Merge branch 'master' into roman/plugins

klizhentas · Oct 16, 2017 · d127c4f · d127c4f
2 parents 668243d + 519ea80
commit d127c4f
Show file tree

Hide file tree

Showing 64 changed files with 3,895 additions and 604 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -126,7 +126,7 @@
 
 [[constraint]]
   name = "github.com/gravitational/trace"
-  version = "1.0.0"
+  version = "1.1.1"
 
 [[constraint]]
   name = "github.com/coreos/go-oidc"

diff --git a/Makefile b/Makefile
@@ -31,6 +31,7 @@ LIBS = $(shell find lib -type f -name '*.go') *.go
 TCTLSRC = $(shell find tool/tctl -type f -name '*.go')
 TELEPORTSRC = $(shell find tool/teleport -type f -name '*.go')
 TSHSRC = $(shell find tool/tsh -type f -name '*.go')
+TELEPORTVENDOR = $(shell find vendor -type f -name '*.go')
 
 #
 # 'make all' builds all 3 executables and plaaces them in a current directory
@@ -44,13 +45,13 @@ all: $(VERSRC)
 	go install $(BUILDFLAGS) ./lib/...
 	$(MAKE) -s -j 4 $(BINARIES)
 
-$(BUILDDIR)/tctl: $(LIBS) $(TCTLSRC)
+$(BUILDDIR)/tctl: $(LIBS) $(TELEPORTSRC) $(TELEPORTVENDOR)
 	go build -o $(BUILDDIR)/tctl -i $(BUILDFLAGS) ./tool/tctl
 
-$(BUILDDIR)/teleport: $(LIBS) $(TELEPORTSRC)
+$(BUILDDIR)/teleport: $(LIBS) $(TELEPORTSRC) $(TELEPORTVENDOR)
 	go build -o $(BUILDDIR)/teleport -i $(BUILDFLAGS) ./tool/teleport
 
-$(BUILDDIR)/tsh: $(LIBS) $(TSHSRC)
+$(BUILDDIR)/tsh: $(LIBS) $(TELEPORTSRC) $(TELEPORTVENDOR)
 	go build -o $(BUILDDIR)/tsh -i $(BUILDFLAGS) ./tool/tsh
 
 #

diff --git a/constants.go b/constants.go
@@ -51,16 +51,15 @@ const (
 )
 
 const (
-	// Component indicates a component of teleport, used for logging
-	Component = "component"
-
-	// ComponentFields stores component-specific fields
-	ComponentFields = "fields"
+	// ComponentReverseTunnelServer is reverse tunnel server
+	// that together with agent establish a bi-directional SSH revers tunnel
+	// to bypass firewall restrictions
+	ComponentReverseTunnelServer = "proxy:server"
 
-	// ComponentReverseTunnel is reverse tunnel agent and server
-	// that together establish a bi-directional SSH revers tunnel
+	// ComponentReverseTunnel is reverse tunnel agent
+	// that together with server establish a bi-directional SSH revers tunnel
 	// to bypass firewall restrictions
-	ComponentReverseTunnel = "reversetunnel"
+	ComponentReverseTunnelAgent = "proxy:agent"
 
 	// ComponentAuth is the cluster CA node (auth server API)
 	ComponentAuth = "auth"
@@ -72,7 +71,10 @@ const (
 	ComponentProxy = "proxy"
 
 	// ComponentTunClient is a tunnel client
-	ComponentTunClient = "tunclient"
+	ComponentTunClient = "client:tunnel"
+
+	// ComponentCachingClient is a caching auth client
+	ComponentCachingClient = "client:cache"
 
 	// DebugEnvVar tells tests to use verbose debug output
 	DebugEnvVar = "DEBUG"

diff --git a/docker/.env b/docker/.env
@@ -0,0 +1,3 @@
+# file used by docker-compose itself (variables in yaml)
+DEBUG=1
+CONTAINERHOME=/root/go/src/github.com/gravitational/teleport
diff --git a/docker/Makefile b/docker/Makefile
@@ -1,26 +1,21 @@
-TELEBOX=teleport:latest
-HOMEDIR=$(abspath ..)
-CONTAINERHOME=/root/go/src/github.com/gravitational/teleport
-THISDIR=`pwd`
-NETNAME=telenet
-DOCKEROPS=--net $(NETNAME) -w $(CONTAINERHOME) -v $(HOMEDIR):$(CONTAINERHOME)
-
 #
 # Default target starts two Teleport clusters
 #
-.PHONY:run
-run: prepare
-	$(MAKE) one
-	$(MAKE) two
+.PHONY: up
+up:
+	docker-compose up
+
+.PHONY: reup
+reup:
+	cd .. && make
+	docker-compose up
 
