reversetunnel

package
v2.2.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2017 License: Apache-2.0 Imports: 23 Imported by: 18

Documentation

Overview

Package reversetunnel sets up persistent reverse tunnel between remote site and teleport proxy, when site agents dial to teleport proxy's socket and teleport proxy can connect to any server through this tunnel.

Copyright 2016 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

reversetunnel package allows teleport clusters to connect to each other and to allow users of one cluster to get access to machines inside of another cluster.

This capability is called "Trusted Clusters": see Teleport documentation. The words "site" and "clusters" are used in the code interchangeably.

Every cluster, in order to be accessible by other trusted clusters, must register itself with the reverse tunnel server.

Reverse tunnel server: the TCP/IP server which accepts remote connections (tunnels) and keeps track of them. There are two types of tunnels:

  • Direct (local)
  • Remote

Direct sites/tunnels are tunnels to itself, i.e. within the same cluster. Remote sites/tunnels are, well, remote.

Copyright 2016 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2015 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const (
	// RemoteSiteStatusOffline indicates that site is considered as
	// offline, since it has missed a series of heartbeats
	RemoteSiteStatusOffline = "offline"
	// RemoteSiteStatusOnline indicates that site is sending heartbeats
	// at expected interval
	RemoteSiteStatusOnline = "online"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Agent

type Agent struct {
	// contains filtered or unexported fields
}

Agent is a reverse tunnel agent running as a part of teleport Proxies to establish outbound reverse tunnels to remote proxies

func NewAgent

func NewAgent(
	addr utils.NetAddr,
	remoteDomainName string,
	clientName string,
	signers []ssh.Signer,
	clt *auth.TunClient,
	accessPoint auth.AccessPoint) (*Agent, error)

NewAgent returns a new reverse tunnel agent Parameters:

	  addr points to the remote reverse tunnel server
   remoteDomainName is the domain name of the runnel server, used only for logging
   clientName is hostid.domain (where 'domain' is local domain name)

func (*Agent) Close added in v1.0.0

func (a *Agent) Close() error

Close signals to close all connections

func (*Agent) Start

func (a *Agent) Start() error

Start starts agent that attempts to connect to remote server part

func (*Agent) String

func (a *Agent) String() string

String returns debug-friendly

func (*Agent) Wait

func (a *Agent) Wait() error

Wait waits until all outstanding operations are completed

type AgentOption

type AgentOption func(a *Agent) error

AgentOption specifies parameter that could be passed to Agents

type AgentPool added in v1.0.0

type AgentPool struct {
	sync.Mutex
	*log.Entry
	// contains filtered or unexported fields
}

AgentPool manages the pool of outbound reverse tunnel agents. The agent pool watches the reverse tunnel entries created by the admin and connects/disconnects to added/deleted tunnels.

func NewAgentPool added in v1.0.0

func NewAgentPool(cfg AgentPoolConfig) (*AgentPool, error)

NewAgentPool returns new isntance of the agent pool

func (*AgentPool) FetchAndSyncAgents added in v1.0.0

func (m *AgentPool) FetchAndSyncAgents() error

FetchAndSyncAgents executes one time fetch and sync request (used in tests instead of polling)

func (*AgentPool) Start added in v1.0.0

func (m *AgentPool) Start() error

Start starts the agent pool

func (*AgentPool) Stop added in v1.0.0

func (m *AgentPool) Stop()

Stop stops the agent pool

func (*AgentPool) Wait added in v1.0.0

func (m *AgentPool) Wait() error

Wait returns when agent pool is closed

type AgentPoolConfig added in v1.0.0

type AgentPoolConfig struct {
	// Client is client to the auth server this agent connects to recieve
	// a list of pools
	Client *auth.TunClient
	// AccessPoint is a lightweight access point
	// that can optionally cache some values
	AccessPoint auth.AccessPoint
	// HostSigners is a list of host signers this agent presents itself as
	HostSigners []ssh.Signer
	// HostUUID is a unique ID of this host
	HostUUID string
}

AgentPoolConfig holds configuration parameters for the agent pool

type RemoteSite

type RemoteSite interface {
	// Dial dials any address within the site network
	Dial(fromAddr, toAddr net.Addr) (net.Conn, error)
	// GetLastConnected returns last time the remote site was seen connected
	GetLastConnected() time.Time
	// GetName returns site name (identified by authority domain's name)
	GetName() string
	// GetStatus returns status of this site (either offline or connected)
	GetStatus() string
	// GetClient returns client connected to remote auth server
	GetClient() (auth.ClientI, error)
	// CachingAccessPoint returns access point that is lightweight
	// but is resilient to auth server crashes
	CachingAccessPoint() (auth.AccessPoint, error)
}

RemoteSite represents remote teleport site that can be accessed via teleport tunnel or directly by proxy

There are two implementations of this interface: local and remote sites.

type Server

type Server interface {
	// GetSites returns a list of connected remote sites
	GetSites() []RemoteSite
	// GetSite returns remote site this node belongs to
	GetSite(domainName string) (RemoteSite, error)
	// RemoveSite removes the site with the specified name from the list of connected sites
	RemoveSite(domainName string) error
	// Start starts server
	Start() error
	// CLose closes server's socket
	Close() error
	// Wait waits for server to close all outstanding operations
	Wait()
}

Server is a TCP/IP SSH server which listens on an SSH endpoint and remote/local sites connect and register with it.

func NewServer

func NewServer(addr utils.NetAddr, hostSigners []ssh.Signer,
	authAPI auth.AccessPoint, fn state.NewCachingAccessPoint, opts ...ServerOption) (Server, error)

NewServer creates and returns a reverse tunnel server which is fully initialized but hasn't been started yet

type ServerOption added in v1.0.0

type ServerOption func(s *server) error

ServerOption sets reverse tunnel server options

func DirectSite added in v1.0.0

func DirectSite(domainName string, clt auth.ClientI) ServerOption

DirectSite instructs server to proxy access to this site not using reverse tunnel

func SetLimiter added in v1.0.0

func SetLimiter(limiter *limiter.Limiter) ServerOption

SetLimiter sets rate limiter for reverse tunnel

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL