From 5467536ad252e20177ef260d4a27ed5bfa345223 Mon Sep 17 00:00:00 2001 From: max furman Date: Mon, 12 Nov 2018 14:19:30 -0800 Subject: [PATCH] add reload documentation --- README.md | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ed1fbb31..0ad69f43 100644 --- a/README.md +++ b/README.md @@ -28,10 +28,10 @@ your local machine. ### Mac OS -Install `step-ca` via [Homebrew](https://brew.sh/): +Install `step` via [Homebrew](https://brew.sh/): ``` -brew install smallstep/smallstep/step-ca +brew install smallstep/smallstep/step ``` ### Linux @@ -231,9 +231,37 @@ $ step ca certificate "foo.example.com" foo.crt foo.key --token "$TOKEN" \ You can take a closer look at the contents of the certificate using `step certificate inspect`: ``` -step certificate inspect foo.crt +$ step certificate inspect foo.crt ``` +## Reload + +It is important that the CA be able to handle configuration changes with no downtime. +Our CA has a built in `reload` feature allowing it to: + +1. Finish processing existing connections while blocking new ones. +2. Re-read the configuration file and initialize the API. +3. Begin accepting blocked and new connections. + +The `reload` feature is triggered by sending a SIGHUP to the PID of the +Step CA process. A few important details to note when using `reload`: + +* The location of the modified configuration must be in the same location as it +was in the original invocation of the `step-ca`. So, if the original command was + +``` +$ step-ca ./.step/config/ca.json +``` + +then, upon reload, the Step CA will read it's new configuration from the same +configuration file. + +* Step CA requires the password to decrypt the intermediate certificate again +upon `reload`. You can auotmate this in one of two ways: + + * Use the `--password-file` flag in the original invocation. + * Use the toplevel `password` attribute in the `ca.json` configuration file. + ## Versioning We use [SemVer](http://semver.org/) for versioning. For the versions available,