1 |
commit: 84bfc434f8c894981faf7cc55ced6430ab67b159 |
2 |
Author: Graeme Lawes <graemelawes <AT> gmail <DOT> com> |
3 |
AuthorDate: Sun Jul 8 17:03:21 2018 +0000 |
4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jul 26 20:39:32 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84bfc434 |
7 |
|
8 |
sys-cluster/teleport: add v2.6.7 |
9 |
|
10 |
sys-cluster/teleport/Manifest | 1 + |
11 |
sys-cluster/teleport/files/teleport-2.6.yaml | 130 +++++++++++++++++++++++++++ |
12 |
sys-cluster/teleport/teleport-2.6.7.ebuild | 49 ++++++++++ |
13 |
3 files changed, 180 insertions(+) |
14 |
|
15 |
diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest |
16 |
index 739e3918ea0..ec5a8a5af89 100644 |
17 |
--- a/sys-cluster/teleport/Manifest |
18 |
+++ b/sys-cluster/teleport/Manifest |
19 |
@@ -3,3 +3,4 @@ DIST teleport-2.4.5.tar.gz 9975753 BLAKE2B cdb6e577cd565cf6760d73c92cac674571e9b |
20 |
DIST teleport-2.5.2.tar.gz 16211219 BLAKE2B 28d0d1bb8d01fba39e79a262744b69a9df27438b9dbb0a25cd23acd57b6004a7f2309e432c0db4188c2e023a0b0299fd64723acfd57c1328d2345bba08fff4a9 SHA512 58fad4015824b9077bbd13cc3c6a994e5a54ed367264477854da7b129eea04c4cba44a580650a259b01f390a9f2028d7501df2ac4ab4821d085bbfe1cd887ec5 |
21 |
DIST teleport-2.5.6.tar.gz 16216649 BLAKE2B e5ae8645d59df2684601dab5c222399d89b356592774365ffbca4e3f2d9ed745f2839902ee1e244c7b7eb300230d771daa754bbbbe29fc8e79f833715094d4f2 SHA512 fae1eb53ff45115551c5002745303cd0e9a044557e6e56cda870a57531700bb68e23b59d2930ac2dd654b200732edc3ed9432e1bc0e9dbf0e7529e980599a323 |
22 |
DIST teleport-2.5.8.tar.gz 16219666 BLAKE2B dd64ef4ca5b26e025e46c88d58e7ec226810b583c4b740416f6cc0caec5ea7d050c732368917ec34c5f8a36c7670d2903baa6c32203a2c5cac972e3a2b4bcbbb SHA512 070eebc889adde017641a833ee0e414c5f56848ac36fa96fb66e83062212307904e8264da758042765ba13d6a0c1b4f5314c1b0e90a2c37723ef1c0aa22889be |
23 |
+DIST teleport-2.6.7.tar.gz 16655508 BLAKE2B a020ab999b7503cb7aec54ed81532baf9d08b98000f2c659f63859d89f7f2b5fb311c41d6fcafb7d9bf72ea1c97eecfc6ac621b7c90d74f5afe2717edb8b0402 SHA512 45002dcf7b99108ca6fffae94d6608188eb9b0bea05cd14068618bfb11c496cad5546e261f349fee70f2acb574e7fc44093683dd991001e01406da6982c5c4c3 |
24 |
|
25 |
diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml |
26 |
new file mode 100644 |
27 |
index 00000000000..384dea937c9 |
28 |
--- /dev/null |
29 |
+++ b/sys-cluster/teleport/files/teleport-2.6.yaml |
30 |
@@ -0,0 +1,130 @@ |
31 |
+# By default, this file should be stored in /etc/teleport.yaml |
32 |
+## IMPORTANT ## |
33 |
+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters |
34 |
+# This section of the configuration file applies to all teleport |
35 |
+# services. |
36 |
+teleport: |
37 |
+ # nodename allows to assign an alternative name this node can be reached by. |
38 |
+ # by default it's equal to hostname |
39 |
+ # nodename: graviton |
40 |
+ |
41 |
+ # Data directory where Teleport keeps its data, like keys/users for |
42 |
+ # authentication (if using the default BoltDB back-end) |
43 |
+ data_dir: /var/lib/teleport |
44 |
+ |
45 |
+ # one-time invitation token used to join a cluster. it is not used on |
46 |
+ # subsequent starts |
47 |
+ auth_token: xxxx-token-xxxx |
48 |
+ |
49 |
+ # when running in multi-homed or NATed environments Teleport nodes need |
