Several 2.0 regression fixes

[kontsevoy]

I recommend reviewing this PR by looking at each commit individually. Commits are well-annotated and easy to understand.

The summary:

1. Fixed BoltDB backend: 'path' is not set, initializing teleport with config file. #867 by "promoting" a top-level data_dir configuration value into back-end's params section. This was the original intent, there was even code which was looking up for this value, but it was never copied.
2. Fixed Every log message under systemd is logged twice #875 by properly switching between syslog and stderr. Also cleaned up logging initialization, it's much easier to understand now.
3. Found and killed some dead code: there was a function nobody ever called.
4. Added comments here and there
5. Fixed Makefile in build.assets so it doesn't destroy VERSION variable anymore, so when you call make -C build.assets release you get a properly formatted tarball.
6. Fixed SSH exec unit test on OSX.
7. Fixed forwarding request denied unit test that failed on macOS.

Notes

I am at Kubecon, so if you see issues with this PR please fix yourself, do not wait for me to return. Thanks!

[russjones]

I can reproduce the forwarding request denied issue, let me hunt that down.

[russjones]

The reason the agent forwarding test was failing on macOS while passing on Linux was due to the path length restrictions on macOS for Unix sockets. From the the UNIX(4) manpage: UNIX-domain addresses are variable-length file system pathnames of at most 104 characters..

I shortened the UUID to the first 8 characters and also made the tests more cross platform friendly (used os.TempDir instead of /tmp because macOS temporary directories look something like /var/folders/00/l7kftvrn2tx7cv0_w2x_c4_c0000gn/T/).

[klizhentas]

@russjones spotted some issues

[klizhentas]

@russjones this overwrites the user-supplied value at all times, what should not be the case. We should only overwrite the value if user haven't supplied the value. You can fix that yourself as @kontsevoy is OOO at the moment.

[kontsevoy]

@klizhentas there are no user-supplied values in StorageConfig.Params [1]. Storage config is a static, backend-specific YAML configuration, with "data_dir" being a reserved word. In fact, we guarantee the presence of "data_dir" in .Params (and back-end code expects it to be there) This needs to be reflected in backend developer README. In other words, this behavior is as-designed.

[1] Bolt used to accept an arbitrary JSON string, so that's why you think there are user-supplied values. This is no longer true since the Great Christmas-2016 Back-end Redesign

[klizhentas]

I think users can supply Params["path"] for backend, at least what I have observed in configs and the code, so I don't quite understand the fix then. Why is it setting "data_dir" and not "path" like for example "boltdb" requires.

[klizhentas]

My question basically is - can you explain to me how does this change fixes the case reported here:

#867

[klizhentas]

@russjones: @kontsevoy explained to me how it works, so this part lgtm, please fix the part with socket path and merge the whole thing

[klizhentas]

the problem with err= is that it will be 99% of the time equal to err=nil and grep catches it all the time, so we should try to make it less verbose even for debug.

[kontsevoy]

what do you mean by "grep catches it all the time"? adding error logging here helped me solve DNS-related issue on a customer POC.

[klizhentas]

your error logs look like host lookup (%v)=%v err=nil, so If I grep for gre logs err I will get all these false positives.

[kontsevoy]

k, kill it. I'm not attached to it :)

[klizhentas]

@russjones it's a bit too late for me now, what are the chances of collision for this given your change?

[kontsevoy]

just a comment: most UNIX tools use their own PID instead of UUID.

[klizhentas]

they also create random temp dir though, not in root /tmp dir.

[russjones]

Two other options:

1. We create the socket under /var/run/teleport/. This way our socket files are on the same place on all platforms. We can name the socket itself teleport-{random number}-{pid}.socket and still be under the 104 character limit.

2. We do this instead: ioutil.TempDir(os.TempDir(), "teleport-") which will create /tmp/teleport-699583643 on Linux and /var/folders/00/l7kftvrn2tx7cv0_w2x_c4_c0000gn/T/teleport-699583643 on macOS. We can name the socket itself teleport-{pid}.socket.

[klizhentas]

@russjones let's go with option 2. because it protects us from collisions on the implementation level - AFAIK golang checks for collisions

[russjones]

@klizhentas Made the changes you suggested, can you approve?

[russjones]

This is not actually the line that has the problem, but it's the loop below:

 	for i := 0; i < 3; i++ {
 		_, err = reader.Read(buf)
 		c.Assert(err, IsNil)
 		matches = re.FindStringSubmatch(string(buf))
 		if len(matches) != 0 {
 			break
 		}
 		time.Sleep(50 * time.Millisecond)
 	}

On Linux tests hang on the line _, err = reader.Read(buf). Works fine on macOS.

[russjones]

@klizhentas ^

[klizhentas]

let me try to fix that

[russjones]

@klizhentas Tested your fix, works on macOS as well.

[klizhentas]

@russjones let's merge then