[gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/ - gentoo-commits

From:	Patrice Clement <monsieurp@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
Date:	Sun, 05 Aug 2018 21:48:10
Message-Id:	`1533505643.e56f33fdbeffc8937b2afa7e7a138a8d62632c65.monsieurp@gentoo`

1

commit:     e56f33fdbeffc8937b2afa7e7a138a8d62632c65

2

Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>

3

AuthorDate: Sun Aug  5 03:42:50 2018 +0000

4

Commit:     Patrice Clement <monsieurp <AT> gentoo <DOT> org>

5

CommitDate: Sun Aug  5 21:47:23 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e56f33fd

7

8

sys-cluster/teleport: rename configuration file.

9

10

Teleport 2.5 (removed) had different configuration options, revert back

11

to using standard teleport.yaml filename as config file source

12

13

 sys-cluster/teleport/files/teleport-2.6.yaml | 130 ---------------------------

14

 sys-cluster/teleport/files/teleport.yaml     |  18 +---

15

 sys-cluster/teleport/teleport-2.6.7.ebuild   |   2 +-

16

 3 files changed, 4 insertions(+), 146 deletions(-)

17

18

diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml

19

deleted file mode 100644

20

index 384dea937c9..00000000000

21

--- a/sys-cluster/teleport/files/teleport-2.6.yaml

22

+++ /dev/null

23

@@ -1,130 +0,0 @@

24

-# By default, this file should be stored in /etc/teleport.yaml

25

-## IMPORTANT ##

26

-#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters

27

-# This section of the configuration file applies to all teleport

28

-# services.

29

-teleport:

30

-    # nodename allows to assign an alternative name this node can be reached by.

31

-    # by default it's equal to hostname

32

-    # nodename: graviton

33

-

34

-    # Data directory where Teleport keeps its data, like keys/users for 

35

-    # authentication (if using the default BoltDB back-end)

36

-    data_dir: /var/lib/teleport

37

-

38

-    # one-time invitation token used to join a cluster. it is not used on 

39

-    # subsequent starts

40

-    auth_token: xxxx-token-xxxx

41

-

42

-    # when running in multi-homed or NATed environments Teleport nodes need 

43

-    # to know which IP it will be reachable at by other nodes

44

-    # public_addr: 10.1.0.5

45

-

46

-    # list of auth servers in a cluster. you will have more than one auth server

47

-    # if you configure teleport auth to run in HA configuration

48

-    auth_servers: 

49

-        - localhost:3025

50

-

51

-    # Teleport throttles all connections to avoid abuse. These settings allow

52

-    # you to adjust the default limits

53

-    connection_limits:

54

-        max_connections: 1000

55

-        max_users: 250

56

-

57

-    # Logging configuration. Possible output values are 'stdout', 'stderr' and 

58

-    # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).

59

-    log:

60

-        output: stderr

61

-        severity: ERROR

62

-

63

-    # Type of storage used for keys. You need to configure this to use etcd

64

-    # backend if you want to run Teleport in HA configuration.

65

-    storage:

66

-        type: bolt

67

-

68

-# This section configures the 'auth service':

69

-auth_service:

70

-    enabled: yes

71

-

72

-    # defines the types and second factors the auth server supports

73

-    authentication:

74

-        # second_factor can be off, otp, or u2f

75

-        second_factor: otp

76

-

77

-        # this section is only used if using u2f

78

-        u2f:

79

-            # app_id should point to the Web UI.

80

-            app_id: https://localhost:3080

81

-

82

-            # facets should list all proxy servers.

83

-            facets:

84

-            - https://localhost

85

-            - https://localhost:3080

86

-

87

-    # IP and the port to bind to. Other Teleport nodes will be connecting to

88

-    # this port (AKA "Auth API" or "Cluster API") to validate client 

89

-    # certificates 

90

-    listen_addr: 0.0.0.0:3025

91

-

92

-    # Pre-defined tokens for adding new nodes to a cluster. Each token specifies

93

-    # the role a new node will be allowed to assume. The more secure way to 

94

-    # add nodes is to use `ttl node add --ttl` command to generate auto-expiring 

95

-    # tokens. 

96

-    #

97

-    # We recommend to use tools like `pwgen` to generate sufficiently random

98

-    # tokens of 32+ byte length.

99

-    tokens:

100

-        - "proxy,node:xxxxx"

101

-        - "auth:yyyy"

102

-

103

-    # Optional "cluster name" is needed when configuring trust between multiple

104

-    # auth servers. A cluster name is used as part of a signature in certificates

105

-    # generated by this CA.

