2024-02-06 21:40:19 +01:00
|
|
|
class kandra::profile::teleport inherits kandra::profile::base {
|
2024-02-02 15:08:49 +01:00
|
|
|
|
2021-06-02 03:41:02 +02:00
|
|
|
|
|
|
|
file { '/etc/teleport_server.yaml':
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
mode => '0644',
|
2024-02-06 21:40:19 +01:00
|
|
|
source => 'puppet:///modules/kandra/teleport_server.yaml',
|
2023-03-15 15:37:54 +01:00
|
|
|
notify => Service['teleport_server'],
|
2021-06-02 03:41:02 +02:00
|
|
|
}
|
2024-02-06 21:40:19 +01:00
|
|
|
kandra::teleport::part { 'server': }
|
2021-06-02 03:41:02 +02:00
|
|
|
|
|
|
|
# https://goteleport.com/docs/admin-guide/#ports
|
|
|
|
# Port 443 is outward-facing, for UI
|
2024-02-06 21:40:19 +01:00
|
|
|
kandra::firewall_allow { 'teleport_server_ui': port => 443 }
|
2021-06-02 03:41:02 +02:00
|
|
|
# Port 3023 is outward-facing, for teleport clients to connect to.
|
2024-02-06 21:40:19 +01:00
|
|
|
kandra::firewall_allow { 'teleport_server_proxy': port => 3023 }
|
2021-06-02 03:41:02 +02:00
|
|
|
# Port 3034 is outward-facing, for teleport servers outside the
|
|
|
|
# cluster to connect back to establish reverse proxies.
|
2024-02-06 21:40:19 +01:00
|
|
|
kandra::firewall_allow { 'teleport_server_reverse': port => 3024 }
|
2021-06-02 03:41:02 +02:00
|
|
|
# Port 3025 is inward-facing, for other nodes to look up auth information
|
2024-02-06 21:40:19 +01:00
|
|
|
kandra::firewall_allow { 'teleport_server_auth': port => 3025 }
|
2021-06-02 03:41:02 +02:00
|
|
|
}
|