Documentation
¶
Overview ¶
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- func InitAuthService(supervisor Supervisor, cfg RoleConfig, hostname string) error
- func ParseEnv(cfg interface{}) error
- func ParseYAMLFile(path string, cfg interface{}) error
- func RegisterWithAuthServer(supervisor Supervisor, provisioningToken string, cfg RoleConfig, role string, ...) error
- func SetDefaults(cfg *Config)
- type AuthConfig
- type CertificateAuthorities
- type CertificateAuthority
- type Config
- type FanOutEventLogger
- type KeyVal
- type LocalCertificateAuthority
- type LocalSupervisor
- type LogConfig
- type NetAddrSlice
- type ProxyConfig
- type ReverseTunnelConfig
- type RoleConfig
- type SSHConfig
- type Service
- type ServiceFunc
- type StringArray
- type Supervisor
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func InitAuthService ¶
func InitAuthService(supervisor Supervisor, cfg RoleConfig, hostname string) error
InitAuthService can be called to initialize auth server service
func ParseYAMLFile ¶
func RegisterWithAuthServer ¶
func RegisterWithAuthServer( supervisor Supervisor, provisioningToken string, cfg RoleConfig, role string, callback func() error) error
RegisterWithAuthServer uses one time provisioning token obtained earlier from the server to get a pair of SSH keys signed by Auth server host certificate authority
func SetDefaults ¶
func SetDefaults(cfg *Config)
Types ¶
type AuthConfig ¶
type AuthConfig struct {
// Enabled turns auth role on or off for this process
Enabled bool `yaml:"enabled" env:"TELEPORT_AUTH_ENABLED"`
// SSHAddr is the listening address of SSH tunnel to HTTP service
SSHAddr utils.NetAddr `yaml:"ssh_addr" env:"TELEPORT_AUTH_SSH_ADDR"`
// HostAuthorityDomain is Host Certificate Authority domain name
HostAuthorityDomain string `yaml:"host_authority_domain" env:"TELEPORT_AUTH_HOST_AUTHORITY_DOMAIN"`
// Token is a provisioning token for an additonal auth server joining the cluster
Token string `yaml:"token" env:"TELEPORT_AUTH_TOKEN"`
// SecretKey is an encryption key for secret service, will be used
// to initialize secret service if set
SecretKey string `yaml:"secret_key" env:"TELEPORT_AUTH_SECRET_KEY"`
// AllowedTokens is a set of tokens that will be added as trusted
AllowedTokens KeyVal `yaml:"allowed_tokens" env:"TELEPORT_AUTH_ALLOWED_TOKENS"`
// TrustedAuthorities is a set of trusted user certificate authorities
TrustedAuthorities CertificateAuthorities `yaml:"trusted_authorities" env:"TELEPORT_AUTH_TRUSTED_AUTHORITIES"`
// UserCA allows to pass preconfigured user certificate authority keypair
// to auth server so it will use it on the first start instead of generating
// a new keypair
UserCA LocalCertificateAuthority `yaml:"user_ca_keypair" env:"TELEPORT_AUTH_USER_CA_KEYPAIR"`
// HostCA allows to pass preconfigured host certificate authority keypair
// to auth server so it will use it on the first start instead of generating
// a new keypair
HostCA LocalCertificateAuthority `yaml:"host_ca_keypair" env:"TELEPORT_AUTH_HOST_CA_KEYPAIR"`
// KeysBackend configures backend that stores auth keys, certificates, tokens ...
KeysBackend struct {
// Type is a backend type - etcd or boltdb
Type string `yaml:"type" env:"TELEPORT_AUTH_KEYS_BACKEND_TYPE"`
// Params is map with backend specific parameters
Params string `yaml:"params,flow" env:"TELEPORT_AUTH_KEYS_BACKEND_PARAMS"`
// AdditionalKey is a additional signing GPG key
EncryptionKeys StringArray `yaml:"encryption_keys" env:"TELEPORT_AUTH_KEYS_BACKEND_ENCRYPTION_KEYS"`
} `yaml:"keys_backend"`
// EventsBackend configures backend that stores cluster events (login attempts, etc)
EventsBackend struct {
// Type is a backend type, etcd or bolt
Type string `yaml:"type" env:"TELEPORT_AUTH_EVENTS_BACKEND_TYPE"`
// Params is map with backend specific parameters
Params string `yaml:"params,flow" env:"TELEPORT_AUTH_EVENTS_BACKEND_PARAMS"`
} `yaml:"events_backend"`
// RecordsBackend configures backend that stores live SSH sessions recordings
RecordsBackend struct {
// Type is a backend type, currently only bolt
Type string `yaml:"type" env:"TELEPORT_AUTH_RECORDS_BACKEND_TYPE"`
// Params is map with backend specific parameters
Params string `yaml:"params,flow" env:"TELEPORT_AUTH_RECORDS_BACKEND_PARAMS"`
} `yaml:"records_backend"`
Limiter limiter.LimiterConfig `yaml:"limiter" env:"TELEPORT_AUTH_LIMITER"`
}
type CertificateAuthorities ¶
type CertificateAuthorities []CertificateAuthority
func (CertificateAuthorities) Authorities ¶
func (a CertificateAuthorities) Authorities() ([]services.CertificateAuthority, error)
func (*CertificateAuthorities) SetEnv ¶
func (c *CertificateAuthorities) SetEnv(v string) error
type CertificateAuthority ¶
type Config ¶
type Config struct {
Log LogConfig `yaml:"log"`
DataDir string `yaml:"data_dir" env:"TELEPORT_DATA_DIR"`
Hostname string `yaml:"hostname" env:"TELEPORT_HOSTNAME"`
AuthServers NetAddrSlice `yaml:"auth_servers,flow" env:"TELEPORT_AUTH_SERVERS"`
// SSH role an SSH endpoint server
SSH SSHConfig `yaml:"ssh"`
// Auth server authentication and authorizatin server config
Auth AuthConfig `yaml:"auth"`
// ReverseTunnnel role creates and mantains outbound SSH reverse tunnel to the proxy
ReverseTunnel ReverseTunnelConfig `yaml:"reverse_tunnel"`
// Proxy is SSH proxy that manages incoming and outbound connections
// via multiple reverse tunnels
Proxy ProxyConfig `yaml:"proxy"`
}
func (*Config) RoleConfig ¶
func (cfg *Config) RoleConfig() RoleConfig
type FanOutEventLogger ¶
type FanOutEventLogger struct {
Loggers []lunk.EventLogger
}
type LocalCertificateAuthority ¶
type LocalCertificateAuthority struct {
CertificateAuthority `json:"public" yaml:"public"`
PrivateKey string `json:"private_key" yaml:"private_key"`
}
func (*LocalCertificateAuthority) CA ¶
func (c *LocalCertificateAuthority) CA() (*services.LocalCertificateAuthority, error)
func (*LocalCertificateAuthority) SetEnv ¶
func (c *LocalCertificateAuthority) SetEnv(v string) error
type LocalSupervisor ¶
func (*LocalSupervisor) Register ¶
func (s *LocalSupervisor) Register(srv Service)
func (*LocalSupervisor) RegisterFunc ¶
func (s *LocalSupervisor) RegisterFunc(fn ServiceFunc)
func (*LocalSupervisor) Run ¶
func (s *LocalSupervisor) Run() error
func (*LocalSupervisor) Start ¶
func (s *LocalSupervisor) Start() error
func (*LocalSupervisor) Wait ¶
func (s *LocalSupervisor) Wait() error
type NetAddrSlice ¶
func (*NetAddrSlice) Set ¶
func (s *NetAddrSlice) Set(val string) error