106

-    # 

107

-    # By default an automatically generated GUID is used.

108

-    #

109

-    # IMPORTANT: if you change cluster_name, it will invalidate all generated 

110

-    # certificates and keys (may need to wipe out /var/lib/teleport directory)

111

-    cluster_name: "main"

112

-

113

-# This section configures the 'node service':

114

-ssh_service:

115

-    enabled: yes

116

-    # IP and the port for SSH service to bind to. 

117

-    listen_addr: 0.0.0.0:3022

118

-    # See explanation of labels in "Labeling Nodes" section below

119

-    labels:

120

-        role: master

121

-        type: postgres

122

-    # List (YAML array) of commands to periodically execute and use

123

-    # their output as labels. 

124

-    # See explanation of how this works in "Labeling Nodes" section below

125

-    commands:

126

-    - name: hostname

127

-      command: [/usr/bin/hostname]

128

-      period: 1m0s

129

-    - name: arch

130

-      command: [/usr/bin/uname, -p]

131

-      period: 1h0m0s

132

-

133

-# This section configures the 'proxy servie'

134

-proxy_service:

135

-    enabled: yes

136

-    # SSH forwarding/proxy address. Command line (CLI) clients always begin their

137

-    # SSH sessions by connecting to this port

138

-    listen_addr: 0.0.0.0:3023

139

-

140

-    # Reverse tunnel listening address. An auth server (CA) can establish an 

141

-    # outbound (from behind the firewall) connection to this address. 

142

-    # This will allow users of the outside CA to connect to behind-the-firewall 

143

-    # nodes.

144

-    tunnel_listen_addr: 0.0.0.0:3024

145

-

146

-    # The HTTPS listen address to serve the Web UI and also to authenticate the 

147

-    # command line (CLI) users via password+HOTP

148

-    web_listen_addr: 0.0.0.0:3080

149

-

150

-    # TLS certificate for the HTTPS connection. Configuring these properly is 

151

-    # critical for Teleport security.

152

-    https_key_file: /etc/teleport/teleport.key

153

-    https_cert_file: /etc/teleport/teleport.crt

154

155

diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml

156

index e297bb89b57..384dea937c9 100644

157

--- a/sys-cluster/teleport/files/teleport.yaml

158

+++ b/sys-cluster/teleport/files/teleport.yaml

159

@@ -1,5 +1,6 @@

160

 # By default, this file should be stored in /etc/teleport.yaml

161

-

162

+## IMPORTANT ##

163

+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters

164

 # This section of the configuration file applies to all teleport

165

 # services.

166

 teleport:

167

@@ -17,7 +18,7 @@ teleport:

168

169

     # when running in multi-homed or NATed environments Teleport nodes need 

170

     # to know which IP it will be reachable at by other nodes

171

-    # advertise_ip: 10.1.0.5

172

+    # public_addr: 10.1.0.5

173

174

     # list of auth servers in a cluster. you will have more than one auth server

175

     # if you configure teleport auth to run in HA configuration

176

@@ -43,19 +44,10 @@ teleport:

177

178

 # This section configures the 'auth service':

179

 auth_service:

180

-    # Turns 'auth' role on. Default is 'yes'

181

     enabled: yes

182

183

-    # Turns on dynamic configuration. Dynamic configuration defines the source

184

-    # for configuration information, configuration files on disk or what's

185

-    # stored in the backend. Default is false if no backend is specified,

186

-    # otherwise if backend is specified, it is assumed to be true.

187

-    dynamic_config: false

188

-

189

     # defines the types and second factors the auth server supports

190

     authentication:

191

-        # type can be local or oidc

192

-        type: local

193

         # second_factor can be off, otp, or u2f

194

         second_factor: otp

195

196

@@ -97,9 +89,7 @@ auth_service:

197

198

 # This section configures the 'node service':

199

 ssh_service:

200

-    # Turns 'ssh' role on. Default is 'yes'

201

     enabled: yes

202

-

203

     # IP and the port for SSH service to bind to. 

204

     listen_addr: 0.0.0.0:3022

205

     # See explanation of labels in "Labeling Nodes" section below

206

@@ -119,9 +109,7 @@ ssh_service:

207

208

 # This section configures the 'proxy servie'

209

 proxy_service:

210

-    # Turns 'proxy' role on. Default is 'yes'

