Documentation
¶
Overview ¶
Package service implements teleport running service, takes care of initialization, cleanup and shutdown procedures
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2015 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- func ApplyDefaults(cfg *Config)
- type AuthConfig
- type CertificateAuthorities
- type CertificateAuthority
- type Config
- type FanOutEventLogger
- type KeyVal
- type LocalCertificateAuthority
- type LocalSupervisor
- type NetAddrSlice
- type ProxyConfig
- type RoleConfig
- type SSHConfig
- type Service
- type ServiceFunc
- type Supervisor
- type TeleportProcess
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyDefaults ¶ added in v1.0.0
func ApplyDefaults(cfg *Config)
ApplyDefaults applies default values to the existing config structure
Types ¶
type AuthConfig ¶
type AuthConfig struct {
// Enabled turns auth role on or off for this process
Enabled bool
// SSHAddr is the listening address of SSH tunnel to HTTP service
SSHAddr utils.NetAddr
// Token is a provisioning token for an additonal auth server joining the cluster
Token string
// SecretKey is an encryption key for secret service, will be used
// to initialize secret service if set
SecretKey string
// AllowedTokens is a set of tokens that will be added as trusted
AllowedTokens KeyVal
// TrustedAuthorities is a set of trusted user certificate authorities
TrustedAuthorities CertificateAuthorities
// DomainName is a name that identifies this authority and all
// host nodes in the cluster that will share this authority domain name
// as a base name, e.g. if authority domain name is example.com,
// all nodes in the cluster will have UUIDs in the form: <uuid>.example.com
DomainName string
// UserCA allows to pass preconfigured user certificate authority keypair
// to auth server so it will use it on the first start instead of generating
// a new keypair
UserCA LocalCertificateAuthority
// HostCA allows to pass preconfigured host certificate authority keypair
// to auth server so it will use it on the first start instead of generating
// a new keypair
HostCA LocalCertificateAuthority
// KeysBackend configures backend that stores auth keys, certificates, tokens ...
KeysBackend struct {
// Type is a backend type - etcd or boltdb
Type string
// Params is map with backend specific parameters
Params string
}
// EventsBackend configures backend that stores cluster events (login attempts, etc)
EventsBackend struct {
// Type is a backend type, etcd or bolt
Type string
// Params is map with backend specific parameters
Params string
}
// RecordsBackend configures backend that stores live SSH sessions recordings
RecordsBackend struct {
// Type is a backend type, currently only bolt
Type string
// Params is map with backend specific parameters
Params string
}
Limiter limiter.LimiterConfig
}
type CertificateAuthorities ¶
type CertificateAuthorities []CertificateAuthority
func (CertificateAuthorities) Authorities ¶
func (a CertificateAuthorities) Authorities() ([]services.CertAuthority, error)
func (*CertificateAuthorities) SetEnv ¶
func (c *CertificateAuthorities) SetEnv(v string) error
type CertificateAuthority ¶
type Config ¶
type Config struct {
DataDir string
Hostname string
// AuthServers is a list of auth servers nodes, proxies and peer auth servers
// connect to
AuthServers NetAddrSlice
// AdvertiseIP is used to "publish" an alternative IP address this node
// can be reached on, if running behind NAT
AdvertiseIP net.IP
// SSH role an SSH endpoint server
SSH SSHConfig
// Auth server authentication and authorizatin server config
Auth AuthConfig
// Proxy is SSH proxy that manages incoming and outbound connections
// via multiple reverse tunnels
Proxy ProxyConfig
// Unique UUID of this host (it will be known via this UUID within
// a teleport cluster). It's automatically generated on 1st start
HostUUID string
// Console writer to speak to a user
Console io.Writer
}
Config structure is used to initialize _all_ services Teleporot can run. Some settings are globl (like DataDir) while others are grouped into sections, like AuthConfig
func MakeDefaultConfig ¶ added in v1.0.0
func MakeDefaultConfig() (config *Config)
MakeDefaultConfig() creates a new Config structure and populates it with defaults
func (*Config) ApplyToken ¶ added in v1.0.0
ApplyToken assigns a given token to all internal services but only if token is not an empty string.