type ProxyConfig ¶
type ProxyConfig struct {
// Enabled turns proxy role on or off for this process
Enabled bool `yaml:"enabled" env:"TELEPORT_PROXY_ENABLED"`
// Token is a provisioning token for new proxy server registering with auth
Token string `yaml:"token" env:"TELEPORT_PROXY_TOKEN"`
// ReverseTunnelListenAddr is address where reverse tunnel dialers connect to
ReverseTunnelListenAddr utils.NetAddr `yaml:"reverse_tunnel_listen_addr" env:"TELEPORT_PROXY_REVERSE_TUNNEL_LISTEN_ADDR"`
// WebAddr is address for web portal of the proxy
WebAddr utils.NetAddr `yaml:"web_addr" env:"TELEPORT_PROXY_WEB_ADDR"`
// SSHAddr is address of ssh proxy
SSHAddr utils.NetAddr `yaml:"ssh_addr" env:"TELEPORT_PROXY_SSH_ADDR"`
// AssetsDir is a directory with proxy website assets
AssetsDir string `yaml:"assets_dir" env:"TELEPORT_PROXY_ASSETS_DIR"`
// TLSKey is a base64 encoded private key used by web portal
TLSKey string `yaml:"tls_key" env:"TELEPORT_PROXY_TLS_KEY"`
// TLSCert is a base64 encoded certificate used by web portal
TLSCert string `yaml:"tlscert" env:"TELEPORT_PROXY_TLS_CERT"`
Limiter limiter.LimiterConfig `yaml:"limiter" env:"TELEPORT_PROXY_LIMITER"`
}
type ReverseTunnelConfig ¶
type ReverseTunnelConfig struct {
Enabled bool `yaml:"enabled" env:"TELEPORT_REVERSE_TUNNEL_ENABLED"`
Token string `yaml:"token" env:"TELEPORT_REVERSE_TUNNEL_TOKEN"`
DialAddr utils.NetAddr `yaml:"dial_addr" env:"TELEPORT_REVERSE_TUNNEL_DIAL_ADDR"`
Limiter limiter.LimiterConfig `yaml:"limiter" env:"TELEPORT_REVERSE_TUNNEL_LIMITER"`
}
ReverseTunnelConfig configures reverse tunnel role
type RoleConfig ¶
type RoleConfig struct {
DataDir string
Hostname string
AuthServers []utils.NetAddr
Auth AuthConfig
}
type SSHConfig ¶
type SSHConfig struct {
Enabled bool `yaml:"enabled" env:"TELEPORT_SSH_ENABLED"`
Token string `yaml:"token" env:"TELEPORT_SSH_TOKEN"`
Addr utils.NetAddr `yaml:"addr" env:"TELEPORT_SSH_ADDR"`
Shell string `yaml:"shell" env:"TELEPORT_SSH_SHELL"`
Limiter limiter.LimiterConfig `yaml:"limiter" env:"TELEPORT_SSH_LIMITER"`
Labels map[string]string `yaml:"labels" env:"TELEPORT_SSH_LABELS"`
CmdLabels services.CommandLabels `yaml:"label-commands" env:"TELEPORT_SSH_LABEL_COMMANDS"`
}
SSHConfig configures SSH server node role
type ServiceFunc ¶
type ServiceFunc func() error
func (ServiceFunc) Serve ¶
func (s ServiceFunc) Serve() error
type StringArray ¶
type StringArray []string
func (*StringArray) Set ¶
func (sa *StringArray) Set(v string) error
type Supervisor ¶
type Supervisor interface {
// Register adds the service to the pool, if supervisor is in
// the started state, the service will be started immediatelly
// otherwise, it will be started after Start() has been called
Register(srv Service)
// RegisterFunc creates a service from function spec and registers
// it within the system
RegisterFunc(fn ServiceFunc)
// Start starts all unstarted services
Start() error
// Wait waits until all services exit
Wait() error
// Run starts and waits for the service to complete
// it's a combinatioin Start() and Wait()
Run() error
}
Supervisor implements the simple service logic - registering service functions and de-registering the service goroutines
func NewSupervisor ¶
func NewSupervisor() Supervisor
func NewTeleport ¶
func NewTeleport(cfg Config) (Supervisor, error)
Source Files