Added S3 third party support (#3054)

gravitational · Oct 18, 2019 · dfba559 · dfba559
1 parent af7ce33
commit dfba559
Show file tree

Hide file tree

Showing 59 changed files with 6,735 additions and 126 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 4.1.1
+
+This release of Teleport contains a bug fix.
+
+* Fixed an issue with multi-cluster EKS when the Teleport proxy runs outside EKS. [#3070](https://github.com/gravitational/teleport/pull/3070)
+
 ## 4.1.0
 
 This is a major Teleport release with a focus on stability and bug fixes.

diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Makefile b/Makefile
@@ -10,7 +10,7 @@
 # Naming convention:
 #	for stable releases we use "1.0.0" format
 #   for pre-releases, we use   "1.0.0-beta.2" format
-VERSION=4.2.0-alpha.1
+VERSION=4.2.0-alpha.2
 
 DOCKER_IMAGE ?= quay.io/gravitational/teleport
 

diff --git a/build.assets/Dockerfile-fips b/build.assets/Dockerfile-fips
@@ -0,0 +1,35 @@
+# This Dockerfile makes the FIPS "build box": the container used to build official
+# FIPS releases of Teleport and its documentation.
+FROM quay.io/gravitational/buildbox-base:1.0
+
+ARG UID
+ARG GID
+
+COPY pam/pam_teleport.so /lib/x86_64-linux-gnu/security
+COPY pam/teleport-acct-failure /etc/pam.d
+COPY pam/teleport-session-failure /etc/pam.d
+COPY pam/teleport-success /etc/pam.d
+
+RUN apt-get update; apt-get install -q -y libpam-dev libc6-dev-i386 net-tools tree
+
+RUN (groupadd jenkins --gid=$GID -o && useradd jenkins --uid=$UID --gid=$GID --create-home --shell=/bin/sh ;\
+     mkdir -p /var/lib/teleport && chown -R jenkins /var/lib/teleport)
+
+# Install etcd.
+RUN (curl -L https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz | tar -xz ;\
+     cp etcd-v3.3.9-linux-amd64/etcd* /bin/)
+
+# Install Go.
+ARG RUNTIME
+RUN mkdir -p /opt && cd /opt && curl https://go-boringcrypto.storage.googleapis.com/${RUNTIME}b4.linux-amd64.tar.gz | tar xz;\
+    mkdir -p /gopath/src/github.com/gravitational/teleport;\
+    chmod a+w /gopath;\
+    chmod a+w /var/lib;\
+    chmod a-w /
+
+ENV GOPATH="/gopath" \
+    GOROOT="/opt/go" \
+    PATH="$PATH:/opt/go/bin:/gopath/bin:/gopath/src/github.com/gravitational/teleport/build"
+
+VOLUME ["/gopath/src/github.com/gravitational/teleport"]
+EXPOSE 6600 2379 2380
diff --git a/build.assets/Makefile b/build.assets/Makefile
@@ -2,6 +2,7 @@
 # This Makefile is used for producing official Teleport releases
 #
 BBOX=teleport-buildbox:latest
+BBOXFIPS=teleport-buildbox-fips:latest
 
 DOCSBOX=teleport-docsbox:latest
 DOCSHOST=teleport-docs
@@ -53,6 +54,17 @@ bbox:
 		--build-arg RUNTIME=$(RUNTIME) \
 		--tag $(BBOX) .
 
+#
+# Builds a Docker buildbox for FIPS
+#
+.PHONY:bbox-fips
+bbox-fips:
+	docker build \
+		--build-arg UID=$$(id -u) \
+		--build-arg GID=$$(id -g) \
+		--build-arg RUNTIME=$(RUNTIME) \
+		--tag $(BBOXFIPS) -f Dockerfile-fips .
+
 #
 # Builds a Docker container for building mkdocs documentation
 #
@@ -141,6 +153,16 @@ release: bbox
 	docker run $(DOCKERFLAGS) -i $(NOROOT) $(BBOX) \
 		/usr/bin/make release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(RUNTIME)
 
+#
+# Create a Teleport FIPS package using the build container.
+# This is a special case because it only builds and packages the Enterprise FIPS binaries, no OSS.
+#
+.PHONY:release-fips
+release-fips: bbox-fips
+	@if [ -z ${VERSION} ]; then echo "VERSION is not set"; exit 1; fi
+	docker run $(DOCKERFLAGS) -i $(NOROOT) $(BBOXFIPS) \
+		/usr/bin/make -C e release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(RUNTIME) FIPS=yes VERSION=$(VERSION) GITTAG=v$(VERSION)-fips
+
 #
 # Create a Windows Teleport package using the build container.
 #

diff --git a/build.assets/charts/Dockerfile-fips b/build.assets/charts/Dockerfile-fips
@@ -0,0 +1,23 @@
+FROM ubuntu:18.04
+
+# Install dumb-init and ca-certificate. The dumb-init package is to ensure
+# signals and orphaned processes are are handled correctly. The ca-certificate
+# package is installed because the base Ubuntu image does not come with any
+# certificate authorities.
+#
+# Note that /var/lib/apt/lists/* is cleaned up in the same RUN command as
+# "apt-get update" to reduce the size of the image.
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get install --no-install-recommends -y \
+    dumb-init \
+    ca-certificates \
+    && update-ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Bundle "teleport", "tctl", and "tsh" binaries into image.
+ADD teleport /usr/local/bin/teleport
+ADD tctl /usr/local/bin/tctl
+ADD tsh /usr/local/bin/tsh
+
+# By setting this entry point, we expose make target as command.
+ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml", "--fips"]