README
¶
Gravitational Teleport as MacOS Library
| Project Links | Description |
|---|---|
| Teleport Website | The official website of the project |
| Teleport Github | The Github repository |
Introduction
Teleport is a modern SSH service built by Gravitational for remotely accessing clusters of Linux servers via SSH. Teleport has many excellent features: the most unmentioned one of it all is to be built as a MacOS library (or any other platform for that matter).
PocketCluster is a MacOS cluster manager application which lets its users "Click and Build" a SBC (Single Board Computer) cluster. The application needed a cluster-wise internal service that could bond a MacOS master and several SBC slaves in a secure and reliable way; Teleport fitted in the role.
Building Teleport as Library
Teleport source code consists of the actual Teleport service and client binary written in Golang. They are built into static library, and their symbols are exposed in C space.
#!/bin/bash
# Exit if any command fails
set -e
# Figure out where things are coming from and going to
export GOROOT="/opt/go-1.7.6"
export GOREPO=${GOREPO:-"${HOME}/Workspace/POCKETPKG"}
export GOWORKPLACE=${GOWORKPLACE:-"${HOME}/Workspace/GOPLACE"}
export GOPATH="${GOREPO}:${GOWORKPLACE}"
export GO=${GOROOT}/bin/go
export GG_BUILD="${PWD}/../../.build"
export ARCHIVE="${GG_BUILD}/pc-core.a"
#PATH=${PATH:-"$GEM_HOME/ruby/2.0.0/bin:$HOME/.util:$GOROOT/bin:$GOREPO/bin:$GOWORKPLACE/bin:$HOME/.util:$NATIVE_PATH"}
export PATH="$GOROOT/bin:$GOREPO/bin:$GOWORKPLACE/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"
export VERBOSE=${VERBOSE:-0}
# Clean old directory
if [ -d ${GG_BUILD} ]; then
rm -rf ${GG_BUILD} && mkdir -p ${GG_BUILD}
fi
echo "--- --- --- --- --- --- --- --- --- --- --- --- GO ENVIRONMENTS --- --- --- --- --- --- --- --- --- --- --- ---"
echo $(GO version)
GO env
echo "--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---"
echo "Make the temp folders for go objects"
mkdir -p ${GG_BUILD}
echo "Generate _cgo_export.h and copy into source folder"
${GO} tool cgo -objdir ${GG_BUILD} native_*.go main.go
echo "Compile and produce object files"
# [Default mode] First trial
#CGO_ENABLED=1 CC=clang ${GO} build -ldflags '-tmpdir '${GG_BUILD}' -linkmode external' ./...
# [Default mode] External clang linker
#CGO_ENABLED=1 CC=clang ${GO} build -v -x -ldflags '-v -tmpdir '${GG_BUILD}' -linkmode external -extld clang' ./...
# [Archive mode]
#CGO_ENABLED=1 CC=clang ${GO} build -v -x -buildmode=c-archive -ldflags '-v -tmpdir '${GG_BUILD}' -linkmode external' ./...
# [Shared mode] go.dwarf file
#CGO_ENABLED=1 CC=clang ${GO} build -v -x -buildmode=c-shared -ldflags '-v -tmpdir '${GG_BUILD}' -linkmode external' ./...
# [Archive mode] prevents go.dwarf generated (-w), strip symbol (-s)
#CGO_ENABLED=1 CC=clang ${GO} build -v -x -buildmode=c-archive -ldflags '-v -w -s -tmpdir '${GG_BUILD}' -linkmode external' ./...
# [Default mode] default mode (we need main() function), disable go.dwarf generation (-w), strip symbol (-s)
if [[ ${VERBOSE} -eq 1 ]]; then
CGO_ENABLED=1 CC=clang ${GO} build -v -x -ldflags '-v -s -w -tmpdir '${GG_BUILD}' -linkmode external' ./...
else
# (2017/11/15) -v=2 link flag is added to unused method removal
# https://go-review.googlesource.com/c/go/+/20483
CGO_ENABLED=1 CC=clang ${GO} build -ldflags '-s -w -v=2 -tmpdir '${GG_BUILD}' -linkmode external' ./...
fi
echo "Combine the object files into a static library"
ar rcs ${ARCHIVE} ${GG_BUILD}/*.o
mv ${GG_BUILD}/_cgo_export.h ${GG_BUILD}/pc-core.h
rm static*
echo "${ARCHIVE} generated!"
Status
This project is not maintained.
