Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: tsh login should support --bind parameter #2620

Closed
osterman opened this issue Mar 23, 2019 · 11 comments
Closed

Feature Request: tsh login should support --bind parameter #2620

osterman opened this issue Mar 23, 2019 · 11 comments
Assignees
@kontsevoy
Labels
documentation

Comments

@osterman
Copy link

osterman commented Mar 23, 2019
edited
Loading

What happened:

Running tsh login inside of a docker container on "Docker for Mac" opens a server on a random port that we cannot access. We cannot use --net=host on "Docker for Mac", so we need a way to explicitly port map a port to the container.

What you expected to happen:

We expected tsh login support an argument to specify an explicit port.

For example, we use kubectl proxy inside of the same container. With kubectl proxy, we do the following:

kubectl proxy --port=12345 --address=0.0.0.0 --accept-hosts='.*'

With tsh login, we would expect to be able to do something similar:

tsh login --bind=0.0.0.0:12345

Which would permit us to do something like this when we start up our container:

docker run -it -p 12345:12345 ourcontainer sh
@klizhentas klizhentas self-assigned this Mar 23, 2019
@kontsevoy
Copy link
Contributor

kontsevoy commented Mar 25, 2019
edited
Loading

Love it. Two considerations:

  • --bind-addr is more explicit and consistent with Teleport's flag/parameter naming.
  • --bind-addr is obviously more convenient than separate --bind-port and --bind-address but it makes it a bit harder (but not impossible) to support IPv6, i.e.
$ tsh login --bind-addr=[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:12345

.. should work.

@osterman
Copy link
Author

@kontsevoy thanks for your vote! Your considerations make sense to me.

@osterman
Copy link
Author

osterman commented Mar 26, 2019
edited
Loading

One more feature request related to this: support TSH_LOGIN_BIND_ADDR environment variable so we can set this at the container level.

e.g.

export TSH_LOGIN_BIND_ADDR="[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:12345"

@osterman
Copy link
Author

osterman commented Apr 3, 2019

@klizhentas any updates on this? We are blocked on this for one of our Teleport Enterprise customers and will soon have this with another Enterprise customer =)

@klizhentas
Copy link
Contributor

@osterman understood. We will roll this for 3.2.x patch early next week.

@klizhentas
Copy link
Contributor

working on this right now

@osterman
Copy link
Author

osterman commented Apr 9, 2019

Thanks for the update @klizhentas

@klizhentas
Copy link
Contributor

Working versions:

# host:port
tsh login  --bind-addr=localhost:3333
# just port (all interfaces)
tsh login --bind-addr=:3333
# ipv6 format
tsh login --bind-addr=[::1]:3333
# pass through environment variable
TELEPORT_LOGIN_BIND_ADDR=localhost:7777 tsh login

@klizhentas klizhentas assigned kontsevoy and unassigned klizhentas Apr 10, 2019
klizhentas added a commit that referenced this issue Apr 10, 2019
@klizhentas
Add --bind-addr, fixes #2620
b8acc79 
This commit adds `--bind-addr` flag to tsh login
and TELEPORT_LOGIN_BIND_ADDR environment variable
to set up login bind address for SSO redirect flows.

Usage examples:

```
tsh login  --bind-addr=localhost:3333
tsh login --bind-addr=:3333
tsh login --bind-addr=[::1]:3333
TELEPORT_LOGIN_BIND_ADDR=localhost:7777 tsh login
```
@osterman
Copy link
Author

Beautiful!! @Nuru can you give this a go?

klizhentas added a commit that referenced this issue Apr 10, 2019
@klizhentas
Add --bind-addr, fixes #2620
9aeb929 
This commit adds `--bind-addr` flag to tsh login
and TELEPORT_LOGIN_BIND_ADDR environment variable
to set up login bind address for SSO redirect flows.

Usage examples:

```
tsh login  --bind-addr=localhost:3333
tsh login --bind-addr=:3333
tsh login --bind-addr=[::1]:3333
TELEPORT_LOGIN_BIND_ADDR=localhost:7777 tsh login
```
@Nuru Nuru mentioned this issue Apr 12, 2019
Merged
@Nuru
Copy link

Nuru commented Apr 12, 2019
edited
Loading

Not a complete solution, @osterman. See #2646 (comment)

klizhentas added a commit that referenced this issue Apr 15, 2019
@klizhentas
Add --bind-addr, fixes #2620
074a3db 
This commit adds `--bind-addr` flag to tsh login
and TELEPORT_LOGIN_BIND_ADDR environment variable
to set up login bind address for SSO redirect flows.

Usage examples:

```
tsh login  --bind-addr=localhost:3333
tsh login --bind-addr=:3333
tsh login --bind-addr=[::1]:3333
TELEPORT_LOGIN_BIND_ADDR=localhost:7777 tsh login
```

Refactor redirect flow and fix URLs for --bind-addr
@Nuru Nuru mentioned this issue Apr 16, 2019
Merged
@osterman osterman mentioned this issue Apr 18, 2019
Merged
@osterman
Copy link
Author

@klizhentas we got everything working in geodesic. We can now tsh login inside our containers. Thanks so much for helping us get this working.

@benarent benarent mentioned this issue Jul 23, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kontsevoy kontsevoy

Labels
documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@klizhentas @osterman @kontsevoy @Nuru