This commit introduces signal handling.
Parent teleport process is now capable of forking
the child process and passing listeners file descriptors
to the child.
Parent process then can gracefully shutdown
by tracking the amount of current connections and
closing listeners once the amount goes to 0.
Here are the signals handled:
* USR2 signal will cause the parent to fork
a child process and pass listener file descriptors to it.
Child process will close unused file descriptors
and will bind to the used ones.
At this moment two processes - the parent
and the forked child process will be serving requests.
After looking at the traffic and the log files,
administrator can either shut down the parent process
or the child process if the child process is not functioning
as expected.
* TERM, INT signals will trigger graceful process shutdown.
Auth, node and proxy processes will wait until the amount
of active connections goes down to 0 and will exit after that.
* KILL, QUIT signals will cause immediate non-graceful
shutdown.
* HUP signal combines USR2 and TERM signals in a convenient
way: parent process will fork a child process and
self-initate graceful shutdown. This is a more convenient
than USR2/TERM sequence, but less agile and robust
as if the connection to the parent process drops, but
the new process exits with error, administrators
can lock themselves out of the environment.
Additionally, boltdb backend has to be phased out,
as it does not support read/writes by two concurrent
processes. This had required refactoring of the dir
backend to use file locking to allow inter-process
collaboration on read/write operations.
SearchEvents and SearchSessionEvents set
default limits of fetched events of 500 up to 10K events
per interval.
No UI changes are required, as users will be able
to refine the search interval to fetch more sessions.
This commit makes sure that trusted cluster resource
name is the same name as the cluster name it conects to.
If user supplies name of the trusted cluster resource
that is different from the cluster name, the warning
will be issued and trusted cluster will be renamed.
Upgrade procedure renames existing trusted clusters
in place.
If user supplies trusted cluster without role
mappings, or with role mappings referring to
non-existent roles that do not exist, the
error will be returned.
Support configuration for web and reverse tunnel
proxies to listen on the same port.
* Default config are not changed for backwards compatibility.
* If administrator configures web and reverse tunnel
addresses to be on the same port, multiplexing is turned on
* In trusted clusters configuration reverse_tunnel_addr
defaults to web_addr.
* Session events are delivered in continuous
batches in a guaranteed order with every event
and print event ordered from session start.
* Each auth server writes to a separate folder
on disk to make sure that no two processes write
to the same file at a time.
* When retrieving sessions, auth servers fetch
and merge results recorded by each auth server.
* Migrations and compatibility modes are in place
for older clients not aware of the new format,
but compatibility mode is not NFS friendly.
* On disk migrations are launched automatically
during auth server upgrades.
This commit adds remote cluster resource that specifies
connection and trust of the remote trusted cluster to the local
cluster. Deleting remote cluster resource deletes trust
established between clusters on the local cluster side
and terminates all reverse tunnel connections.
Migrations make sure that remote cluster resources exist
after upgrade of the auth server.
This commit introduced mutual TLS authentication
for auth server API server.
Auth server multiplexes HTTP over SSH - existing
protocol and HTTP over TLS - new protocol
on the same listening socket.
Nodes and users authenticate with 2.5.0 Teleport
using TLS mutual TLS except backwards-compatibility
cases.
This was fixed running the `misspell` linter in fix mode using
`gometalinter`. The exact command I ran was :
```
gometalinter --vendor --disable-all -E misspell --linter='misspell:misspell -w {path}:^(?P<path>.*?\.go):(?P<line>\d+):(?P<col>\d+):\s*(?P<message>.*)$' ./...
```
Some typo were fixed by hand on top of it.
Instead of quietly changing behavior because `DEBUG` envar was set to
true, Teleport now explicitly requires scary --insecure flag to enable
this behavior.
This commit:
* Improves on the previous commit on better name resolution by the proxy
(and fixes a bug introduced by the previous commit)
* Removes 'host_login' from tsh client profile. Closes#729
This commit adds several improvements to how CLI SSH login works
- Validated keys are added to the SSH agent [1]
- tsh will does not verify host keys twice anymore
- error messages for "access denied" look clean now
[1] This is huge. This means that tsh login can "feed" the keys to the
built-in SSH agents of the OS and OpenSSH can fetch them from there.
QUESTION: why do we even need `tsh agent` option then? ssh-agent is
installed on every Linux/OSX machine.
Teleport YAML config now has a new configuration variable for internal
use by Gravitational:
```yaml
teleport:
seed_config: true
```
If set to 'true', Teleport treats YAML configuration simply as a seed
configuration on first start.
If set to 'false' (default for OSS version), Teleport will throw away
its back-end config, treating YAML config as the only source of truth.
Specifically, for now, the following settings are thrown away if not
found in YAML:
- trusted authorities
- reverse tunnels
TunClient always tries to dial the statically configured auth server
first, before trying "discovered" ones.
The rationale is that --auth flag must override whatever dynamic auth
servers have been discovered (because sometimes their IPs are wrong, if
advertise-ip was misconfigured)
Closes#416Fixes#416