Zero-config Vagrant environment with trusted clusters

leolujuyi · Jun 21, 2016 · 020a540 · 020a540
1 parent c6b5eb5
commit 020a540
Show file tree

Hide file tree

Showing 9 changed files with 79 additions and 34 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,9 @@
+# this file gets generated by make
 gitref.go
 
+# usually release tarballs get in the way
+*.gz
+
 # built web assets
 web/dist/app/app
 

diff --git a/lib/config/fileconf.go b/lib/config/fileconf.go
@@ -314,7 +314,10 @@ type ConnectionLimits struct {
 
 // Log configures teleport logging
 type Log struct {
-	Output   string `yaml:"output,omitempty"`
+	// Output defines where logs go. It can be one of the following: "stderr", "stdout" or
+	// a path to a log file
+	Output string `yaml:"output,omitempty"`
+	// Severity defines how verbose the log will be. Possible valus are "error", "info", "warn"
 	Severity string `yaml:"severity,omitempty"`
 }
 

diff --git a/vagrant/.gitignore b/vagrant/.gitignore
@@ -1 +1,2 @@
 .vagrant
+data/var
diff --git a/vagrant/data/opt/a-auth/teleport.yaml b/vagrant/data/opt/a-auth/teleport.yaml
@@ -0,0 +1,28 @@
+# Auth for cluster-A
+teleport:
+  nodename: auth-a
+  log:
+    output: stderr
+    severity: INFO
+
+auth_service:
+   enabled: yes
+   cluster_name: cluster-a
+   tokens: 
+       - "node:hello"
+   trusted_clusters:
+      - key_file: /var/lib/teleport/cluster-b
+        allow_logins: root,vagrant
+        tunnel_addr: b-auth
+
+ssh_service:
+  enabled: yes
+  labels:
+      role: ca
+  commands:
+      - name: kernel
+        command: [/bin/uname, -r]
+        period: 5m
+
+proxy_service:
+  enabled: yes
diff --git a/vagrant/libvirt/data/opt/a-node.yaml → vagrant/data/opt/a-node/teleport.yaml b/vagrant/libvirt/data/opt/a-node.yaml → vagrant/data/opt/a-node/teleport.yaml
@@ -1,6 +1,6 @@
 # Node for cluster-A
 teleport:
-  nodename: node
+  nodename: node-a
   auth_token: hello
   auth_servers: [a-auth]
   log:
@@ -12,6 +12,12 @@ auth_service:
 
 ssh_service:
   enabled: yes
+  labels:
+      role: node
+  commands:
+      - name: kernel
+        command: [/bin/uname, -r]
+        period: 5m
 
 proxy_service:
   enabled: no
diff --git a/vagrant/libvirt/data/opt/b-auth.yaml → vagrant/data/opt/b-auth/teleport.yaml b/vagrant/libvirt/data/opt/b-auth.yaml → vagrant/data/opt/b-auth/teleport.yaml
@@ -8,8 +8,8 @@ teleport:
 auth_service:
   enabled: yes
   cluster_name: cluster-b
-#  trusted_clusters:
-#      - key_file: /opt/shared/cluster-a
+  trusted_clusters:
+      - key_file: /var/lib/teleport/cluster-a
 
 ssh_service:
   enabled: yes

diff --git a/vagrant/libvirt/Vagrantfile b/vagrant/libvirt/Vagrantfile
@@ -12,12 +12,8 @@
 # NOTE: uses libvirt/KVM instead of Virtualbox
 NODES = {
   "a-auth"  => "10.0.10.10", 
-#  "a-proxy" => "10.0.10.11", 
   "a-node"  => "10.0.10.12",
-
   "b-auth"  => "10.0.10.20", 
-#  "b-proxy" => "10.0.10.21", 
-#  "b-node"  => "10.0.10.22"
 }
 
 DOCKER_VER ||= "1.10.3"
@@ -29,13 +25,11 @@ Vagrant.configure(2) do |config|
 
   basic_config(config.vm)
   configure_ssh(config.vm)
-  apt_update(config.vm)
+  #apt_update(config.vm)
   install_docker(config.vm, DOCKER_VER)
+  configure_teleport(config.vm)
 
   config.vm.synced_folder "../../", "/home/vagrant/teleport", type: "9p", disabled: false, accessmode: "mapped"
-  config.vm.synced_folder "data/opt", "/opt/teleport", type: "9p", disabled: false, accessmode: "mapped"
-  FileUtils.mkpath("data/var")
-  config.vm.synced_folder "data/var", "/opt/shared", type: "9p", disabled: false, accessmode: "mapped"
 
   NODES.each do |role, addr|
       config.vm.define role do |config|
@@ -46,10 +40,24 @@ Vagrant.configure(2) do |config|
               vb.cpus = 1
               vb.memory = 512
           end
+          config.vm.synced_folder "../data/opt/#{role}", "/opt/teleport", type: "9p", disabled: false, accessmode: "mapped"
+          config.vm.synced_folder "../data/var/#{role}", "/var/lib/teleport", type: "rsync", disabled: false
       end
   end 
 end
 
+
+def configure_teleport(vm)
+  vm.provision "file", source: '../teleport.service', destination: '/tmp/teleport.service'
+  vm.provision "shell", inline: <<-SHELL
+    cp -f /tmp/teleport.service /etc/systemd/system/
+    systemctl daemon-reload
+    systemctl enable teleport.service
+    systemctl start teleport.service
+  SHELL
+end
+
+
 def install_docker(vm, docker_version)
   vm.provision "file", source: '../docker.service', destination: '/tmp/docker.service'
   vm.provision "file", source: '../docker.socket', destination: '/tmp/docker.socket'

diff --git a/vagrant/libvirt/data/opt/a-auth.yaml b/vagrant/libvirt/data/opt/a-auth.yaml
diff --git a/vagrant/teleport.service b/vagrant/teleport.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Teleport SSH server
+After=network.target 
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=5
+ExecStartPre=/bin/mkdir -p /var/lib/teleport
+ExecStart=/home/vagrant/teleport/build/teleport start -c /opt/teleport/teleport.yaml
+MountFlags=slave
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+
+[Install]
+WantedBy=multi-user.target