[gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/ - gentoo-commits

From:	"Michał Górny" <mgorny@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
Date:	Thu, 26 Jul 2018 20:39:44
Message-Id:	`1532637572.84bfc434f8c894981faf7cc55ced6430ab67b159.mgorny@gentoo`

1

commit:     84bfc434f8c894981faf7cc55ced6430ab67b159

2

Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>

3

AuthorDate: Sun Jul  8 17:03:21 2018 +0000

4

Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>

5

CommitDate: Thu Jul 26 20:39:32 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84bfc434

7

8

sys-cluster/teleport: add v2.6.7

9

10

 sys-cluster/teleport/Manifest                |   1 +

11

 sys-cluster/teleport/files/teleport-2.6.yaml | 130 +++++++++++++++++++++++++++

12

 sys-cluster/teleport/teleport-2.6.7.ebuild   |  49 ++++++++++

13

 3 files changed, 180 insertions(+)

14

15

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest

16

index 739e3918ea0..ec5a8a5af89 100644

17

--- a/sys-cluster/teleport/Manifest

18

+++ b/sys-cluster/teleport/Manifest

19

@@ -3,3 +3,4 @@ DIST teleport-2.4.5.tar.gz 9975753 BLAKE2B cdb6e577cd565cf6760d73c92cac674571e9b

20

 DIST teleport-2.5.2.tar.gz 16211219 BLAKE2B 28d0d1bb8d01fba39e79a262744b69a9df27438b9dbb0a25cd23acd57b6004a7f2309e432c0db4188c2e023a0b0299fd64723acfd57c1328d2345bba08fff4a9 SHA512 58fad4015824b9077bbd13cc3c6a994e5a54ed367264477854da7b129eea04c4cba44a580650a259b01f390a9f2028d7501df2ac4ab4821d085bbfe1cd887ec5

21

 DIST teleport-2.5.6.tar.gz 16216649 BLAKE2B e5ae8645d59df2684601dab5c222399d89b356592774365ffbca4e3f2d9ed745f2839902ee1e244c7b7eb300230d771daa754bbbbe29fc8e79f833715094d4f2 SHA512 fae1eb53ff45115551c5002745303cd0e9a044557e6e56cda870a57531700bb68e23b59d2930ac2dd654b200732edc3ed9432e1bc0e9dbf0e7529e980599a323

22

 DIST teleport-2.5.8.tar.gz 16219666 BLAKE2B dd64ef4ca5b26e025e46c88d58e7ec226810b583c4b740416f6cc0caec5ea7d050c732368917ec34c5f8a36c7670d2903baa6c32203a2c5cac972e3a2b4bcbbb SHA512 070eebc889adde017641a833ee0e414c5f56848ac36fa96fb66e83062212307904e8264da758042765ba13d6a0c1b4f5314c1b0e90a2c37723ef1c0aa22889be

23

+DIST teleport-2.6.7.tar.gz 16655508 BLAKE2B a020ab999b7503cb7aec54ed81532baf9d08b98000f2c659f63859d89f7f2b5fb311c41d6fcafb7d9bf72ea1c97eecfc6ac621b7c90d74f5afe2717edb8b0402 SHA512 45002dcf7b99108ca6fffae94d6608188eb9b0bea05cd14068618bfb11c496cad5546e261f349fee70f2acb574e7fc44093683dd991001e01406da6982c5c4c3

24

25

diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml

26

new file mode 100644

27

index 00000000000..384dea937c9

28

--- /dev/null

29

+++ b/sys-cluster/teleport/files/teleport-2.6.yaml

30

@@ -0,0 +1,130 @@

31

+# By default, this file should be stored in /etc/teleport.yaml

32

+## IMPORTANT ##

33

+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters

34

+# This section of the configuration file applies to all teleport

35

+# services.

36

+teleport:

37

+    # nodename allows to assign an alternative name this node can be reached by.

