public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
@ 2018-10-11 18:53 Michał Górny
  0 siblings, 0 replies; 8+ messages in thread
From: Michał Górny @ 2018-10-11 18:53 UTC (permalink / raw
  To: gentoo-commits

commit:     f14bb737f623213056a24a913a1e98353597c91d
Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>
AuthorDate: Thu Oct  4 14:57:45 2018 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Oct 11 18:52:59 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f14bb737

sys-cluster/teleport: add v3.0.0

Signed-off-by: Graeme Lawes <graemelawes <AT> gmail.com>
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/10060

 sys-cluster/teleport/Manifest              |   1 +
 sys-cluster/teleport/files/teleport.yaml   | 240 +++++++++++++++++++++++++++++
 sys-cluster/teleport/teleport-3.0.0.ebuild |  49 ++++++
 3 files changed, 290 insertions(+)

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
index 4297926a089..648071ea426 100644
--- a/sys-cluster/teleport/Manifest
+++ b/sys-cluster/teleport/Manifest
@@ -1,2 +1,3 @@
 DIST teleport-2.6.7.tar.gz 16655508 BLAKE2B a020ab999b7503cb7aec54ed81532baf9d08b98000f2c659f63859d89f7f2b5fb311c41d6fcafb7d9bf72ea1c97eecfc6ac621b7c90d74f5afe2717edb8b0402 SHA512 45002dcf7b99108ca6fffae94d6608188eb9b0bea05cd14068618bfb11c496cad5546e261f349fee70f2acb574e7fc44093683dd991001e01406da6982c5c4c3
 DIST teleport-2.7.1.tar.gz 18222601 BLAKE2B 86852a1c7f0b083d8fc46bb2e51e287f0d54ca8bd1a6306e21ad325b6f1487682f853eb313a1f6f6fc4dc4d25d93e909ed65dad6d00eb37f878904d6df30f98c SHA512 703056eb99aa91062c8d9cfa7852e3573c8968ce9dea0ff5b076d5225caf8d67b965948a47785cdc7e4341993ef3ed005677859d37653f7d22c05cb2db51efd7
+DIST teleport-3.0.0.tar.gz 22365657 BLAKE2B a9cfec07ec73970b1050c51819ef4820be95fcd94dce0ffbb62deca38af28a944929c83a9ed2b443a93eb21f55d0cac024b66acf81c5d6939ba8e6b6ba40438a SHA512 8cba0b7471bebe9cdac07b44f17c99b7b323061f310ef0e61a3ebe1c4ea2ca2b1c853177528c4725a83366406e8b1a5aba23ecdd5fba7290bd6cab74ada3340d

diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml
new file mode 100644
index 00000000000..0ab548c1a46
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.yaml
@@ -0,0 +1,240 @@
+# By default, this file should be stored in /etc/teleport.yaml
+
+# This section of the configuration file applies to all teleport
+# services.
+teleport:
+    # nodename allows to assign an alternative name this node can be reached by.
+    # by default it's equal to hostname
+    # nodename: graviton
+
+    # Data directory where Teleport daemon keeps its data. 
+    # See "Filesystem Layout" section above for more details.
+    data_dir: /var/lib/teleport
+
+    # Invitation token used to join a cluster. it is not used on
+    # subsequent starts
+    # auth_token: xxxx-token-xxxx
+
+    # When running in multi-homed or NATed environments Teleport nodes need
+    # to know which IP it will be reachable at by other nodes
+    # 
+    # This value can be specified as FQDN e.g. host.example.com
+    # advertise_ip: 10.1.0.5
+
+    # list of auth servers in a cluster. you will have more than one auth server
+    # if you configure teleport auth to run in HA configuration
+    auth_servers:
+        - localhost:3025
+
+    # Teleport throttles all connections to avoid abuse. These settings allow
+    # you to adjust the default limits
+    connection_limits:
+        max_connections: 1000
+        max_users: 250
+
+    # Logging configuration. Possible output values are 'stdout', 'stderr' and
+    # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
+    log:
+        output: stderr
+        severity: ERROR
+
+    # Type of storage used for keys. You need to configure this to use etcd or 
+    # a DynamoDB backend if you want to run Teleport in HA configuration.
+    storage:
+        # By default teleport uses the `data_dir` directory on a local filesystem
+        type: dir
+
+        # Array of locations where the audit log events will be stored. by
+        # default they are stored in `/var/lib/teleport/log`
+        # audit_events_uri: [file:///var/lib/teleport/log, dynamo://events_table_name]
+
+        # Use this setting to configure teleport to store the recorded sessions in
+        # an AWS S3 bucket. see "Using Amazon S3" chapter for more information.
+        # audit_sessions_uri: s3://name-of-s3-bucket
+
+    # Cipher algorithms that the server supports. This section only needs to be
+    # set if you want to override the defaults.
+    ciphers:
+      - aes128-ctr
+      - aes192-ctr
+      - aes256-ctr
+      - aes128-gcm@openssh.com
+
+    # Key exchange algorithms that the server supports. This section only needs
+    # to be set if you want to override the defaults.
+    kex_algos:
+      - curve25519-sha256@libssh.org
+      - ecdh-sha2-nistp256
+      - ecdh-sha2-nistp384
+      - ecdh-sha2-nistp521
+      - diffie-hellman-group14-sha1
+      - diffie-hellman-group1-sha1
+
+    # Message authentication code (MAC) algorithms that the server supports.
+    # This section only needs to be set if you want to override the defaults.
+    mac_algos:
+      - hmac-sha2-256-etm@openssh.com
+      - hmac-sha2-256
+      - hmac-sha1
+      - hmac-sha1-96
+
+    # List of the supported ciphersuites. If this section is not specified, 
+    # only the default ciphersuites are enabled.
+    ciphersuites:
+       - tls-rsa-with-aes-128-cbc-sha # default
+       - tls-rsa-with-aes-256-cbc-sha # default
+       - tls-rsa-with-aes-128-cbc-sha256
+       - tls-rsa-with-aes-128-gcm-sha256
+       - tls-rsa-with-aes-256-gcm-sha384
+       - tls-ecdhe-ecdsa-with-aes-128-cbc-sha
+       - tls-ecdhe-ecdsa-with-aes-256-cbc-sha
+       - tls-ecdhe-rsa-with-aes-128-cbc-sha
+       - tls-ecdhe-rsa-with-aes-256-cbc-sha
+       - tls-ecdhe-ecdsa-with-aes-128-cbc-sha256
+       - tls-ecdhe-rsa-with-aes-128-cbc-sha256
+       - tls-ecdhe-rsa-with-aes-128-gcm-sha256
+       - tls-ecdhe-ecdsa-with-aes-128-gcm-sha256
+       - tls-ecdhe-rsa-with-aes-256-gcm-sha384
+       - tls-ecdhe-ecdsa-with-aes-256-gcm-sha384
+       - tls-ecdhe-rsa-with-chacha20-poly1305
+       - tls-ecdhe-ecdsa-with-chacha20-poly1305
+
+
+# This section configures the 'auth service':
+auth_service:
+    # Turns 'auth' role on. Default is 'yes'
+    enabled: yes
+
+    # A cluster name is used as part of a signature in certificates
+    # generated by this CA. 
+    #
+    # We strongly recommend to explicitly set it to something meaningful as it 
+    # becomes important when configuring trust between multiple clusters. 
+    #
+    # By default an automatically generated name is used (not recommended)
+    #
+    # IMPORTANT: if you change cluster_name, it will invalidate all generated
+    # certificates and keys (may need to wipe out /var/lib/teleport directory)
+    cluster_name: "main"
+
+    authentication:
+        # default authentication type. possible values are 'local', 'oidc' and 'saml'
+        # only local authentication (Teleport's own user DB) is supported in the open
+        # source version
+        type: local
+        # second_factor can be off, otp, or u2f
+        second_factor: otp
+        # this section is used if second_factor is set to 'u2f'
+        u2f:
+            # app_id must point to the URL of the Teleport Web UI (proxy) accessible
+            # by the end users
+            app_id: https://localhost:3080
+            # facets must list all proxy servers if there are more than one deployed
+            facets:
+            - https://localhost:3080
+
+    # IP and the port to bind to. Other Teleport nodes will be connecting to
+    # this port (AKA "Auth API" or "Cluster API") to validate client
+    # certificates
+    listen_addr: 0.0.0.0:3025
+
+    # The optional DNS name the auth server if locataed behind a load balancer.
+    # (see public_addr section below)
+    # public_addr: auth.example.com:3025
+
+    # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
+    # the role a new node will be allowed to assume. The more secure way to
+    # add nodes is to use `ttl node add --ttl` command to generate auto-expiring
+    # tokens.
+    #
+    # We recommend to use tools like `pwgen` to generate sufficiently random
+    # tokens of 32+ byte length.
+    # tokens:
+    #     - "proxy,node:xxxxx"
+    #     - "auth:yyyy"
+
+    # Optional setting for configuring session recording. Possible values are:
+    #    "node"  : sessions will be recorded on the node level  (the default)
+    #    "proxy" : recording on the proxy level, see "recording proxy mode" section.
+    #    "off"   : session recording is turned off
+    session_recording: "node"
+
+    # This setting determines if a Teleport proxy performs strict host key checks.
+    # Only applicable if session_recording=proxy, see "recording proxy mode" for details.
+    proxy_checks_host_keys: yes
+
+    # Determines if SSH sessions to cluster nodes are forcefully terminated 
+    # after no activity from a client (idle client).
+    # Examples: "30m", "1h" or "1h30m"
+    client_idle_timeout: never
+
+    # Determines if the clients will be forcefully disconnected when their
+    # certificates expire in the middle of an active SSH session. (default is 'no')
+    disconnect_expired_cert: no
+
+    # If the auth service is deployed outside Kubernetes, but Kubernetes integration
+    # is required, you have to specify a valid kubeconfig credentials:
+    # kubeconfig_file: /path/to/kubeconfig
+
+# This section configures the 'node service':
+ssh_service:
+    # Turns 'ssh' role on. Default is 'yes'
+    enabled: yes
+
+    # IP and the port for SSH service to bind to.
+    listen_addr: 0.0.0.0:3022
+
+    # The optional public address the SSH service. This is useful if administrators
+    # want to allow users to connect to nodes directly, bypassing a Teleport proxy
+    # (see public_addr section below)
+    # public_addr: node.example.com:3022
+
+    # See explanation of labels in "Labeling Nodes" section below
+    labels:
+        role: master
+
+    # List of the commands to periodically execute. Their output will be used as node labels.
+    # See "Labeling Nodes" section below for more information.
+    commands:
+    - name: arch             # this command will add a label like 'arch=x86_64' to a node
+      command: [uname, -p]
+      period: 1h0m0s
+
+    # enables reading ~/.tsh/environment before creating a session. by default
+    # set to false, can be set true here or as a command line flag.
+    permit_user_env: false
+
+    # configures PAM integration. see below for more details.
+    pam:
+        enabled: no
+        service_name: teleport
+
+# This section configures the 'proxy servie'
+proxy_service:
+    # Turns 'proxy' role on. Default is 'yes'
+    enabled: yes
+
+    # SSH forwarding/proxy address. Command line (CLI) clients always begin their
+    # SSH sessions by connecting to this port
+    listen_addr: 0.0.0.0:3023
+
+    # Reverse tunnel listening address. An auth server (CA) can establish an
+    # outbound (from behind the firewall) connection to this address.
+    # This will allow users of the outside CA to connect to behind-the-firewall
+    # nodes.
+    tunnel_listen_addr: 0.0.0.0:3024
+
+    # The HTTPS listen address to serve the Web UI and also to authenticate the
+    # command line (CLI) users via password+HOTP
+    web_listen_addr: 0.0.0.0:3080
+
+    # The DNS name the proxy server is accessible by cluster users. Defaults to 
+    # the proxy's hostname if not specified. If running multiple proxies behind 
+    # a load balancer, this name must point to the load balancer
+    # (see public_addr section below)
+    # public_addr: proxy.example.com:3080
+
+    # TLS certificate for the HTTPS connection. Configuring these properly is
+    # critical for Teleport security.
+    https_key_file: /var/lib/teleport/webproxy_key.pem
+    https_cert_file: /var/lib/teleport/webproxy_cert.pem

diff --git a/sys-cluster/teleport/teleport-3.0.0.ebuild b/sys-cluster/teleport/teleport-3.0.0.ebuild
new file mode 100644
index 00000000000..4a7a27e42a4
--- /dev/null
+++ b/sys-cluster/teleport/teleport-3.0.0.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit golang-build systemd
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+IUSE="pam"
+LICENSE="Apache-2.0"
+RESTRICT="test strip"
+SLOT="0"
+
+DEPEND="app-arch/zip"
+RDEPEND="pam? ( sys-libs/pam )"
+
+src_compile() {
+	BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
+}
+
+src_install() {
+	keepdir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
@ 2019-06-20  6:32 Michał Górny
  0 siblings, 0 replies; 8+ messages in thread
From: Michał Górny @ 2019-06-20  6:32 UTC (permalink / raw
  To: gentoo-commits

commit:     a98d5007f46b36d5069c9f8541267c1ead647840
Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>
AuthorDate: Wed Jun 19 23:07:17 2019 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Jun 20 06:30:45 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a98d5007

sys-cluster/teleport: add v4.0.0

Update files/teleport.yaml for v3.2.*/v4.0.0 features, as v3.1.* and
below have been removed

Signed-off-by: Graeme Lawes <graemelawes <AT> gmail.com>
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 sys-cluster/teleport/Manifest              |   1 +
 sys-cluster/teleport/files/teleport.yaml   | 123 ++++++++++++++++-------------
 sys-cluster/teleport/teleport-4.0.0.ebuild |  49 ++++++++++++
 3 files changed, 117 insertions(+), 56 deletions(-)

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
index f444c13ff08..c2553415a1e 100644
--- a/sys-cluster/teleport/Manifest
+++ b/sys-cluster/teleport/Manifest
@@ -2,3 +2,4 @@ DIST teleport-2.7.9.tar.gz 18221805 BLAKE2B c634f97008310c4cabf4020bc8a600de7eb9
 DIST teleport-3.1.8.tar.gz 22605752 BLAKE2B 2ddebb0b0c8c42d36d113e409ce04f194e5ed77a7d88dd3e0a5982e303b8db8e013b156693c5fcd038d9d81f2907d17fdb65f82b34bdc84379bb0c46498e53a5 SHA512 de834309f96c327b54470deec043a498da969c5f3a872777a44143fceb070bd1c9ee837f218f46dc5b82ee1b40fb869a422b8cf9c22d26618f07a069de165f6e
 DIST teleport-3.2.0.tar.gz 22613098 BLAKE2B 0ff9675a071f5fb660ad4a7b0e085b9bec01c3d0967bdd206ce29a51addae545c4b2621854cbffdc0f76d0cbc6e5ec8f39e082b80b26ba13d352b1add199c965 SHA512 a3fdb520a62361f78632ac1680f86f183a533e47696791586b3c5ff7d505eb167a881c438c6a3dd72395140c521c065c8d8e4b93b5b8c9cbf134688dd8c1f8da
 DIST teleport-3.2.6.tar.gz 22620079 BLAKE2B 07b4bcb5b53a511c25f0556fad33b461307b524554e993097f634b1751d7fd3c664de0478427efa18dc20e597fb73f3c5bd09ba961754456245e1306372ed0ee SHA512 20be34820f9b9f29c492f8dabe8914012b66ebfb9db51f3dff0e19b8a1f7b85b948cc1036861d03ca6de9e6f30ba0b43caf4760bc95c74e45a38f0cad080820c
+DIST teleport-4.0.0.tar.gz 34913323 BLAKE2B 2890d18fed82d9a2da18be6ce9c981ddc1a4ac374862d853f09001c88ed3f9092b9a006c98f6d489dcaae8a702827f98ee12e870708d6746f429f9457debbb33 SHA512 b59ee7e99808475d50e84feff160e2a3c71f04d67dc7d8caa9476251c3e1f51d057de7384f4750b60c121db630c49a8315f9903d8f7ae3e04469f4532ca7078c

diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml
index 0ab548c1a46..c6b012590f2 100644
--- a/sys-cluster/teleport/files/teleport.yaml
+++ b/sys-cluster/teleport/files/teleport.yaml
@@ -7,7 +7,7 @@ teleport:
     # by default it's equal to hostname
     # nodename: graviton
 
-    # Data directory where Teleport daemon keeps its data. 
+    # Data directory where Teleport daemon keeps its data.
     # See "Filesystem Layout" section above for more details.
     data_dir: /var/lib/teleport
 
@@ -17,7 +17,7 @@ teleport:
 
     # When running in multi-homed or NATed environments Teleport nodes need
     # to know which IP it will be reachable at by other nodes
-    # 
+    #
     # This value can be specified as FQDN e.g. host.example.com
     # advertise_ip: 10.1.0.5
 
@@ -38,8 +38,10 @@ teleport:
         output: stderr
         severity: ERROR
 
-    # Type of storage used for keys. You need to configure this to use etcd or 
-    # a DynamoDB backend if you want to run Teleport in HA configuration.
+    # Configuration for the storage back-end used for the cluster state and the
+    # audit log. Several back-end types are supported. See "High Availability"
+    # section of this Admin Manual below to learn how to configure DynamoDB, 
+    # S3, etcd and other highly available back-ends.
     storage:
         # By default teleport uses the `data_dir` directory on a local filesystem
         type: dir
@@ -54,50 +56,38 @@ teleport:
 
     # Cipher algorithms that the server supports. This section only needs to be
     # set if you want to override the defaults.
-    ciphers:
-      - aes128-ctr
-      - aes192-ctr
-      - aes256-ctr
-      - aes128-gcm@openssh.com
+    # ciphers:
+    #   - aes128-ctr
+    #   - aes192-ctr
+    #   - aes256-ctr
+    #   - aes128-gcm@openssh.com
+    #   - chacha20-poly1305@openssh.com
 
     # Key exchange algorithms that the server supports. This section only needs
     # to be set if you want to override the defaults.
-    kex_algos:
-      - curve25519-sha256@libssh.org
-      - ecdh-sha2-nistp256
-      - ecdh-sha2-nistp384
-      - ecdh-sha2-nistp521
-      - diffie-hellman-group14-sha1
-      - diffie-hellman-group1-sha1
+    # kex_algos:
+    #   - curve25519-sha256@libssh.org
+    #   - ecdh-sha2-nistp256
+    #   - ecdh-sha2-nistp384
+    #   - ecdh-sha2-nistp521
 
     # Message authentication code (MAC) algorithms that the server supports.
     # This section only needs to be set if you want to override the defaults.
-    mac_algos:
-      - hmac-sha2-256-etm@openssh.com
-      - hmac-sha2-256
-      - hmac-sha1
-      - hmac-sha1-96
+    # mac_algos:
+    #   - hmac-sha2-256-etm@openssh.com
+    #   - hmac-sha2-256
 
