1. data_dir is now a global setting in teleport.yaml (instead of being
inside of "storage" sub-section)
2. changing data_dir in one place causes all of teleport to use it,
not just bolt backends.
3. moving auth server to listen on non-default ports properly adjusts
the global auth_servers setting
4. `tctl` now accepts -c flag just like Teleport, so you can pass
`teleprot.yaml` to it.
Fixes#432Fixes#431Fixes#430
TunClient always tries to dial the statically configured auth server
first, before trying "discovered" ones.
The rationale is that --auth flag must override whatever dynamic auth
servers have been discovered (because sometimes their IPs are wrong, if
advertise-ip was misconfigured)
Closes#416Fixes#416
Teleport CA-signed host certificates used to support only one
server role per cert.
This commit adds the ability to store multiple roles in a
certificate, paving the road for multi-role node support in
a near future.
1. Server now always uses UTC timestamps for certificates it ussues
2. Client doesn't store cert validBefore time in separate files, it
parses the cert itself.
Fixes#370
- reduced number of goroutines
- reduced number of 'sleep constants', settling on just one:
`defaults.HeartbeatPeriod`
- increased the interval
Fixes#358
...by teleport clients + servers, meaning:
1. Servers do not default to stdout when printing startup messages
2. Clients can use arbitrary input/output instead of stdin/stdout when
doing SSH/join. This helps with integration testing.
- Fixed all tests
- Removed "magic constants" in random places
- Improved 'retry connecting to auth server' logic (it used to always
fail on 1st attempt)