38

+    # by default it's equal to hostname

39

+    # nodename: graviton

40

+

41

+    # Data directory where Teleport keeps its data, like keys/users for 

42

+    # authentication (if using the default BoltDB back-end)

43

+    data_dir: /var/lib/teleport

44

+

45

+    # one-time invitation token used to join a cluster. it is not used on 

46

+    # subsequent starts

47

+    auth_token: xxxx-token-xxxx

48

+

49

+    # when running in multi-homed or NATed environments Teleport nodes need 

50

+    # to know which IP it will be reachable at by other nodes

51

+    # public_addr: 10.1.0.5

52

+

53

+    # list of auth servers in a cluster. you will have more than one auth server

54

+    # if you configure teleport auth to run in HA configuration

55

+    auth_servers: 

56

+        - localhost:3025

57

+

58

+    # Teleport throttles all connections to avoid abuse. These settings allow

59

+    # you to adjust the default limits

60

+    connection_limits:

61

+        max_connections: 1000

62

+        max_users: 250

63

+

64

+    # Logging configuration. Possible output values are 'stdout', 'stderr' and 

65

+    # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).

66

+    log:

67

+        output: stderr

68

+        severity: ERROR

69

+

70

+    # Type of storage used for keys. You need to configure this to use etcd

71

+    # backend if you want to run Teleport in HA configuration.

72

+    storage:

73

+        type: bolt

74

+

75

+# This section configures the 'auth service':

76

+auth_service:

77

+    enabled: yes

78

+

79

+    # defines the types and second factors the auth server supports

80

+    authentication:

81

+        # second_factor can be off, otp, or u2f

82

+        second_factor: otp

83

+

84

+        # this section is only used if using u2f

85

+        u2f:

86

+            # app_id should point to the Web UI.

87

+            app_id: https://localhost:3080

88

+

89

+            # facets should list all proxy servers.

90

+            facets:

91

+            - https://localhost

92

+            - https://localhost:3080

93

+

94

+    # IP and the port to bind to. Other Teleport nodes will be connecting to

95

+    # this port (AKA "Auth API" or "Cluster API") to validate client 

96

+    # certificates 

97

+    listen_addr: 0.0.0.0:3025

98

+

99

+    # Pre-defined tokens for adding new nodes to a cluster. Each token specifies

100

+    # the role a new node will be allowed to assume. The more secure way to 

101

+    # add nodes is to use `ttl node add --ttl` command to generate auto-expiring 

102

+    # tokens. 

103

+    #

104

+    # We recommend to use tools like `pwgen` to generate sufficiently random

105

+    # tokens of 32+ byte length.

106

+    tokens:

107

+        - "proxy,node:xxxxx"

108

+        - "auth:yyyy"

109

+

110

+    # Optional "cluster name" is needed when configuring trust between multiple

111

+    # auth servers. A cluster name is used as part of a signature in certificates

112

+    # generated by this CA.

113

+    # 

114

+    # By default an automatically generated GUID is used.

115

+    #

116

+    # IMPORTANT: if you change cluster_name, it will invalidate all generated 

117

+    # certificates and keys (may need to wipe out /var/lib/teleport directory)

118

+    cluster_name: "main"

119

+

120

+# This section configures the 'node service':

121

+ssh_service:

122

+    enabled: yes

123

+    # IP and the port for SSH service to bind to. 

124

+    listen_addr: 0.0.0.0:3022

125

+    # See explanation of labels in "Labeling Nodes" section below

126

+    labels:

127

+        role: master

128

+        type: postgres

129

+    # List (YAML array) of commands to periodically execute and use

130

+    # their output as labels. 

131

+    # See explanation of how this works in "Labeling Nodes" section below

132

+    commands:

133

+    - name: hostname

134

+      command: [/usr/bin/hostname]

135

+      period: 1m0s

136

+    - name: arch

137

+      command: [/usr/bin/uname, -p]

138

+      period: 1h0m0s

139

+

140

+# This section configures the 'proxy servie'

141

+proxy_service:

142

+    enabled: yes

143

+    # SSH forwarding/proxy address. Command line (CLI) clients always begin their

144

+    # SSH sessions by connecting to this port

145

+    listen_addr: 0.0.0.0:3023

146

+

147

+    # Reverse tunnel listening address. An auth server (CA) can establish an 

148

+    # outbound (from behind the firewall) connection to this address. 

