summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-cluster/teleport/files/teleport-2.6.yaml130
-rw-r--r--sys-cluster/teleport/files/teleport.yaml18
-rw-r--r--sys-cluster/teleport/teleport-2.6.7.ebuild2
3 files changed, 4 insertions, 146 deletions
diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml
deleted file mode 100644
index 384dea937c97..000000000000
--- a/sys-cluster/teleport/files/teleport-2.6.yaml
+++ /dev/null
@@ -1,130 +0,0 @@
-# By default, this file should be stored in /etc/teleport.yaml
-## IMPORTANT ##
-#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
-# This section of the configuration file applies to all teleport
-# services.
-teleport:
- # nodename allows to assign an alternative name this node can be reached by.
- # by default it's equal to hostname
- # nodename: graviton
-
- # Data directory where Teleport keeps its data, like keys/users for
- # authentication (if using the default BoltDB back-end)
- data_dir: /var/lib/teleport
-
- # one-time invitation token used to join a cluster. it is not used on
- # subsequent starts
- auth_token: xxxx-token-xxxx
-
- # when running in multi-homed or NATed environments Teleport nodes need
- # to know which IP it will be reachable at by other nodes
- # public_addr: 10.1.0.5
-
- # list of auth servers in a cluster. you will have more than one auth server
- # if you configure teleport auth to run in HA configuration
- auth_servers:
- - localhost:3025
-
- # Teleport throttles all connections to avoid abuse. These settings allow
- # you to adjust the default limits
- connection_limits:
- max_connections: 1000
- max_users: 250
-
- # Logging configuration. Possible output values are 'stdout', 'stderr' and
- # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
- log:
- output: stderr
- severity: ERROR
-
- # Type of storage used for keys. You need to configure this to use etcd
- # backend if you want to run Teleport in HA configuration.
- storage:
- type: bolt
-
-# This section configures the 'auth service':
-auth_service:
- enabled: yes
-
- # defines the types and second factors the auth server supports
- authentication:
- # second_factor can be off, otp, or u2f
- second_factor: otp
-
- # this section is only used if using u2f
- u2f:
- # app_id should point to the Web UI.
- app_id: https://localhost:3080
-
- # facets should list all proxy servers.
- facets:
- - https://localhost
- - https://localhost:3080
-
- # IP and the port to bind to. Other Teleport nodes will be connecting to
- # this port (AKA "Auth API" or "Cluster API") to validate client
- # certificates
- listen_addr: 0.0.0.0:3025
-
- # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
- # the role a new node will be allowed to assume. The more secure way to
- # add nodes is to use `ttl node add --ttl` command to generate auto-expiring
- # tokens.
- #
- # We recommend to use tools like `pwgen` to generate sufficiently random
- # tokens of 32+ byte length.
- tokens:
- - "proxy,node:xxxxx"
- - "auth:yyyy"
-
- # Optional "cluster name" is needed when configuring trust between multiple
- # auth servers. A cluster name is used as part of a signature in certificates
- # generated by this CA.
- #
- # By default an automatically generated GUID is used.
- #
- # IMPORTANT: if you change cluster_name, it will invalidate all generated
- # certificates and keys (may need to wipe out /var/lib/teleport directory)
- cluster_name: "main"
-
-# This section configures the 'node service':
-ssh_service:
- enabled: yes
- # IP and the port for SSH service to bind to.
- listen_addr: 0.0.0.0:3022
- # See explanation of labels in "Labeling Nodes" section below
- labels:
- role: master
- type: postgres
- # List (YAML array) of commands to periodically execute and use
- # their output as labels.
- # See explanation of how this works in "Labeling Nodes" section below
- commands:
- - name: hostname
- command: [/usr/bin/hostname]
- period: 1m0s
- - name: arch
- command: [/usr/bin/uname, -p]
- period: 1h0m0s
-
-# This section configures the 'proxy servie'
-proxy_service:
- enabled: yes
- # SSH forwarding/proxy address. Command line (CLI) clients always begin their
- # SSH sessions by connecting to this port
- listen_addr: 0.0.0.0:3023
-
- # Reverse tunnel listening address. An auth server (CA) can establish an
- # outbound (from behind the firewall) connection to this address.
- # This will allow users of the outside CA to connect to behind-the-firewall
- # nodes.
- tunnel_listen_addr: 0.0.0.0:3024
-
- # The HTTPS listen address to serve the Web UI and also to authenticate the
- # command line (CLI) users via password+HOTP
- web_listen_addr: 0.0.0.0:3080
-
- # TLS certificate for the HTTPS connection. Configuring these properly is
- # critical for Teleport security.
- https_key_file: /etc/teleport/teleport.key
- https_cert_file: /etc/teleport/teleport.crt
diff --git a/sys-cluster/teleport/files/teleport.yaml b/sys-cluster/teleport/files/teleport.yaml
index e297bb89b571..384dea937c97 100644
--- a/sys-cluster/teleport/files/teleport.yaml
+++ b/sys-cluster/teleport/files/teleport.yaml
@@ -1,5 +1,6 @@
# By default, this file should be stored in /etc/teleport.yaml
-
+## IMPORTANT ##
+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
# This section of the configuration file applies to all teleport
# services.
teleport:
@@ -17,7 +18,7 @@ teleport:
# when running in multi-homed or NATed environments Teleport nodes need
# to know which IP it will be reachable at by other nodes
- # advertise_ip: 10.1.0.5
+ # public_addr: 10.1.0.5
# list of auth servers in a cluster. you will have more than one auth server
# if you configure teleport auth to run in HA configuration
@@ -43,19 +44,10 @@ teleport:
# This section configures the 'auth service':
auth_service:
- # Turns 'auth' role on. Default is 'yes'
enabled: yes
- # Turns on dynamic configuration. Dynamic configuration defines the source
- # for configuration information, configuration files on disk or what's
- # stored in the backend. Default is false if no backend is specified,
- # otherwise if backend is specified, it is assumed to be true.
- dynamic_config: false
-
# defines the types and second factors the auth server supports
authentication:
- # type can be local or oidc
- type: local
# second_factor can be off, otp, or u2f
second_factor: otp
@@ -97,9 +89,7 @@ auth_service:
# This section configures the 'node service':
ssh_service:
- # Turns 'ssh' role on. Default is 'yes'
enabled: yes
-
# IP and the port for SSH service to bind to.
listen_addr: 0.0.0.0:3022
# See explanation of labels in "Labeling Nodes" section below
@@ -119,9 +109,7 @@ ssh_service:
# This section configures the 'proxy servie'
proxy_service:
- # Turns 'proxy' role on. Default is 'yes'
enabled: yes
-
# SSH forwarding/proxy address. Command line (CLI) clients always begin their
# SSH sessions by connecting to this port
listen_addr: 0.0.0.0:3023
diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild
index a187d11ee22a..4a7a27e42a48 100644
--- a/sys-cluster/teleport/teleport-2.6.7.ebuild
+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild
@@ -35,7 +35,7 @@ src_install() {
dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
insinto /etc/${PN}
- newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml
+ newins "${FILESDIR}"/${PN}.yaml ${PN}.yaml
newinitd "${FILESDIR}"/${PN}.init.d ${PN}
newconfd "${FILESDIR}"/${PN}.conf.d ${PN}