50 |
+ # to know which IP it will be reachable at by other nodes |
51 |
+ # public_addr: 10.1.0.5 |
52 |
+ |
53 |
+ # list of auth servers in a cluster. you will have more than one auth server |
54 |
+ # if you configure teleport auth to run in HA configuration |
55 |
+ auth_servers: |
56 |
+ - localhost:3025 |
57 |
+ |
58 |
+ # Teleport throttles all connections to avoid abuse. These settings allow |
59 |
+ # you to adjust the default limits |
60 |
+ connection_limits: |
61 |
+ max_connections: 1000 |
62 |
+ max_users: 250 |
63 |
+ |
64 |
+ # Logging configuration. Possible output values are 'stdout', 'stderr' and |
65 |
+ # 'syslog'. Possible severity values are INFO, WARN and ERROR (default). |
66 |
+ log: |
67 |
+ output: stderr |
68 |
+ severity: ERROR |
69 |
+ |
70 |
+ # Type of storage used for keys. You need to configure this to use etcd |
71 |
+ # backend if you want to run Teleport in HA configuration. |
72 |
+ storage: |
73 |
+ type: bolt |
74 |
+ |
75 |
+# This section configures the 'auth service': |
76 |
+auth_service: |
77 |
+ enabled: yes |
78 |
+ |
79 |
+ # defines the types and second factors the auth server supports |
80 |
+ authentication: |
81 |
+ # second_factor can be off, otp, or u2f |
82 |
+ second_factor: otp |
83 |
+ |
84 |
+ # this section is only used if using u2f |
85 |
+ u2f: |
86 |
+ # app_id should point to the Web UI. |
87 |
+ app_id: https://localhost:3080 |
88 |
+ |
89 |
+ # facets should list all proxy servers. |
90 |
+ facets: |
91 |
+ - https://localhost |
92 |
+ - https://localhost:3080 |
93 |
+ |
94 |
+ # IP and the port to bind to. Other Teleport nodes will be connecting to |
95 |
+ # this port (AKA "Auth API" or "Cluster API") to validate client |
96 |
+ # certificates |
97 |
+ listen_addr: 0.0.0.0:3025 |
98 |
+ |
99 |
+ # Pre-defined tokens for adding new nodes to a cluster. Each token specifies |
100 |
+ # the role a new node will be allowed to assume. The more secure way to |
101 |
+ # add nodes is to use `ttl node add --ttl` command to generate auto-expiring |
102 |
+ # tokens. |
103 |
+ # |
104 |
+ # We recommend to use tools like `pwgen` to generate sufficiently random |
105 |
+ # tokens of 32+ byte length. |
106 |
+ tokens: |
107 |
+ - "proxy,node:xxxxx" |
108 |
+ - "auth:yyyy" |
109 |
+ |
110 |
+ # Optional "cluster name" is needed when configuring trust between multiple |
111 |
+ # auth servers. A cluster name is used as part of a signature in certificates |
112 |
+ # generated by this CA. |
113 |
+ # |
114 |
+ # By default an automatically generated GUID is used. |
115 |
+ # |
116 |
+ # IMPORTANT: if you change cluster_name, it will invalidate all generated |
117 |
+ # certificates and keys (may need to wipe out /var/lib/teleport directory) |
118 |
+ cluster_name: "main" |
119 |
+ |
120 |
+# This section configures the 'node service': |
121 |
+ssh_service: |
122 |
+ enabled: yes |
123 |
+ # IP and the port for SSH service to bind to. |
124 |
+ listen_addr: 0.0.0.0:3022 |
125 |
+ # See explanation of labels in "Labeling Nodes" section below |
126 |
+ labels: |
127 |
+ role: master |
128 |
+ type: postgres |
129 |
+ # List (YAML array) of commands to periodically execute and use |
130 |
+ # their output as labels. |
