This is to support Teleconsole/Telecast features, namely:
- When a user is added programmatically, it's actually returned.
- When a server is being created, it will not create users if
they exist already, instead it will just sign their public keys
Teleport configuration now has a new field: NoAudit (false by default,
which means audit is always on).
When this option is set, Teleport will not record events and will not
record sessions.
It's implemented by adding "DiscardLogger" which implements the same
interface as teh real logger, and it's plugged into the system instead.
NOTE: this option is not exposed in teleport in any way: no config file,
no switch, etc. I quickly needed it for Telecast.
Teleport YAML config now has a new configuration variable for internal
use by Gravitational:
```yaml
teleport:
seed_config: true
```
If set to 'true', Teleport treats YAML configuration simply as a seed
configuration on first start.
If set to 'false' (default for OSS version), Teleport will throw away
its back-end config, treating YAML config as the only source of truth.
Specifically, for now, the following settings are thrown away if not
found in YAML:
- trusted authorities
- reverse tunnels
1. data_dir is now a global setting in teleport.yaml (instead of being
inside of "storage" sub-section)
2. changing data_dir in one place causes all of teleport to use it,
not just bolt backends.
3. moving auth server to listen on non-default ports properly adjusts
the global auth_servers setting
4. `tctl` now accepts -c flag just like Teleport, so you can pass
`teleprot.yaml` to it.
Fixes#432Fixes#431Fixes#430
Teleport CA-signed host certificates used to support only one
server role per cert.
This commit adds the ability to store multiple roles in a
certificate, paving the road for multi-role node support in
a near future.
1. Server now always uses UTC timestamps for certificates it ussues
2. Client doesn't store cert validBefore time in separate files, it
parses the cert itself.
Fixes#370
- reduced number of goroutines
- reduced number of 'sleep constants', settling on just one:
`defaults.HeartbeatPeriod`
- increased the interval
Fixes#358
...by teleport clients + servers, meaning:
1. Servers do not default to stdout when printing startup messages
2. Clients can use arbitrary input/output instead of stdin/stdout when
doing SSH/join. This helps with integration testing.
- Fixed all tests
- Removed "magic constants" in random places
- Improved 'retry connecting to auth server' logic (it used to always
fail on 1st attempt)