized_keys``.
 
-It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.sh.sample) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job to run every once in a while.
+It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.sh.sample) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job or a systemd timer to run every once in a while.
+
+```console
+% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/update_key_cache.sh.sample |
+    sudo tee /var/run/dserver/update_key_cache.sh >/dev/null
+% sudo chmod 755 /var/run/dserver/update_key_cache.sh
+% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver-update-keycache.service.sample |
+    sudo tee /etc/systemd/system/dserver-update-keycache.service >/dev/null
+% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver-update-keycache.timer.sample |
+    sudo tee /etc/systemd/system/dserver-update-keycache.timer >/dev/null
+% sudo systemctl daemon-reload
+```
 
 # Run DTail client
 
diff --git a/samples/dserver-update-keycache.service.sample b/samples/dserver-update-keycache.service.sample
new file mode 100644
index 0000000..7e6144c
--- /dev/null
+++ b/samples/dserver-update-keycache.service.sample
@@ -0,0 +1,6 @@
+[Unit]
+Description=Refresh DServer SSH Key Cache
+
+[Service]
+Type=oneshot
+ExecStart=/var/run/dserver/update_key_cache.sh
diff --git a/samples/dserver-update-keycache.timer.sample b/samples/dserver-update-keycache.timer.sample
new file mode 100644
index 0000000..e7158ca
--- /dev/null
+++ b/samples/dserver-update-keycache.timer.sample
@@ -0,0 +1,5 @@
+[Unit]
+Description=Refresh DServer SSH Key Cache every 30 minutes.
+
+[Timer]
+OnCalendar=*:0/30
-- 
cgit v1.2.3


From 95bae52787162b869ecb021e2bbc841bb8b6a65c Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Sat, 8 Feb 2020 18:36:32 +0000
Subject: enable systemd keycache timer

---
 doc/installation.md | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/doc/installation.md b/doc/installation.md
index dca7e38..6e2c8cc 100644
--- a/doc/installation.md
+++ b/doc/installation.md
@@ -38,14 +38,14 @@ uid=670(dserver) gid=670(dserver) groups=670(dserver)
 ```console
 % sudo mkdir /etc/dserver
 % curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dtail.json.sample |
-    sudo tee /etc/dserver/dtail.json >/dev/null
+    sudo tee /etc/dserver/dtail.json
 ```
 
 5. It is recommended to configure DTail server as a service to ``systemd``. An example unit file for ``systemd`` can be found [here](../samples/dserver.service.sample).
 
 ```console
 % curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver.service.sample |
-    sudo tee /etc/systemd/system/dserver.service >/dev/null
+    sudo tee /etc/systemd/system/dserver.service
 % sudo systemctl daemon-reload
 % sudo systemctl enable dserver
 ```
@@ -77,17 +77,20 @@ To start the DTail server via ``systemd`` run:
 
 The DTail server now runs as a ``systemd`` service under system user ``dserver``. The system user ``dserver`` however has no permissions to read the SSH public keys from ``/home/USER/.ssh/authorized_keys``. Therefore, no user would be able to establish a SSH session to DTail server. As an alternative path DTail server also checks for public SSH key files in ``/var/run/dserver/cache/USER.authorized_keys``.
 
-It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.sh.sample) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job or a systemd timer to run every once in a while.
+It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.sh.sample) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job or a systemd timer to run every once in a while, e.g. every 30 minutes:
 
 ```console
 % curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/update_key_cache.sh.sample |
-    sudo tee /var/run/dserver/update_key_cache.sh >/dev/null
+    sudo tee /var/run/dserver/update_key_cache.sh
 % sudo chmod 755 /var/run/dserver/update_key_cache.sh
 % curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver-update-keycache.service.sample |
-    sudo tee /etc/systemd/system/dserver-update-keycache.service >/dev/null
+    sudo tee /etc/systemd/system/dserver-update-keycache.service
 % curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver-update-keycache.timer.sample |
-    sudo tee /etc/systemd/system/dserver-update-keycache.timer >/dev/null
+    sudo tee /etc/systemd/system/dserver-update-keycache.timer
 % sudo systemctl daemon-reload
+% sudo systemctl start dserver-update-keycache.service
+% sudo systemctl enable dserver-update-keycache.timer
+% sudo systemctl start dserver-update-keycache.timer
 ```
 
 # Run DTail client
-- 
cgit v1.2.3