From: "Patrice Clement" <monsieurp@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
Date: Sun, 5 Aug 2018 21:48:01 +0000 (UTC) [thread overview]
Message-ID: <1533505643.e56f33fdbeffc8937b2afa7e7a138a8d62632c65.monsieurp@gentoo> (raw)
commit: e56f33fdbeffc8937b2afa7e7a138a8d62632c65
Author: Graeme Lawes <graemelawes <AT> gmail <DOT> com>
AuthorDate: Sun Aug 5 03:42:50 2018 +0000
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Sun Aug 5 21:47:23 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e56f33fd
sys-cluster/teleport: rename configuration file.
Teleport 2.5 (removed) had different configuration options, revert back
to using standard teleport.yaml filename as config file source
sys-cluster/teleport/files/teleport-2.6.yaml | 130 ---------------------------
sys-cluster/teleport/files/teleport.yaml | 18 +---
sys-cluster/teleport/teleport-2.6.7.ebuild | 2 +-
3 files changed, 4 insertions(+), 146 deletions(-)
diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml
deleted file mode 100644
index 384dea937c9..00000000000
--- a/sys-cluster/teleport/files/teleport-2.6.yaml
+++ /dev/null
@@ -1,130 +0,0 @@
-# By default, this file should be stored in /etc/teleport.yaml
-## IMPORTANT ##
-#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
-# This section of the configuration file applies to all teleport
-# services.
-teleport:
- # nodename allows to assign an alternative name this node can be reached by.
- # by default it's equal to hostname
- # nodename: graviton
-
- # Data directory where Teleport keeps its data, like keys/users for
- # authentication (if using the default BoltDB back-end)
- data_dir: /var/lib/teleport
-
- # one-time invitation token used to join a cluster. it is not used on
- # subsequent starts
- auth_token: xxxx-token-xxxx
-
- # when running in multi-homed or NATed environments Teleport nodes need
- # to know which IP it will be reachable at by other nodes
- # public_addr: 10.1.0.5
-
- # list of auth servers in a cluster. you will have more than one auth server
- # if you configure teleport auth to run in HA configuration
- auth_servers:
- - localhost:3025
-
- # Teleport throttles all connections to avoid abuse. These settings allow
- # you to adjust the default limits
- connection_limits:
- max_connections: 1000
- max_users: 250
-
- # Logging configuration. Possible output values are 'stdout', 'stderr' and
- # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
- log:
- output: stderr
- severity: ERROR
-
- # Type of storage used for keys. You need to configure this to use etcd
- # backend if you want to run Teleport in HA configuration.
- storage:
- type: bolt
-
-# This section configures the 'auth service':
-auth_service:
- enabled: yes
-
- # defines the types and second factors the auth server supports
- authentication:
- # second_factor can be off, otp, or u2f
- second_factor: otp
-
- # this section is only used if using u2f
- u2f:
- # app_id should point to the Web UI.
- app_id: https://localhost:3080
-
- # facets should list all proxy servers.
- facets:
- - https://localhost
- - https://localhost:3080
-
- # IP and the port to bind to. Other Teleport nodes will be connecting to
- # this port (AKA "Auth API" or "Cluster API") to validate client
- # certificates
- listen_addr: 0.0.0.0:3025
-
- # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
- # the role a new node will be allowed to assume. The more secure way to
- # add nodes is to use `ttl node add --ttl` command to generate auto-expiring
- # tokens.
- #
- # We recommend to use tools like `pwgen` to generate sufficiently random
- # tokens of 32+ byte length.
- tokens:
- - "proxy,node:xxxxx"
- - "auth:yyyy"
-
- # Optional "cluster name" is needed when configuring trust between multiple
- # auth servers. A cluster name is used as part of a signature in certificates
- # generated by this CA.
- #
- # By default an automatically generated GUID is used.
- #
- # IMPORTANT: if you change cluster_name, it will invalidate all generated
- # certificates and keys (may need to wipe out /var/lib/teleport directory)
- cluster_name: "main"
-
-# This section configures the 'node service':
-ssh_service:
- enabled: yes
- # IP and the port for SSH service to bind to.
- listen_addr: 0.0.0.0:3022
- # See explanation of labels in "Labeling Nodes" section below
- labels:
- role: master
- type: postgres
- # List (YAML array) of commands to periodically execute and use
- # their output as labels.
- # See explanation of how this works in "Labeling Nodes" section below
- commands:
- - name: hostname
- command: [/usr/bin/hostname]
- period: 1m0s
- - name: arch
- command: [/usr/bin/uname, -p]
- period: 1h0m0s
-
-# This section configures the 'proxy servie'
-proxy_service:
- enabled: yes
- # SSH forwarding/proxy address. Command line (CLI) clients always begin their
- # SSH sessions by connecting to this port
- listen_addr: 0.0.0.0:3023
-
- # Reverse tunnel listening address. An auth server (CA) can establish an
- # outbound (from behind the firewall) connection to this address.
- # This will allow users of the outside CA to connect to behind-the-firewall
- # nodes.
- tunnel_listen_addr: 0.0.0.0:3024
-
- # The HTTPS listen address to serve the Web UI and also to authenticate the
- # command line (CLI) users via password+HOTP
- web_listen_addr: 0.0.0.0:3080
-
- # TLS certificate for the HTTPS connection. Configuring these properly is
- # critical for Teleport security.
- https_key_file: /etc/teleport/teleport.key
- https_cert_file: /etc/teleport/teleport.crt
diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml
index e297bb89b57..384dea937c9 100644
--- a/sys-cluster/teleport/files/teleport.yaml
+++ b/sys-cluster/teleport/files/teleport.yaml
@@ -1,5 +1,6 @@
# By default, this file should be stored in /etc/teleport.yaml
-
+## IMPORTANT ##
+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
# This section of the configuration file applies to all teleport
# services.
teleport:
@@ -17,7 +18,7 @@ teleport:
# when running in multi-homed or NATed environments Teleport nodes need
# to know which IP it will be reachable at by other nodes
- # advertise_ip: 10.1.0.5
+ # public_addr: 10.1.0.5
# list of auth servers in a cluster. you will have more than one auth server
# if you configure teleport auth to run in HA configuration
@@ -43,19 +44,10 @@ teleport:
# This section configures the 'auth service':
auth_service:
- # Turns 'auth' role on. Default is 'yes'
enabled: yes
- # Turns on dynamic configuration. Dynamic configuration defines the source
- # for configuration information, configuration files on disk or what's
- # stored in the backend. Default is false if no backend is specified,
- # otherwise if backend is specified, it is assumed to be true.
- dynamic_config: false
-
# defines the types and second factors the auth server supports
authentication:
- # type can be local or oidc
- type: local
# second_factor can be off, otp, or u2f
second_factor: otp
@@ -97,9 +89,7 @@ auth_service:
# This section configures the 'node service':
ssh_service:
- # Turns 'ssh' role on. Default is 'yes'
enabled: yes
-
# IP and the port for SSH service to bind to.
listen_addr: 0.0.0.0:3022
# See explanation of labels in "Labeling Nodes" section below
@@ -119,9 +109,7 @@ ssh_service:
# This section configures the 'proxy servie'
proxy_service:
- # Turns 'proxy' role on. Default is 'yes'
enabled: yes
-
# SSH forwarding/proxy address. Command line (CLI) clients always begin their
# SSH sessions by connecting to this port
listen_addr: 0.0.0.0:3023
diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild
index a187d11ee22..4a7a27e42a4 100644
--- a/sys-cluster/teleport/teleport-2.6.7.ebuild
+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild
@@ -35,7 +35,7 @@ src_install() {
dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
insinto /etc/${PN}
- newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml
+ newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml
newinitd "${FILESDIR}"/${PN}.init.d ${PN}
newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
next reply other threads:[~2018-08-05 21:48 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-05 21:48 Patrice Clement [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-06-20 6:32 [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/ Michał Górny
2019-06-20 6:32 Michał Górny
2018-10-11 18:53 Michał Górny
2018-07-26 20:39 Michał Górny
2018-07-26 20:39 Michał Górny
2018-03-18 8:33 Michał Górny
2017-06-14 7:48 Michał Górny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1533505643.e56f33fdbeffc8937b2afa7e7a138a8d62632c65.monsieurp@gentoo \
--to=monsieurp@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox