service

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 4, 2016 License: Apache-2.0 Imports: 37 Imported by: 120

Documentation

Overview

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func InitAuthService

func InitAuthService(supervisor Supervisor, cfg RoleConfig, hostname string) error

InitAuthService can be called to initialize auth server service

func ParseEnv

func ParseEnv(cfg interface{}) error

func ParseYAMLFile

func ParseYAMLFile(path string, cfg interface{}) error

func RegisterWithAuthServer

func RegisterWithAuthServer(
	supervisor Supervisor,
	provisioningToken string,
	cfg RoleConfig,
	role string,
	callback func() error) error

RegisterWithAuthServer uses one time provisioning token obtained earlier from the server to get a pair of SSH keys signed by Auth server host certificate authority

func SetDefaults

func SetDefaults(cfg *Config)

Types

type AuthConfig

type AuthConfig struct {
	// Enabled turns auth role on or off for this process
	Enabled bool `yaml:"enabled" env:"TELEPORT_AUTH_ENABLED"`

	// SSHAddr is the listening address of SSH tunnel to HTTP service
	SSHAddr utils.NetAddr `yaml:"ssh_addr" env:"TELEPORT_AUTH_SSH_ADDR"`

	// HostAuthorityDomain is Host Certificate Authority domain name
	HostAuthorityDomain string `yaml:"host_authority_domain" env:"TELEPORT_AUTH_HOST_AUTHORITY_DOMAIN"`

	// Token is a provisioning token for an additonal auth server joining the cluster
	Token string `yaml:"token" env:"TELEPORT_AUTH_TOKEN"`

	// SecretKey is an encryption key for secret service, will be used
	// to initialize secret service if set
	SecretKey string `yaml:"secret_key" env:"TELEPORT_AUTH_SECRET_KEY"`

	// AllowedTokens is a set of tokens that will be added as trusted
	AllowedTokens KeyVal `yaml:"allowed_tokens" env:"TELEPORT_AUTH_ALLOWED_TOKENS"`

	// TrustedAuthorities is a set of trusted user certificate authorities
	TrustedAuthorities CertificateAuthorities `yaml:"trusted_authorities" env:"TELEPORT_AUTH_TRUSTED_AUTHORITIES"`

	// UserCA allows to pass preconfigured user certificate authority keypair
	// to auth server so it will use it on the first start instead of generating
	// a new keypair
	UserCA LocalCertificateAuthority `yaml:"user_ca_keypair" env:"TELEPORT_AUTH_USER_CA_KEYPAIR"`

	// HostCA allows to pass preconfigured host certificate authority keypair
	// to auth server so it will use it on the first start instead of generating
	// a new keypair
	HostCA LocalCertificateAuthority `yaml:"host_ca_keypair" env:"TELEPORT_AUTH_HOST_CA_KEYPAIR"`

	// KeysBackend configures backend that stores auth keys, certificates, tokens ...
	KeysBackend struct {
		// Type is a backend type - etcd or boltdb
		Type string `yaml:"type" env:"TELEPORT_AUTH_KEYS_BACKEND_TYPE"`
		// Params is map with backend specific parameters
		Params string `yaml:"params,flow" env:"TELEPORT_AUTH_KEYS_BACKEND_PARAMS"`
		// AdditionalKey is a additional signing GPG key
		EncryptionKeys StringArray `yaml:"encryption_keys" env:"TELEPORT_AUTH_KEYS_BACKEND_ENCRYPTION_KEYS"`
	} `yaml:"keys_backend"`

	// EventsBackend configures backend that stores cluster events (login attempts, etc)
	EventsBackend struct {
		// Type is a backend type, etcd or bolt
		Type string `yaml:"type" env:"TELEPORT_AUTH_EVENTS_BACKEND_TYPE"`
		// Params is map with backend specific parameters
		Params string `yaml:"params,flow" env:"TELEPORT_AUTH_EVENTS_BACKEND_PARAMS"`
	} `yaml:"events_backend"`

	// RecordsBackend configures backend that stores live SSH sessions recordings
	RecordsBackend struct {
		// Type is a backend type, currently only bolt
		Type string `yaml:"type" env:"TELEPORT_AUTH_RECORDS_BACKEND_TYPE"`
		// Params is map with backend specific parameters
		Params string `yaml:"params,flow" env:"TELEPORT_AUTH_RECORDS_BACKEND_PARAMS"`
	} `yaml:"records_backend"`

	Limiter limiter.LimiterConfig `yaml:"limiter" env:"TELEPORT_AUTH_LIMITER"`
}

type CertificateAuthorities

type CertificateAuthorities []CertificateAuthority

func (CertificateAuthorities) Authorities

func (*CertificateAuthorities) SetEnv

func (c *CertificateAuthorities) SetEnv(v string) error

type CertificateAuthority

type CertificateAuthority struct {
	Type       string `json:"type" yaml:"type"`
	ID         string `json:"id" yaml:"id"`
	DomainName string `json:"domain_name" yaml:"domain_name"`
	PublicKey  string `json:"public_key" yaml:"public_key"`
}

type Config

type Config struct {
	Log LogConfig `yaml:"log"`

	DataDir  string `yaml:"data_dir" env:"TELEPORT_DATA_DIR"`
	Hostname string `yaml:"hostname" env:"TELEPORT_HOSTNAME"`

	AuthServers NetAddrSlice `yaml:"auth_servers,flow" env:"TELEPORT_AUTH_SERVERS"`

	// SSH role an SSH endpoint server
	SSH SSHConfig `yaml:"ssh"`

	// Auth server authentication and authorizatin server config
	Auth AuthConfig `yaml:"auth"`

	// ReverseTunnnel role creates and mantains outbound SSH reverse tunnel to the proxy
	ReverseTunnel ReverseTunnelConfig `yaml:"reverse_tunnel"`

	// Proxy is SSH proxy that manages incoming and outbound connections
	// via multiple reverse tunnels
	Proxy ProxyConfig `yaml:"proxy"`
}

func (*Config) RoleConfig

func (cfg *Config) RoleConfig() RoleConfig

type FanOutEventLogger

type FanOutEventLogger struct {
	Loggers []lunk.EventLogger
}

func (*FanOutEventLogger) Log

func (f *FanOutEventLogger) Log(id lunk.EventID, e lunk.Event)

type KeyVal

type KeyVal map[string]string

func (*KeyVal) Set

func (kv *KeyVal) Set(v string) error

Set accepts string with arguments in the form "key:val,key2:val2"

type LocalCertificateAuthority

type LocalCertificateAuthority struct {
	CertificateAuthority `json:"public" yaml:"public"`
	PrivateKey           string `json:"private_key" yaml:"private_key"`
}

func (*LocalCertificateAuthority) CA

func (*LocalCertificateAuthority) SetEnv

func (c *LocalCertificateAuthority) SetEnv(v string) error

type LocalSupervisor

type LocalSupervisor struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*LocalSupervisor) Register

func (s *LocalSupervisor) Register(srv Service)

func (*LocalSupervisor) RegisterFunc

func (s *LocalSupervisor) RegisterFunc(fn ServiceFunc)

func (*LocalSupervisor) Run

func (s *LocalSupervisor) Run() error

func (*LocalSupervisor) Start

func (s *LocalSupervisor) Start() error

func (*LocalSupervisor) Wait

func (s *LocalSupervisor) Wait() error

type LogConfig

type LogConfig struct {
	Output   string `yaml:"output" env:"TELEPORT_LOG_OUTPUT"`
	Severity string `yaml:"severity" env:"TELEPORT_LOG_SEVERITY"`
}

type NetAddrSlice

type NetAddrSlice []utils.NetAddr

func (*NetAddrSlice) Set

func (s *NetAddrSlice) Set(val string) error

type ProxyConfig

type ProxyConfig struct {
	// Enabled turns proxy role on or off for this process
	Enabled bool `yaml:"enabled" env:"TELEPORT_PROXY_ENABLED"`

	// Token is a provisioning token for new proxy server registering with auth
	Token string `yaml:"token" env:"TELEPORT_PROXY_TOKEN"`

	// ReverseTunnelListenAddr is address where reverse tunnel dialers connect to
	ReverseTunnelListenAddr utils.NetAddr `yaml:"reverse_tunnel_listen_addr" env:"TELEPORT_PROXY_REVERSE_TUNNEL_LISTEN_ADDR"`

	// WebAddr is address for web portal of the proxy
	WebAddr utils.NetAddr `yaml:"web_addr" env:"TELEPORT_PROXY_WEB_ADDR"`

	// SSHAddr is address of ssh proxy
	SSHAddr utils.NetAddr `yaml:"ssh_addr" env:"TELEPORT_PROXY_SSH_ADDR"`

	// AssetsDir is a directory with proxy website assets
	AssetsDir string `yaml:"assets_dir" env:"TELEPORT_PROXY_ASSETS_DIR"`

	// TLSKey is a base64 encoded private key used by web portal
	TLSKey string `yaml:"tls_key" env:"TELEPORT_PROXY_TLS_KEY"`

	// TLSCert is a base64 encoded certificate used by web portal
	TLSCert string `yaml:"tlscert" env:"TELEPORT_PROXY_TLS_CERT"`

	Limiter limiter.LimiterConfig `yaml:"limiter" env:"TELEPORT_PROXY_LIMITER"`
}

type ReverseTunnelConfig

type ReverseTunnelConfig struct {
	Enabled  bool                  `yaml:"enabled" env:"TELEPORT_REVERSE_TUNNEL_ENABLED"`
	Token    string                `yaml:"token" env:"TELEPORT_REVERSE_TUNNEL_TOKEN"`
	DialAddr utils.NetAddr         `yaml:"dial_addr" env:"TELEPORT_REVERSE_TUNNEL_DIAL_ADDR"`
	Limiter  limiter.LimiterConfig `yaml:"limiter" env:"TELEPORT_REVERSE_TUNNEL_LIMITER"`
}

ReverseTunnelConfig configures reverse tunnel role

type RoleConfig

type RoleConfig struct {
	DataDir     string
	Hostname    string
	AuthServers []utils.NetAddr
	Auth        AuthConfig
}

type SSHConfig

type SSHConfig struct {
	Enabled   bool                   `yaml:"enabled" env:"TELEPORT_SSH_ENABLED"`
	Token     string                 `yaml:"token" env:"TELEPORT_SSH_TOKEN"`
	Addr      utils.NetAddr          `yaml:"addr" env:"TELEPORT_SSH_ADDR"`
	Shell     string                 `yaml:"shell" env:"TELEPORT_SSH_SHELL"`
	Limiter   limiter.LimiterConfig  `yaml:"limiter" env:"TELEPORT_SSH_LIMITER"`
	Labels    map[string]string      `yaml:"labels" env:"TELEPORT_SSH_LABELS"`
	CmdLabels services.CommandLabels `yaml:"label-commands" env:"TELEPORT_SSH_LABEL_COMMANDS"`
}

SSHConfig configures SSH server node role

type Service

type Service interface {
	Serve() error
}

type ServiceFunc

type ServiceFunc func() error

func (ServiceFunc) Serve

func (s ServiceFunc) Serve() error

type StringArray

type StringArray []string

func (*StringArray) Set

func (sa *StringArray) Set(v string) error

type Supervisor

type Supervisor interface {
	// Register adds the service to the pool, if supervisor is in
	// the started state, the service will be started immediatelly
	// otherwise, it will be started after Start() has been called
	Register(srv Service)

	// RegisterFunc creates a service from function spec and registers
	// it within the system
	RegisterFunc(fn ServiceFunc)

	// Start starts all unstarted services
	Start() error

	// Wait waits until all services exit
	Wait() error

	// Run starts and waits for the service to complete
	// it's a combinatioin Start() and Wait()
	Run() error
}

Supervisor implements the simple service logic - registering service functions and de-registering the service goroutines

func NewSupervisor

func NewSupervisor() Supervisor

func NewTeleport

func NewTeleport(cfg Config) (Supervisor, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL