- reduced number of goroutines
- reduced number of 'sleep constants', settling on just one:
`defaults.HeartbeatPeriod`
- increased the interval
Fixes#358
auth server. This is needed when you configure cluster from scratch and
all nodes including auth server spin up simultaneously.
* Add tctl tools to generate keys and certificates
+ Command "tctl authorities gen" generates public and private keypair.
+ Command "tctl authorities gencert" generates public and private keypair signed
by existng private key
+ Command "tctl authorities export" was modified to be able to export exisitng private
CA keys to local storage
All of these commands are hidden by default.
section "static configuration"
* Add ability to configure teleport from environment variable
Environment variable TELEPORT_CONFIG can contain base64 encoded
YAML file config file of the standard file format, so teleport will use it on start
* Add special secrets section to the config file
Section "secrets" was updated to support pre-configured trusted CA keys and pre-generated keys
* Add special rts hidden section to add support for provisioning
Reverse tunnels are now first class citizens of teleport.
There's no longer static configuration for reverse tunnel agents
in the config. Instead, admins can add and remove reverse tunnels
using tctl reversetunnel (hidden) commands.
* tctl reversetunnel ls
lists reverse tunnels
* tctl reversetunnel upsert a.example.com 10.0.0.4:2023,10.0.0.5:2033 --ttl=10m
updates or inserts reverse tunnel for 10 minutes
* tctl reversetunnel del a.example.com
deletes a reverse tunnel
Teleport proxies watch changes in the reverse tunnels on the backend and
spin up / spin down reverse tunnels according to these changes.
This commit includes refactoring and cleanup of cert authority sybsystem:
* User keys methods are deleted
* Authorities CRUD is simplified
* Lots of code removed