mirror of
https://github.com/gravitational/teleport
synced 2024-10-23 02:32:39 +00:00
Started working on multi-site, multi-cluster demo via Docker
This commit is contained in:
parent
af67bfb9a8
commit
389e0a1a75
1
docker/.gitignore
vendored
1
docker/.gitignore
vendored
|
@ -1,2 +1,3 @@
|
|||
data
|
||||
cluster*
|
||||
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
FROM busybox:latest
|
||||
ARG UID
|
||||
ARG UNAME
|
||||
ENV LANGUAGE="en_US.UTF-8" \
|
||||
LANG="en_US.UTF-8" \
|
||||
LC_ALL="en_US.UTF-8" \
|
||||
LC_CTYPE="en_US.UTF-8" \
|
||||
PATH="$PATH:/opt/teleport"
|
||||
RUN adduser $UNAME -u $UID -S -s /bin/sh
|
||||
EXPOSE 3080 3025 3024 3022 3023
|
||||
|
|
|
@ -1,22 +1,78 @@
|
|||
IMAGENAME=teleport:latest
|
||||
|
||||
IP_AUTH_A = 172.10.0.10
|
||||
IP_PROXY_A = 172.10.0.11
|
||||
IP_NODE_A = 172.10.0.12
|
||||
|
||||
IP_AUTH_B = 172.10.0.20
|
||||
IP_PROXY_B = 172.10.0.21
|
||||
IP_NODE_B = 172.10.0.22
|
||||
|
||||
DOCKEROPTS=--net telenet \
|
||||
-P \
|
||||
-u $$(id -u) \
|
||||
-v "$$(pwd)/../build":/opt/teleport \
|
||||
-v /lib:/lib \
|
||||
-v /lib64:/lib64 \
|
||||
-v $$(pwd)/data:/var/lib/teleport
|
||||
-v /lib64:/lib64
|
||||
|
||||
.PHONY: run-auth
|
||||
run-auth: build network
|
||||
docker run -ti --rm=true $(DOCKEROPTS) --ip 172.10.0.10 \
|
||||
.PHONY: auth
|
||||
auth: build network
|
||||
docker run --detach $(DOCKEROPTS) -h $(IP_AUTH_A) --ip $(IP_AUTH_A) --name tele-auth-a \
|
||||
-v $$(pwd)/cluster-a/auth:/var/lib/teleport \
|
||||
$(IMAGENAME) /opt/teleport/teleport start --roles=auth -d
|
||||
docker run --detach $(DOCKEROPTS) -h $(IP_AUTH_B) --ip $(IP_AUTH_B) --name tele-auth-b \
|
||||
-v $$(pwd)/cluster-b/auth:/var/lib/teleport \
|
||||
$(IMAGENAME) /opt/teleport/teleport start --roles=auth -d
|
||||
|
||||
|
||||
.PHONY: proxies
|
||||
proxies: build
|
||||
docker rm -f tele-proxy-a || true
|
||||
docker rm -f tele-proxy-b || true
|
||||
docker run -ti $(DOCKEROPTS) -h $(IP_PROXY_A) --ip $(IP_PROXY_A) --name tele-proxy-a \
|
||||
-v $$(pwd)/cluster-a/proxy:/var/lib/teleport \
|
||||
$(IMAGENAME) /opt/teleport/teleport start --auth-server=$(IP_AUTH_A) --roles=proxy -d
|
||||
# docker run --detach $(DOCKEROPTS) -h $(IP_PROXY_B) --ip $(IP_PROXY_B) --name tele-proxy-b \
|
||||
# -v $$(pwd)/cluster-b/proxy:/var/lib/teleport \
|
||||
# $(IMAGENAME) /opt/teleport/teleport start --auth-server=$(IP_AUTH_B) --roles=proxy -d
|
||||
|
||||
.PHONY: nodes
|
||||
nodes: build
|
||||
docker rm -f tele-node-a || true
|
||||
docker rm -f tele-node-b || true
|
||||
docker run --detach $(DOCKEROPTS) -h $(IP_NODE_A) --ip $(IP_NODE_A) --name tele-node-a \
|
||||
-v $$(pwd)/cluster-a/node:/var/lib/teleport \
|
||||
$(IMAGENAME) \
|
||||
/opt/teleport/teleport start --roles=node -d --token=n7fa9a32893c4ad384865700108a21256 --auth-server=$(IP_AUTH_A):3025
|
||||
docker run --detach $(DOCKEROPTS) -h $(IP_NODE_B) --ip $(IP_NODE_B) --name tele-node-b \
|
||||
-v $$(pwd)/cluster-b/node:/var/lib/teleport \
|
||||
$(IMAGENAME) \
|
||||
/opt/teleport/teleport start --roles=node -d --token=n9e53d9c9ad5501881e0e4c23bfaf01f8 --auth-server=$(IP_AUTH_B):3025
|
||||
|
||||
.PHONY: network
|
||||
network:
|
||||
docker network rm telenet || /bin/true
|
||||
network: kill
|
||||
docker network rm telenet || true
|
||||
docker network create --subnet=172.10.0.0/16 telenet
|
||||
|
||||
.PHONY: build
|
||||
build:
|
||||
docker build --tag $(IMAGENAME) .
|
||||
docker build --build-arg UID=$$(id -u) --build-arg UNAME=$$(id -un) --tag $(IMAGENAME) .
|
||||
|
||||
.PHONY: clean
|
||||
clean: kill
|
||||
rm -rf cluster-*
|
||||
mkdir -p cluster-a/auth
|
||||
mkdir -p cluster-a/proxy
|
||||
mkdir -p cluster-a/node
|
||||
mkdir -p cluster-b/auth
|
||||
mkdir -p cluster-b/proxy
|
||||
mkdir -p cluster-b/node
|
||||
|
||||
.PHONY: kill
|
||||
kill:
|
||||
docker rm -f tele-auth-a || true
|
||||
docker rm -f tele-auth-b || true
|
||||
docker rm -f tele-proxy-a || true
|
||||
docker rm -f tele-proxy-b || true
|
||||
docker rm -f tele-node-a || true
|
||||
docker rm -f tele-node-b || true
|
||||
|
|
|
@ -75,7 +75,6 @@ func InitLoggerForTests() {
|
|||
// FatalError is for CLI front-ends: it detects gravitational.Trace debugging
|
||||
// information, sends it to the logger, strips it off and prints a clean message to stderr
|
||||
func FatalError(err error) {
|
||||
log.Error(err)
|
||||
fmt.Fprintln(os.Stderr, "ERROR: "+UserMessageFromError(err))
|
||||
os.Exit(1)
|
||||
}
|
||||
|
|
|
@ -280,12 +280,14 @@ func (u *UserCommand) Add(client *auth.TunClient) error {
|
|||
if err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
hostname := "teleport-proxy"
|
||||
if len(proxies) == 0 {
|
||||
return trace.Errorf("Cannot add users to a cluster without a proxy")
|
||||
fmt.Println("\x1b[1mWARNING\x1b[0m: this Teleport cluster does not have any proxy servers online.\nYou need to start some to be able to login.\n")
|
||||
} else {
|
||||
hostname = proxies[0].Hostname
|
||||
}
|
||||
hostname := proxies[0].Hostname
|
||||
url := web.CreateSignupLink(net.JoinHostPort(hostname, strconv.Itoa(defaults.HTTPListenPort)), token)
|
||||
fmt.Printf("Signup token has been created and is valid for %v seconds. Share this URL with the user:\n%v\n\nNOTE: make sure the hostname is accessible!\n", defaults.MaxSignupTokenTTL.Seconds(), url)
|
||||
fmt.Printf("Signup token has been created and is valid for %v seconds. Share this URL with the user:\n%v\n\nNOTE: make sure '%s' is accessible!\n", defaults.MaxSignupTokenTTL.Seconds(), url, hostname)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -25,10 +25,6 @@ Examples:
|
|||
AddNodeHelp = `Notes:
|
||||
This command generates and prints a one-time invitation token another node can
|
||||
use to join the cluster.
|
||||
|
||||
Specify this token via --proxy-server flag when starting Teleport on that
|
||||
node. The token is only used for the initial inter-node certificate signing
|
||||
and ignored afterwards.
|
||||
`
|
||||
ListNodesHelp = `Notes:
|
||||
SSH nodes send periodic heartbeat to the Auth service. This command prints
|
||||
|
|
Loading…
Reference in a new issue