puppet-teleport

Module Description - What the module does and why it is useful
Setup - The basics of getting started with puppet-teleport
- What puppet-teleport affects
- Beginning with puppet-teleport
Usage - Configuration options and additional functionality
Reference - An under-the-hood peek at what the module is doing and how
Limitations - OS compatibility, etc.
Development - Guide for contributing to the module

Module description

This module will download, install and configure Teleport a cluster SSH tool created by Gravitational.

For more information about Teleport, see the documentation

Setup

What puppet-teleport affects

puppet-teleport will:

Download the required golang binary from the teleport releases page and install it
Create a service/init script on your OS to start teleport
Configure the yaml config file and set up the required role

Beginning with puppet-teleport

By default, puppet-teleport will configure teleport with a "node" role. Simple include the teleport module like so

  include ::teleport

Teleport has multiple roles which are run from the same binary. In order to configure the use of these roles, you need to configure them in the yaml, and these can be done as parameters to the main teleport class. An example of this might be:

  class { '::teleport':
    proxy_enable       => true,
    proxy_listen_addr  => '0.0.0.0',
  }

Usage

I just want to install teleport, what's the minimum I need?

  include ::teleport

I want to install all the teleport components, what do I need?

  class { '::teleport':
    auth_enable  => true,
    proxy_enable => true,
  }

I want to auth to another auth server, what do I need?

  class { '::teleport':
    auth_servers => ['192.168.4.10', 192.168.4.11'],
  }

Reference

Classes

Public Classes

teleport: Installs and configured teleport in your environment

Private Classes

[teleport::install]: Downloads the teleport binary and installs it in your env
[teleport::config]: Configure the service and the teleport config file
[teleport::service]: Manage the teleport service

`teleport`

Parameters

`version` [String]

Specifies the version of teleport to download

`archive_path` [String]

Where to download the teleport tarball

`extract_path` [String]

Directory to extract teleport

`bin_dir` [String]

Where to symlink teleport binaries

`assets_dir` [Bool]

Where to sylink the teleport web assets

`nodename` [String]

Teleport nodename. Default: $::fqdn

`data_dir` [String]

Teleport data directory.

`auth_token` [String]

The auth token to use when joining the cluster

`advertise_ip` [String]

When running in NAT'd environments, designates an IP for teleport to advertise.

`storage_backend` [String]

Which storage backend to use.

`max_connections` [String]

Configure max connections for teleport

`max_users` [String]

Teleport max users

`log_dest` [String]

Log destination

`log_level` [String]

Log output level. Default: "ERROR"

`config_path` [String]

Path to config file for teleport. Default: /etc/teleport.yaml

`auth_servers` [Array]

An array of auth servers to connect to

`auth_enable` [Bool]

Whether to start the auth service. Default: false

`dynamic_config` [Bool]

Whether dynamic configuration for the configuration should be on or off

`auth_listen_addr` [String]

Address to listen for auth_service

`auth_listen_port` [String]

Port to listen on for auth server

`auth_service_tokens` [Array]

The provisioning tokens for the auth tokens

`cluster_name` [String]

An optional cluster name to assign to the cluster

`trusted_clusters` [Hash]

Specifies the other cluster to trust. Default: empty hash

`ssh_enable` [String]

Whether to start SSH service. Default: true

`ssh_listen_addr` [String]

Address to listen on for SSH connections. Default: 0.0.0.0

`ssh_listen_port` [String]

Port to listen on for SSH connection

`labels` [Hash]

A hash of labels to assign to hosts

`proxy_enable` [Bool]

Where to start the proxy service. Default. false

`proxy_listen_addr` [String]

Address to listen on for proxy

`proxy_listen_port` [String]

Port to listen on for proxy connection

`proxy_web_listen_address` [String]

Port to listen on for web proxy connections

`proxy_ssl` [Bool]

Enable or disable SSL support. Default: false

`proxy_ssl_key` [String]

Path to SSL key for proxy

`proxy_ssl_cert` [String]

Path to SSL cert for proxy

`init_style` [String]

Which init system to use to start the service.

`manage_service` [Bool]

Whether puppet should manage and configure the service

`service_ensure` [String]

State of the teleport service (Running/Stopped)

`service_enable` [Bool]

Whether the service should be enabled on startup

Limitations

Currently only works on Linux

Files

README.md

Latest commit

History

README.md

File metadata and controls

puppet-teleport

Table of Contents

Module description

Setup

What puppet-teleport affects

Beginning with puppet-teleport

Usage

I just want to install teleport, what's the minimum I need?

I want to install all the teleport components, what do I need?

I want to auth to another auth server, what do I need?

Reference

Classes

Public Classes

Private Classes

teleport

Parameters

version [String]

archive_path [String]

extract_path [String]

bin_dir [String]

assets_dir [Bool]

nodename [String]

data_dir [String]

auth_token [String]

advertise_ip [String]

storage_backend [String]

max_connections [String]

max_users [String]

log_dest [String]

log_level [String]

config_path [String]

auth_servers [Array]

auth_enable [Bool]

dynamic_config [Bool]

auth_listen_addr [String]

auth_listen_port [String]

auth_service_tokens [Array]

cluster_name [String]

trusted_clusters [Hash]

ssh_enable [String]

ssh_listen_addr [String]

ssh_listen_port [String]

labels [Hash]

proxy_enable [Bool]

proxy_listen_addr [String]

proxy_listen_port [String]

proxy_web_listen_address [String]

proxy_ssl [Bool]

proxy_ssl_key [String]

proxy_ssl_cert [String]

init_style [String]

manage_service [Bool]

service_ensure [String]

service_enable [Bool]