211

     enabled: yes

212

-

213

     # SSH forwarding/proxy address. Command line (CLI) clients always begin their

214

     # SSH sessions by connecting to this port

215

     listen_addr: 0.0.0.0:3023

216

217

diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild

218

index a187d11ee22..4a7a27e42a4 100644

219

--- a/sys-cluster/teleport/teleport-2.6.7.ebuild

220

+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild

221

@@ -35,7 +35,7 @@ src_install() {

222

 	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}

223

224

 	insinto /etc/${PN}

225

-	newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml

226

+	newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml

227

228

 	newinitd "${FILESDIR}"/${PN}.init.d ${PN}

229

 	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}

1	commit: e56f33fdbeffc8937b2afa7e7a138a8d62632c65
2	Author: Graeme Lawes <graemelawes <AT> gmail <DOT> com>
3	AuthorDate: Sun Aug 5 03:42:50 2018 +0000
4	Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
5	CommitDate: Sun Aug 5 21:47:23 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e56f33fd
7
8	sys-cluster/teleport: rename configuration file.
9
10	Teleport 2.5 (removed) had different configuration options, revert back
11	to using standard teleport.yaml filename as config file source
12
13	sys-cluster/teleport/files/teleport-2.6.yaml \| 130 ---------------------------
14	sys-cluster/teleport/files/teleport.yaml \| 18 +---
15	sys-cluster/teleport/teleport-2.6.7.ebuild \| 2 +-
16	3 files changed, 4 insertions(+), 146 deletions(-)
17
18	diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml
19	deleted file mode 100644
20	index 384dea937c9..00000000000
21	--- a/sys-cluster/teleport/files/teleport-2.6.yaml
22	+++ /dev/null
23	@@ -1,130 +0,0 @@
24	-# By default, this file should be stored in /etc/teleport.yaml
25	-## IMPORTANT ##
26	-#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
27	-# This section of the configuration file applies to all teleport
28	-# services.
29	-teleport:
30	- # nodename allows to assign an alternative name this node can be reached by.
31	- # by default it's equal to hostname
32	- # nodename: graviton
33	-
34	- # Data directory where Teleport keeps its data, like keys/users for
35	- # authentication (if using the default BoltDB back-end)
36	- data_dir: /var/lib/teleport
37	-
38	- # one-time invitation token used to join a cluster. it is not used on
39	- # subsequent starts
40	- auth_token: xxxx-token-xxxx
41	-
42	- # when running in multi-homed or NATed environments Teleport nodes need
43	- # to know which IP it will be reachable at by other nodes
44	- # public_addr: 10.1.0.5
45	-
46	- # list of auth servers in a cluster. you will have more than one auth server
47	- # if you configure teleport auth to run in HA configuration
48	- auth_servers:
49	- - localhost:3025
50	-
51	- # Teleport throttles all connections to avoid abuse. These settings allow
52	- # you to adjust the default limits
53	- connection_limits:
54	- max_connections: 1000
55	- max_users: 250
56	-
57	- # Logging configuration. Possible output values are 'stdout', 'stderr' and
58	- # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
59	- log:
60	- output: stderr
61	- severity: ERROR
62	-
63	- # Type of storage used for keys. You need to configure this to use etcd
64	- # backend if you want to run Teleport in HA configuration.
65	- storage:
66	- type: bolt
67	-
68	-# This section configures the 'auth service':
69	-auth_service:
70	- enabled: yes
71	-
72	- # defines the types and second factors the auth server supports
73	- authentication:
74	- # second_factor can be off, otp, or u2f
75	- second_factor: otp
76	-
77	- # this section is only used if using u2f
78	- u2f:
79	- # app_id should point to the Web UI.
80	- app_id: https://localhost:3080
81	-
82	- # facets should list all proxy servers.
83	- facets:
84	- - https://localhost
85	- - https://localhost:3080
86	-
87	- # IP and the port to bind to. Other Teleport nodes will be connecting to
88	- # this port (AKA "Auth API" or "Cluster API") to validate client
89	- # certificates
90	- listen_addr: 0.0.0.0:3025
91	-
92	- # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
93	- # the role a new node will be allowed to assume. The more secure way to
94	- # add nodes is to use `ttl node add --ttl` command to generate auto-expiring
95	- # tokens.
96	- #
97	- # We recommend to use tools like `pwgen` to generate sufficiently random
98	- # tokens of 32+ byte length.
99	- tokens:
100	- - "proxy,node:xxxxx"
101	- - "auth:yyyy"
102	-
103	- # Optional "cluster name" is needed when configuring trust between multiple
104	- # auth servers. A cluster name is used as part of a signature in certificates
105	- # generated by this CA.
106	- #
107	- # By default an automatically generated GUID is used.
108	- #
109	- # IMPORTANT: if you change cluster_name, it will invalidate all generated
110	- # certificates and keys (may need to wipe out /var/lib/teleport directory)
111	- cluster_name: "main"
112	-
113	-# This section configures the 'node service':
114	-ssh_service:
115	- enabled: yes
116	- # IP and the port for SSH service to bind to.
117	- listen_addr: 0.0.0.0:3022
118	- # See explanation of labels in "Labeling Nodes" section below
119	- labels:
120	- role: master
121	- type: postgres
122	- # List (YAML array) of commands to periodically execute and use
123	- # their output as labels.
124	- # See explanation of how this works in "Labeling Nodes" section below
125	- commands:
126	- - name: hostname
127	- command: [/usr/bin/hostname]
128	- period: 1m0s
129	- - name: arch
130	- command: [/usr/bin/uname, -p]
131	- period: 1h0m0s
132	-
133	-# This section configures the 'proxy servie'
134	-proxy_service:
135	- enabled: yes
136	- # SSH forwarding/proxy address. Command line (CLI) clients always begin their
137	- # SSH sessions by connecting to this port
138	- listen_addr: 0.0.0.0:3023
139	-
140	- # Reverse tunnel listening address. An auth server (CA) can establish an
141	- # outbound (from behind the firewall) connection to this address.
142	- # This will allow users of the outside CA to connect to behind-the-firewall
143	- # nodes.
144	- tunnel_listen_addr: 0.0.0.0:3024
145	-
146	- # The HTTPS listen address to serve the Web UI and also to authenticate the
147	- # command line (CLI) users via password+HOTP
148	- web_listen_addr: 0.0.0.0:3080
149	-
150	- # TLS certificate for the HTTPS connection. Configuring these properly is
151	- # critical for Teleport security.
152	- https_key_file: /etc/teleport/teleport.key
153	- https_cert_file: /etc/teleport/teleport.crt
154
155	diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml
156	index e297bb89b57..384dea937c9 100644
157	--- a/sys-cluster/teleport/files/teleport.yaml
158	+++ b/sys-cluster/teleport/files/teleport.yaml
159	@@ -1,5 +1,6 @@
160	# By default, this file should be stored in /etc/teleport.yaml
161	-
162	+## IMPORTANT ##
163	+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
164	# This section of the configuration file applies to all teleport
165	# services.
166	teleport:
167	@@ -17,7 +18,7 @@ teleport:
168
169	# when running in multi-homed or NATed environments Teleport nodes need
170	# to know which IP it will be reachable at by other nodes
171	- # advertise_ip: 10.1.0.5
172	+ # public_addr: 10.1.0.5
173
174	# list of auth servers in a cluster. you will have more than one auth server
175	# if you configure teleport auth to run in HA configuration
176	@@ -43,19 +44,10 @@ teleport:
177
178	# This section configures the 'auth service':
179	auth_service:
180	- # Turns 'auth' role on. Default is 'yes'
181	enabled: yes
182
183	- # Turns on dynamic configuration. Dynamic configuration defines the source
184	- # for configuration information, configuration files on disk or what's
185	- # stored in the backend. Default is false if no backend is specified,
186	- # otherwise if backend is specified, it is assumed to be true.
187	- dynamic_config: false
188	-
189	# defines the types and second factors the auth server supports
190	authentication:
191	- # type can be local or oidc
192	- type: local
193	# second_factor can be off, otp, or u2f
194	second_factor: otp
195
196	@@ -97,9 +89,7 @@ auth_service:
197
198	# This section configures the 'node service':
199	ssh_service:
200	- # Turns 'ssh' role on. Default is 'yes'
201	enabled: yes
202	-
203	# IP and the port for SSH service to bind to.
204	listen_addr: 0.0.0.0:3022
205	# See explanation of labels in "Labeling Nodes" section below
206	@@ -119,9 +109,7 @@ ssh_service:
207
208	# This section configures the 'proxy servie'
209	proxy_service:
210	- # Turns 'proxy' role on. Default is 'yes'
211	enabled: yes
212	-
213	# SSH forwarding/proxy address. Command line (CLI) clients always begin their
214	# SSH sessions by connecting to this port
215	listen_addr: 0.0.0.0:3023
216
217	diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild
218	index a187d11ee22..4a7a27e42a4 100644
219	--- a/sys-cluster/teleport/teleport-2.6.7.ebuild
220	+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild
221	@@ -35,7 +35,7 @@ src_install() {
222	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
223
224	insinto /etc/${PN}
225	- newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml
226	+ newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml
227
228	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
229	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}

Gentoo Archives: gentoo-commits