You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Native AWS reference deployment. (Lots of gotchas resolved/addressed in real world AWS deployment, such as security group settings, host uuid generation and secrets propagation) AWS friendly configuration #1545
Audit and session logs have been moved from /var/lib/teleport/log to /var/lib/teleport/log/<auth-server-id>. So that every auth server logs to a separate directory to avoid conflicts in cases when logging to NFS. This could be not very user friendly because by default auth server ID is auto generated, so the logs will reside here: /var/lib/teleport/log/e0e32cba-6d52-4ae3-8dea-d649729e728b/2018-02-21.00\:00\:00.log. This is a problem easy to solve, as for new auth servers joining the cluster, admins can pre-set auth server id echo "auth1" > /var/lib/teleport/host_uuid and auth servers will get unique, but friendly auth server ID if necessary. This is helpful so admins can set up log forwarders and know the folder to look at in advance.
The text was updated successfully, but these errors were encountered:
These items should be included in changelog (adding more stuff):
Features:
Added EFS and NFS support for multiple auth servers. (2.4.0 HA auth servers will corrupt the data on NFS) Audit data corruption on NFS volumes #1351
Switch to new TLS based auth server protocol. Improves performance Mutual TLS Auth server and clients #1528
Native AWS reference deployment. (Lots of gotchas resolved/addressed in real world AWS deployment, such as security group settings, host uuid generation and secrets propagation)
AWS friendly configuration #1545
Archival of interactive sessions (this reduces memory required for EFS/NFS session records) Support gzip for session recording #1579
Downtime-less redeploys support and signal handling. Teleport signal handling and live reload. #1679
Add support for custom auth tokens Add support for custom tokens. #1615
Improve error loggigng with external identities (Provide better error message when SAML provider is not sending attribute statements #1554, Better error message when local user conflicts with SAML user #1553, Make errors more visible #1599)
Check for client and server version compatibility Introduce version checking and fix YAML lists #1665
Bugfixes:
Proper setup of SSH principals in proxy (this is required for HA SSH proxies behind the load balancer).
Proxy HA Configuration #1174
Tsh logout now logs out of all sessions tsh logout #1541
Fix creating multiple resources in YAML lists and tctl Creating multiple resources does not work with yaml lists #1663
Web UI login causes panic Web UI login causes panic #1558
Behavior changes
Trusted cluster resources are now forced to be named as the cluster name Trusted cluster resource name == cluster name #1543 (Old cluster resources will work, but will be renamed)
Session list in UI is limited to 1000 sessions Bring in some limits to the session list #1632
Audit and session logs have been moved from
/var/lib/teleport/logto/var/lib/teleport/log/<auth-server-id>. So that every auth server logs to a separate directory to avoid conflicts in cases when logging to NFS. This could be not very user friendly because by default auth server ID is auto generated, so the logs will reside here:/var/lib/teleport/log/e0e32cba-6d52-4ae3-8dea-d649729e728b/2018-02-21.00\:00\:00.log. This is a problem easy to solve, as for new auth servers joining the cluster, admins can pre-set auth server idecho "auth1" > /var/lib/teleport/host_uuidand auth servers will get unique, but friendly auth server ID if necessary. This is helpful so admins can set up log forwarders and know the folder to look at in advance.The text was updated successfully, but these errors were encountered: