diff --git a/docker/one.yaml b/docker/one.yaml
index a9f1cd8c6da..66b3b42cb84 100644
--- a/docker/one.yaml
+++ b/docker/one.yaml
@@ -2,7 +2,8 @@
 teleport:
   nodename: one
   log:
-    severity: DEBUG
+    output: /var/lib/teleport/teleport.log
+    severity: INFO
 
 auth_service:
   enabled: yes
@@ -13,7 +14,7 @@ auth_service:
   # to enable trusted clusters, execute `tctl auth export > data/two/two.ca` inside container "two-auth"
   # and then uncomment this and restart container "one"
   trusted_clusters:
-  # - key_file: /root/go/src/github.com/gravitational/teleport/docker/data/two/two.ca
+       - key_file: /root/go/src/github.com/gravitational/teleport/docker/data/two/two.ca
 
 ssh_service:
   enabled: yes
diff --git a/docker/two-auth.yaml b/docker/two-auth.yaml
index a1f3f430123..416ac97db83 100644
--- a/docker/two-auth.yaml
+++ b/docker/two-auth.yaml
@@ -9,15 +9,15 @@ auth_service:
   enabled: yes
   cluster_name: two
   tokens: 
-       - "node,auth,proxy:xxx"
+    - "node,auth,proxy:xxx"
   listen_addr: 172.10.1.2:3025
 
   # to enable trusted clusters, execute `tctl auth export > data/one.ca` inside container "one"
   # and then restart container "two-auth"
   trusted_clusters:
-  #     - key_file: /root/go/src/github.com/gravitational/teleport/docker/data/one/one.ca
-  #       allow_logins: root
-  #       tunnel_addr: one
+    - key_file: /root/go/src/github.com/gravitational/teleport/docker/data/one/one.ca
+      allow_logins: root
+      tunnel_addr: one
 
 ssh_service:
   enabled: yes
diff --git a/lib/services/role.go b/lib/services/role.go
index 41b3255ff5a..039f0de0890 100644
--- a/lib/services/role.go
+++ b/lib/services/role.go
@@ -137,7 +137,8 @@ type Role interface {
 	SetMaxSessionTTL(duration time.Duration)
 	// SetNamespaces sets a list of namespaces this role has access to
 	SetNamespaces(namespaces []string)
-	// CanForwardAgent returns is this role is allowed
+	// CanForwardAgent returns true if this role is allowed
+	// to request agent forwarding
 	CanForwardAgent() bool
 	// SetForwardAgent sets forward agent property
 	SetForwardAgent(forwardAgent bool)
@@ -218,7 +219,8 @@ func (r *RoleV2) GetResources() map[string][]string {
 	return r.Spec.Resources
 }
 
-// CanForwardAgent returns is this role is allowed
+// CanForwardAgent returns true if this role is allowed
+// to request agent forwarding
 func (r *RoleV2) CanForwardAgent() bool {
 	return r.Spec.ForwardAgent
 }