Returns 'true' if token was modified
func (*Config) ConfigureBolt ¶ added in v1.0.0
ConfigureBolt configures Bolt back-ends with a data dir.
func (*Config) ConfigureETCD ¶ added in v1.0.0
ConfigureETCD configures ETCD backend (still uses BoltDB for some cases)
func (*Config) DebugDumpToYAML ¶ added in v1.0.0
DebugDumpToYAML is useful for debugging: it dumps the Config structure into a string
func (*Config) RoleConfig ¶
func (cfg *Config) RoleConfig() RoleConfig
RoleConfig is a config for particular Teleport role
type FanOutEventLogger ¶
type FanOutEventLogger struct {
Loggers []lunk.EventLogger
}
type LocalCertificateAuthority ¶
type LocalCertificateAuthority struct {
CertificateAuthority `json:"public"`
PrivateKey string `json:"private_key"`
}
func (*LocalCertificateAuthority) CA ¶
func (c *LocalCertificateAuthority) CA() (*services.CertAuthority, error)
func (*LocalCertificateAuthority) SetEnv ¶
func (c *LocalCertificateAuthority) SetEnv(v string) error
type LocalSupervisor ¶
func (*LocalSupervisor) Register ¶
func (s *LocalSupervisor) Register(srv Service)
func (*LocalSupervisor) RegisterFunc ¶
func (s *LocalSupervisor) RegisterFunc(fn ServiceFunc)
func (*LocalSupervisor) Run ¶
func (s *LocalSupervisor) Run() error
func (*LocalSupervisor) Start ¶
func (s *LocalSupervisor) Start() error
func (*LocalSupervisor) Wait ¶
func (s *LocalSupervisor) Wait() error
type NetAddrSlice ¶
func (*NetAddrSlice) Set ¶
func (s *NetAddrSlice) Set(val string) error
type ProxyConfig ¶
type ProxyConfig struct {
// Enabled turns proxy role on or off for this process
Enabled bool
// Token is a provisioning token for new proxy server registering with auth
Token string
// ReverseTunnelListenAddr is address where reverse tunnel dialers connect to
ReverseTunnelListenAddr utils.NetAddr
// WebAddr is address for web portal of the proxy
WebAddr utils.NetAddr
// SSHAddr is address of ssh proxy
SSHAddr utils.NetAddr
// AssetsDir is a directory with proxy website assets
AssetsDir string
// TLSKey is a base64 encoded private key used by web portal
TLSKey string
// TLSCert is a base64 encoded certificate used by web portal
TLSCert string
Limiter limiter.LimiterConfig
}
type RoleConfig ¶
type RoleConfig struct {
DataDir string
HostUUID string
HostName string
AuthServers []utils.NetAddr
Auth AuthConfig
Console io.Writer
}
RoleConfig is a configuration for a server role (either proxy or node)
type SSHConfig ¶
type SSHConfig struct {
Enabled bool
Token string
Addr utils.NetAddr
Shell string
Limiter limiter.LimiterConfig
Labels map[string]string
CmdLabels services.CommandLabels
}
SSHConfig configures SSH server node role
type ServiceFunc ¶
type ServiceFunc func() error
func (ServiceFunc) Serve ¶
func (s ServiceFunc) Serve() error
type Supervisor ¶
type Supervisor interface {
// Register adds the service to the pool, if supervisor is in
// the started state, the service will be started immediatelly
// otherwise, it will be started after Start() has been called
Register(srv Service)
// RegisterFunc creates a service from function spec and registers
// it within the system
RegisterFunc(fn ServiceFunc)
// Start starts all unstarted services
Start() error
// Wait waits until all services exit
Wait() error
// Run starts and waits for the service to complete
// it's a combinatioin Start() and Wait()
Run() error
}
Supervisor implements the simple service logic - registering service functions and de-registering the service goroutines
func NewSupervisor ¶
func NewSupervisor() Supervisor
func NewTeleport ¶
func NewTeleport(cfg *Config) (Supervisor, error)
NewTeleport takes the daemon configuration, instantiates all required services and starts them under a supervisor, returning the supervisor object
type TeleportProcess ¶ added in v1.0.0
type TeleportProcess struct {
sync.Mutex
Supervisor
Config *Config
// contains filtered or unexported fields
}
TeleportProcess structure holds the state of the Teleport daemon, controlling execution and configuration of the teleport services: ssh, auth and proxy.
func (*TeleportProcess) RegisterWithAuthServer ¶ added in v1.0.0
func (process *TeleportProcess) RegisterWithAuthServer(token string, role teleport.Role, callback func(conn *connector) error) error
RegisterWithAuthServer uses one time provisioning token obtained earlier from the server to get a pair of SSH keys signed by Auth server host certificate authority
Source Files