-    # List of the supported ciphersuites. If this section is not specified, 
+    # List of the supported ciphersuites. If this section is not specified,
     # only the default ciphersuites are enabled.
-    ciphersuites:
-       - tls-rsa-with-aes-128-cbc-sha # default
-       - tls-rsa-with-aes-256-cbc-sha # default
-       - tls-rsa-with-aes-128-cbc-sha256
-       - tls-rsa-with-aes-128-gcm-sha256
-       - tls-rsa-with-aes-256-gcm-sha384
-       - tls-ecdhe-ecdsa-with-aes-128-cbc-sha
-       - tls-ecdhe-ecdsa-with-aes-256-cbc-sha
-       - tls-ecdhe-rsa-with-aes-128-cbc-sha
-       - tls-ecdhe-rsa-with-aes-256-cbc-sha
-       - tls-ecdhe-ecdsa-with-aes-128-cbc-sha256
-       - tls-ecdhe-rsa-with-aes-128-cbc-sha256
-       - tls-ecdhe-rsa-with-aes-128-gcm-sha256
-       - tls-ecdhe-ecdsa-with-aes-128-gcm-sha256
-       - tls-ecdhe-rsa-with-aes-256-gcm-sha384
-       - tls-ecdhe-ecdsa-with-aes-256-gcm-sha384
-       - tls-ecdhe-rsa-with-chacha20-poly1305
-       - tls-ecdhe-ecdsa-with-chacha20-poly1305
+    # ciphersuites:
+    #    - tls-rsa-with-aes-128-gcm-sha256
+    #    - tls-rsa-with-aes-256-gcm-sha384
+    #    - tls-ecdhe-rsa-with-aes-128-gcm-sha256
+    #    - tls-ecdhe-ecdsa-with-aes-128-gcm-sha256
+    #    - tls-ecdhe-rsa-with-aes-256-gcm-sha384
+    #    - tls-ecdhe-ecdsa-with-aes-256-gcm-sha384
+    #    - tls-ecdhe-rsa-with-chacha20-poly1305
+    #    - tls-ecdhe-ecdsa-with-chacha20-poly1305
 
 
 # This section configures the 'auth service':
@@ -106,10 +96,10 @@ auth_service:
     enabled: yes
 
     # A cluster name is used as part of a signature in certificates
-    # generated by this CA. 
+    # generated by this CA.
     #
-    # We strongly recommend to explicitly set it to something meaningful as it 
-    # becomes important when configuring trust between multiple clusters. 
+    # We strongly recommend to explicitly set it to something meaningful as it
+    # becomes important when configuring trust between multiple clusters.
     #
     # By default an automatically generated name is used (not recommended)
     #
@@ -138,7 +128,7 @@ auth_service:
     # certificates
     listen_addr: 0.0.0.0:3025
 
-    # The optional DNS name the auth server if locataed behind a load balancer.
+    # The optional DNS name the auth server if located behind a load balancer.
     # (see public_addr section below)
     # public_addr: auth.example.com:3025
 
@@ -163,7 +153,7 @@ auth_service:
     # Only applicable if session_recording=proxy, see "recording proxy mode" for details.
     proxy_checks_host_keys: yes
 
-    # Determines if SSH sessions to cluster nodes are forcefully terminated 
+    # Determines if SSH sessions to cluster nodes are forcefully terminated
     # after no activity from a client (idle client).
     # Examples: "30m", "1h" or "1h30m"
     client_idle_timeout: never
@@ -172,10 +162,6 @@ auth_service:
     # certificates expire in the middle of an active SSH session. (default is 'no')
     disconnect_expired_cert: no
 
-    # If the auth service is deployed outside Kubernetes, but Kubernetes integration
-    # is required, you have to specify a valid kubeconfig credentials:
-    # kubeconfig_file: /path/to/kubeconfig
-
 # This section configures the 'node service':
 ssh_service:
     # Turns 'ssh' role on. Default is 'yes'
@@ -194,10 +180,11 @@ ssh_service:
         role: master
 
     # List of the commands to periodically execute. Their output will be used as node labels.
-    # See "Labeling Nodes" section below for more information.
+    # See "Labeling Nodes" section below for more information and more examples.
     commands:
-    - name: arch             # this command will add a label like 'arch=x86_64' to a node
-      command: [uname, -p]
+    # this command will add a label 'arch=x86_64' to a node
+    - name: arch
+      command: ['/bin/uname', '-p']
       period: 1h0m0s
 
     # enables reading ~/.tsh/environment before creating a session. by default
@@ -209,7 +196,7 @@ ssh_service:
         enabled: no
         service_name: teleport
 
-# This section configures the 'proxy servie'
+# This section configures the 'proxy service'
 proxy_service:
     # Turns 'proxy' role on. Default is 'yes'
     enabled: yes
@@ -228,13 +215,37 @@ proxy_service:
     # command line (CLI) users via password+HOTP
     web_listen_addr: 0.0.0.0:3080
 
-    # The DNS name the proxy server is accessible by cluster users. Defaults to 
-    # the proxy's hostname if not specified. If running multiple proxies behind 
-    # a load balancer, this name must point to the load balancer
+    # The DNS name the proxy HTTPS endpoint as accessible by cluster users.
+    # Defaults to the proxy's hostname if not specified. If running multiple
+    # proxies behind a load balancer, this name must point to the load balancer
     # (see public_addr section below)
     # public_addr: proxy.example.com:3080
+    
+    # The DNS name of the proxy SSH endpoint as accessible by cluster clients.
+    # Defaults to the proxy's hostname if not specified. If running multiple proxies 
+    # behind a load balancer, this name must point to the load balancer. 
+    # Use a TCP load balancer because this port uses SSH protocol.
+    # ssh_public_addr: proxy.example.com:3023
 
     # TLS certificate for the HTTPS connection. Configuring these properly is
     # critical for Teleport security.
     https_key_file: /var/lib/teleport/webproxy_key.pem
     https_cert_file: /var/lib/teleport/webproxy_cert.pem
+
+    # This section configures the Kubernetes proxy service
+    kubernetes:
+        # Turns 'kubernetes' proxy on. Default is 'no'
+        enabled: no
+
+        # Kubernetes proxy listen address.
+        listen_addr: 0.0.0.0:3026
+
+        # The DNS name of the Kubernetes proxy server that is accessible by cluster clients.
+        # If running multiple proxies behind  a load balancer, this name must point to the 
+        # load balancer.
+        # public_addr: ['kube.example.com:3026']
+
+        # This setting is not required if the Teleport proxy service is 
+        # deployed inside a Kubernetes cluster. Otherwise, Teleport proxy 
+        # will use the credentials from this file:
+        # kubeconfig_file: /path/to/kube/config

diff --git a/sys-cluster/teleport/teleport-4.0.0.ebuild b/sys-cluster/teleport/teleport-4.0.0.ebuild
new file mode 100644
index 00000000000..546c0f2921f
--- /dev/null
+++ b/sys-cluster/teleport/teleport-4.0.0.ebuild
@@ -0,0 +1,49 @@
+# Copyright 2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit golang-build systemd
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+IUSE="pam"
+LICENSE="Apache-2.0"
+RESTRICT="test strip"
+SLOT="0"
+
+DEPEND="app-arch/zip"
+RDEPEND="pam? ( sys-libs/pam )"
+
+src_compile() {
+	BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
+}
+
+src_install() {
+	keepdir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
@ 2019-06-20  6:32 Michał Górny
  0 siblings, 0 replies; 8+ messages in thread
From: Michał Górny @ 2019-06-20  6:32 UTC (permalink / raw
  To: gentoo-commits

commit:     354720eb9ddc98735768a5dce16f6e21e3e441c9
Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>
AuthorDate: Wed Jun 19 23:07:39 2019 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Jun 20 06:30:46 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=354720eb

sys-cluster/teleport: remove v2.7.9

Signed-off-by: Graeme Lawes <graemelawes <AT> gmail.com>
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 sys-cluster/teleport/Manifest              |   1 -
 sys-cluster/teleport/files/teleport-2.yaml | 130 -----------------------------
 sys-cluster/teleport/teleport-2.7.9.ebuild |  49 -----------
 3 files changed, 180 deletions(-)

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
index c2553415a1e..f1cca18f68b 100644
--- a/sys-cluster/teleport/Manifest
+++ b/sys-cluster/teleport/Manifest
@@ -1,4 +1,3 @@
-DIST teleport-2.7.9.tar.gz 18221805 BLAKE2B c634f97008310c4cabf4020bc8a600de7eb92406e22082aee24b030a5cd8d6bff44b0e0e3ddf405013315064d3342544d0e6f43e120047991e7889e4b1a74f9c SHA512 b609f94f9432c8b205a4cda625c68318343a3472218cd883f003a30587a00963163258c53c25f3fe36a951fc0bd40fdf141fe955b6d36d49435cfd4eff106b59
 DIST teleport-3.1.8.tar.gz 22605752 BLAKE2B 2ddebb0b0c8c42d36d113e409ce04f194e5ed77a7d88dd3e0a5982e303b8db8e013b156693c5fcd038d9d81f2907d17fdb65f82b34bdc84379bb0c46498e53a5 SHA512 de834309f96c327b54470deec043a498da969c5f3a872777a44143fceb070bd1c9ee837f218f46dc5b82ee1b40fb869a422b8cf9c22d26618f07a069de165f6e
 DIST teleport-3.2.0.tar.gz 22613098 BLAKE2B 0ff9675a071f5fb660ad4a7b0e085b9bec01c3d0967bdd206ce29a51addae545c4b2621854cbffdc0f76d0cbc6e5ec8f39e082b80b26ba13d352b1add199c965 SHA512 a3fdb520a62361f78632ac1680f86f183a533e47696791586b3c5ff7d505eb167a881c438c6a3dd72395140c521c065c8d8e4b93b5b8c9cbf134688dd8c1f8da
 DIST teleport-3.2.6.tar.gz 22620079 BLAKE2B 07b4bcb5b53a511c25f0556fad33b461307b524554e993097f634b1751d7fd3c664de0478427efa18dc20e597fb73f3c5bd09ba961754456245e1306372ed0ee SHA512 20be34820f9b9f29c492f8dabe8914012b66ebfb9db51f3dff0e19b8a1f7b85b948cc1036861d03ca6de9e6f30ba0b43caf4760bc95c74e45a38f0cad080820c

diff --git a/sys-cluster/teleport/files/teleport-2.yaml b/sys-cluster/teleport/files/teleport-2.yaml
deleted file mode 100644
index 384dea937c9..00000000000
--- a/sys-cluster/teleport/files/teleport-2.yaml
+++ /dev/null
@@ -1,130 +0,0 @@
-# By default, this file should be stored in /etc/teleport.yaml
-## IMPORTANT ##
-#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
-# This section of the configuration file applies to all teleport
-# services.
-teleport:
-    # nodename allows to assign an alternative name this node can be reached by.
-    # by default it's equal to hostname
-    # nodename: graviton
-
-    # Data directory where Teleport keeps its data, like keys/users for 
-    # authentication (if using the default BoltDB back-end)
-    data_dir: /var/lib/teleport
-
-    # one-time invitation token used to join a cluster. it is not used on 
-    # subsequent starts
-    auth_token: xxxx-token-xxxx
-
-    # when running in multi-homed or NATed environments Teleport nodes need 
-    # to know which IP it will be reachable at by other nodes
-    # public_addr: 10.1.0.5
-
-    # list of auth servers in a cluster. you will have more than one auth server
-    # if you configure teleport auth to run in HA configuration
-    auth_servers: 
-        - localhost:3025
-
-    # Teleport throttles all connections to avoid abuse. These settings allow
-    # you to adjust the default limits
-    connection_limits:
-        max_connections: 1000
-        max_users: 250
-
-    # Logging configuration. Possible output values are 'stdout', 'stderr' and 
-    # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
-    log:
-        output: stderr
-        severity: ERROR
-
-    # Type of storage used for keys. You need to configure this to use etcd
-    # backend if you want to run Teleport in HA configuration.
-    storage:
-        type: bolt
-
-# This section configures the 'auth service':
-auth_service:
-    enabled: yes
-
-    # defines the types and second factors the auth server supports
-    authentication:
-        # second_factor can be off, otp, or u2f
-        second_factor: otp
-
-        # this section is only used if using u2f
-        u2f:
-            # app_id should point to the Web UI.
-            app_id: https://localhost:3080
-
-            # facets should list all proxy servers.
-            facets:
-            - https://localhost
-            - https://localhost:3080
-
-    # IP and the port to bind to. Other Teleport nodes will be connecting to
-    # this port (AKA "Auth API" or "Cluster API") to validate client 
-    # certificates 
-    listen_addr: 0.0.0.0:3025
-
-    # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
-    # the role a new node will be allowed to assume. The more secure way to 
-    # add nodes is to use `ttl node add --ttl` command to generate auto-expiring 
-    # tokens. 
-    #
-    # We recommend to use tools like `pwgen` to generate sufficiently random
-    # tokens of 32+ byte length.
-    tokens:
-        - "proxy,node:xxxxx"
-        - "auth:yyyy"
-
-    # Optional "cluster name" is needed when configuring trust between multiple
-    # auth servers. A cluster name is used as part of a signature in certificates
-    # generated by this CA.
-    # 
-    # By default an automatically generated GUID is used.
-    #
-    # IMPORTANT: if you change cluster_name, it will invalidate all generated 
-    # certificates and keys (may need to wipe out /var/lib/teleport directory)
-    cluster_name: "main"
-
-# This section configures the 'node service':
-ssh_service:
-    enabled: yes
-    # IP and the port for SSH service to bind to. 
-    listen_addr: 0.0.0.0:3022
-    # See explanation of labels in "Labeling Nodes" section below
-    labels:
-        role: master
-        type: postgres
-    # List (YAML array) of commands to periodically execute and use
-    # their output as labels. 
-    # See explanation of how this works in "Labeling Nodes" section below
-    commands:
-    - name: hostname
-      command: [/usr/bin/hostname]
-      period: 1m0s
-    - name: arch
-      command: [/usr/bin/uname, -p]
-      period: 1h0m0s
-
-# This section configures the 'proxy servie'
-proxy_service:
-    enabled: yes
-    # SSH forwarding/proxy address. Command line (CLI) clients always begin their
-    # SSH sessions by connecting to this port
-    listen_addr: 0.0.0.0:3023
-
-    # Reverse tunnel listening address. An auth server (CA) can establish an 
-    # outbound (from behind the firewall) connection to this address. 
-    # This will allow users of the outside CA to connect to behind-the-firewall 
-    # nodes.
-    tunnel_listen_addr: 0.0.0.0:3024
-
-    # The HTTPS listen address to serve the Web UI and also to authenticate the 
-    # command line (CLI) users via password+HOTP
-    web_listen_addr: 0.0.0.0:3080
-
-    # TLS certificate for the HTTPS connection. Configuring these properly is 
-    # critical for Teleport security.
-    https_key_file: /etc/teleport/teleport.key
-    https_cert_file: /etc/teleport/teleport.crt

diff --git a/sys-cluster/teleport/teleport-2.7.9.ebuild b/sys-cluster/teleport/teleport-2.7.9.ebuild
deleted file mode 100644
index b3b0fa18f72..00000000000
--- a/sys-cluster/teleport/teleport-2.7.9.ebuild
+++ /dev/null
@@ -1,49 +0,0 @@
-# Copyright 2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit golang-build systemd
-
-DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
-HOMEPAGE="https://gravitational.com/teleport"
-
-EGO_PN="github.com/gravitational/${PN}/..."
-
-if [[ ${PV} == "9999" ]] ; then
-	inherit git-r3 golang-vcs
-	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
-else
-	inherit golang-vcs-snapshot
-	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~amd64 ~arm"
-fi
-
-IUSE="pam"
-LICENSE="Apache-2.0"
-RESTRICT="test strip"
-SLOT="0"
-
-DEPEND="app-arch/zip"
-RDEPEND="pam? ( sys-libs/pam )"
-
-src_compile() {
-	BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
-}
-
-src_install() {
-	keepdir /var/lib/${PN} /etc/${PN}
-	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
-
-	insinto /etc/${PN}
-	newins "${FILESDIR}"/${PN}-2.yaml ${PN}.yaml
-
-	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
-	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
-
-	systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service
-	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
-}
-
-src_test() {
-	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
-}


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
@ 2018-08-05 21:48 Patrice Clement
  0 siblings, 0 replies; 8+ messages in thread
From: Patrice Clement @ 2018-08-05 21:48 UTC (permalink / raw
  To: gentoo-commits

commit:     e56f33fdbeffc8937b2afa7e7a138a8d62632c65
Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>
AuthorDate: Sun Aug  5 03:42:50 2018 +0000
Commit:     Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Sun Aug  5 21:47:23 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e56f33fd

sys-cluster/teleport: rename configuration file.

Teleport 2.5 (removed) had different configuration options, revert back
to using standard teleport.yaml filename as config file source

 sys-cluster/teleport/files/teleport-2.6.yaml | 130 ---------------------------
 sys-cluster/teleport/files/teleport.yaml     |  18 +---
 sys-cluster/teleport/teleport-2.6.7.ebuild   |   2 +-
 3 files changed, 4 insertions(+), 146 deletions(-)

diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml
deleted file mode 100644
index 384dea937c9..00000000000
--- a/sys-cluster/teleport/files/teleport-2.6.yaml
+++ /dev/null
@@ -1,130 +0,0 @@
-# By default, this file should be stored in /etc/teleport.yaml
-## IMPORTANT ##
-#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
-# This section of the configuration file applies to all teleport
-# services.
-teleport:
-    # nodename allows to assign an alternative name this node can be reached by.
-    # by default it's equal to hostname
-    # nodename: graviton
-
-    # Data directory where Teleport keeps its data, like keys/users for 
-    # authentication (if using the default BoltDB back-end)
-    data_dir: /var/lib/teleport
-
-    # one-time invitation token used to join a cluster. it is not used on 
-    # subsequent starts
-    auth_token: xxxx-token-xxxx
-
-    # when running in multi-homed or NATed environments Teleport nodes need 
-    # to know which IP it will be reachable at by other nodes
-    # public_addr: 10.1.0.5
-
-    # list of auth servers in a cluster. you will have more than one auth server
-    # if you configure teleport auth to run in HA configuration
-    auth_servers: 
-        - localhost:3025
-
-    # Teleport throttles all connections to avoid abuse. These settings allow
-    # you to adjust the default limits
-    connection_limits:
-        max_connections: 1000
-        max_users: 250
-
-    # Logging configuration. Possible output values are 'stdout', 'stderr' and 
-    # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
-    log:
-        output: stderr
-        severity: ERROR
-
-    # Type of storage used for keys. You need to configure this to use etcd
-    # backend if you want to run Teleport in HA configuration.
-    storage:
-        type: bolt
-
-# This section configures the 'auth service':
-auth_service:
-    enabled: yes
-
-    # defines the types and second factors the auth server supports
-    authentication:
-        # second_factor can be off, otp, or u2f
-        second_factor: otp
-
-        # this section is only used if using u2f
-        u2f:
-            # app_id should point to the Web UI.
-            app_id: https://localhost:3080
-
-            # facets should list all proxy servers.
-            facets:
-            - https://localhost
-            - https://localhost:3080
-
-    # IP and the port to bind to. Other Teleport nodes will be connecting to
-    # this port (AKA "Auth API" or "Cluster API") to validate client 
-    # certificates 
-    listen_addr: 0.0.0.0:3025
-
-    # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
-    # the role a new node will be allowed to assume. The more secure way to 
-    # add nodes is to use `ttl node add --ttl` command to generate auto-expiring 
-    # tokens. 
-    #
-    # We recommend to use tools like `pwgen` to generate sufficiently random
-    # tokens of 32+ byte length.
-    tokens:
-        - "proxy,node:xxxxx"
-        - "auth:yyyy"
-
-    # Optional "cluster name" is needed when configuring trust between multiple
-    # auth servers. A cluster name is used as part of a signature in certificates
-    # generated by this CA.
-    # 
-    # By default an automatically generated GUID is used.
-    #
-    # IMPORTANT: if you change cluster_name, it will invalidate all generated 
-    # certificates and keys (may need to wipe out /var/lib/teleport directory)
-    cluster_name: "main"
-
-# This section configures the 'node service':
-ssh_service:
-    enabled: yes
-    # IP and the port for SSH service to bind to. 
-    listen_addr: 0.0.0.0:3022
-    # See explanation of labels in "Labeling Nodes" section below
-    labels:
-        role: master
-        type: postgres
-    # List (YAML array) of commands to periodically execute and use
-    # their output as labels. 
-    # See explanation of how this works in "Labeling Nodes" section below
-    commands:
-    - name: hostname
-      command: [/usr/bin/hostname]
-      period: 1m0s
-    - name: arch
-      command: [/usr/bin/uname, -p]
-      period: 1h0m0s
-
-# This section configures the 'proxy servie'
-proxy_service:
-    enabled: yes
-    # SSH forwarding/proxy address. Command line (CLI) clients always begin their
-    # SSH sessions by connecting to this port
-    listen_addr: 0.0.0.0:3023
-
-    # Reverse tunnel listening address. An auth server (CA) can establish an 
-    # outbound (from behind the firewall) connection to this address. 
-    # This will allow users of the outside CA to connect to behind-the-firewall 
-    # nodes.
-    tunnel_listen_addr: 0.0.0.0:3024
-
-    # The HTTPS listen address to serve the Web UI and also to authenticate the 
-    # command line (CLI) users via password+HOTP
-    web_listen_addr: 0.0.0.0:3080
-
-    # TLS certificate for the HTTPS connection. Configuring these properly is 
-    # critical for Teleport security.
-    https_key_file: /etc/teleport/teleport.key
-    https_cert_file: /etc/teleport/teleport.crt

diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml
index e297bb89b57..384dea937c9 100644
--- a/sys-cluster/teleport/files/teleport.yaml
+++ b/sys-cluster/teleport/files/teleport.yaml
@@ -1,5 +1,6 @@
 # By default, this file should be stored in /etc/teleport.yaml
-
+## IMPORTANT ##
+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
 # This section of the configuration file applies to all teleport
 # services.
 teleport:
@@ -17,7 +18,7 @@ teleport:
 
     # when running in multi-homed or NATed environments Teleport nodes need 
     # to know which IP it will be reachable at by other nodes
-    # advertise_ip: 10.1.0.5
+    # public_addr: 10.1.0.5
 
     # list of auth servers in a cluster. you will have more than one auth server
     # if you configure teleport auth to run in HA configuration
@@ -43,19 +44,10 @@ teleport:
 
 # This section configures the 'auth service':
 auth_service:
-    # Turns 'auth' role on. Default is 'yes'
     enabled: yes
 
-    # Turns on dynamic configuration. Dynamic configuration defines the source
-    # for configuration information, configuration files on disk or what's
-    # stored in the backend. Default is false if no backend is specified,
-    # otherwise if backend is specified, it is assumed to be true.
-    dynamic_config: false
-
     # defines the types and second factors the auth server supports
     authentication:
-        # type can be local or oidc
-        type: local
         # second_factor can be off, otp, or u2f
         second_factor: otp
 
@@ -97,9 +89,7 @@ auth_service:
 
 # This section configures the 'node service':
 ssh_service:
-    # Turns 'ssh' role on. Default is 'yes'
     enabled: yes
-
     # IP and the port for SSH service to bind to. 
     listen_addr: 0.0.0.0:3022
     # See explanation of labels in "Labeling Nodes" section below
@@ -119,9 +109,7 @@ ssh_service:
 
 # This section configures the 'proxy servie'
 proxy_service:
-    # Turns 'proxy' role on. Default is 'yes'
     enabled: yes
-
     # SSH forwarding/proxy address. Command line (CLI) clients always begin their
     # SSH sessions by connecting to this port
     listen_addr: 0.0.0.0:3023

diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild
index a187d11ee22..4a7a27e42a4 100644
--- a/sys-cluster/teleport/teleport-2.6.7.ebuild
+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild
@@ -35,7 +35,7 @@ src_install() {
 	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
 
 	insinto /etc/${PN}
-	newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml
+	newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml
 
 	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
 	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
@ 2018-07-26 20:39 Michał Górny
  0 siblings, 0 replies; 8+ messages in thread
From: Michał Górny @ 2018-07-26 20:39 UTC (permalink / raw
  To: gentoo-commits

commit:     a3a9f1d0002e2f2e17c6aaa594192dae4c3a56fc
Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>
AuthorDate: Sun Jul  8 16:31:44 2018 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Jul 26 20:39:32 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3a9f1d0

sys-cluster/teleport: add v2.5.8

 sys-cluster/teleport/Manifest                   |  1 +
 sys-cluster/teleport/files/teleport-2.5.init.d  | 37 -----------------
 sys-cluster/teleport/files/teleport-2.5.service | 13 ------
 sys-cluster/teleport/files/teleport.init.d      | 10 ++++-
 sys-cluster/teleport/files/teleport.service     |  8 ++--
 sys-cluster/teleport/teleport-2.5.8.ebuild      | 55 +++++++++++++++++++++++++
 6 files changed, 70 insertions(+), 54 deletions(-)

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
index d1686e71f31..739e3918ea0 100644
--- a/sys-cluster/teleport/Manifest
+++ b/sys-cluster/teleport/Manifest
@@ -2,3 +2,4 @@ DIST teleport-2.4.2.tar.gz 9975909 BLAKE2B 68916e1d15f49448e918b39b2a760f90eca29
 DIST teleport-2.4.5.tar.gz 9975753 BLAKE2B cdb6e577cd565cf6760d73c92cac674571e9b1257d23b280bd96428cca4e7c593738a925d3632a80fed3e0868c5f3aac79800db19bbf2a2b92d495600bf014cc SHA512 15e7e3c52c058625eb525c7c9cda00186eba037edbed89d21fb090b87c05570a1636f328260d4c7445253b0f5b81f321ce0da7d2b7fc316a0a9938ed22cc6c9c
 DIST teleport-2.5.2.tar.gz 16211219 BLAKE2B 28d0d1bb8d01fba39e79a262744b69a9df27438b9dbb0a25cd23acd57b6004a7f2309e432c0db4188c2e023a0b0299fd64723acfd57c1328d2345bba08fff4a9 SHA512 58fad4015824b9077bbd13cc3c6a994e5a54ed367264477854da7b129eea04c4cba44a580650a259b01f390a9f2028d7501df2ac4ab4821d085bbfe1cd887ec5
 DIST teleport-2.5.6.tar.gz 16216649 BLAKE2B e5ae8645d59df2684601dab5c222399d89b356592774365ffbca4e3f2d9ed745f2839902ee1e244c7b7eb300230d771daa754bbbbe29fc8e79f833715094d4f2 SHA512 fae1eb53ff45115551c5002745303cd0e9a044557e6e56cda870a57531700bb68e23b59d2930ac2dd654b200732edc3ed9432e1bc0e9dbf0e7529e980599a323
+DIST teleport-2.5.8.tar.gz 16219666 BLAKE2B dd64ef4ca5b26e025e46c88d58e7ec226810b583c4b740416f6cc0caec5ea7d050c732368917ec34c5f8a36c7670d2903baa6c32203a2c5cac972e3a2b4bcbbb SHA512 070eebc889adde017641a833ee0e414c5f56848ac36fa96fb66e83062212307904e8264da758042765ba13d6a0c1b4f5314c1b0e90a2c37723ef1c0aa22889be

diff --git a/sys-cluster/teleport/files/teleport-2.5.init.d b/sys-cluster/teleport/files/teleport-2.5.init.d
deleted file mode 100644
index a951ec5318a..00000000000
--- a/sys-cluster/teleport/files/teleport-2.5.init.d
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-: ${TELEPORT_CONFDIR:=/etc/teleport}
-: ${TELEPORT_PIDFILE:=/var/run/${SVCNAME}.pid}
-: ${TELEPORT_BINARY:=/usr/bin/teleport}
-: ${TELEPORT_LOGFILE:=/var/log/teleport.log}
-
-depend() {
-	need net
-}
-
-start() {
-	ebegin "Starting Teleport SSH Service"
-		start-stop-daemon --start --exec /usr/bin/teleport \
-		--background --make-pidfile --pidfile "${TELEPORT_PIDFILE}" \
-		--stderr "${TELEPORT_LOGFILE}" \
-		-- start --config="${TELEPORT_CONFDIR}/teleport.yaml" \
-		${TELEPORT_OPTS}
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping Teleport SSH Service"
-		start-stop-daemon --stop --exec /usr/bin/teleport \
-		--pidfile "${TELEPORT_PIDFILE}"
-	eend $?
-}
-
-reload() {
-	checkconfig || return 1
-	ebegin "Reloading ${SVCNAME}"
-	start-stop-daemon --signal HUP \
-	    --exec "${TELEPORT_BINARY}" --pidfile "${TELEPORT_PIDFILE}"
-	eend $?
-}

diff --git a/sys-cluster/teleport/files/teleport-2.5.service b/sys-cluster/teleport/files/teleport-2.5.service
deleted file mode 100644
index 37b38210aff..00000000000
--- a/sys-cluster/teleport/files/teleport-2.5.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Teleport SSH Service
-After=network.target
-
-[Service]
-Type=simple
-Restart=on-failure
-ExecStart=/usr/bin/teleport start --config=/etc/teleport/teleport.yaml --pid-file=/var/run/teleport.pid
-ExecReload=/bin/kill -HUP $MAINPID
-PIDFile=/var/run/teleport.pid
-
-[Install]
-WantedBy=multi-user.target

diff --git a/sys-cluster/teleport/files/teleport.init.d b/sys-cluster/teleport/files/teleport.init.d
index a5d08b7f3f6..a951ec5318a 100644
--- a/sys-cluster/teleport/files/teleport.init.d
+++ b/sys-cluster/teleport/files/teleport.init.d
@@ -18,7 +18,7 @@ start() {
 		--stderr "${TELEPORT_LOGFILE}" \
 		-- start --config="${TELEPORT_CONFDIR}/teleport.yaml" \
 		${TELEPORT_OPTS}
-		eend $?
+	eend $?
 }
 
 stop() {
@@ -27,3 +27,11 @@ stop() {
 		--pidfile "${TELEPORT_PIDFILE}"
 	eend $?
 }
+
+reload() {
+	checkconfig || return 1
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP \
+	    --exec "${TELEPORT_BINARY}" --pidfile "${TELEPORT_PIDFILE}"
+	eend $?
+}

diff --git a/sys-cluster/teleport/files/teleport.service b/sys-cluster/teleport/files/teleport.service
index b74734bbf9e..37b38210aff 100644
--- a/sys-cluster/teleport/files/teleport.service
+++ b/sys-cluster/teleport/files/teleport.service
@@ -1,11 +1,13 @@
 [Unit]
 Description=Teleport SSH Service
-After=network.target 
+After=network.target
 