-# 'make stop' stops all Teleport containers, deletes them 
+# 'make down' stops all Teleport containers, deletes them
 # and their network
 #
-.PHONY:stop
-stop:
-	$(MAKE) stop-one
-	$(MAKE) stop-two
-	-@docker network rm $(NETNAME)
+.PHONY:down
+down:
+	docker-compose down
 
 # `make enter-one` gives you shell inside auth server 
 # of cluster "one"
@@ -50,64 +45,10 @@ enter-two-proxy:
 enter-two-node:
 	docker exec -ti two-node /bin/bash
 
-# `make shell` drops you into a bash shell inside an empty container, 
-# without Teleport running. Useful if you want to start it manually 
-# from the inside
-.PHONY:shell
-shell: prepare
-	-docker run --name=one --rm=true -ti \
-		--hostname one \
-		--ip 172.10.1.1 \
-		--volume $(THISDIR)/data/one:/var/lib/teleport \
-		$(DOCKEROPS) $(TELEBOX) /bin/bash
-	-docker network rm $(NETNAME)
-
-# `make one` starts the "One" container with single-node Teleport cluster
-.PHONY:one
-one:
-	docker run --name=one --detach=true \
-		--hostname one \
-		--ip 172.10.1.1 \
-		--publish 3080:3080 -p 3023:3023 -p 4025:3025 \
-		--volume $(THISDIR)/data/one:/var/lib/teleport \
-		-e DEBUG=1 \
-		$(DOCKEROPS) $(TELEBOX) build/teleport start -d -c $(CONTAINERHOME)/docker/one.yaml
-
-# 'make two' starts the three-node cluster in a container named "two"
-.PHONY:two
-two:
-	docker run --name=two-auth --detach=true \
-		--hostname two-auth \
-		--ip 172.10.1.2 \
-		--volume $(THISDIR)/data/two/auth:/var/lib/teleport \
-		-e DEBUG=1 \
-		$(DOCKEROPS) $(TELEBOX) build/teleport start -d -c $(CONTAINERHOME)/docker/two-auth.yaml
-	docker run --name=two-proxy --detach=true \
-		--hostname two-proxy \
-		--ip 172.10.1.3 \
-		--publish 5080:5080 -p 5023:5023 \
-		--volume $(THISDIR)/data/two/proxy:/var/lib/teleport \
-		-e DEBUG=1 \
-		$(DOCKEROPS) $(TELEBOX) build/teleport start -d -c $(CONTAINERHOME)/docker/two-proxy.yaml
-	docker run --name=two-node --detach=true \
-		--hostname two-node \
-		--ip 172.10.1.4 \
-		--volume $(THISDIR)/data/two/node:/var/lib/teleport \
-		-e DEBUG=1 \
-		$(DOCKEROPS) $(TELEBOX) build/teleport start -d -c $(CONTAINERHOME)/docker/two-node.yaml
-
-
-# prepare is a sub-target: it creates a container image and a network
-.PHONY:prepare
-prepare:
-	docker build -t $(TELEBOX) .
-	-docker network create --subnet=172.10.0.0/16 $(NETNAME)
-	mkdir -p data/one data/two/proxy data/two/node data/two/auth
-
-.PHONY:stop-two
-stop-two:
-	docker rm -f two-auth two-proxy two-node
+.PHONY: setup-tc
+setup-tc:
+	docker exec -i two-auth /bin/bash -c "tctl -c /root/go/src/github.com/gravitational/teleport/docker/two-auth.yaml create -f /root/go/src/github.com/gravitational/teleport/docker/two-tc.yaml"
 
-.PHONY:stop-one
-stop-one:
-	docker rm -f one
+.PHONY: delete-tc
+delete-tc:
+	docker exec -i two-auth /bin/bash -c "tctl -c /root/go/src/github.com/gravitational/teleport/docker/two-auth.yaml rm tc/one"
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -0,0 +1,100 @@
+version: '2'
+services:
+  #
+  # one is a single-node Teleport cluster called "one" (runs all 3 roles: proxy, auth and node)
+  #
+  one:
+    image: teleport:latest
+    container_name: one
+    command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/one.yaml
+    ports:
+      - "3080:3080"
+      - "3023:3023"
+      - "3025:3025"
+    env_file: env.file
+    volumes:
+      - ./data/one:/var/lib/teleport
+      - ../:/root/go/src/github.com/gravitational/teleport
+    networks:
+      teleport:
+        ipv4_address: 172.10.1.1
+        aliases:
+          - one-lb
+
+  #
+  # one-proxy is a second xproxy of the first cluster
+  #
+  one-proxy:
+    image: teleport:latest
+    container_name: one-proxy
+    command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/one-proxy.yaml
+    ports:
+      - "4080:3080"
+      - "4023:3023"
+    env_file: env.file
+    volumes:
+      - ./data/one-proxy:/var/lib/teleport
+      - ../:/root/go/src/github.com/gravitational/teleport
+    networks:
+      teleport:
+        ipv4_address: 172.10.1.10
+        aliases:
+          - one-lb        
+
+  #
+  # two-auth is a auth server of the second cluster
+  #
+  two-auth:
+    image: teleport:latest
+    container_name: two-auth
+    command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/two-auth.yaml --insecure
+    env_file: env.file
+    volumes:
+      - ./data/two/auth:/var/lib/teleport
+      - ../:/root/go/src/github.com/gravitational/teleport
+    networks:
+      teleport:
+        ipv4_address: 172.10.1.2
+
+  #
+  # two-proxy is a proxy service for the second cluster
+  #
+  two-proxy:
+    image: teleport:latest
+    container_name: two-proxy
+    command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/two-proxy.yaml
+    env_file: env.file
+    ports:
+      - "5080:5080"
+      - "5023:5023"
+    volumes:
+      - ./data/two/proxy:/var/lib/teleport
+      - ../:/root/go/src/github.com/gravitational/teleport
+    networks:
+      teleport:
+        ipv4_address: 172.10.1.3
+
+  #
+  # two-node is a node service for the second cluster
+  #
+  two-node:
+    image: teleport:latest
+    container_name: two-node
+    command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/two-node.yaml
+    env_file: env.file
+    volumes:
+      - ./data/two/node:/var/lib/teleport
+      - ../:/root/go/src/github.com/gravitational/teleport
+    networks:
+      teleport:
+        ipv4_address: 172.10.1.4
+
+networks:
+  teleport:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+      - subnet: 172.10.1.0/16
+        ip_range: 172.10.1.0/24
+        gateway: 172.10.1.254
diff --git a/docker/env.file b/docker/env.file
@@ -0,0 +1,2 @@
+DEBUG=1
+CONTAINERHOME=/root/go/src/github.com/gravitational/teleport
diff --git a/docker/one-proxy.yaml b/docker/one-proxy.yaml
@@ -0,0 +1,23 @@
+# standalone proxy connected to
+teleport:
+  auth_token: foo
+  nodename: one-proxy
+  advertise_ip: 172.10.1.10
+  log:
+    output: /var/lib/teleport/teleport.log
+    severity: INFO
+  auth_servers:
+    - one:3025
+  data_dir: /var/lib/teleport
+  storage:
+      path: /var/lib/teleport/backend
+      type: dir
+
+auth_service:
+  enabled: no
+
+ssh_service:
+  enabled: no
+
+proxy_service:
+  enabled: yes
diff --git a/docker/one.yaml b/docker/one.yaml
@@ -1,13 +1,14 @@
 # Single-node Teleport cluster called "one" (runs all 3 roles: proxy, auth and node)
 teleport:
   nodename: one
+  advertise_ip: 172.10.1.1
   log:
     output: /var/lib/teleport/teleport.log
     severity: INFO
 
-  data_dir: /root/go/src/github.com/gravitational/teleport/docker/data/one
+  data_dir: /var/lib/teleport
   storage:
-      path: /root/go/src/github.com/gravitational/teleport/docker/data/one/backend
+      path: /var/lib/teleport/backend
       type: dir
 
 auth_service:
@@ -33,3 +34,4 @@ ssh_service:
 
 proxy_service:
   enabled: yes
+
diff --git a/docker/two-auth.yaml b/docker/two-auth.yaml
@@ -5,9 +5,9 @@ teleport:
     output: /var/lib/teleport/teleport.log
     severity: INFO
 
-  data_dir: /root/go/src/github.com/gravitational/teleport/docker/data/two
+  data_dir: /var/lib/teleport
   storage:
-      path: /root/go/src/github.com/gravitational/teleport/docker/data/two/backend
+      path: /var/lib/teleport/backend
       type: dir
 
 auth_service:

diff --git a/docker/two-node.yaml b/docker/two-node.yaml
@@ -3,9 +3,14 @@ teleport:
   nodename: node-on-second-cluster
   auth_servers: ["two-auth"]
   auth_token: foo
+  advertise_ip: 172.10.1.4
   log:
     output: /var/lib/teleport/teleport.log
     severity: INFO
+  data_dir: /var/lib/teleport
+  storage:
+      path: /var/lib/teleport/backend
+      type: dir
 
 ssh_service:
   enabled: yes

diff --git a/docker/two-proxy.yaml b/docker/two-proxy.yaml
@@ -6,6 +6,10 @@ teleport:
   log:
     output: /var/lib/teleport/teleport.log
     severity: INFO
+  data_dir: /var/lib/teleport
+  storage:
+      path: /var/lib/teleport/backend
+      type: dir
 
 auth_service:
   enabled: no
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		DEBUG=1
		CONTAINERHOME=/root/go/src/github.com/gravitational/teleport