131 |
+ # See explanation of how this works in "Labeling Nodes" section below |
132 |
+ commands: |
133 |
+ - name: hostname |
134 |
+ command: [/usr/bin/hostname] |
135 |
+ period: 1m0s |
136 |
+ - name: arch |
137 |
+ command: [/usr/bin/uname, -p] |
138 |
+ period: 1h0m0s |
139 |
+ |
140 |
+# This section configures the 'proxy servie' |
141 |
+proxy_service: |
142 |
+ enabled: yes |
143 |
+ # SSH forwarding/proxy address. Command line (CLI) clients always begin their |
144 |
+ # SSH sessions by connecting to this port |
145 |
+ listen_addr: 0.0.0.0:3023 |
146 |
+ |
147 |
+ # Reverse tunnel listening address. An auth server (CA) can establish an |
148 |
+ # outbound (from behind the firewall) connection to this address. |
149 |
+ # This will allow users of the outside CA to connect to behind-the-firewall |
150 |
+ # nodes. |
151 |
+ tunnel_listen_addr: 0.0.0.0:3024 |
152 |
+ |
153 |
+ # The HTTPS listen address to serve the Web UI and also to authenticate the |
154 |
+ # command line (CLI) users via password+HOTP |
155 |
+ web_listen_addr: 0.0.0.0:3080 |
156 |
+ |
157 |
+ # TLS certificate for the HTTPS connection. Configuring these properly is |
158 |
+ # critical for Teleport security. |
159 |
+ https_key_file: /etc/teleport/teleport.key |
160 |
+ https_cert_file: /etc/teleport/teleport.crt |
161 |
|
162 |
diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild |
163 |
new file mode 100644 |
164 |
index 00000000000..a187d11ee22 |
165 |
--- /dev/null |
166 |
+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild |
167 |
@@ -0,0 +1,49 @@ |
168 |
+# Copyright 1999-2018 Gentoo Foundation |
169 |
+# Distributed under the terms of the GNU General Public License v2 |
170 |
+ |
171 |
+EAPI=6 |
172 |
+inherit golang-build systemd |
173 |
+ |
174 |
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure" |
175 |
+HOMEPAGE="https://gravitational.com/teleport" |
176 |
+ |
177 |
+EGO_PN="github.com/gravitational/${PN}/..." |
178 |
+ |
179 |
+if [[ ${PV} == "9999" ]] ; then |
180 |
+ inherit git-r3 golang-vcs |
181 |
+ EGIT_REPO_URI="https://github.com/gravitational/${PN}.git" |
182 |
+else |
183 |
+ inherit golang-vcs-snapshot |
184 |
+ SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" |
185 |
+ KEYWORDS="~amd64 ~arm" |
186 |
+fi |
187 |
+ |
188 |
+IUSE="pam" |
189 |
+LICENSE="Apache-2.0" |
190 |
+RESTRICT="test strip" |
191 |
+SLOT="0" |
192 |
+ |
193 |
+DEPEND="app-arch/zip" |
194 |
+RDEPEND="pam? ( sys-libs/pam )" |
195 |
+ |
196 |
+src_compile() { |
197 |
+ BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full |
198 |
+} |
199 |
+ |
200 |
+src_install() { |
201 |
+ keepdir /var/lib/${PN} /etc/${PN} |
202 |
+ dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport} |
203 |
+ |
204 |
+ insinto /etc/${PN} |
205 |
+ newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml |
206 |
+ |
207 |
+ newinitd "${FILESDIR}"/${PN}.init.d ${PN} |
208 |
+ newconfd "${FILESDIR}"/${PN}.conf.d ${PN} |
209 |
+ |
210 |
+ systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service |
211 |
+ systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service |
212 |
+} |
213 |
+ |
214 |
+src_test() { |
215 |
+ BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test |
216 |
+} |