From 1662535bf5d9ddd199c068979c72e370f18103b7 Mon Sep 17 00:00:00 2001 From: Zac Bergquist Date: Mon, 6 Jun 2022 10:58:28 -0600 Subject: [PATCH] Remove deprecated fileconfig options (#13101) trusted_clusters and dynamic_config have long been deprecated and should have been removed in Teleport 2.4.1. --- docker/README.md | 61 +++++++------------------------- lib/config/fileconf.go | 10 ------ vagrant/opt/a-auth/teleport.yaml | 8 ++--- vagrant/opt/b-auth/teleport.yaml | 10 ++---- 4 files changed, 18 insertions(+), 71 deletions(-) diff --git a/docker/README.md b/docker/README.md index 5a6dd2cf751e4..4f376d7c88463 100644 --- a/docker/README.md +++ b/docker/README.md @@ -3,7 +3,7 @@ This directory contains Docker-based flow to run Teleport clusters locally for testing & development purposes. -### Building +### Building First, you need to build `teleport:latest` Docker image. @@ -15,7 +15,7 @@ $ cd docker $ make build ``` -### Starting +### Starting ```bash $ make up @@ -42,10 +42,10 @@ $ make export-certs ### Configuration -Look at the [Makefile](Makefile): the containers are started with their -`/var/lib/teleport` mounted to `data/one` or `data/two` on a host. +Look at the [Makefile](Makefile): the containers are started with their +`/var/lib/teleport` mounted to `data/one` or `data/two` on a host. -The configuration is passed via YAML files located in `/teleport/docker/xxx.yaml` +The configuration is passed via YAML files located in `/teleport/docker/xxx.yaml` inside each container. Since the cluster data is preserved between restarts, so you can edit the configuration @@ -79,12 +79,10 @@ For cluster "two": $ make enter-two ``` -... and then you can use stuff like `tctl users add`, etc. Make sure to pass +... and then you can use stuff like `tctl users add`, etc. Make sure to pass the YAML file to `tctl` via `-c` flag. -### Trusted Clusters - -#### Trusted Clusters with Resources +### Trusted Clusters with Resources 1. Update `two-role.yaml` and replace `username_goes_here` with your username. 1. Create a `Role` and `TrustedCluster` resource on Cluster Two. @@ -95,41 +93,6 @@ the YAML file to `tctl` via `-c` flag. tctl -c /root/go/src/github.com/gravitational/teleport/docker/two-auth.yaml create -f docker/two-tc.yaml ``` -#### Trusted Clusters with File Configuration - -##### Export CAs - -Run the following commands to export your CAs. - -```bash -# enter cluster two and export ca -make enter-two -tctl -c /root/go/src/github.com/gravitational/teleport/docker/two-auth.yaml auth export > docker/data/two/two.ca -exit - -# enter cluster one and export ca -make enter-one -tctl auth export > docker/data/one/one.ca -exit -``` - -##### Upate Configuration - -Stop both clusters with `make stop`, update the file configuration for both clusters, and start again with `make`. - -```bash -# update docker/one.yaml with the following under "auth_service" -trusted_clusters: - - key_file: /root/go/src/github.com/gravitational/teleport/docker/data/two/two.ca -``` -```bash -# update docker/two-auth.yaml with the following under "auth_service" -trusted_clusters: - - key_file: /root/go/src/github.com/gravitational/teleport/docker/data/one/one.ca - allow_logins: root - tunnel_addr: one -``` - ### Ansible To setup Ansible: @@ -174,7 +137,7 @@ To setup Ansible: ```bash $ ansible all -m ping 172.10.1.2 | success >> { - "changed": false, + "changed": false, "ping": "pong" } ``` @@ -188,13 +151,13 @@ To setup Ansible: # run playbook ansible-playbook playbook.yaml ``` - + ### Interactive Usage -Also you can start an empty container from which you can manually invoke `teleport start`. +Also you can start an empty container from which you can manually invoke `teleport start`. This is similar to launching an empty Linux VM with a Teleport binary. -To get shell inside the same "one" (single-node cluster) container without +To get shell inside the same "one" (single-node cluster) container without Teleport running: ```bash @@ -203,7 +166,7 @@ $ make shell NOTE: If you get "network already exists" error, do `make stop` first. -Once inside, you'll get the same `/var/lib/teleport` as "one", so you +Once inside, you'll get the same `/var/lib/teleport` as "one", so you can start (and even build) `teleport` daemon manually. This container also comes with a fully configured `screen` so you can treat it as a real VM. diff --git a/lib/config/fileconf.go b/lib/config/fileconf.go index 544aaedbbc533..282ab76aee316 100644 --- a/lib/config/fileconf.go +++ b/lib/config/fileconf.go @@ -647,16 +647,6 @@ type Auth struct { // to 3rd party auth servers we trust) ReverseTunnels []ReverseTunnel `yaml:"reverse_tunnels,omitempty"` - // TrustedClustersFile is a file path to a file containing public CA keys - // of clusters we trust. One key per line, those starting with '#' are comments - // Deprecated: Remove in Teleport 2.4.1. - TrustedClusters []TrustedCluster `yaml:"trusted_clusters,omitempty"` - - // DynamicConfig determines when file configuration is pushed to the backend. Setting - // it here overrides defaults. - // Deprecated: Remove in Teleport 2.4.1. - DynamicConfig *bool `yaml:"dynamic_config,omitempty"` - // PublicAddr sets SSH host principals and TLS DNS names to auth // server certificates PublicAddr apiutils.Strings `yaml:"public_addr,omitempty"` diff --git a/vagrant/opt/a-auth/teleport.yaml b/vagrant/opt/a-auth/teleport.yaml index 7e7341f4b522f..f0c46a4b5a12d 100644 --- a/vagrant/opt/a-auth/teleport.yaml +++ b/vagrant/opt/a-auth/teleport.yaml @@ -8,10 +8,8 @@ teleport: auth_service: cluster_name: a.local listen_addr: 0.0.0.0:5025 - tokens: + tokens: - "node:hello" - trusted_clusters: - - key_file: /etc/b.ca ssh_service: listen_addr: 0.0.0.0:5022 @@ -23,6 +21,6 @@ ssh_service: period: 5m proxy_service: - listen_addr: 0.0.0.0:5023 - web_listen_addr: 0.0.0.0:5080 + listen_addr: 0.0.0.0:5023 + web_listen_addr: 0.0.0.0:5080 tunnel_listen_addr: 0.0.0.0:5024 diff --git a/vagrant/opt/b-auth/teleport.yaml b/vagrant/opt/b-auth/teleport.yaml index 7c52a6432c9c7..053dfe613b4a4 100644 --- a/vagrant/opt/b-auth/teleport.yaml +++ b/vagrant/opt/b-auth/teleport.yaml @@ -8,12 +8,8 @@ teleport: auth_service: cluster_name: b.local listen_addr: 0.0.0.0:5025 - tokens: + tokens: - "node:hello" - trusted_clusters: - - key_file: /etc/a.ca - allow_logins: root,vagrant - tunnel_addr: a-auth:5024 ssh_service: listen_addr: 0.0.0.0:5022 @@ -25,6 +21,6 @@ ssh_service: period: 5m proxy_service: - listen_addr: 0.0.0.0:5023 - web_listen_addr: 0.0.0.0:5080 + listen_addr: 0.0.0.0:5023 + web_listen_addr: 0.0.0.0:5080 tunnel_listen_addr: 0.0.0.0:5024