mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 09:44:51 +00:00
3e144cb900
This commit implements #1860 During the the rotation procedure issuing TLS and SSH certificate authorities are re-generated and all internal components of the cluster re-register to get new credentials. The rotation procedure is based on a distributed state machine algorithm - certificate authorities have explicit rotation state and all parts of the cluster sync local state machines by following transitions between phases. Operator can launch CA rotation in auto or manual modes. In manual mode operator moves cluster bewtween rotation states and watches the states of the components to sync. In auto mode state transitions are happening automatically on a specified schedule. The design documentation is embedded in the code: lib/auth/rotate.go |
||
---|---|---|
.. | ||
agent.go | ||
agentpool.go | ||
api.go | ||
cache.go | ||
discovery.go | ||
doc.go | ||
localsite.go | ||
peer.go | ||
remotesite.go | ||
srv.go |