149

+    # This will allow users of the outside CA to connect to behind-the-firewall 

150

+    # nodes.

151

+    tunnel_listen_addr: 0.0.0.0:3024

152

+

153

+    # The HTTPS listen address to serve the Web UI and also to authenticate the 

154

+    # command line (CLI) users via password+HOTP

155

+    web_listen_addr: 0.0.0.0:3080

156

+

157

+    # TLS certificate for the HTTPS connection. Configuring these properly is 

158

+    # critical for Teleport security.

159

+    https_key_file: /etc/teleport/teleport.key

160

+    https_cert_file: /etc/teleport/teleport.crt

161

162

diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild

163

new file mode 100644

164

index 00000000000..a187d11ee22

165

--- /dev/null

166

+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild

167

@@ -0,0 +1,49 @@

168

+# Copyright 1999-2018 Gentoo Foundation

169

+# Distributed under the terms of the GNU General Public License v2

170

+

171

+EAPI=6

172

+inherit golang-build systemd

173

+

174

+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"

175

+HOMEPAGE="https://gravitational.com/teleport"

176

+

177

+EGO_PN="github.com/gravitational/${PN}/..."

178

+

179

+if [[ ${PV} == "9999" ]] ; then

180

+	inherit git-r3 golang-vcs

181

+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"

182

+else

183

+	inherit golang-vcs-snapshot

184

+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"

185

+	KEYWORDS="~amd64 ~arm"

186

+fi

187

+

188

+IUSE="pam"

189

+LICENSE="Apache-2.0"

190

+RESTRICT="test strip"

191

+SLOT="0"

192

+

193

+DEPEND="app-arch/zip"

194

+RDEPEND="pam? ( sys-libs/pam )"

195

+

196

+src_compile() {

197

+	BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full

198

+}

199

+

200

+src_install() {

201

+	keepdir /var/lib/${PN} /etc/${PN}

202

+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}

203

+

204

+	insinto /etc/${PN}

205

+	newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml

206

+

207

+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}

208

+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}

209

+

210

+	systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service

211

+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service

212

+}

213

+

214

+src_test() {

215

+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test

216

+}

1	commit: 84bfc434f8c894981faf7cc55ced6430ab67b159
2	Author: Graeme Lawes <graemelawes <AT> gmail <DOT> com>
3	AuthorDate: Sun Jul 8 17:03:21 2018 +0000
4	Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
5	CommitDate: Thu Jul 26 20:39:32 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84bfc434
7
8	sys-cluster/teleport: add v2.6.7
9
10	sys-cluster/teleport/Manifest \| 1 +
11	sys-cluster/teleport/files/teleport-2.6.yaml \| 130 +++++++++++++++++++++++++++
12	sys-cluster/teleport/teleport-2.6.7.ebuild \| 49 ++++++++++
13	3 files changed, 180 insertions(+)
14
15	diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
16	index 739e3918ea0..ec5a8a5af89 100644
17	--- a/sys-cluster/teleport/Manifest
18	+++ b/sys-cluster/teleport/Manifest
19	@@ -3,3 +3,4 @@ DIST teleport-2.4.5.tar.gz 9975753 BLAKE2B cdb6e577cd565cf6760d73c92cac674571e9b
20	DIST teleport-2.5.2.tar.gz 16211219 BLAKE2B 28d0d1bb8d01fba39e79a262744b69a9df27438b9dbb0a25cd23acd57b6004a7f2309e432c0db4188c2e023a0b0299fd64723acfd57c1328d2345bba08fff4a9 SHA512 58fad4015824b9077bbd13cc3c6a994e5a54ed367264477854da7b129eea04c4cba44a580650a259b01f390a9f2028d7501df2ac4ab4821d085bbfe1cd887ec5
21	DIST teleport-2.5.6.tar.gz 16216649 BLAKE2B e5ae8645d59df2684601dab5c222399d89b356592774365ffbca4e3f2d9ed745f2839902ee1e244c7b7eb300230d771daa754bbbbe29fc8e79f833715094d4f2 SHA512 fae1eb53ff45115551c5002745303cd0e9a044557e6e56cda870a57531700bb68e23b59d2930ac2dd654b200732edc3ed9432e1bc0e9dbf0e7529e980599a323
22	DIST teleport-2.5.8.tar.gz 16219666 BLAKE2B dd64ef4ca5b26e025e46c88d58e7ec226810b583c4b740416f6cc0caec5ea7d050c732368917ec34c5f8a36c7670d2903baa6c32203a2c5cac972e3a2b4bcbbb SHA512 070eebc889adde017641a833ee0e414c5f56848ac36fa96fb66e83062212307904e8264da758042765ba13d6a0c1b4f5314c1b0e90a2c37723ef1c0aa22889be
23	+DIST teleport-2.6.7.tar.gz 16655508 BLAKE2B a020ab999b7503cb7aec54ed81532baf9d08b98000f2c659f63859d89f7f2b5fb311c41d6fcafb7d9bf72ea1c97eecfc6ac621b7c90d74f5afe2717edb8b0402 SHA512 45002dcf7b99108ca6fffae94d6608188eb9b0bea05cd14068618bfb11c496cad5546e261f349fee70f2acb574e7fc44093683dd991001e01406da6982c5c4c3
24
25	diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml
26	new file mode 100644
27	index 00000000000..384dea937c9
28	--- /dev/null
29	+++ b/sys-cluster/teleport/files/teleport-2.6.yaml
30	@@ -0,0 +1,130 @@
31	+# By default, this file should be stored in /etc/teleport.yaml
32	+## IMPORTANT ##
33	+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
34	+# This section of the configuration file applies to all teleport
35	+# services.
36	+teleport:
37	+ # nodename allows to assign an alternative name this node can be reached by.
38	+ # by default it's equal to hostname
39	+ # nodename: graviton
40	+
41	+ # Data directory where Teleport keeps its data, like keys/users for
42	+ # authentication (if using the default BoltDB back-end)
43	+ data_dir: /var/lib/teleport
44	+
45	+ # one-time invitation token used to join a cluster. it is not used on
46	+ # subsequent starts
47	+ auth_token: xxxx-token-xxxx
48	+
49	+ # when running in multi-homed or NATed environments Teleport nodes need
50	+ # to know which IP it will be reachable at by other nodes
51	+ # public_addr: 10.1.0.5
52	+
53	+ # list of auth servers in a cluster. you will have more than one auth server
54	+ # if you configure teleport auth to run in HA configuration
55	+ auth_servers:
56	+ - localhost:3025
57	+
58	+ # Teleport throttles all connections to avoid abuse. These settings allow
59	+ # you to adjust the default limits
60	+ connection_limits:
61	+ max_connections: 1000
62	+ max_users: 250
63	+
64	+ # Logging configuration. Possible output values are 'stdout', 'stderr' and
65	+ # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
66	+ log:
67	+ output: stderr
68	+ severity: ERROR
69	+
70	+ # Type of storage used for keys. You need to configure this to use etcd
71	+ # backend if you want to run Teleport in HA configuration.
72	+ storage:
73	+ type: bolt
74	+
75	+# This section configures the 'auth service':
76	+auth_service:
77	+ enabled: yes
78	+
