Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sasha/ha #853

Closed
wants to merge 32 commits into from
Closed

Sasha/ha #853

wants to merge 32 commits into from

Conversation

klizhentas
Copy link
Contributor

Description

NOTE Do not merge this yet, let's merge this after we release 2.0

This Pull Request refines failure modes for Teleport.

Without this change set:

  • there was in-memory cache that was only invalidated on server restart)
  • in case if all auth servers are down, no new SSH sessions could be created

With this change set:

  • teleport provides explicit control over cache TTL for Proxy and Node
  • cache is persistent and on-disk
  • in case if all auth servers are down, all systems including Proxy (reverse tunnels, etc) and Nodes are functioning
  • introduces throttling for failed auth servers to avoid locks on connection timeouts
  • introduces client-side caching for discovery data
  • introduces new expires metadata property uniformly supported by all resource objects

Documentation

New section cache is now supported in config. This setting is node-local, as it affects local caches for Node and Proxy.

Default value in case if config is not supplied is enabled cache with ttl up to 20 hours

teleport:
  cache:
     # turn off local cache
     enabled: no
teleport:
  cache:
     # turn off local cache
     enabled: yes
    # invalidate cache after 20 hours
     ttl: 20h
teleport:
  cache:
     # turn off local cache
     enabled: yes
    # never expires means that cache for persistent non-expiring values will 
    # never expire effectively keeping SSH or Proxy nodes in "standalone" mode.
    never_expires: yes

@klizhentas klizhentas added this to the 2.1 milestone Mar 21, 2017
@klizhentas
Copy link
Contributor Author

retest this please

@kontsevoy
Copy link
Contributor

hehe, this is basically done but not merged, right?

@kontsevoy
Copy link
Contributor

kontsevoy commented Mar 22, 2017
edited
Loading

Comment regarding the docs: ttl and never_expires are mutually exclusive options without natural expression for preference. It's better to have "never" or "no" (or 0) as acceptable values for ttl to express "never expires" semantics.

@klizhentas
Copy link
Contributor Author

@kontsevoy comments make sense I will update the config.

@russjones russjones closed this Apr 7, 2017
@russjones russjones deleted the sasha/ha branch April 7, 2017 23:55
@kontsevoy
Copy link
Contributor

kontsevoy commented Apr 13, 2017
edited
Loading

@klizhentas do you want to add something to documentation regarding this? Folks are often asking how to login into a cluster if the CA is not available. I can document it if you sent me the rough draft.

This was referenced Jun 8, 2017
Closed
Closed
Closed
@klizhentas klizhentas mentioned this pull request Jul 6, 2017
Closed
hatched pushed a commit to hatched/teleport-merge that referenced this pull request Nov 30, 2022
@gzdunek
Capture tshd logs (gravitational#853)
fdd6485
hatched pushed a commit that referenced this pull request Dec 20, 2022
@gzdunek
Capture tshd logs (#853)
b4f7060
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@russjones russjones russjones approved these changes

@kontsevoy kontsevoy Awaiting requested review from kontsevoy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.2
Development

Successfully merging this pull request may close these issues.
3 participants
@klizhentas @kontsevoy @russjones