2015-10-31 18:56:49 +00:00
|
|
|
/*
|
|
|
|
Copyright 2015 Gravitational, Inc.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
2015-10-13 00:50:36 +00:00
|
|
|
package service
|
|
|
|
|
|
|
|
import (
|
2015-10-25 23:13:12 +00:00
|
|
|
"encoding/json"
|
2016-02-10 00:09:21 +00:00
|
|
|
"fmt"
|
2016-03-11 01:03:01 +00:00
|
|
|
"io"
|
2016-03-02 02:24:20 +00:00
|
|
|
"net"
|
2016-02-10 00:09:21 +00:00
|
|
|
"os"
|
|
|
|
"path/filepath"
|
2016-02-09 21:46:34 +00:00
|
|
|
|
2016-03-11 01:03:01 +00:00
|
|
|
"github.com/gravitational/teleport"
|
|
|
|
"github.com/gravitational/teleport/lib/backend/etcdbk"
|
2016-02-10 00:09:21 +00:00
|
|
|
"github.com/gravitational/teleport/lib/defaults"
|
2015-12-03 09:26:34 +00:00
|
|
|
"github.com/gravitational/teleport/lib/limiter"
|
2015-10-25 23:13:12 +00:00
|
|
|
"github.com/gravitational/teleport/lib/services"
|
|
|
|
"github.com/gravitational/teleport/lib/utils"
|
|
|
|
|
2016-03-11 01:03:01 +00:00
|
|
|
log "github.com/Sirupsen/logrus"
|
2016-01-20 15:52:25 +00:00
|
|
|
"github.com/gravitational/trace"
|
2016-03-11 01:03:01 +00:00
|
|
|
"gopkg.in/yaml.v2"
|
2015-10-13 00:50:36 +00:00
|
|
|
)
|
|
|
|
|
2016-02-14 05:09:17 +00:00
|
|
|
// Config structure is used to initialize _all_ services Teleporot can run.
|
|
|
|
// Some settings are globl (like DataDir) while others are grouped into
|
|
|
|
// sections, like AuthConfig
|
2015-10-13 00:50:36 +00:00
|
|
|
type Config struct {
|
2016-02-14 05:09:17 +00:00
|
|
|
DataDir string
|
|
|
|
Hostname string
|
2015-10-13 00:50:36 +00:00
|
|
|
|
2016-02-14 05:09:17 +00:00
|
|
|
AuthServers NetAddrSlice
|
2015-10-13 00:50:36 +00:00
|
|
|
|
2015-10-24 23:04:13 +00:00
|
|
|
// SSH role an SSH endpoint server
|
2016-02-14 05:09:17 +00:00
|
|
|
SSH SSHConfig
|
2015-10-24 23:04:13 +00:00
|
|
|
|
|
|
|
// Auth server authentication and authorizatin server config
|
2016-02-14 05:09:17 +00:00
|
|
|
Auth AuthConfig
|
2015-10-24 23:04:13 +00:00
|
|
|
|
|
|
|
// ReverseTunnnel role creates and mantains outbound SSH reverse tunnel to the proxy
|
2016-02-14 05:09:17 +00:00
|
|
|
ReverseTunnel ReverseTunnelConfig
|
2015-10-24 23:04:13 +00:00
|
|
|
|
|
|
|
// Proxy is SSH proxy that manages incoming and outbound connections
|
|
|
|
// via multiple reverse tunnels
|
2016-02-14 05:09:17 +00:00
|
|
|
Proxy ProxyConfig
|
2016-02-08 22:51:22 +00:00
|
|
|
|
2016-03-04 02:02:48 +00:00
|
|
|
// Unique UUID of this host (it will be known via this UUID within
|
|
|
|
// a teleport cluster). It's automatically generated on 1st start
|
|
|
|
HostUUID string
|
|
|
|
|
2016-02-08 22:51:22 +00:00
|
|
|
// Console writer to speak to a user
|
|
|
|
Console io.Writer
|
2015-10-13 00:50:36 +00:00
|
|
|
}
|
|
|
|
|
2016-02-17 02:19:21 +00:00
|
|
|
// ApplyToken assigns a given token to all internal services but only if token
|
|
|
|
// is not an empty string.
|
|
|
|
//
|
|
|
|
// Returns 'true' if token was modified
|
|
|
|
func (cfg *Config) ApplyToken(token string) bool {
|
|
|
|
if token != "" {
|
|
|
|
cfg.SSH.Token = token
|
|
|
|
cfg.Proxy.Token = token
|
|
|
|
cfg.Auth.Token = token
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2016-03-11 01:03:01 +00:00
|
|
|
// ConfigureBolt configures Bolt back-ends with a data dir.
|
2016-02-17 03:24:51 +00:00
|
|
|
func (cfg *Config) ConfigureBolt(dataDir string) {
|
2016-03-11 01:03:01 +00:00
|
|
|
a := &cfg.Auth
|
2016-02-17 03:24:51 +00:00
|
|
|
|
2016-03-11 01:03:01 +00:00
|
|
|
if a.EventsBackend.Type == teleport.BoltBackendType {
|
2016-02-17 03:24:51 +00:00
|
|
|
a.EventsBackend.Params = boltParams(dataDir, defaults.EventsBoltFile)
|
|
|
|
}
|
2016-03-11 01:03:01 +00:00
|
|
|
if a.KeysBackend.Type == teleport.BoltBackendType {
|
2016-02-17 03:24:51 +00:00
|
|
|
a.KeysBackend.Params = boltParams(dataDir, defaults.KeysBoltFile)
|
|
|
|
}
|
2016-03-11 01:03:01 +00:00
|
|
|
if a.RecordsBackend.Type == teleport.BoltBackendType {
|
2016-02-17 03:24:51 +00:00
|
|
|
a.RecordsBackend.Params = boltParams(dataDir, defaults.RecordsBoltFile)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-03-11 01:03:01 +00:00
|
|
|
// ConfigureETCD configures ETCD backend (still uses BoltDB for some cases)
|
|
|
|
func (cfg *Config) ConfigureETCD(dataDir string, peers []string, key string) error {
|
|
|
|
a := &cfg.Auth
|
|
|
|
|
|
|
|
params, err := etcdParams(peers, key)
|
|
|
|
if err != nil {
|
|
|
|
return trace.Wrap(err)
|
|
|
|
}
|
|
|
|
a.KeysBackend.Type = teleport.ETCDBackendType
|
|
|
|
a.KeysBackend.Params = params
|
|
|
|
|
|
|
|
// We can't store records and events in ETCD
|
|
|
|
a.EventsBackend.Type = teleport.BoltBackendType
|
|
|
|
a.EventsBackend.Params = boltParams(dataDir, defaults.EventsBoltFile)
|
|
|
|
|
|
|
|
a.RecordsBackend.Type = teleport.BoltBackendType
|
|
|
|
a.RecordsBackend.Params = boltParams(dataDir, defaults.RecordsBoltFile)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// RoleConfig is a config for particular Teleport role
|
2015-10-27 00:58:39 +00:00
|
|
|
func (cfg *Config) RoleConfig() RoleConfig {
|
|
|
|
return RoleConfig{
|
|
|
|
DataDir: cfg.DataDir,
|
2016-03-05 00:27:52 +00:00
|
|
|
HostUUID: cfg.HostUUID,
|
2016-03-06 00:47:03 +00:00
|
|
|
HostName: cfg.Hostname,
|
2015-10-27 00:58:39 +00:00
|
|
|
AuthServers: cfg.AuthServers,
|
|
|
|
Auth: cfg.Auth,
|
2016-02-08 22:51:22 +00:00
|
|
|
Console: cfg.Console,
|
2015-10-27 00:58:39 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-03-11 01:03:01 +00:00
|
|
|
// DebugDumpToYAML is useful for debugging: it dumps the Config structure into
|
2016-02-09 04:55:13 +00:00
|
|
|
// a string
|
|
|
|
func (cfg *Config) DebugDumpToYAML() string {
|
|
|
|
out, err := yaml.Marshal(cfg)
|
|
|
|
if err != nil {
|
|
|
|
return err.Error()
|
|
|
|
}
|
|
|
|
return string(out)
|
|
|
|
}
|
|
|
|
|
2015-10-24 23:04:13 +00:00
|
|
|
type ProxyConfig struct {
|
|
|
|
// Enabled turns proxy role on or off for this process
|
2016-02-14 05:09:17 +00:00
|
|
|
Enabled bool
|
2015-10-24 23:04:13 +00:00
|
|
|
|
|
|
|
// Token is a provisioning token for new proxy server registering with auth
|
2016-02-14 05:09:17 +00:00
|
|
|
Token string
|
2015-10-24 23:04:13 +00:00
|
|
|
|
|
|
|
// ReverseTunnelListenAddr is address where reverse tunnel dialers connect to
|
2016-02-14 05:09:17 +00:00
|
|
|
ReverseTunnelListenAddr utils.NetAddr
|
2015-10-24 23:04:13 +00:00
|
|
|
|
|
|
|
// WebAddr is address for web portal of the proxy
|
2016-02-14 05:09:17 +00:00
|
|
|
WebAddr utils.NetAddr
|
2015-10-24 23:04:13 +00:00
|
|
|
|
2015-11-02 21:02:34 +00:00
|
|
|
// SSHAddr is address of ssh proxy
|
2016-02-14 05:09:17 +00:00
|
|
|
SSHAddr utils.NetAddr
|
2015-10-31 01:17:37 +00:00
|
|
|
|
2015-10-24 23:04:13 +00:00
|
|
|
// AssetsDir is a directory with proxy website assets
|
2016-02-14 05:09:17 +00:00
|
|
|
AssetsDir string
|
2015-10-24 23:04:13 +00:00
|
|
|
|
|
|
|
// TLSKey is a base64 encoded private key used by web portal
|
2016-02-14 05:09:17 +00:00
|
|
|
TLSKey string
|
2015-10-26 02:30:42 +00:00
|
|
|
|
2015-10-24 23:04:13 +00:00
|
|
|
// TLSCert is a base64 encoded certificate used by web portal
|
2016-02-14 05:09:17 +00:00
|
|
|
TLSCert string
|
2015-12-02 18:51:32 +00:00
|
|
|
|
2016-02-14 05:09:17 +00:00
|
|
|
Limiter limiter.LimiterConfig
|
2015-10-24 23:04:13 +00:00
|
|
|
}
|
|
|
|
|
2015-10-13 00:50:36 +00:00
|
|
|
type AuthConfig struct {
|
2015-10-24 23:04:13 +00:00
|
|
|
// Enabled turns auth role on or off for this process
|
2016-02-14 05:09:17 +00:00
|
|
|
Enabled bool
|
2015-10-24 23:04:13 +00:00
|
|
|
|
2015-10-13 00:50:36 +00:00
|
|
|
// SSHAddr is the listening address of SSH tunnel to HTTP service
|
2016-02-14 05:09:17 +00:00
|
|
|
SSHAddr utils.NetAddr
|
2015-10-24 23:04:13 +00:00
|
|
|
|
2016-01-29 16:17:12 +00:00
|
|
|
// Token is a provisioning token for an additonal auth server joining the cluster
|
2016-02-14 05:09:17 +00:00
|
|
|
Token string
|
2015-10-24 23:04:13 +00:00
|
|
|
|
2015-10-13 00:50:36 +00:00
|
|
|
// SecretKey is an encryption key for secret service, will be used
|
|
|
|
// to initialize secret service if set
|
2016-02-14 05:09:17 +00:00
|
|
|
SecretKey string
|
2015-10-13 00:50:36 +00:00
|
|
|
|
|
|
|
// AllowedTokens is a set of tokens that will be added as trusted
|
2016-02-14 05:09:17 +00:00
|
|
|
AllowedTokens KeyVal
|
2015-10-13 00:50:36 +00:00
|
|
|
|
2015-10-25 23:13:12 +00:00
|
|
|
// TrustedAuthorities is a set of trusted user certificate authorities
|
2016-02-14 05:09:17 +00:00
|
|
|
TrustedAuthorities CertificateAuthorities
|
2015-10-13 00:50:36 +00:00
|
|
|
|
2015-10-26 02:30:42 +00:00
|
|
|
// UserCA allows to pass preconfigured user certificate authority keypair
|
|
|
|
// to auth server so it will use it on the first start instead of generating
|
|
|
|
// a new keypair
|
2016-02-14 05:09:17 +00:00
|
|
|
UserCA LocalCertificateAuthority
|
2015-10-26 02:30:42 +00:00
|
|
|
|
|
|
|
// HostCA allows to pass preconfigured host certificate authority keypair
|
|
|
|
// to auth server so it will use it on the first start instead of generating
|
|
|
|
// a new keypair
|
2016-02-14 05:09:17 +00:00
|
|
|
HostCA LocalCertificateAuthority
|
2015-10-26 02:30:42 +00:00
|
|
|
|
2016-01-29 16:17:12 +00:00
|
|
|
// KeysBackend configures backend that stores auth keys, certificates, tokens ...
|
2015-10-13 00:50:36 +00:00
|
|
|
KeysBackend struct {
|
|
|
|
// Type is a backend type - etcd or boltdb
|
2016-02-14 05:09:17 +00:00
|
|
|
Type string
|
2015-10-13 00:50:36 +00:00
|
|
|
// Params is map with backend specific parameters
|
2016-02-14 05:09:17 +00:00
|
|
|
Params string
|
2015-10-13 00:50:36 +00:00
|
|
|
// AdditionalKey is a additional signing GPG key
|
2016-02-14 05:09:17 +00:00
|
|
|
EncryptionKeys StringArray
|
|
|
|
}
|
2015-10-13 00:50:36 +00:00
|
|
|
|
|
|
|
// EventsBackend configures backend that stores cluster events (login attempts, etc)
|
|
|
|
EventsBackend struct {
|
|
|
|
// Type is a backend type, etcd or bolt
|
2016-02-14 05:09:17 +00:00
|
|
|
Type string
|
2015-10-13 00:50:36 +00:00
|
|
|
// Params is map with backend specific parameters
|
2016-02-14 05:09:17 +00:00
|
|
|
Params string
|
|
|
|
}
|
2015-10-13 00:50:36 +00:00
|
|
|
|
|
|
|
// RecordsBackend configures backend that stores live SSH sessions recordings
|
|
|
|
RecordsBackend struct {
|
|
|
|
// Type is a backend type, currently only bolt
|
2016-02-14 05:09:17 +00:00
|
|
|
Type string
|
2015-10-13 00:50:36 +00:00
|
|
|
// Params is map with backend specific parameters
|
2016-02-14 05:09:17 +00:00
|
|
|
Params string
|
|
|
|
}
|
2015-12-02 18:51:32 +00:00
|
|
|
|
2016-02-14 05:09:17 +00:00
|
|
|
Limiter limiter.LimiterConfig
|
2015-10-13 00:50:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// SSHConfig configures SSH server node role
|
|
|
|
type SSHConfig struct {
|
2016-03-02 02:24:20 +00:00
|
|
|
Enabled bool
|
|
|
|
Token string
|
|
|
|
Addr utils.NetAddr
|
|
|
|
// AdvertiseIP is used to "publish" an alternative IP address this node
|
|
|
|
// can be reached on, if running behind NAT
|
|
|
|
AdvertiseIP net.IP
|
|
|
|
Shell string
|
|
|
|
Limiter limiter.LimiterConfig
|
|
|
|
Labels map[string]string
|
|
|
|
CmdLabels services.CommandLabels
|
2015-10-13 00:50:36 +00:00
|
|
|
}
|
|
|
|
|
2015-10-24 23:04:13 +00:00
|
|
|
// ReverseTunnelConfig configures reverse tunnel role
|
|
|
|
type ReverseTunnelConfig struct {
|
2016-02-14 05:09:17 +00:00
|
|
|
Enabled bool
|
|
|
|
Token string
|
|
|
|
DialAddr utils.NetAddr
|
|
|
|
Limiter limiter.LimiterConfig
|
2015-10-13 00:50:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type NetAddrSlice []utils.NetAddr
|
|
|
|
|
|
|
|
func (s *NetAddrSlice) Set(val string) error {
|
2016-01-29 16:17:12 +00:00
|
|
|
values := make([]string, 0)
|
|
|
|
err := json.Unmarshal([]byte(val), &values)
|
|
|
|
if err != nil {
|
|
|
|
return trace.Wrap(err)
|
|
|
|
}
|
|
|
|
|
2015-10-13 00:50:36 +00:00
|
|
|
out := make([]utils.NetAddr, len(values))
|
|
|
|
for i, v := range values {
|
|
|
|
a, err := utils.ParseAddr(v)
|
|
|
|
if err != nil {
|
|
|
|
return trace.Wrap(err)
|
|
|
|
}
|
|
|
|
out[i] = *a
|
|
|
|
}
|
|
|
|
*s = out
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-01-29 16:17:12 +00:00
|
|
|
type StringArray []string
|
|
|
|
|
|
|
|
func (sa *StringArray) Set(v string) error {
|
|
|
|
if len(*sa) == 0 {
|
|
|
|
*sa = make([]string, 0)
|
|
|
|
}
|
|
|
|
err := json.Unmarshal([]byte(v), sa)
|
|
|
|
if err != nil {
|
|
|
|
return trace.Wrap(err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-10-13 00:50:36 +00:00
|
|
|
type KeyVal map[string]string
|
|
|
|
|
|
|
|
// Set accepts string with arguments in the form "key:val,key2:val2"
|
|
|
|
func (kv *KeyVal) Set(v string) error {
|
|
|
|
if len(*kv) == 0 {
|
|
|
|
*kv = make(map[string]string)
|
|
|
|
}
|
2016-01-29 16:17:12 +00:00
|
|
|
err := json.Unmarshal([]byte(v), kv)
|
|
|
|
if err != nil {
|
|
|
|
return trace.Wrap(err)
|
2015-10-13 00:50:36 +00:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-12-04 17:07:59 +00:00
|
|
|
type CertificateAuthority struct {
|
2016-02-14 05:09:17 +00:00
|
|
|
Type string `json:"type"`
|
|
|
|
ID string `json:"id"`
|
|
|
|
DomainName string `json:"domain_name"`
|
|
|
|
PublicKey string `json:"public_key"`
|
2015-11-29 21:00:23 +00:00
|
|
|
}
|
2015-10-25 23:13:12 +00:00
|
|
|
|
2015-12-04 17:07:59 +00:00
|
|
|
type CertificateAuthorities []CertificateAuthority
|
|
|
|
|
2015-11-29 21:00:23 +00:00
|
|
|
func (c *CertificateAuthorities) SetEnv(v string) error {
|
2015-12-04 17:07:59 +00:00
|
|
|
var certs []CertificateAuthority
|
2015-10-25 23:13:12 +00:00
|
|
|
if err := json.Unmarshal([]byte(v), &certs); err != nil {
|
|
|
|
return trace.Wrap(err, "expected JSON encoded remote certificate")
|
|
|
|
}
|
|
|
|
*c = certs
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-02-16 17:36:02 +00:00
|
|
|
func (a CertificateAuthorities) Authorities() ([]services.CertAuthority, error) {
|
|
|
|
return nil, nil
|
2015-12-04 17:07:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type LocalCertificateAuthority struct {
|
2016-02-14 05:09:17 +00:00
|
|
|
CertificateAuthority `json:"public"`
|
|
|
|
PrivateKey string `json:"private_key"`
|
2015-12-04 17:07:59 +00:00
|
|
|
}
|
2015-10-26 02:30:42 +00:00
|
|
|
|
2015-11-29 21:00:23 +00:00
|
|
|
func (c *LocalCertificateAuthority) SetEnv(v string) error {
|
2015-12-04 17:07:59 +00:00
|
|
|
var ca *LocalCertificateAuthority
|
2015-10-26 02:30:42 +00:00
|
|
|
if err := json.Unmarshal([]byte(v), &ca); err != nil {
|
|
|
|
return trace.Wrap(err, "expected JSON encoded certificate authority")
|
|
|
|
}
|
2015-12-04 17:07:59 +00:00
|
|
|
*c = *ca
|
2015-10-26 02:30:42 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-02-16 17:36:02 +00:00
|
|
|
func (c *LocalCertificateAuthority) CA() (*services.CertAuthority, error) {
|
|
|
|
return nil, nil
|
2015-10-25 23:13:12 +00:00
|
|
|
}
|
2016-02-10 00:09:21 +00:00
|
|
|
|
|
|
|
// MakeDefaultConfig() creates a new Config structure and populates it with defaults
|
2016-02-24 07:35:25 +00:00
|
|
|
func MakeDefaultConfig() (config *Config) {
|
2016-02-10 00:09:21 +00:00
|
|
|
config = &Config{}
|
2016-02-24 07:35:25 +00:00
|
|
|
ApplyDefaults(config)
|
|
|
|
return config
|
2016-02-10 00:09:21 +00:00
|
|
|
}
|
|
|
|
|
2016-02-17 19:58:28 +00:00
|
|
|
// ApplyDefaults applies default values to the existing config structure
|
2016-02-24 07:35:25 +00:00
|
|
|
func ApplyDefaults(cfg *Config) {
|
2016-02-10 00:09:21 +00:00
|
|
|
hostname, err := os.Hostname()
|
|
|
|
if err != nil {
|
2016-02-24 07:35:25 +00:00
|
|
|
hostname = "localhost"
|
|
|
|
log.Errorf("Failed to determine hostname: %v", err)
|
2016-02-10 00:09:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// defaults for the auth service:
|
|
|
|
cfg.Auth.Enabled = true
|
|
|
|
cfg.Auth.SSHAddr = *defaults.AuthListenAddr()
|
|
|
|
cfg.Auth.EventsBackend.Type = defaults.BackendType
|
2016-02-17 03:24:51 +00:00
|
|
|
cfg.Auth.EventsBackend.Params = boltParams(defaults.DataDir, defaults.EventsBoltFile)
|
2016-02-10 00:09:21 +00:00
|
|
|
cfg.Auth.KeysBackend.Type = defaults.BackendType
|
2016-02-17 03:24:51 +00:00
|
|
|
cfg.Auth.KeysBackend.Params = boltParams(defaults.DataDir, defaults.KeysBoltFile)
|
2016-02-10 00:09:21 +00:00
|
|
|
cfg.Auth.RecordsBackend.Type = defaults.BackendType
|
2016-02-17 03:24:51 +00:00
|
|
|
cfg.Auth.RecordsBackend.Params = boltParams(defaults.DataDir, defaults.RecordsBoltFile)
|
2016-02-10 00:09:21 +00:00
|
|
|
defaults.ConfigureLimiter(&cfg.Auth.Limiter)
|
|
|
|
|
|
|
|
// defaults for the SSH proxy service:
|
|
|
|
cfg.Proxy.Enabled = true
|
|
|
|
cfg.Proxy.AssetsDir = defaults.DataDir
|
|
|
|
cfg.Proxy.SSHAddr = *defaults.ProxyListenAddr()
|
|
|
|
cfg.Proxy.WebAddr = *defaults.ProxyWebListenAddr()
|
2016-02-21 22:39:32 +00:00
|
|
|
cfg.ReverseTunnel.Enabled = false
|
2016-02-10 02:52:39 +00:00
|
|
|
cfg.ReverseTunnel.DialAddr = *defaults.ReverseTunnellConnectAddr()
|
|
|
|
cfg.Proxy.ReverseTunnelListenAddr = *defaults.ReverseTunnellListenAddr()
|
2016-02-10 00:09:21 +00:00
|
|
|
defaults.ConfigureLimiter(&cfg.Proxy.Limiter)
|
|
|
|
defaults.ConfigureLimiter(&cfg.ReverseTunnel.Limiter)
|
|
|
|
|
|
|
|
// defaults for the SSH service:
|
|
|
|
cfg.SSH.Enabled = true
|
|
|
|
cfg.SSH.Addr = *defaults.SSHServerListenAddr()
|
2016-02-16 21:18:58 +00:00
|
|
|
cfg.SSH.Shell = defaults.DefaultShell
|
2016-02-10 00:09:21 +00:00
|
|
|
defaults.ConfigureLimiter(&cfg.SSH.Limiter)
|
|
|
|
|
|
|
|
// global defaults
|
|
|
|
cfg.Hostname = hostname
|
|
|
|
cfg.DataDir = defaults.DataDir
|
|
|
|
if cfg.Auth.Enabled {
|
|
|
|
cfg.AuthServers = []utils.NetAddr{cfg.Auth.SSHAddr}
|
|
|
|
}
|
|
|
|
cfg.Console = os.Stdout
|
|
|
|
}
|
|
|
|
|
|
|
|
// Generates a string accepted by the BoltDB driver, like this:
|
|
|
|
// `{"path": "/var/lib/teleport/records.db"}`
|
|
|
|
func boltParams(storagePath, dbFile string) string {
|
|
|
|
return fmt.Sprintf(`{"path": "%s"}`, filepath.Join(storagePath, dbFile))
|
|
|
|
}
|
2016-03-11 01:03:01 +00:00
|
|
|
|
|
|
|
// etcdParams generates a string accepted by the ETCD driver, like this:
|
|
|
|
func etcdParams(peers []string, key string) (string, error) {
|
|
|
|
out, err := json.Marshal(etcdbk.Config{Nodes: peers, Key: key})
|
|
|
|
if err != nil { // don't know what to do seriously
|
|
|
|
return "", trace.Wrap(err)
|
|
|
|
}
|
|
|
|
return string(out), nil
|
|
|
|
}
|