github.com/gravitational/teleport/api@v0.0.0-20240507183017-3110591cbafc/defaults/defaults.go (about) 1 /* 2 Copyright 2020 Gravitational, Inc. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 // Package defaults defines Teleport-specific defaults 18 package defaults 19 20 import ( 21 "sync" 22 "time" 23 24 "github.com/gravitational/teleport/api/constants" 25 ) 26 27 const ( 28 // Namespace is default namespace 29 Namespace = "default" 30 31 // DefaultIOTimeout is a default network IO timeout. 32 DefaultIOTimeout = 30 * time.Second 33 34 // DefaultIdleTimeout is a default idle connection timeout. 35 DefaultIdleTimeout = 30 * time.Second 36 37 // KeepAliveCountMax is the number of keep-alive messages that can be sent 38 // without receiving a response from the client before the client is 39 // disconnected. The max count mirrors ClientAliveCountMax of sshd. 40 KeepAliveCountMax = 3 41 42 // MinCertDuration specifies minimum duration of validity of issued certificate 43 MinCertDuration = time.Minute 44 45 // MaxCertDuration limits maximum duration of validity of issued certificate 46 MaxCertDuration = 30 * time.Hour 47 48 // CertDuration is a default certificate duration. 49 CertDuration = 12 * time.Hour 50 51 // ServerAnnounceTTL is the default TTL of server presence resources. 52 ServerAnnounceTTL = 10 * time.Minute 53 54 // InstanceHeartbeatTTL is the default TTL of the instance presence resource. 55 InstanceHeartbeatTTL = 20 * time.Minute 56 57 // MaxInstanceHeartbeatInterval is the upper bound of the variable instance 58 // heartbeat interval. 59 MaxInstanceHeartbeatInterval = 18 * time.Minute 60 61 // SessionTrackerTTL defines the default base ttl of a session tracker. 62 SessionTrackerTTL = 30 * time.Minute 63 64 // BreakerInterval is the period in time the circuit breaker will 65 // tally metrics for 66 BreakerInterval = time.Minute 67 68 // TrippedPeriod is the default period of time the circuit breaker will 69 // remain in breaker.StateTripped before transitioning to breaker.StateRecovering. No 70 // outbound requests are allowed for the duration of this period. 71 TrippedPeriod = 60 * time.Second 72 73 // RecoveryLimit is the default number of consecutive successful requests needed to transition 74 // from breaker.StateRecovering to breaker.StateStandby 75 RecoveryLimit = 3 76 77 // BreakerRatio is the default ratio of failed requests to successful requests that will 78 // result in the circuit breaker transitioning to breaker.StateTripped 79 BreakerRatio = 0.9 80 81 // BreakerRatioMinExecutions is the minimum number of requests before the ratio tripper 82 // will consider examining the request pass rate 83 BreakerRatioMinExecutions = 10 84 85 // AssistCommandExecutionWorkers is the number of workers that will 86 // execute arbitrary remote commands on servers in parallel 87 AssistCommandExecutionWorkers = 30 88 ) 89 90 var ( 91 moduleLock sync.RWMutex 92 93 // serverKeepAliveTTL is a period between server keep-alives, 94 // when servers announce only presence without sending full data 95 serverKeepAliveTTL = 1 * time.Minute 96 97 // keepAliveInterval is interval at which Teleport will send keep-alive 98 // messages to the client. The default interval of 5 minutes (300 seconds) is 99 // set to help keep connections alive when using AWS NLBs (which have a default 100 // timeout of 350 seconds) 101 keepAliveInterval = 5 * time.Minute 102 103 // minInstanceHeartbeatInterval is the lower bound of the variable instance 104 // heartbeat interval. 105 minInstanceHeartbeatInterval = 3 * time.Minute 106 ) 107 108 func SetTestTimeouts(svrKeepAliveTTL, keepAliveTick time.Duration) { 109 moduleLock.Lock() 110 defer moduleLock.Unlock() 111 112 serverKeepAliveTTL = svrKeepAliveTTL 113 keepAliveInterval = keepAliveTick 114 115 // maintain the proportional relationship of instance hb interval to 116 // server hb interval. 117 minInstanceHeartbeatInterval = svrKeepAliveTTL * 3 118 } 119 120 func ServerKeepAliveTTL() time.Duration { 121 moduleLock.RLock() 122 defer moduleLock.RUnlock() 123 return serverKeepAliveTTL 124 } 125 126 func MinInstanceHeartbeatInterval() time.Duration { 127 moduleLock.RLock() 128 defer moduleLock.RUnlock() 129 return minInstanceHeartbeatInterval 130 } 131 132 func KeepAliveInterval() time.Duration { 133 moduleLock.RLock() 134 defer moduleLock.RUnlock() 135 return keepAliveInterval 136 } 137 138 // EnhancedEvents returns the default list of enhanced events. 139 func EnhancedEvents() []string { 140 return []string{ 141 constants.EnhancedRecordingCommand, 142 constants.EnhancedRecordingNetwork, 143 } 144 } 145 146 const ( 147 // DefaultChunkSize is the default chunk size for paginated endpoints. 148 DefaultChunkSize = 1000 149 ) 150 151 const ( 152 // When running in "SSH Proxy" role this port will be used for incoming 153 // connections from SSH nodes who wish to use "reverse tunnell" (when they 154 // run behind an environment/firewall which only allows outgoing connections) 155 SSHProxyTunnelListenPort = 3024 156 157 // SSHProxyListenPort is the default Teleport SSH proxy listen port. 158 SSHProxyListenPort = 3023 159 160 // ProxyWebListenPort is the default Teleport Proxy WebPort address. 161 ProxyWebListenPort = 3080 162 163 // StandardHTTPSPort is the default port used for the https URI scheme. 164 StandardHTTPSPort = 443 165 ) 166 167 const ( 168 // TunnelPublicAddrEnvar optionally specifies the alternative reverse tunnel address. 169 TunnelPublicAddrEnvar = "TELEPORT_TUNNEL_PUBLIC_ADDR" 170 171 // TLSRoutingConnUpgradeEnvVar overwrites the test result for deciding if 172 // ALPN connection upgrade is required. 173 // 174 // Sample values: 175 // true 176 // <some.cluster.com>=yes,<another.cluster.com>=no 177 // 0,<some.cluster.com>=1 178 // 179 // TODO(greedy52) DELETE in ??. Note that this toggle was planned to be 180 // deleted in 15.0 when the feature exits preview. However, many users 181 // still rely on this manual toggle as IsALPNConnUpgradeRequired cannot 182 // detect many situations where connection upgrade is required. This can be 183 // deleted once IsALPNConnUpgradeRequired is improved. 184 TLSRoutingConnUpgradeEnvVar = "TELEPORT_TLS_ROUTING_CONN_UPGRADE" 185 186 // TLSRoutingConnUpgradeModeEnvVar overwrites the upgrade mode used when 187 // performing connection upgrades by the clients: 188 // - "websocket": client only requests "websocket" in the "Upgrade" header. 189 // - "legacy": client only requests legacy "alpn"/"alpn-ping" in the 190 // "Upgrade" header. 191 // - "", "default", or any other value than above: client sends both 192 // WebSocket and legacy in the "Upgrade" header. 193 // 194 // TODO(greedy52) DELETE in 17.0 195 TLSRoutingConnUpgradeModeEnvVar = "TELEPORT_TLS_ROUTING_CONN_UPGRADE_MODE" 196 )