teleport/Makefile

TCD_NODE1 := http://127.0.0.1:4001
ETCD_NODES := ${ETCD_NODE1}
ETCD_FLAGS := TELEPORT_TEST_ETCD_NODES=${ETCD_NODES}
OUT=out
export GO15VENDOREXPERIMENT=1

.PHONY: install test test-with-etcd remove-temp files test-package update test-grep-package cover-package cover-package-with-etcd run profile sloccount set-etcd install-assets docs-serve


#
# Default target: builds all 3 executables and plaaces them in a current directory
#
.PHONY: tctl
tctl: 
	go build -o $(OUT)/tctl -i github.com/gravitational/teleport/tool/tctl

.PHONY: teleport
teleport: 
	rm -rf /var/lib/teleport/assets
	cp -r assets/web/assets /var/lib/teleport/
	go build -o $(OUT)/teleport -i github.com/gravitational/teleport/tool/teleport

.PHONY: tsh
tsh: 
	go build -o $(OUT)/tsh -i github.com/gravitational/teleport/tool/tsh

.PHONY: all
all: teleport tctl tsh


install: remove-temp-files
	go install github.com/gravitational/teleport/tool/teleport
	go install github.com/gravitational/teleport/tool/tctl
	go install github.com/gravitational/teleport/tool/tsh

clean:
	rm -f $(OUT)

#
# this target is used by Jenkins for production builds
#
.PHONY: production
production: clean
	$(MAKE) -C build.assets


test: install
	go test -v github.com/gravitational/teleport/lib/... -cover
	#go test -v -test.parallel=0 $(shell go list ./... | grep -v /vendor/) -cover

test-with-etcd: install
	${ETCD_FLAGS} go test -v -test.parallel=0 $(shell go list ./... | grep -v /vendor/) -cover

remove-temp-files:
	find . -name flymake_* -delete

test-package: remove-temp-files install
	go test -v -test.parallel=0 ./$(p)

test-package-with-etcd: remove-temp-files install
	${ETCD_FLAGS} go test -v -test.parallel=0 ./$(p)

update:
	rm -rf Godeps/
	find . -iregex .*go | xargs sed -i 's:".*Godeps/_workspace/src/:":g'
	godep save -r ./...

test-grep-package: remove-temp-files install
	go test -v ./$(p) -check.f=$(e)

cover-package: remove-temp-files
	go test -v ./$(p)  -coverprofile=/tmp/coverage.out
	go tool cover -html=/tmp/coverage.out

cover-package-with-etcd: remove-temp-files
	${ETCD_FLAGS} go test -v ./$(p)  -coverprofile=/tmp/coverage.out
	go tool cover -html=/tmp/coverage.out

pack-teleport: DIR := $(shell mktemp -d)
pack-teleport: pkg teleport
	cp assets/build/orbit.manifest.json $(DIR)
	mkdir -p $(DIR)/rootfs/usr/bin
	mkdir -p $(DIR)/rootfs/usr/bin $(DIR)/rootfs/etc/web-assets/
	cp -r ./assets/web/* $(DIR)/rootfs/etc/web-assets/
	cp $(GOPATH)/bin/teleport $(DIR)/rootfs/usr/bin
	cp $(GOPATH)/bin/tctl $(DIR)/rootfs/usr/bin
	gravity package import $(DIR) $(PKG) --check-manifest
	rm -rf $(DIR)

pkg:
	@if [ "$$PKG" = "" ] ; then echo "ERROR: enter PKG parameter:\n\nmake publish PKG=<name>:<sem-ver>, e.g. teleport:0.0.1\n\n" && exit 255; fi

# run-embedded starts a auth server, ssh node and proxy that allows web access 
# to all the nodes
run-embedded: install
	teleport --config=examples/embedded.yaml

# run-node starts a ssh node
run-node: install
	tctl token generate --output=/tmp/token --domain=localhost
	teleport --config=examples/node.yaml

# run-connected-auth1 starts a auth server ready to connect with additional auth server
run-connected-auth1: install
	teleport --config=examples/connected-auth1.yaml

# run-connected-auth2 starts a additional auth server, that connects to auth1
run-connected-auth2: install
	teleport --config=examples/connected-auth2.yaml


# run-site-to-proxy starts a ssh node, auth server and reverse tunnel that connect outside of
# the organization server
run-site-to-proxy: install
	rm -f /tmp/teleport.auth.sock
	teleport --config=examples/embedded-proxy.yaml

# run proxy start s
run-proxy: install
	rm -f /tmp/teleport.proxy.auth.sock
	teleport --config=examples/proxy.yaml

trust-proxy:
#   get user and host SSH certificates from proxy's organization, note that we are connecting to proxy's auth server
#   that serves proxy's organization certs and not teleport's
	tctl --auth=unix:///tmp/teleport.proxy.auth.sock user-ca pub-key > /tmp/user.pubkey
	tctl --auth=unix:///tmp/teleport.proxy.auth.sock host-ca pub-key > /tmp/host.pubkey

#   add proxy's certs to teleport as trusted remote certificate authorities
	tctl remote-ca upsert --type=user --id=user.proxy.vendor.io --domain=proxy.vendor.io --path=/tmp/user.pubkey
	tctl remote-ca upsert --type=host --id=host.proxy.vendor.io --domain=proxy.vendor.io --path=/tmp/host.pubkey
	tctl remote-ca ls --type=user
	tctl remote-ca ls --type=host

#   now export teleport's host CA certificate and add it as a trusted cert for proxy
	tctl host-ca pub-key > /tmp/teleport.pubkey
	tctl --auth=unix:///tmp/teleport.proxy.auth.sock remote-ca upsert --type=host --id=host.auth.gravitational.io --domain=node1.gravitational.io --path=/tmp/teleport.pubkey
	tctl --auth=unix:///tmp/teleport.proxy.auth.sock remote-ca ls --type=host

profile:
	go tool pprof http://localhost:6060/debug/pprof/profile

sloccount:
	find . -path ./Godeps -prune -o -name "*.go" -print0 | xargs -0 wc -l

docs-serve:
	sleep 1 && sensible-browser http://127.0.0.1:32567 &
	mkdocs serve

docs-update:
	echo "# Auth Server Client\n\n" > docs/api.md
	echo "[Source file](https://github.com/gravitational/teleport/blob/master/auth/clt.go)" >> docs/api.md
	echo '```go' >> docs/api.md
	godoc github.com/gravitational/teleport/auth Client >> docs/api.md
	echo '```' >> docs/api.md

#
# Deploy teleport server to staging environment on AWS
# WARNING: this step is called by CI/CD. You must execute make production first
.PHONY: deploy
deploy:
	ansible-playbook -i deploy/hosts deploy/deploy.yaml

# Prepare a brand new AWS machine to host Teleport (run provision once, 
# then run deploy many times)
.PHONY: provision
provision:
	ansible-playbook -i deploy/hosts deploy/provision.yaml

.PHONY: jenkins
jenkins:
	curl -X POST -d TARGETENV=staging -d BRANCH=$$(git rev-parse --abbrev-ref HEAD) https://jenkins.gravitational.io/buildByToken/buildWithParameters?job=Teleport&token=ZeeYaeYuTh9quiu8eh3rieChohHoor8aib0oopoov0aewah8
Cleanup and make sure teleport CP is reusable 2015-07-15 00:52:12 +00:00			`TCD_NODE1 := http://127.0.0.1:4001`
Provisioning and clear role separation Distinct roles separation: * Stateful auth server, it is stateful and exposes SSH authentication endpoint to the cluster * Stateless ssh node, it connects to the auth server to authenticate access requests * Stateless cp node, it provides web portal to access the cluster and update users keys Provisioning: * Auth server automatically sets itself up on the first start, no need to explicitly set encryption keys and authority certs * SSH node connects to the Auth server to provision host private keys and sertificates using special SSH provisioning key issued by the auth server 2015-05-07 03:10:44 +00:00			`ETCD_NODES := ${ETCD_NODE1}`
Initial working prototype 2015-03-02 20:11:23 +00:00			`ETCD_FLAGS := TELEPORT_TEST_ETCD_NODES=${ETCD_NODES}`
Moved the default build output from ./ to out/ Otherwise tctl, teleport and tsh binaries were causing issues with .gitignore conflicts (we have directories with these names in tool) 2016-02-09 23:05:02 +00:00			`OUT=out`
Fixed Makefile added: ``` export GO15VENDOREXPERIMENT=1 ``` 2016-01-21 03:17:29 +00:00			`export GO15VENDOREXPERIMENT=1`
Initial working prototype 2015-03-02 20:11:23 +00:00
Added "connect to auth server" routine to tctl 2016-02-10 00:09:21 +00:00			`.PHONY: install test test-with-etcd remove-temp files test-package update test-grep-package cover-package cover-package-with-etcd run profile sloccount set-etcd install-assets docs-serve`
orbit-compatible packaging and configuration for teleport and telescope 2015-10-13 00:50:36 +00:00
Usability improvements - Tidier CLI help/usage messages - Overly annoying log.Info() replaced with log.Debug() 2016-02-13 22:38:22 +00:00
Updated builds 2016-01-17 18:28:34 +00:00			`#`
Added Logrus initialization 2016-02-02 20:14:59 +00:00			`# Default target: builds all 3 executables and plaaces them in a current directory`
Updated builds 2016-01-17 18:28:34 +00:00			`#`
Started work on simplifying tctl CLI 2016-02-09 06:29:15 +00:00			`.PHONY: tctl`
			`tctl:`
Moved the default build output from ./ to out/ Otherwise tctl, teleport and tsh binaries were causing issues with .gitignore conflicts (we have directories with these names in tool) 2016-02-09 23:05:02 +00:00			`go build -o $(OUT)/tctl -i github.com/gravitational/teleport/tool/tctl`
Intermediate commit: - Reverse tunnel service is now configurable - Separated logging output from the console UI output 2016-02-08 22:51:22 +00:00
Added "connect to auth server" routine to tctl 2016-02-10 00:09:21 +00:00			`.PHONY: teleport`
			`teleport:`
Adding users works with mappings via new CLI 2016-02-10 02:28:38 +00:00			`rm -rf /var/lib/teleport/assets`
			`cp -r assets/web/assets /var/lib/teleport/`
Moved the default build output from ./ to out/ Otherwise tctl, teleport and tsh binaries were causing issues with .gitignore conflicts (we have directories with these names in tool) 2016-02-09 23:05:02 +00:00			`go build -o $(OUT)/teleport -i github.com/gravitational/teleport/tool/teleport`
Added "connect to auth server" routine to tctl 2016-02-10 00:09:21 +00:00
			`.PHONY: tsh`
			`tsh:`
			`go build -o $(OUT)/tsh -i github.com/gravitational/teleport/tool/tsh`

			`.PHONY: all`
			`all: teleport tctl tsh`

Jenkins build target 2015-12-23 18:41:51 +00:00
Ansible delpoyment script for teleport 2016-01-17 22:50:00 +00:00			`install: remove-temp-files`
			`go install github.com/gravitational/teleport/tool/teleport`
			`go install github.com/gravitational/teleport/tool/tctl`
			`go install github.com/gravitational/teleport/tool/tsh`

			`clean:`
Added "connect to auth server" routine to tctl 2016-02-10 00:09:21 +00:00			`rm -f $(OUT)`
Ansible delpoyment script for teleport 2016-01-17 22:50:00 +00:00
Added 'production' build target `make production` now builds "production" release of Teleport 2016-01-19 23:55:49 +00:00			`#`
			`# this target is used by Jenkins for production builds`
			`#`
			`.PHONY: production`
Added 'clean' before 'production' build 2016-01-20 23:46:47 +00:00			`production: clean`
Added 'production' build target `make production` now builds "production" release of Teleport 2016-01-19 23:55:49 +00:00			`$(MAKE) -C build.assets`


Getting env vars using kingpin. Changed makefile for the new flag names 2015-09-02 21:51:52 +00:00			`test: install`
PR fixes Incorporated suggestions from PR#120 2016-02-13 23:36:22 +00:00			`go test -v github.com/gravitational/teleport/lib/... -cover`
			`#go test -v -test.parallel=0 $(shell go list ./... \| grep -v /vendor/) -cover`
Initial working prototype 2015-03-02 20:11:23 +00:00
Getting env vars using kingpin. Changed makefile for the new flag names 2015-09-02 21:51:52 +00:00			`test-with-etcd: install`
Moved to go1.5 vendoring 2016-01-20 15:52:25 +00:00			`${ETCD_FLAGS} go test -v -test.parallel=0 $(shell go list ./... \| grep -v /vendor/) -cover`
Initial working prototype 2015-03-02 20:11:23 +00:00
Fix installation script 2015-05-04 15:28:32 +00:00			`remove-temp-files:`
Initial working prototype 2015-03-02 20:11:23 +00:00			`find . -name flymake_* -delete`

Tsh client. Everything works. 2015-12-24 23:24:47 +00:00			`test-package: remove-temp-files install`
Fixed makefile tests by adding -test.parallel=0 flag. Fixed AccessPoint interface. 2015-08-26 15:31:34 +00:00			`go test -v -test.parallel=0 ./$(p)`
Initial working prototype 2015-03-02 20:11:23 +00:00
Tsh client. Everything works. 2015-12-24 23:24:47 +00:00			`test-package-with-etcd: remove-temp-files install`
Fixed makefile tests by adding -test.parallel=0 flag. Fixed AccessPoint interface. 2015-08-26 15:31:34 +00:00			`${ETCD_FLAGS} go test -v -test.parallel=0 ./$(p)`
Initial working prototype 2015-03-02 20:11:23 +00:00
			`update:`
			`rm -rf Godeps/`
			`find . -iregex .go \| xargs sed -i 's:".Godeps/_workspace/src/:":g'`
			`godep save -r ./...`

Tsh client. Everything works. 2015-12-24 23:24:47 +00:00			`test-grep-package: remove-temp-files install`
Initial working prototype 2015-03-02 20:11:23 +00:00			`go test -v ./$(p) -check.f=$(e)`

Fix installation script 2015-05-04 15:28:32 +00:00			`cover-package: remove-temp-files`
Initial working prototype 2015-03-02 20:11:23 +00:00			`go test -v ./$(p) -coverprofile=/tmp/coverage.out`
			`go tool cover -html=/tmp/coverage.out`

Fix installation script 2015-05-04 15:28:32 +00:00			`cover-package-with-etcd: remove-temp-files`
Initial working prototype 2015-03-02 20:11:23 +00:00			`${ETCD_FLAGS} go test -v ./$(p) -coverprofile=/tmp/coverage.out`
			`go tool cover -html=/tmp/coverage.out`

orbit-compatible packaging and configuration for teleport and telescope 2015-10-13 00:50:36 +00:00			`pack-teleport: DIR := $(shell mktemp -d)`
			`pack-teleport: pkg teleport`
fix orbit integration, tests and configuration samples 2015-10-25 21:48:03 +00:00			`cp assets/build/orbit.manifest.json $(DIR)`
orbit-compatible packaging and configuration for teleport and telescope 2015-10-13 00:50:36 +00:00			`mkdir -p $(DIR)/rootfs/usr/bin`
final cleanups 2015-10-26 21:36:52 +00:00			`mkdir -p $(DIR)/rootfs/usr/bin $(DIR)/rootfs/etc/web-assets/`
			`cp -r ./assets/web/* $(DIR)/rootfs/etc/web-assets/`
orbit-compatible packaging and configuration for teleport and telescope 2015-10-13 00:50:36 +00:00			`cp $(GOPATH)/bin/teleport $(DIR)/rootfs/usr/bin`
			`cp $(GOPATH)/bin/tctl $(DIR)/rootfs/usr/bin`
update syntax 2015-11-12 04:25:34 +00:00			`gravity package import $(DIR) $(PKG) --check-manifest`
orbit-compatible packaging and configuration for teleport and telescope 2015-10-13 00:50:36 +00:00			`rm -rf $(DIR)`

			`pkg:`
			`@if [ "$$PKG" = "" ] ; then echo "ERROR: enter PKG parameter:\n\nmake publish PKG=<name>:<sem-ver>, e.g. teleport:0.0.1\n\n" && exit 255; fi`
teleport connect and remote authorities * teleport connect provides tunnel between local cluster and remote lens * teleport can optionally trust remote authorities and allow signed keys in 2015-06-22 21:05:15 +00:00
Fixed scp, added single node config 2015-11-07 04:55:12 +00:00			`# run-embedded starts a auth server, ssh node and proxy that allows web access`
fix orbit integration, tests and configuration samples 2015-10-25 21:48:03 +00:00			`# to all the nodes`
teleport connect and remote authorities * teleport connect provides tunnel between local cluster and remote lens * teleport can optionally trust remote authorities and allow signed keys in 2015-06-22 21:05:15 +00:00			`run-embedded: install`
orbit-compatible packaging and configuration for teleport and telescope 2015-10-13 00:50:36 +00:00			`teleport --config=examples/embedded.yaml`

Fixed scp, added single node config 2015-11-07 04:55:12 +00:00			`# run-node starts a ssh node`
			`run-node: install`
Refactored: renamed fqdn to domainName, renaimed CAservice names 2015-11-20 21:15:48 +00:00			`tctl token generate --output=/tmp/token --domain=localhost`
Fixed scp, added single node config 2015-11-07 04:55:12 +00:00			`teleport --config=examples/node.yaml`

Added init encryption keys for auth backend config, backend configs are JSON now, all complex env configs are JSON now 2016-01-29 16:17:12 +00:00			`# run-connected-auth1 starts a auth server ready to connect with additional auth server`
			`run-connected-auth1: install`
			`teleport --config=examples/connected-auth1.yaml`

			`# run-connected-auth2 starts a additional auth server, that connects to auth1`
			`run-connected-auth2: install`
			`teleport --config=examples/connected-auth2.yaml`


some changes to readme 2015-10-29 01:10:09 +00:00			`# run-site-to-proxy starts a ssh node, auth server and reverse tunnel that connect outside of`
fix orbit integration, tests and configuration samples 2015-10-25 21:48:03 +00:00			`# the organization server`
some changes to readme 2015-10-29 01:10:09 +00:00			`run-site-to-proxy: install`
fix orbit integration, tests and configuration samples 2015-10-25 21:48:03 +00:00			`rm -f /tmp/teleport.auth.sock`
			`teleport --config=examples/embedded-proxy.yaml`

			`# run proxy start s`
			`run-proxy: install`
			`rm -f /tmp/teleport.proxy.auth.sock`
			`teleport --config=examples/proxy.yaml`

			`trust-proxy:`
			`# get user and host SSH certificates from proxy's organization, note that we are connecting to proxy's auth server`
			`# that serves proxy's organization certs and not teleport's`
			`tctl --auth=unix:///tmp/teleport.proxy.auth.sock user-ca pub-key > /tmp/user.pubkey`
			`tctl --auth=unix:///tmp/teleport.proxy.auth.sock host-ca pub-key > /tmp/host.pubkey`

			`# add proxy's certs to teleport as trusted remote certificate authorities`
Refactored: renamed fqdn to domainName, renaimed CAservice names 2015-11-20 21:15:48 +00:00			`tctl remote-ca upsert --type=user --id=user.proxy.vendor.io --domain=proxy.vendor.io --path=/tmp/user.pubkey`
			`tctl remote-ca upsert --type=host --id=host.proxy.vendor.io --domain=proxy.vendor.io --path=/tmp/host.pubkey`
Finished replicated backend 2015-09-14 22:40:34 +00:00			`tctl remote-ca ls --type=user`
			`tctl remote-ca ls --type=host`
fix orbit integration, tests and configuration samples 2015-10-25 21:48:03 +00:00
			`# now export teleport's host CA certificate and add it as a trusted cert for proxy`
			`tctl host-ca pub-key > /tmp/teleport.pubkey`
Refactored: renamed fqdn to domainName, renaimed CAservice names 2015-11-20 21:15:48 +00:00			`tctl --auth=unix:///tmp/teleport.proxy.auth.sock remote-ca upsert --type=host --id=host.auth.gravitational.io --domain=node1.gravitational.io --path=/tmp/teleport.pubkey`
fix orbit integration, tests and configuration samples 2015-10-25 21:48:03 +00:00			`tctl --auth=unix:///tmp/teleport.proxy.auth.sock remote-ca ls --type=host`
add proof of concept terminal sharing 2015-06-29 02:44:07 +00:00
Initial working prototype 2015-03-02 20:11:23 +00:00			`profile:`
			`go tool pprof http://localhost:6060/debug/pprof/profile`

			`sloccount:`
			`find . -path ./Godeps -prune -o -name "*.go" -print0 \| xargs -0 wc -l`
User manual and API reference Update teleport documentation with the user manual and high level overview. Generate API documentation from godoc. 2015-05-14 01:40:39 +00:00
			`docs-serve:`
			`sleep 1 && sensible-browser http://127.0.0.1:32567 &`
			`mkdocs serve`

			`docs-update:`
			`echo "# Auth Server Client\n\n" > docs/api.md`
			`echo "[Source file](https://github.com/gravitational/teleport/blob/master/auth/clt.go)" >> docs/api.md`
			echo '```go' >> docs/api.md
			`godoc github.com/gravitational/teleport/auth Client >> docs/api.md`
			echo '```' >> docs/api.md
Added Ansible script to provision Teleport to AWS 2016-01-17 03:56:20 +00:00
Fixed deployment 2016-01-21 06:29:57 +00:00			`#`
Added Ansible script to provision Teleport to AWS 2016-01-17 03:56:20 +00:00			`# Deploy teleport server to staging environment on AWS`
Fixed deployment 2016-01-21 06:29:57 +00:00			`# WARNING: this step is called by CI/CD. You must execute make production first`
Added Ansible script to provision Teleport to AWS 2016-01-17 03:56:20 +00:00			`.PHONY: deploy`
Fixed deployment 2016-01-21 06:29:57 +00:00			`deploy:`
Added Ansible script to provision Teleport to AWS 2016-01-17 03:56:20 +00:00			`ansible-playbook -i deploy/hosts deploy/deploy.yaml`

			`# Prepare a brand new AWS machine to host Teleport (run provision once,`
			`# then run deploy many times)`
			`.PHONY: provision`
			`provision:`
			`ansible-playbook -i deploy/hosts deploy/provision.yaml`
Added Slack-triggered builds 2016-01-17 23:14:04 +00:00
			`.PHONY: jenkins`
			`jenkins:`
			`curl -X POST -d TARGETENV=staging -d BRANCH=$$(git rev-parse --abbrev-ref HEAD) https://jenkins.gravitational.io/buildByToken/buildWithParameters?job=Teleport&token=ZeeYaeYuTh9quiu8eh3rieChohHoor8aib0oopoov0aewah8`