 [Service]
 Type=simple
-Restart=always
-ExecStart=/usr/bin/teleport start --config=/etc/teleport/teleport.yaml
+Restart=on-failure
+ExecStart=/usr/bin/teleport start --config=/etc/teleport/teleport.yaml --pid-file=/var/run/teleport.pid
+ExecReload=/bin/kill -HUP $MAINPID
+PIDFile=/var/run/teleport.pid
 
 [Install]
 WantedBy=multi-user.target

diff --git a/sys-cluster/teleport/teleport-2.5.8.ebuild b/sys-cluster/teleport/teleport-2.5.8.ebuild
new file mode 100644
index 00000000000..597ac0e391f
--- /dev/null
+++ b/sys-cluster/teleport/teleport-2.5.8.ebuild
@@ -0,0 +1,55 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit golang-build systemd
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+IUSE=""
+LICENSE="Apache-2.0"
+RESTRICT="test strip"
+SLOT="0"
+
+DEPEND="app-arch/zip"
+RDEPEND=""
+
+src_prepare() {
+	default
+
+	sed -i -e 's/-j 3/-j 1/g' src/${EGO_PN%/*}/Makefile || die
+}
+
+src_compile() {
+	BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
+}
+
+src_install() {
+	keepdir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	doins "${FILESDIR}"/${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
@ 2018-07-26 20:39 Michał Górny
  0 siblings, 0 replies; 8+ messages in thread
From: Michał Górny @ 2018-07-26 20:39 UTC (permalink / raw
  To: gentoo-commits

commit:     84bfc434f8c894981faf7cc55ced6430ab67b159
Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>
AuthorDate: Sun Jul  8 17:03:21 2018 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Jul 26 20:39:32 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84bfc434

sys-cluster/teleport: add v2.6.7

 sys-cluster/teleport/Manifest                |   1 +
 sys-cluster/teleport/files/teleport-2.6.yaml | 130 +++++++++++++++++++++++++++
 sys-cluster/teleport/teleport-2.6.7.ebuild   |  49 ++++++++++
 3 files changed, 180 insertions(+)

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
index 739e3918ea0..ec5a8a5af89 100644
--- a/sys-cluster/teleport/Manifest
+++ b/sys-cluster/teleport/Manifest
@@ -3,3 +3,4 @@ DIST teleport-2.4.5.tar.gz 9975753 BLAKE2B cdb6e577cd565cf6760d73c92cac674571e9b
 DIST teleport-2.5.2.tar.gz 16211219 BLAKE2B 28d0d1bb8d01fba39e79a262744b69a9df27438b9dbb0a25cd23acd57b6004a7f2309e432c0db4188c2e023a0b0299fd64723acfd57c1328d2345bba08fff4a9 SHA512 58fad4015824b9077bbd13cc3c6a994e5a54ed367264477854da7b129eea04c4cba44a580650a259b01f390a9f2028d7501df2ac4ab4821d085bbfe1cd887ec5
 DIST teleport-2.5.6.tar.gz 16216649 BLAKE2B e5ae8645d59df2684601dab5c222399d89b356592774365ffbca4e3f2d9ed745f2839902ee1e244c7b7eb300230d771daa754bbbbe29fc8e79f833715094d4f2 SHA512 fae1eb53ff45115551c5002745303cd0e9a044557e6e56cda870a57531700bb68e23b59d2930ac2dd654b200732edc3ed9432e1bc0e9dbf0e7529e980599a323
 DIST teleport-2.5.8.tar.gz 16219666 BLAKE2B dd64ef4ca5b26e025e46c88d58e7ec226810b583c4b740416f6cc0caec5ea7d050c732368917ec34c5f8a36c7670d2903baa6c32203a2c5cac972e3a2b4bcbbb SHA512 070eebc889adde017641a833ee0e414c5f56848ac36fa96fb66e83062212307904e8264da758042765ba13d6a0c1b4f5314c1b0e90a2c37723ef1c0aa22889be
+DIST teleport-2.6.7.tar.gz 16655508 BLAKE2B a020ab999b7503cb7aec54ed81532baf9d08b98000f2c659f63859d89f7f2b5fb311c41d6fcafb7d9bf72ea1c97eecfc6ac621b7c90d74f5afe2717edb8b0402 SHA512 45002dcf7b99108ca6fffae94d6608188eb9b0bea05cd14068618bfb11c496cad5546e261f349fee70f2acb574e7fc44093683dd991001e01406da6982c5c4c3

diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml
new file mode 100644
index 00000000000..384dea937c9
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport-2.6.yaml
@@ -0,0 +1,130 @@
+# By default, this file should be stored in /etc/teleport.yaml
+## IMPORTANT ##
+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
+# This section of the configuration file applies to all teleport
+# services.
+teleport:
+    # nodename allows to assign an alternative name this node can be reached by.
+    # by default it's equal to hostname
+    # nodename: graviton
+
+    # Data directory where Teleport keeps its data, like keys/users for 
+    # authentication (if using the default BoltDB back-end)
+    data_dir: /var/lib/teleport
+
+    # one-time invitation token used to join a cluster. it is not used on 
+    # subsequent starts
+    auth_token: xxxx-token-xxxx
+
+    # when running in multi-homed or NATed environments Teleport nodes need 
+    # to know which IP it will be reachable at by other nodes
+    # public_addr: 10.1.0.5
+
+    # list of auth servers in a cluster. you will have more than one auth server
+    # if you configure teleport auth to run in HA configuration
+    auth_servers: 
+        - localhost:3025
+
+    # Teleport throttles all connections to avoid abuse. These settings allow
+    # you to adjust the default limits
+    connection_limits:
+        max_connections: 1000
+        max_users: 250
+
+    # Logging configuration. Possible output values are 'stdout', 'stderr' and 
+    # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
+    log:
+        output: stderr
+        severity: ERROR
+
+    # Type of storage used for keys. You need to configure this to use etcd
+    # backend if you want to run Teleport in HA configuration.
+    storage:
+        type: bolt
+
+# This section configures the 'auth service':
+auth_service:
+    enabled: yes
+
+    # defines the types and second factors the auth server supports
+    authentication:
+        # second_factor can be off, otp, or u2f
+        second_factor: otp
+
+        # this section is only used if using u2f
+        u2f:
+            # app_id should point to the Web UI.
+            app_id: https://localhost:3080
+
+            # facets should list all proxy servers.
+            facets:
+            - https://localhost
+            - https://localhost:3080
+
+    # IP and the port to bind to. Other Teleport nodes will be connecting to
+    # this port (AKA "Auth API" or "Cluster API") to validate client 
+    # certificates 
+    listen_addr: 0.0.0.0:3025
+
+    # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
+    # the role a new node will be allowed to assume. The more secure way to 
+    # add nodes is to use `ttl node add --ttl` command to generate auto-expiring 
+    # tokens. 
+    #
+    # We recommend to use tools like `pwgen` to generate sufficiently random
+    # tokens of 32+ byte length.
+    tokens:
+        - "proxy,node:xxxxx"
+        - "auth:yyyy"
+
+    # Optional "cluster name" is needed when configuring trust between multiple
+    # auth servers. A cluster name is used as part of a signature in certificates
+    # generated by this CA.
+    # 
+    # By default an automatically generated GUID is used.
+    #
+    # IMPORTANT: if you change cluster_name, it will invalidate all generated 
+    # certificates and keys (may need to wipe out /var/lib/teleport directory)
+    cluster_name: "main"
+
+# This section configures the 'node service':
+ssh_service:
+    enabled: yes
+    # IP and the port for SSH service to bind to. 
+    listen_addr: 0.0.0.0:3022
+    # See explanation of labels in "Labeling Nodes" section below
+    labels:
+        role: master
+        type: postgres
+    # List (YAML array) of commands to periodically execute and use
+    # their output as labels. 
+    # See explanation of how this works in "Labeling Nodes" section below
+    commands:
+    - name: hostname
+      command: [/usr/bin/hostname]
+      period: 1m0s
+    - name: arch
+      command: [/usr/bin/uname, -p]
+      period: 1h0m0s
+
+# This section configures the 'proxy servie'
+proxy_service:
+    enabled: yes
+    # SSH forwarding/proxy address. Command line (CLI) clients always begin their
+    # SSH sessions by connecting to this port
+    listen_addr: 0.0.0.0:3023
+
+    # Reverse tunnel listening address. An auth server (CA) can establish an 
+    # outbound (from behind the firewall) connection to this address. 
+    # This will allow users of the outside CA to connect to behind-the-firewall 
+    # nodes.
+    tunnel_listen_addr: 0.0.0.0:3024
+
+    # The HTTPS listen address to serve the Web UI and also to authenticate the 
+    # command line (CLI) users via password+HOTP
+    web_listen_addr: 0.0.0.0:3080
+
+    # TLS certificate for the HTTPS connection. Configuring these properly is 
+    # critical for Teleport security.
+    https_key_file: /etc/teleport/teleport.key
+    https_cert_file: /etc/teleport/teleport.crt

diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild
new file mode 100644
index 00000000000..a187d11ee22
--- /dev/null
+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit golang-build systemd
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+IUSE="pam"
+LICENSE="Apache-2.0"
+RESTRICT="test strip"
+SLOT="0"
+
+DEPEND="app-arch/zip"
+RDEPEND="pam? ( sys-libs/pam )"
+
+src_compile() {
+	BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
+}
+
+src_install() {
+	keepdir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
@ 2018-03-18  8:33 Michał Górny
  0 siblings, 0 replies; 8+ messages in thread
From: Michał Górny @ 2018-03-18  8:33 UTC (permalink / raw
  To: gentoo-commits

commit:     f78d733cc6d1a1fc2d99be48781deafd5fd09854
Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>
AuthorDate: Sat Mar 17 02:29:36 2018 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sun Mar 18 08:31:07 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f78d733c

sys-cluster/teleport: add v2.5.2

v2.5.0 introduced a new graceful restart capability, this commit
includes a new openrc init script (files/teleport-2.5.init.d) and
systemd service unit (teleport-2.5.service) to support this. Because
v2.4.x is not compatible with this feature, the old init script/service
files are preserved under the original names.

Closes: https://github.com/gentoo/gentoo/pull/7481

 sys-cluster/teleport/Manifest                   |  1 +
 sys-cluster/teleport/files/teleport-2.5.init.d  | 37 ++++++++++++++++
 sys-cluster/teleport/files/teleport-2.5.service | 13 ++++++
 sys-cluster/teleport/teleport-2.5.2.ebuild      | 57 +++++++++++++++++++++++++
 4 files changed, 108 insertions(+)

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
index e28f189fd83..e34331f1db3 100644
--- a/sys-cluster/teleport/Manifest
+++ b/sys-cluster/teleport/Manifest
@@ -1,2 +1,3 @@
 DIST teleport-2.4.2.tar.gz 9975909 BLAKE2B 68916e1d15f49448e918b39b2a760f90eca292b07f61e51cfe125eb99c6b36d95a528cfec40b62cd61893ce81edbf5f26066eb59063214369402e2a62d07bd5e SHA512 f9c2f923e05c8fa0b82708955c944e1bd35da2e6bf8b673832e76c91b918a4bc6d6666797faf0f7572cfaa7341991ef8937cd9b374cdc273271aff45f96b2960
 DIST teleport-2.4.5.tar.gz 9975753 BLAKE2B cdb6e577cd565cf6760d73c92cac674571e9b1257d23b280bd96428cca4e7c593738a925d3632a80fed3e0868c5f3aac79800db19bbf2a2b92d495600bf014cc SHA512 15e7e3c52c058625eb525c7c9cda00186eba037edbed89d21fb090b87c05570a1636f328260d4c7445253b0f5b81f321ce0da7d2b7fc316a0a9938ed22cc6c9c
+DIST teleport-2.5.2.tar.gz 16211219 BLAKE2B 28d0d1bb8d01fba39e79a262744b69a9df27438b9dbb0a25cd23acd57b6004a7f2309e432c0db4188c2e023a0b0299fd64723acfd57c1328d2345bba08fff4a9 SHA512 58fad4015824b9077bbd13cc3c6a994e5a54ed367264477854da7b129eea04c4cba44a580650a259b01f390a9f2028d7501df2ac4ab4821d085bbfe1cd887ec5

diff --git a/sys-cluster/teleport/files/teleport-2.5.init.d b/sys-cluster/teleport/files/teleport-2.5.init.d
new file mode 100644
index 00000000000..a951ec5318a
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport-2.5.init.d
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+: ${TELEPORT_CONFDIR:=/etc/teleport}
+: ${TELEPORT_PIDFILE:=/var/run/${SVCNAME}.pid}
+: ${TELEPORT_BINARY:=/usr/bin/teleport}
+: ${TELEPORT_LOGFILE:=/var/log/teleport.log}
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting Teleport SSH Service"
+		start-stop-daemon --start --exec /usr/bin/teleport \
+		--background --make-pidfile --pidfile "${TELEPORT_PIDFILE}" \
+		--stderr "${TELEPORT_LOGFILE}" \
+		-- start --config="${TELEPORT_CONFDIR}/teleport.yaml" \
+		${TELEPORT_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping Teleport SSH Service"
+		start-stop-daemon --stop --exec /usr/bin/teleport \
+		--pidfile "${TELEPORT_PIDFILE}"
+	eend $?
+}
+
+reload() {
+	checkconfig || return 1
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP \
+	    --exec "${TELEPORT_BINARY}" --pidfile "${TELEPORT_PIDFILE}"
+	eend $?
+}

diff --git a/sys-cluster/teleport/files/teleport-2.5.service b/sys-cluster/teleport/files/teleport-2.5.service
new file mode 100644
index 00000000000..37b38210aff
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport-2.5.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Teleport SSH Service
+After=network.target
+
+[Service]
+Type=simple
+Restart=on-failure
+ExecStart=/usr/bin/teleport start --config=/etc/teleport/teleport.yaml --pid-file=/var/run/teleport.pid
+ExecReload=/bin/kill -HUP $MAINPID
+PIDFile=/var/run/teleport.pid
+
+[Install]
+WantedBy=multi-user.target

diff --git a/sys-cluster/teleport/teleport-2.5.2.ebuild b/sys-cluster/teleport/teleport-2.5.2.ebuild
new file mode 100644
index 00000000000..4b4aeb53e58
--- /dev/null
+++ b/sys-cluster/teleport/teleport-2.5.2.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit eutils golang-build systemd user
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+IUSE=""
+LICENSE="Apache-2.0"
+RESTRICT="test strip"
+SLOT="0"
+
+DEPEND="
+	app-arch/zip
+	>=dev-lang/go-1.9.2"
+RDEPEND=""
+
+src_prepare() {
+	default
+
+	sed -i -e 's/-j 3/-j 1/g' src/${EGO_PN%/*}/Makefile
+}
+
+src_compile() {
+	GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
+}
+
+src_install() {
+	keepdir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	doins "${FILESDIR}"/${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}-2.5.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_newunit "${FILESDIR}"/${PN}-2.5.service ${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/
@ 2017-06-14  7:48 Michał Górny
  0 siblings, 0 replies; 8+ messages in thread
From: Michał Górny @ 2017-06-14  7:48 UTC (permalink / raw
  To: gentoo-commits

commit:     3a6cc61bfeee218f02161b3881bcf5efeb8a2624
Author:     Graeme Lawes <graemelawes <AT> gmail <DOT> com>
AuthorDate: Mon May 29 17:28:38 2017 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Wed Jun 14 07:48:31 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a6cc61b

sys-cluster/teleport: new package, #620054

Multi-region SSH for teams managing distributed server clusters.

Closes: https://github.com/gentoo/gentoo/pull/4802
Package-Manager: Portage-2.3.5, Repoman-2.3.1

 sys-cluster/teleport/Manifest                    |   1 +
 sys-cluster/teleport/files/teleport.conf.d       |  17 +++
 sys-cluster/teleport/files/teleport.init.d       |  29 +++++
 sys-cluster/teleport/files/teleport.service      |  11 ++
 sys-cluster/teleport/files/teleport.service.conf |   3 +
 sys-cluster/teleport/files/teleport.yaml         | 142 +++++++++++++++++++++++
 sys-cluster/teleport/metadata.xml                |  17 +++
 sys-cluster/teleport/teleport-2.2.0.ebuild       |  51 ++++++++
 sys-cluster/teleport/teleport-9999.ebuild        |  51 ++++++++
 9 files changed, 322 insertions(+)

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
new file mode 100644
index 00000000000..c1a217ba386
--- /dev/null
+++ b/sys-cluster/teleport/Manifest
@@ -0,0 +1 @@
+DIST teleport-2.2.0.tar.gz 7229371 SHA256 b12bea0474a0ce5f4df10729607661b1afbecd5e95083835ccee7b54493c9452 SHA512 bec288983371bd3807b7ce994b1533a5e869d903251f8a8ce6315768a1d3ae95d72f832037345c36c9cd4789fbc449c54b86359988b1e74d4f46f9e0db6b3239 WHIRLPOOL 5b128fda80b1ce4afe60e10e6d5d9e83f621f6a405e713af7d1b988562038aa927c9f7c733a927a3aa724c261d058dba1fa75526dd2eb9051b1e6fe4c984004c

diff --git a/sys-cluster/teleport/files/teleport.conf.d b/sys-cluster/teleport/files/teleport.conf.d
new file mode 100644
index 00000000000..e4b2cbb1a7e
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.conf.d
@@ -0,0 +1,17 @@
+# /etc/conf.d/teleport: config file for /etc/init.d/teleport
+
+# Where is your teleport.yaml file stored?
+TELEPORT_CONFDIR="/etc/teleport"
+
+# Any random options you want to pass to teleport.
+TELEPORT_OPTS=""
+
+# Pid file to use (needs to be absolute path).
+#TELEPORT_PIDFILE="/var/run/teleport.pid"
+
+# Path to log file
+#TELEPORT_LOGFILE="/var/log/teleport.log"
+
+# Startup dependency
+# Un-comment when using etcd storage backend
+#rc_need="etcd"

diff --git a/sys-cluster/teleport/files/teleport.init.d b/sys-cluster/teleport/files/teleport.init.d
new file mode 100644
index 00000000000..a5d08b7f3f6
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.init.d
@@ -0,0 +1,29 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+: ${TELEPORT_CONFDIR:=/etc/teleport}
+: ${TELEPORT_PIDFILE:=/var/run/${SVCNAME}.pid}
+: ${TELEPORT_BINARY:=/usr/bin/teleport}
+: ${TELEPORT_LOGFILE:=/var/log/teleport.log}
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting Teleport SSH Service"
+		start-stop-daemon --start --exec /usr/bin/teleport \
+		--background --make-pidfile --pidfile "${TELEPORT_PIDFILE}" \
+		--stderr "${TELEPORT_LOGFILE}" \
+		-- start --config="${TELEPORT_CONFDIR}/teleport.yaml" \
+		${TELEPORT_OPTS}
+		eend $?
+}
+
+stop() {
+	ebegin "Stopping Teleport SSH Service"
+		start-stop-daemon --stop --exec /usr/bin/teleport \
+		--pidfile "${TELEPORT_PIDFILE}"
+	eend $?
+}