79	+ # defines the types and second factors the auth server supports
80	+ authentication:
81	+ # second_factor can be off, otp, or u2f
82	+ second_factor: otp
83	+
84	+ # this section is only used if using u2f
85	+ u2f:
86	+ # app_id should point to the Web UI.
87	+ app_id: https://localhost:3080
88	+
89	+ # facets should list all proxy servers.
90	+ facets:
91	+ - https://localhost
92	+ - https://localhost:3080
93	+
94	+ # IP and the port to bind to. Other Teleport nodes will be connecting to
95	+ # this port (AKA "Auth API" or "Cluster API") to validate client
96	+ # certificates
97	+ listen_addr: 0.0.0.0:3025
98	+
99	+ # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
100	+ # the role a new node will be allowed to assume. The more secure way to
101	+ # add nodes is to use `ttl node add --ttl` command to generate auto-expiring
102	+ # tokens.
103	+ #
104	+ # We recommend to use tools like `pwgen` to generate sufficiently random
105	+ # tokens of 32+ byte length.
106	+ tokens:
107	+ - "proxy,node:xxxxx"
108	+ - "auth:yyyy"
109	+
110	+ # Optional "cluster name" is needed when configuring trust between multiple
111	+ # auth servers. A cluster name is used as part of a signature in certificates
112	+ # generated by this CA.
113	+ #
114	+ # By default an automatically generated GUID is used.
115	+ #
116	+ # IMPORTANT: if you change cluster_name, it will invalidate all generated
117	+ # certificates and keys (may need to wipe out /var/lib/teleport directory)
118	+ cluster_name: "main"
119	+
120	+# This section configures the 'node service':
121	+ssh_service:
122	+ enabled: yes
123	+ # IP and the port for SSH service to bind to.
124	+ listen_addr: 0.0.0.0:3022
125	+ # See explanation of labels in "Labeling Nodes" section below
126	+ labels:
127	+ role: master
128	+ type: postgres
129	+ # List (YAML array) of commands to periodically execute and use
130	+ # their output as labels.
131	+ # See explanation of how this works in "Labeling Nodes" section below
132	+ commands:
133	+ - name: hostname
134	+ command: [/usr/bin/hostname]
135	+ period: 1m0s
136	+ - name: arch
137	+ command: [/usr/bin/uname, -p]
138	+ period: 1h0m0s
139	+
140	+# This section configures the 'proxy servie'
141	+proxy_service:
142	+ enabled: yes
143	+ # SSH forwarding/proxy address. Command line (CLI) clients always begin their
144	+ # SSH sessions by connecting to this port
145	+ listen_addr: 0.0.0.0:3023
146	+
147	+ # Reverse tunnel listening address. An auth server (CA) can establish an
148	+ # outbound (from behind the firewall) connection to this address.
149	+ # This will allow users of the outside CA to connect to behind-the-firewall
150	+ # nodes.
151	+ tunnel_listen_addr: 0.0.0.0:3024
152	+
153	+ # The HTTPS listen address to serve the Web UI and also to authenticate the
154	+ # command line (CLI) users via password+HOTP
155	+ web_listen_addr: 0.0.0.0:3080
156	+
157	+ # TLS certificate for the HTTPS connection. Configuring these properly is
158	+ # critical for Teleport security.
159	+ https_key_file: /etc/teleport/teleport.key
160	+ https_cert_file: /etc/teleport/teleport.crt
161
162	diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild
163	new file mode 100644
164	index 00000000000..a187d11ee22
165	--- /dev/null
166	+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild
167	@@ -0,0 +1,49 @@
168	+# Copyright 1999-2018 Gentoo Foundation
169	+# Distributed under the terms of the GNU General Public License v2
170	+
171	+EAPI=6
172	+inherit golang-build systemd
173	+
174	+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
175	+HOMEPAGE="https://gravitational.com/teleport"
176	+
177	+EGO_PN="github.com/gravitational/${PN}/..."
178	+
179	+if [[ ${PV} == "9999" ]] ; then
180	+ inherit git-r3 golang-vcs
181	+ EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
182	+else
183	+ inherit golang-vcs-snapshot
184	+ SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
185	+ KEYWORDS="~amd64 ~arm"
186	+fi
187	+
188	+IUSE="pam"
189	+LICENSE="Apache-2.0"
190	+RESTRICT="test strip"
191	+SLOT="0"
192	+
193	+DEPEND="app-arch/zip"
194	+RDEPEND="pam? ( sys-libs/pam )"
195	+
196	+src_compile() {
197	+ BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
198	+}
199	+
200	+src_install() {
201	+ keepdir /var/lib/${PN} /etc/${PN}
202	+ dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
203	+
204	+ insinto /etc/${PN}
205	+ newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml
206	+
207	+ newinitd "${FILESDIR}"/${PN}.init.d ${PN}
208	+ newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
209	+
210	+ systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service
211	+ systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
212	+}
213	+
214	+src_test() {
215	+ BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
216	+}

Gentoo Archives: gentoo-commits