self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 10:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/docker/docker-compose.yml
Sasha Klizhentas 83d0f7e7bb Fix role mapping for trusted clusters 
This commit fixes #3252

Security patches 4.2 introduced a regression - leaf clusters ignore role mapping
and attempt to use role names coming from identity of the root cluster
whenever GetNodes method was used.

This commit reverts back the logic, however it ensures that the original
fix is preserved - traits and groups are updated on the user object.

Integration test has been extended to avoid the regression in the future.
2020-01-15 12:57:33 -08:00

144 lines
3.7 KiB
YAML
Raw Blame History

version: '2'
services:
#
# one is a single-node Teleport cluster called "one" (runs all 3 roles: proxy, auth and node)
#
one:
image: teleport:latest
container_name: one
command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/one.yaml
mem_limit: 300m
memswap_limit: 0
ports:
- "3080:3080"
- "3023:3023"
- "3025:3025"
env_file: env.file
volumes:
- ./data/one:/var/lib/teleport
- ../:/root/go/src/github.com/gravitational/teleport
- certs:/mnt/shared/certs
networks:
teleport:
ipv4_address: 172.10.1.1
aliases:
- one-lb
#
# one-node is a single-node Teleport cluster called "one" (runs all 3 roles: proxy, auth and node)
#
one-node:
image: teleport:latest
container_name: one-node
command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/one-node.yaml
env_file: env.file
mem_limit: 300m
volumes:
- ./data/one-node:/var/lib/teleport
- ../:/root/go/src/github.com/gravitational/teleport
networks:
teleport:
ipv4_address: 172.10.1.20
#
# one-sshd is a single-node Teleport cluster called "one" (runs all 3 roles: proxy, auth and node)
#
one-sshd:
image: teleport:latest
container_name: one-sshd
command: /usr/bin/start-sshd.sh
env_file: env.file
mem_limit: 300m
volumes:
- ./sshd/pam.d/ssh:/etc/pam.d/ssh
- ./sshd/etc/ssh/sshd_config:/etc/ssh/sshd_config
- certs:/mnt/shared/certs
networks:
teleport:
ipv4_address: 172.10.1.21
#
# one-proxy is a second xproxy of the first cluster
#
one-proxy:
image: teleport:latest
container_name: one-proxy
command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/one-proxy.yaml
mem_limit: 300m
ports:
- "4080:3080"
- "4023:3023"
env_file: env.file
volumes:
- ./data/one-proxy:/var/lib/teleport
- ../:/root/go/src/github.com/gravitational/teleport
networks:
teleport:
ipv4_address: 172.10.1.10
aliases:
- one-lb
#
# two-auth is a auth server of the second cluster
#
two-auth:
mem_limit: 300m
image: teleport:latest
container_name: two-auth
command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/two-auth.yaml --insecure
env_file: env.file
volumes:
- ./data/two/auth:/var/lib/teleport
- ../:/root/go/src/github.com/gravitational/teleport
networks:
teleport:
ipv4_address: 172.10.1.2
#
# two-proxy is a proxy service for the second cluster
#
two-proxy:
mem_limit: 300m
image: teleport:latest
container_name: two-proxy
command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/two-proxy.yaml
env_file: env.file
ports:
- "5080:5080"
- "5023:5023"
volumes:
- ./data/two/proxy:/var/lib/teleport
- ../:/root/go/src/github.com/gravitational/teleport
networks:
teleport:
ipv4_address: 172.10.1.3
#
# two-node is a node service for the second cluster
#
two-node:
mem_limit: 300m
image: teleport:latest
container_name: two-node
command: ${CONTAINERHOME}/build/teleport start -d -c ${CONTAINERHOME}/docker/two-node.yaml
env_file: env.file
volumes:
- ./data/two/node:/var/lib/teleport
- ../:/root/go/src/github.com/gravitational/teleport
networks:
teleport:
ipv4_address: 172.10.1.4
networks:
teleport:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.10.1.0/16
ip_range: 172.10.1.0/24
gateway: 172.10.1.254
volumes:
certs:
Reference in a new issue View git blame Copy permalink