diff --git a/sys-cluster/teleport/files/teleport.service b/sys-cluster/teleport/files/teleport.service
new file mode 100644
index 00000000000..b74734bbf9e
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Teleport SSH Service
+After=network.target 
+
+[Service]
+Type=simple
+Restart=always
+ExecStart=/usr/bin/teleport start --config=/etc/teleport/teleport.yaml
+
+[Install]
+WantedBy=multi-user.target

diff --git a/sys-cluster/teleport/files/teleport.service.conf b/sys-cluster/teleport/files/teleport.service.conf
new file mode 100644
index 00000000000..2ff7ffbf3a4
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.service.conf
@@ -0,0 +1,3 @@
+# Uncomment the following when using the etcd storage backend
+#[Unit]
+#Wants=etcd.service

diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml
new file mode 100644
index 00000000000..e297bb89b57
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport.yaml
@@ -0,0 +1,142 @@
+# By default, this file should be stored in /etc/teleport.yaml
+
+# This section of the configuration file applies to all teleport
+# services.
+teleport:
+    # nodename allows to assign an alternative name this node can be reached by.
+    # by default it's equal to hostname
+    # nodename: graviton
+
+    # Data directory where Teleport keeps its data, like keys/users for 
+    # authentication (if using the default BoltDB back-end)
+    data_dir: /var/lib/teleport
+
+    # one-time invitation token used to join a cluster. it is not used on 
+    # subsequent starts
+    auth_token: xxxx-token-xxxx
+
+    # when running in multi-homed or NATed environments Teleport nodes need 
+    # to know which IP it will be reachable at by other nodes
+    # advertise_ip: 10.1.0.5
+
+    # list of auth servers in a cluster. you will have more than one auth server
+    # if you configure teleport auth to run in HA configuration
+    auth_servers: 
+        - localhost:3025
+
+    # Teleport throttles all connections to avoid abuse. These settings allow
+    # you to adjust the default limits
+    connection_limits:
+        max_connections: 1000
+        max_users: 250
+
+    # Logging configuration. Possible output values are 'stdout', 'stderr' and 
+    # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
+    log:
+        output: stderr
+        severity: ERROR
+
+    # Type of storage used for keys. You need to configure this to use etcd
+    # backend if you want to run Teleport in HA configuration.
+    storage:
+        type: bolt
+
+# This section configures the 'auth service':
+auth_service:
+    # Turns 'auth' role on. Default is 'yes'
+    enabled: yes
+
+    # Turns on dynamic configuration. Dynamic configuration defines the source
+    # for configuration information, configuration files on disk or what's
+    # stored in the backend. Default is false if no backend is specified,
+    # otherwise if backend is specified, it is assumed to be true.
+    dynamic_config: false
+
+    # defines the types and second factors the auth server supports
+    authentication:
+        # type can be local or oidc
+        type: local
+        # second_factor can be off, otp, or u2f
+        second_factor: otp
+
+        # this section is only used if using u2f
+        u2f:
+            # app_id should point to the Web UI.
+            app_id: https://localhost:3080
+
+            # facets should list all proxy servers.
+            facets:
+            - https://localhost
+            - https://localhost:3080
+
+    # IP and the port to bind to. Other Teleport nodes will be connecting to
+    # this port (AKA "Auth API" or "Cluster API") to validate client 
+    # certificates 
+    listen_addr: 0.0.0.0:3025
+
+    # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
+    # the role a new node will be allowed to assume. The more secure way to 
+    # add nodes is to use `ttl node add --ttl` command to generate auto-expiring 
+    # tokens. 
+    #
+    # We recommend to use tools like `pwgen` to generate sufficiently random
+    # tokens of 32+ byte length.
+    tokens:
+        - "proxy,node:xxxxx"
+        - "auth:yyyy"
+
+    # Optional "cluster name" is needed when configuring trust between multiple
+    # auth servers. A cluster name is used as part of a signature in certificates
+    # generated by this CA.
+    # 
+    # By default an automatically generated GUID is used.
+    #
+    # IMPORTANT: if you change cluster_name, it will invalidate all generated 
+    # certificates and keys (may need to wipe out /var/lib/teleport directory)
+    cluster_name: "main"
+
+# This section configures the 'node service':
+ssh_service:
+    # Turns 'ssh' role on. Default is 'yes'
+    enabled: yes
+
+    # IP and the port for SSH service to bind to. 
+    listen_addr: 0.0.0.0:3022
+    # See explanation of labels in "Labeling Nodes" section below
+    labels:
+        role: master
+        type: postgres
+    # List (YAML array) of commands to periodically execute and use
+    # their output as labels. 
+    # See explanation of how this works in "Labeling Nodes" section below
+    commands:
+    - name: hostname
+      command: [/usr/bin/hostname]
+      period: 1m0s
+    - name: arch
+      command: [/usr/bin/uname, -p]
+      period: 1h0m0s
+
+# This section configures the 'proxy servie'
+proxy_service:
+    # Turns 'proxy' role on. Default is 'yes'
+    enabled: yes
+
+    # SSH forwarding/proxy address. Command line (CLI) clients always begin their
+    # SSH sessions by connecting to this port
+    listen_addr: 0.0.0.0:3023
+
+    # Reverse tunnel listening address. An auth server (CA) can establish an 
+    # outbound (from behind the firewall) connection to this address. 
+    # This will allow users of the outside CA to connect to behind-the-firewall 
+    # nodes.
+    tunnel_listen_addr: 0.0.0.0:3024
+
+    # The HTTPS listen address to serve the Web UI and also to authenticate the 
+    # command line (CLI) users via password+HOTP
+    web_listen_addr: 0.0.0.0:3080
+
+    # TLS certificate for the HTTPS connection. Configuring these properly is 
+    # critical for Teleport security.
+    https_key_file: /etc/teleport/teleport.key
+    https_cert_file: /etc/teleport/teleport.crt

diff --git a/sys-cluster/teleport/metadata.xml b/sys-cluster/teleport/metadata.xml
new file mode 100644
index 00000000000..224f5639f02
--- /dev/null
+++ b/sys-cluster/teleport/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<name>Graeme Lawes</name>
+		<email>graemelawes@gmail.com</email>
+	</maintainer>
+	<maintainer type="project">
+		<name>Gentoo Proxy Maintainers Project</name>
+		<email>proxy-maint@gentoo.org</email>
+	</maintainer>
+	<upstream>
+		<changelog>https://github.com/gravitational/teleport/blob/master/CHANGELOG.md</changelog>
+		<bugs-to>https://github.com/gravitational/teleport/issues</bugs-to>
+		<remote-id type="github">gravitational/teleport</remote-id>
+	</upstream>
+</pkgmetadata>

diff --git a/sys-cluster/teleport/teleport-2.2.0.ebuild b/sys-cluster/teleport/teleport-2.2.0.ebuild
new file mode 100644
index 00000000000..50aac8796fe
--- /dev/null
+++ b/sys-cluster/teleport/teleport-2.2.0.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit eutils golang-build systemd user
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [ ${PV} == "9999" ] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE=""
+
+DEPEND="
+	app-arch/zip
+	>=dev-lang/go-1.8.3"
+RDEPEND=""
+
+src_compile() {
+	GOPATH="${S}" emake -C src/${EGO_PN%/*}
+	pushd src/${EGO_PN%/*}/web/dist >/dev/null || die
+	zip -qr "${S}/src/${EGO_PN%/*}/build/webassets.zip" . || die
+	popd >/dev/null || die
+	cat "${S}/src/${EGO_PN%/*}/build/webassets.zip" >> "src/${EGO_PN%/*}/build/${PN}" || die
+	zip -q -A "${S}/src/${EGO_PN%/*}/build/${PN}" || die
+}
+
+src_install() {
+	dodir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	doins "${FILESDIR}"/${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_dounit "${FILESDIR}"/${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}

diff --git a/sys-cluster/teleport/teleport-9999.ebuild b/sys-cluster/teleport/teleport-9999.ebuild
new file mode 100644
index 00000000000..87502805344
--- /dev/null
+++ b/sys-cluster/teleport/teleport-9999.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit eutils golang-build systemd user
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [ ${PV} == "9999" ] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE=""
+
+DEPEND="
+	app-arch/zip
+	>=dev-lang/go-1.7"
+RDEPEND=""
+
+src_compile() {
+	GOPATH="${S}" emake -C src/${EGO_PN%/*}
+	pushd src/${EGO_PN%/*}/web/dist >/dev/null || die
+	zip -qr "${S}/src/${EGO_PN%/*}/build/webassets.zip" . || die
+	popd >/dev/null || die
+	cat "${S}/src/${EGO_PN%/*}/build/webassets.zip" >> "src/${EGO_PN%/*}/build/${PN}" || die
+	zip -q -A "${S}/src/${EGO_PN%/*}/build/${PN}" || die
+}
+
+src_install() {
+	dodir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	doins "${FILESDIR}"/${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_dounit "${FILESDIR}"/${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}


^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2019-06-20  6:32 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-10-11 18:53 [gentoo-commits] repo/gentoo:master commit in: sys-cluster/teleport/files/, sys-cluster/teleport/ Michał Górny
  -- strict thread matches above, loose matches on Subject: below --
2019-06-20  6:32 Michał Górny
2019-06-20  6:32 Michał Górny
2018-08-05 21:48 Patrice Clement
2018-07-26 20:39 Michał Górny
2018-07-26 20:39 Michał Górny
2018-03-18  8:33 Michał Górny
2017-06-14  7:48 Michał Górny

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox