From fa0c17775cb38c262fd74222a7bea12db379dde6 Mon Sep 17 00:00:00 2001 From: Graeme Lawes Date: Wed, 3 Oct 2018 20:35:04 -0400 Subject: sys-cluster/teleport: use files/teleport-2.yaml for config file source MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Graeme Lawes Signed-off-by: Michał Górny --- sys-cluster/teleport/files/teleport-2.yaml | 130 +++++++++++++++++++++++++++++ sys-cluster/teleport/files/teleport.yaml | 130 ----------------------------- sys-cluster/teleport/teleport-2.6.7.ebuild | 2 +- sys-cluster/teleport/teleport-2.7.1.ebuild | 2 +- 4 files changed, 132 insertions(+), 132 deletions(-) create mode 100644 sys-cluster/teleport/files/teleport-2.yaml delete mode 100644 sys-cluster/teleport/files/teleport.yaml (limited to 'sys-cluster') diff --git a/sys-cluster/teleport/files/teleport-2.yaml b/sys-cluster/teleport/files/teleport-2.yaml new file mode 100644 index 000000000000..384dea937c97 --- /dev/null +++ b/sys-cluster/teleport/files/teleport-2.yaml @@ -0,0 +1,130 @@ +# By default, this file should be stored in /etc/teleport.yaml +## IMPORTANT ## +#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters +# This section of the configuration file applies to all teleport +# services. +teleport: + # nodename allows to assign an alternative name this node can be reached by. + # by default it's equal to hostname + # nodename: graviton + + # Data directory where Teleport keeps its data, like keys/users for + # authentication (if using the default BoltDB back-end) + data_dir: /var/lib/teleport + + # one-time invitation token used to join a cluster. it is not used on + # subsequent starts + auth_token: xxxx-token-xxxx + + # when running in multi-homed or NATed environments Teleport nodes need + # to know which IP it will be reachable at by other nodes + # public_addr: 10.1.0.5 + + # list of auth servers in a cluster. you will have more than one auth server + # if you configure teleport auth to run in HA configuration + auth_servers: + - localhost:3025 + + # Teleport throttles all connections to avoid abuse. These settings allow + # you to adjust the default limits + connection_limits: + max_connections: 1000 + max_users: 250 + + # Logging configuration. Possible output values are 'stdout', 'stderr' and + # 'syslog'. Possible severity values are INFO, WARN and ERROR (default). + log: + output: stderr + severity: ERROR + + # Type of storage used for keys. You need to configure this to use etcd + # backend if you want to run Teleport in HA configuration. + storage: + type: bolt + +# This section configures the 'auth service': +auth_service: + enabled: yes + + # defines the types and second factors the auth server supports + authentication: + # second_factor can be off, otp, or u2f + second_factor: otp + + # this section is only used if using u2f + u2f: + # app_id should point to the Web UI. + app_id: https://localhost:3080 + + # facets should list all proxy servers. + facets: + - https://localhost + - https://localhost:3080 + + # IP and the port to bind to. Other Teleport nodes will be connecting to + # this port (AKA "Auth API" or "Cluster API") to validate client + # certificates + listen_addr: 0.0.0.0:3025 + + # Pre-defined tokens for adding new nodes to a cluster. Each token specifies + # the role a new node will be allowed to assume. The more secure way to + # add nodes is to use `ttl node add --ttl` command to generate auto-expiring + # tokens. + # + # We recommend to use tools like `pwgen` to generate sufficiently random + # tokens of 32+ byte length. + tokens: + - "proxy,node:xxxxx" + - "auth:yyyy" + + # Optional "cluster name" is needed when configuring trust between multiple + # auth servers. A cluster name is used as part of a signature in certificates + # generated by this CA. + # + # By default an automatically generated GUID is used. + # + # IMPORTANT: if you change cluster_name, it will invalidate all generated + # certificates and keys (may need to wipe out /var/lib/teleport directory) + cluster_name: "main" + +# This section configures the 'node service': +ssh_service: + enabled: yes + # IP and the port for SSH service to bind to. + listen_addr: 0.0.0.0:3022 + # See explanation of labels in "Labeling Nodes" section below + labels: + role: master + type: postgres + # List (YAML array) of commands to periodically execute and use + # their output as labels. + # See explanation of how this works in "Labeling Nodes" section below + commands: + - name: hostname + command: [/usr/bin/hostname] + period: 1m0s + - name: arch + command: [/usr/bin/uname, -p] + period: 1h0m0s + +# This section configures the 'proxy servie' +proxy_service: + enabled: yes + # SSH forwarding/proxy address. Command line (CLI) clients always begin their + # SSH sessions by connecting to this port + listen_addr: 0.0.0.0:3023 + + # Reverse tunnel listening address. An auth server (CA) can establish an + # outbound (from behind the firewall) connection to this address. + # This will allow users of the outside CA to connect to behind-the-firewall + # nodes. + tunnel_listen_addr: 0.0.0.0:3024 + + # The HTTPS listen address to serve the Web UI and also to authenticate the + # command line (CLI) users via password+HOTP + web_listen_addr: 0.0.0.0:3080 + + # TLS certificate for the HTTPS connection. Configuring these properly is + # critical for Teleport security. + https_key_file: /etc/teleport/teleport.key + https_cert_file: /etc/teleport/teleport.crt diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml deleted file mode 100644 index 384dea937c97..000000000000 --- a/sys-cluster/teleport/files/teleport.yaml +++ /dev/null @@ -1,130 +0,0 @@ -# By default, this file should be stored in /etc/teleport.yaml -## IMPORTANT ## -#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters -# This section of the configuration file applies to all teleport -# services. -teleport: - # nodename allows to assign an alternative name this node can be reached by. - # by default it's equal to hostname - # nodename: graviton - - # Data directory where Teleport keeps its data, like keys/users for - # authentication (if using the default BoltDB back-end) - data_dir: /var/lib/teleport - - # one-time invitation token used to join a cluster. it is not used on - # subsequent starts - auth_token: xxxx-token-xxxx - - # when running in multi-homed or NATed environments Teleport nodes need - # to know which IP it will be reachable at by other nodes - # public_addr: 10.1.0.5 - - # list of auth servers in a cluster. you will have more than one auth server - # if you configure teleport auth to run in HA configuration - auth_servers: - - localhost:3025 - - # Teleport throttles all connections to avoid abuse. These settings allow - # you to adjust the default limits - connection_limits: - max_connections: 1000 - max_users: 250 - - # Logging configuration. Possible output values are 'stdout', 'stderr' and - # 'syslog'. Possible severity values are INFO, WARN and ERROR (default). - log: - output: stderr - severity: ERROR - - # Type of storage used for keys. You need to configure this to use etcd - # backend if you want to run Teleport in HA configuration. - storage: - type: bolt - -# This section configures the 'auth service': -auth_service: - enabled: yes - - # defines the types and second factors the auth server supports - authentication: - # second_factor can be off, otp, or u2f - second_factor: otp - - # this section is only used if using u2f - u2f: - # app_id should point to the Web UI. - app_id: https://localhost:3080 - - # facets should list all proxy servers. - facets: - - https://localhost - - https://localhost:3080 - - # IP and the port to bind to. Other Teleport nodes will be connecting to - # this port (AKA "Auth API" or "Cluster API") to validate client - # certificates - listen_addr: 0.0.0.0:3025 - - # Pre-defined tokens for adding new nodes to a cluster. Each token specifies - # the role a new node will be allowed to assume. The more secure way to - # add nodes is to use `ttl node add --ttl` command to generate auto-expiring - # tokens. - # - # We recommend to use tools like `pwgen` to generate sufficiently random - # tokens of 32+ byte length. - tokens: - - "proxy,node:xxxxx" - - "auth:yyyy" - - # Optional "cluster name" is needed when configuring trust between multiple - # auth servers. A cluster name is used as part of a signature in certificates - # generated by this CA. - # - # By default an automatically generated GUID is used. - # - # IMPORTANT: if you change cluster_name, it will invalidate all generated - # certificates and keys (may need to wipe out /var/lib/teleport directory) - cluster_name: "main" - -# This section configures the 'node service': -ssh_service: - enabled: yes - # IP and the port for SSH service to bind to. - listen_addr: 0.0.0.0:3022 - # See explanation of labels in "Labeling Nodes" section below - labels: - role: master - type: postgres - # List (YAML array) of commands to periodically execute and use - # their output as labels. - # See explanation of how this works in "Labeling Nodes" section below - commands: - - name: hostname - command: [/usr/bin/hostname] - period: 1m0s - - name: arch - command: [/usr/bin/uname, -p] - period: 1h0m0s - -# This section configures the 'proxy servie' -proxy_service: - enabled: yes - # SSH forwarding/proxy address. Command line (CLI) clients always begin their - # SSH sessions by connecting to this port - listen_addr: 0.0.0.0:3023 - - # Reverse tunnel listening address. An auth server (CA) can establish an - # outbound (from behind the firewall) connection to this address. - # This will allow users of the outside CA to connect to behind-the-firewall - # nodes. - tunnel_listen_addr: 0.0.0.0:3024 - - # The HTTPS listen address to serve the Web UI and also to authenticate the - # command line (CLI) users via password+HOTP - web_listen_addr: 0.0.0.0:3080 - - # TLS certificate for the HTTPS connection. Configuring these properly is - # critical for Teleport security. - https_key_file: /etc/teleport/teleport.key - https_cert_file: /etc/teleport/teleport.crt diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild index 4a7a27e42a48..e7bfb7ce0408 100644 --- a/sys-cluster/teleport/teleport-2.6.7.ebuild +++ b/sys-cluster/teleport/teleport-2.6.7.ebuild @@ -35,7 +35,7 @@ src_install() { dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport} insinto /etc/${PN} - newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml + newins "${FILESDIR}"/${PN}-2.yaml ${PN}.yaml newinitd "${FILESDIR}"/${PN}.init.d ${PN} newconfd "${FILESDIR}"/${PN}.conf.d ${PN} diff --git a/sys-cluster/teleport/teleport-2.7.1.ebuild b/sys-cluster/teleport/teleport-2.7.1.ebuild index 4a7a27e42a48..e7bfb7ce0408 100644 --- a/sys-cluster/teleport/teleport-2.7.1.ebuild +++ b/sys-cluster/teleport/teleport-2.7.1.ebuild @@ -35,7 +35,7 @@ src_install() { dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport} insinto /etc/${PN} - newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml + newins "${FILESDIR}"/${PN}-2.yaml ${PN}.yaml newinitd "${FILESDIR}"/${PN}.init.d ${PN} newconfd "${FILESDIR}"/${PN}.conf.d ${PN} -- cgit v1.2.3-65-gdbad