Started working on multi-site, multi-cluster demo via Docker

2024-10-23 02:32:39 +00:00 · 2016-05-09 16:27:50 -07:00 · 2016-05-09 16:27:50 -07:00 · 389e0a1a75
parent af67bfb9a8
commit 389e0a1a75
6 changed files with 74 additions and 16 deletions
--- a/docker/.gitignore
+++ b/docker/.gitignore
@ -1,2 +1,3 @@
 data
+cluster*

--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -1,6 +1,10 @@
 FROM busybox:latest
+ARG UID
+ARG UNAME
 ENV LANGUAGE="en_US.UTF-8" \
    LANG="en_US.UTF-8" \
    LC_ALL="en_US.UTF-8" \
    LC_CTYPE="en_US.UTF-8" \
    PATH="$PATH:/opt/teleport"
+RUN adduser $UNAME -u $UID -S -s /bin/sh
+EXPOSE 3080 3025 3024 3022 3023
--- a/docker/Makefile
+++ b/docker/Makefile
@ -1,22 +1,78 @@
 IMAGENAME=teleport:latest
+
+IP_AUTH_A  = 172.10.0.10
+IP_PROXY_A = 172.10.0.11
+IP_NODE_A  = 172.10.0.12
+
+IP_AUTH_B  = 172.10.0.20
+IP_PROXY_B = 172.10.0.21
+IP_NODE_B  = 172.10.0.22
+
 DOCKEROPTS=--net telenet \
 		-P \
 		-u $$(id -u) \
 		-v "$$(pwd)/../build":/opt/teleport \
 		-v /lib:/lib \
-		-v /lib64:/lib64 \
-		-v $$(pwd)/data:/var/lib/teleport
+		-v /lib64:/lib64

-.PHONY: run-auth
-run-auth: build network
-	docker run -ti --rm=true $(DOCKEROPTS) --ip 172.10.0.10 \
+.PHONY: auth
+auth: build network
+	docker run --detach $(DOCKEROPTS) -h $(IP_AUTH_A) --ip $(IP_AUTH_A) --name tele-auth-a \
+		-v $$(pwd)/cluster-a/auth:/var/lib/teleport \
+		$(IMAGENAME) /opt/teleport/teleport start --roles=auth -d
+	docker run --detach $(DOCKEROPTS) -h $(IP_AUTH_B) --ip $(IP_AUTH_B) --name tele-auth-b \
+		-v $$(pwd)/cluster-b/auth:/var/lib/teleport \
 		$(IMAGENAME) /opt/teleport/teleport start --roles=auth -d

+
+.PHONY: proxies
+proxies: build 
+	docker rm -f tele-proxy-a || true
+	docker rm -f tele-proxy-b || true
+	docker run -ti $(DOCKEROPTS) -h $(IP_PROXY_A) --ip $(IP_PROXY_A) --name tele-proxy-a \
+		-v $$(pwd)/cluster-a/proxy:/var/lib/teleport \
+		$(IMAGENAME) /opt/teleport/teleport start --auth-server=$(IP_AUTH_A) --roles=proxy -d
+#	docker run --detach $(DOCKEROPTS) -h $(IP_PROXY_B) --ip $(IP_PROXY_B) --name tele-proxy-b \
+#		-v $$(pwd)/cluster-b/proxy:/var/lib/teleport \
+#		$(IMAGENAME) /opt/teleport/teleport start --auth-server=$(IP_AUTH_B) --roles=proxy -d
+
+.PHONY: nodes
+nodes: build
+	docker rm -f tele-node-a || true
+	docker rm -f tele-node-b || true
+	docker run --detach $(DOCKEROPTS) -h $(IP_NODE_A) --ip $(IP_NODE_A) --name tele-node-a \
+		-v $$(pwd)/cluster-a/node:/var/lib/teleport \
+		$(IMAGENAME) \
+		/opt/teleport/teleport start --roles=node -d --token=n7fa9a32893c4ad384865700108a21256 --auth-server=$(IP_AUTH_A):3025
+	docker run --detach $(DOCKEROPTS) -h $(IP_NODE_B) --ip $(IP_NODE_B) --name tele-node-b \
+		-v $$(pwd)/cluster-b/node:/var/lib/teleport \
+		$(IMAGENAME) \
+		/opt/teleport/teleport start --roles=node -d --token=n9e53d9c9ad5501881e0e4c23bfaf01f8 --auth-server=$(IP_AUTH_B):3025
+
 .PHONY: network
-network:
-	docker network rm telenet || /bin/true
+network: kill
+	docker network rm telenet || true
 	docker network create --subnet=172.10.0.0/16 telenet

 .PHONY: build
 build:
-	docker build --tag $(IMAGENAME) .
+	docker build --build-arg UID=$$(id -u) --build-arg UNAME=$$(id -un) --tag $(IMAGENAME) .
+
+.PHONY: clean
+clean: kill
+	rm -rf cluster-*
+	mkdir -p cluster-a/auth
+	mkdir -p cluster-a/proxy
+	mkdir -p cluster-a/node
+	mkdir -p cluster-b/auth
+	mkdir -p cluster-b/proxy
+	mkdir -p cluster-b/node
+
+.PHONY: kill
+kill:
+	docker rm -f tele-auth-a || true
+	docker rm -f tele-auth-b || true
+	docker rm -f tele-proxy-a || true
+	docker rm -f tele-proxy-b || true
+	docker rm -f tele-node-a || true
+	docker rm -f tele-node-b || true
--- a/lib/utils/cli.go
+++ b/lib/utils/cli.go
@ -75,7 +75,6 @@ func InitLoggerForTests() {
 // FatalError is for CLI front-ends: it detects gravitational.Trace debugging
 // information, sends it to the logger, strips it off and prints a clean message to stderr
 func FatalError(err error) {
-	log.Error(err)
 	fmt.Fprintln(os.Stderr, "ERROR: "+UserMessageFromError(err))
 	os.Exit(1)
 }
--- a/tool/tctl/main.go
+++ b/tool/tctl/main.go
@ -280,12 +280,14 @@ func (u *UserCommand) Add(client *auth.TunClient) error {
 	if err != nil {
 		return trace.Wrap(err)
 	}
+	hostname := "teleport-proxy"
 	if len(proxies) == 0 {
-		return trace.Errorf("Cannot add users to a cluster without a proxy")
+		fmt.Println("\x1b[1mWARNING\x1b[0m: this Teleport cluster does not have any proxy servers online.\nYou need to start some to be able to login.\n")
+	} else {
+		hostname = proxies[0].Hostname
 	}
-	hostname := proxies[0].Hostname
 	url := web.CreateSignupLink(net.JoinHostPort(hostname, strconv.Itoa(defaults.HTTPListenPort)), token)
-	fmt.Printf("Signup token has been created and is valid for %v seconds. Share this URL with the user:\n%v\n\nNOTE: make sure the hostname is accessible!\n", defaults.MaxSignupTokenTTL.Seconds(), url)
+	fmt.Printf("Signup token has been created and is valid for %v seconds. Share this URL with the user:\n%v\n\nNOTE: make sure '%s' is accessible!\n", defaults.MaxSignupTokenTTL.Seconds(), url, hostname)
 	return nil
 }

--- a/tool/tctl/usage.go
+++ b/tool/tctl/usage.go
@ -25,10 +25,6 @@ Examples:
 	AddNodeHelp = `Notes:
  This command generates and prints a one-time invitation token another node can 
  use to join the cluster. 
-  
-  Specify this token via --proxy-server flag when starting Teleport on that 
-  node. The token is only used for the initial inter-node certificate signing 
-  and ignored afterwards.
 `
 	ListNodesHelp = `Notes:
  SSH nodes send periodic heartbeat to the Auth service. This command prints