Documentation
¶
Overview ¶
DO NOT EDIT THIS FILE. IT IS GENERATED BY 'make setver'
Index ¶
Constants ¶
View Source
const ( // BoltBackendType is a BoltDB backend BoltBackendType = "bolt" // ETCDBackendType is etcd backend ETCDBackendType = "etcd" // TOTPValidityPeriod is the number of seconds a TOTP token is valid. TOTPValidityPeriod uint = 30 // TOTPSkew adds that many periods before and after to the validity window. TOTPSkew uint = 1 // Component indicates a component of teleport, used for logging Component = "component" // ComponentFields stores component-specific fields ComponentFields = "fields" // ComponentReverseTunnel is reverse tunnel agent and server // that together establish a bi-directional SSH revers tunnel // to bypass firewall restrictions ComponentReverseTunnel = "reversetunnel" // ComponentAuth is the cluster CA node (auth server API) ComponentAuth = "auth" // ComponentNode is SSH node (SSH server serving requests) ComponentNode = "node" // ComponentProxy is SSH proxy (SSH server forwarding connections) ComponentProxy = "proxy" // ComponentTunClient is a tunnel client ComponentTunClient = "tunclient" // DefaultTimeout sets read and wrie timeouts for SSH server ops DefaultTimeout time.Duration = 30 * time.Second // DebugOutputEnvVar tells tests to use verbose debug output DebugOutputEnvVar = "TELEPORT_DEBUG" // DefaultTerminalWidth defines the default width of a server-side allocated // pseudo TTY DefaultTerminalWidth = 80 // DefaultTerminalHeight defines the default height of a server-side allocated // pseudo TTY DefaultTerminalHeight = 25 // SafeTerminalType is the fall-back TTY type to fall back to (when $TERM // is not defined) SafeTerminalType = "xterm" // ConnectorOIDC means connector type OIDC ConnectorOIDC = "oidc" // DataDirParameterName is the name of the data dir configuration parameter passed // to all backends during initialization DataDirParameterName = "data_dir" // SSH request type to keep the connection alive. A client and a server keep // pining each other with it: KeepAliveReqType = "keepalive@openssh.com" // OTP means One-time Password Algorithm. OTP = "otp" // TOTP means Time-based One-time Password Algorithm. TOTP = "totp" // HOTP means HMAC-based One-time Password Algorithm. HOTP = "hotp" // U2F means Universal 2nd Factor. U2F = "u2f" // OIDC means OpenID Connect. OIDC = "oidc" )
View Source
const ForeverTTL time.Duration = 0
ForeverTTL means that object TTL will not expire unless deleted
View Source
const ( // Certificate file/ db entry/ db table prefix PocketClusterCertPrefix string = "pcssh_" )
View Source
const ( // SQLiteBackendType is a SQLite backend SQLiteBackendType string = "sqlite" )
View Source
const SSHAuthSock = "SSH_AUTH_SOCK"
SSHAuthSock is the environment variable pointing to the Unix socket the SSH agent is running on.
View Source
const (
Version = "1.3.1"
)
Variables ¶
View Source
var Gitref string
Functions ¶
This section is empty.
Types ¶
type Role ¶
type Role string
Role identifies the role of SSH server connection
const ( // RoleAuth is for teleport auth server (authority, authentication and authorization) RoleAuth Role = "Auth" // RoleUser is a role for teleport SSH user RoleUser Role = "User" // RoleWeb is for web access users RoleWeb Role = "Web" // RoleNode is a role for SSH node in the cluster RoleNode Role = "Node" // RoleProxy is a role for SSH proxy in the cluster RoleProxy Role = "Proxy" // RoleAdmin is admin role RoleAdmin Role = "Admin" // RoleProvisionToken is a role for nodes authenticated using provisioning tokens RoleProvisionToken Role = "ProvisionToken" // RoleSignup is for first time signing up users RoleSignup Role = "Signup" )
func (*Role) Check ¶
Check checks if this a a valid role value, returns nil if it's ok, false otherwise
type Roles ¶
type Roles []Role
func ParseRoles ¶
ParseRoles takes a comma-separated list of roles and returns a slice of roles, or an error if parsing failed
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
integration package tests Teleport on a high level creating clusters of servers in memory, connecting them together and connecting to them
|
integration package tests Teleport on a high level creating clusters of servers in memory, connecting them together and connecting to them |
|
lib
|
|
|
auth
Package auth implements certificate signing authority and access control server Authority server is composed of several parts:
|
Package auth implements certificate signing authority and access control server Authority server is composed of several parts: |
|
backend
Package backend represents interface for accessing local or remote storage
|
Package backend represents interface for accessing local or remote storage |
|
backend/boltbk
Package boltbk implements BoltDB backed backend for standalone instances and test mode, you should use Etcd in production
|
Package boltbk implements BoltDB backed backend for standalone instances and test mode, you should use Etcd in production |
|
backend/etcdbk
Package etcdbk implements Etcd powered backend
|
Package etcdbk implements Etcd powered backend |
|
backend/test
Package test contains a backend acceptance test suite that is backend implementation independant each backend will use the suite to test itself
|
Package test contains a backend acceptance test suite that is backend implementation independant each backend will use the suite to test itself |
|
defaults
Package defaults contains default constants set in various parts of teleport codebase
|
Package defaults contains default constants set in various parts of teleport codebase |
|
events
Package events currently implements the audit log using a simple filesystem backend.
|
Package events currently implements the audit log using a simple filesystem backend. |
|
httplib
Package httplib implements common utility functions for writing classic HTTP handlers
|
Package httplib implements common utility functions for writing classic HTTP handlers |
|
limiter
Package limiter implements connection and rate limiters for teleport
|
Package limiter implements connection and rate limiters for teleport |
|
reversetunnel
Package reversetunnel sets up persistent reverse tunnel between remote site and teleport proxy, when site agents dial to teleport proxy's socket and teleport proxy can connect to any server through this tunnel.
|
Package reversetunnel sets up persistent reverse tunnel between remote site and teleport proxy, when site agents dial to teleport proxy's socket and teleport proxy can connect to any server through this tunnel. |
|
service
Package service implements teleport running service, takes care of initialization, cleanup and shutdown procedures
|
Package service implements teleport running service, takes care of initialization, cleanup and shutdown procedures |
|
services
Package services implements statefule services provided by teleport, like certificate authority management, user and web sessions, events and logs.
|
Package services implements statefule services provided by teleport, like certificate authority management, user and web sessions, events and logs. |
|
services/local
Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd
|
Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd |
|
session
Package session is used for bookeeping of SSH interactive sessions that happen in realtime across the teleport cluster
|
Package session is used for bookeeping of SSH interactive sessions that happen in realtime across the teleport cluster |
|
sshutils/scp
Package scp handles file uploads and downloads via scp command
|
Package scp handles file uploads and downloads via scp command |
|
web
Package web implements web proxy handler that provides web interface to view and connect to teleport nodes
|
Package web implements web proxy handler that provides web interface to view and connect to teleport nodes |
|
tool
|
|
Click to show internal directories.
Click to hide internal directories.