commit: 84bfc434f8c894981faf7cc55ced6430ab67b159 Author: Graeme Lawes <graemelawes <AT> gmail <DOT> com> AuthorDate: Sun Jul 8 17:03:21 2018 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Thu Jul 26 20:39:32 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84bfc434
sys-cluster/teleport: add v2.6.7 sys-cluster/teleport/Manifest | 1 + sys-cluster/teleport/files/teleport-2.6.yaml | 130 +++++++++++++++++++++++++++ sys-cluster/teleport/teleport-2.6.7.ebuild | 49 ++++++++++ 3 files changed, 180 insertions(+) diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest index 739e3918ea0..ec5a8a5af89 100644 --- a/sys-cluster/teleport/Manifest +++ b/sys-cluster/teleport/Manifest @@ -3,3 +3,4 @@ DIST teleport-2.4.5.tar.gz 9975753 BLAKE2B cdb6e577cd565cf6760d73c92cac674571e9b DIST teleport-2.5.2.tar.gz 16211219 BLAKE2B 28d0d1bb8d01fba39e79a262744b69a9df27438b9dbb0a25cd23acd57b6004a7f2309e432c0db4188c2e023a0b0299fd64723acfd57c1328d2345bba08fff4a9 SHA512 58fad4015824b9077bbd13cc3c6a994e5a54ed367264477854da7b129eea04c4cba44a580650a259b01f390a9f2028d7501df2ac4ab4821d085bbfe1cd887ec5 DIST teleport-2.5.6.tar.gz 16216649 BLAKE2B e5ae8645d59df2684601dab5c222399d89b356592774365ffbca4e3f2d9ed745f2839902ee1e244c7b7eb300230d771daa754bbbbe29fc8e79f833715094d4f2 SHA512 fae1eb53ff45115551c5002745303cd0e9a044557e6e56cda870a57531700bb68e23b59d2930ac2dd654b200732edc3ed9432e1bc0e9dbf0e7529e980599a323 DIST teleport-2.5.8.tar.gz 16219666 BLAKE2B dd64ef4ca5b26e025e46c88d58e7ec226810b583c4b740416f6cc0caec5ea7d050c732368917ec34c5f8a36c7670d2903baa6c32203a2c5cac972e3a2b4bcbbb SHA512 070eebc889adde017641a833ee0e414c5f56848ac36fa96fb66e83062212307904e8264da758042765ba13d6a0c1b4f5314c1b0e90a2c37723ef1c0aa22889be +DIST teleport-2.6.7.tar.gz 16655508 BLAKE2B a020ab999b7503cb7aec54ed81532baf9d08b98000f2c659f63859d89f7f2b5fb311c41d6fcafb7d9bf72ea1c97eecfc6ac621b7c90d74f5afe2717edb8b0402 SHA512 45002dcf7b99108ca6fffae94d6608188eb9b0bea05cd14068618bfb11c496cad5546e261f349fee70f2acb574e7fc44093683dd991001e01406da6982c5c4c3 diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml new file mode 100644 index 00000000000..384dea937c9 --- /dev/null +++ b/sys-cluster/teleport/files/teleport-2.6.yaml @@ -0,0 +1,130 @@ +# By default, this file should be stored in /etc/teleport.yaml +## IMPORTANT ## +#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters +# This section of the configuration file applies to all teleport +# services. +teleport: + # nodename allows to assign an alternative name this node can be reached by. + # by default it's equal to hostname + # nodename: graviton + + # Data directory where Teleport keeps its data, like keys/users for + # authentication (if using the default BoltDB back-end) + data_dir: /var/lib/teleport + + # one-time invitation token used to join a cluster. it is not used on + # subsequent starts + auth_token: xxxx-token-xxxx + + # when running in multi-homed or NATed environments Teleport nodes need + # to know which IP it will be reachable at by other nodes + # public_addr: 10.1.0.5 + + # list of auth servers in a cluster. you will have more than one auth server + # if you configure teleport auth to run in HA configuration + auth_servers: + - localhost:3025 + + # Teleport throttles all connections to avoid abuse. These settings allow + # you to adjust the default limits + connection_limits: + max_connections: 1000 + max_users: 250 + + # Logging configuration. Possible output values are 'stdout', 'stderr' and + # 'syslog'. Possible severity values are INFO, WARN and ERROR (default). + log: + output: stderr + severity: ERROR + + # Type of storage used for keys. You need to configure this to use etcd + # backend if you want to run Teleport in HA configuration. + storage: + type: bolt + +# This section configures the 'auth service': +auth_service: + enabled: yes + + # defines the types and second factors the auth server supports + authentication: + # second_factor can be off, otp, or u2f + second_factor: otp + + # this section is only used if using u2f + u2f: + # app_id should point to the Web UI. + app_id: https://localhost:3080 + + # facets should list all proxy servers. + facets: + - https://localhost + - https://localhost:3080 + + # IP and the port to bind to. Other Teleport nodes will be connecting to + # this port (AKA "Auth API" or "Cluster API") to validate client + # certificates + listen_addr: 0.0.0.0:3025 + + # Pre-defined tokens for adding new nodes to a cluster. Each token specifies + # the role a new node will be allowed to assume. The more secure way to + # add nodes is to use `ttl node add --ttl` command to generate auto-expiring + # tokens. + # + # We recommend to use tools like `pwgen` to generate sufficiently random + # tokens of 32+ byte length. + tokens: + - "proxy,node:xxxxx" + - "auth:yyyy" + + # Optional "cluster name" is needed when configuring trust between multiple + # auth servers. A cluster name is used as part of a signature in certificates + # generated by this CA. + # + # By default an automatically generated GUID is used. + # + # IMPORTANT: if you change cluster_name, it will invalidate all generated + # certificates and keys (may need to wipe out /var/lib/teleport directory) + cluster_name: "main" + +# This section configures the 'node service': +ssh_service: + enabled: yes + # IP and the port for SSH service to bind to. + listen_addr: 0.0.0.0:3022 + # See explanation of labels in "Labeling Nodes" section below + labels: + role: master + type: postgres + # List (YAML array) of commands to periodically execute and use + # their output as labels. + # See explanation of how this works in "Labeling Nodes" section below + commands: + - name: hostname + command: [/usr/bin/hostname] + period: 1m0s + - name: arch + command: [/usr/bin/uname, -p] + period: 1h0m0s + +# This section configures the 'proxy servie' +proxy_service: + enabled: yes + # SSH forwarding/proxy address. Command line (CLI) clients always begin their + # SSH sessions by connecting to this port + listen_addr: 0.0.0.0:3023 + + # Reverse tunnel listening address. An auth server (CA) can establish an + # outbound (from behind the firewall) connection to this address. + # This will allow users of the outside CA to connect to behind-the-firewall + # nodes. + tunnel_listen_addr: 0.0.0.0:3024 + + # The HTTPS listen address to serve the Web UI and also to authenticate the + # command line (CLI) users via password+HOTP + web_listen_addr: 0.0.0.0:3080 + + # TLS certificate for the HTTPS connection. Configuring these properly is + # critical for Teleport security. + https_key_file: /etc/teleport/teleport.key + https_cert_file: /etc/teleport/teleport.crt diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild new file mode 100644 index 00000000000..a187d11ee22 --- /dev/null +++ b/sys-cluster/teleport/teleport-2.6.7.ebuild @@ -0,0 +1,49 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit golang-build systemd + +DESCRIPTION="Modern SSH server for teams managing distributed infrastructure" +HOMEPAGE="https://gravitational.com/teleport"; + +EGO_PN="github.com/gravitational/${PN}/..." + +if [[ ${PV} == "9999" ]] ; then + inherit git-r3 golang-vcs + EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"; +else + inherit golang-vcs-snapshot + SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm" +fi + +IUSE="pam" +LICENSE="Apache-2.0" +RESTRICT="test strip" +SLOT="0" + +DEPEND="app-arch/zip" +RDEPEND="pam? ( sys-libs/pam )" + +src_compile() { + BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full +} + +src_install() { + keepdir /var/lib/${PN} /etc/${PN} + dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport} + + insinto /etc/${PN} + newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml + + newinitd "${FILESDIR}"/${PN}.init.d ${PN} + newconfd "${FILESDIR}"/${PN}.conf.d ${PN} + + systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service + systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service +} + +src_test() { + BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test +}
