2021-06-02 03:43:49 +02:00
|
|
|
# @summary Provide Teleport SSH access to a node.
|
|
|
|
#
|
2024-01-30 20:55:29 +01:00
|
|
|
# EC2 nodes will automatically join the cluster; non-EC2 hosts will
|
|
|
|
# need to set a teleport_join_token secret. See
|
|
|
|
# https://goteleport.com/docs/agents/join-services-to-your-cluster/join-token/#generate-a-token
|
2024-02-06 21:40:19 +01:00
|
|
|
class kandra::teleport::node {
|
|
|
|
include kandra::teleport::base
|
2021-06-02 03:43:49 +02:00
|
|
|
|
2024-01-30 20:55:29 +01:00
|
|
|
$is_ec2 = zulipconf('machine', 'hosting_provider', 'ec2') == 'ec2'
|
|
|
|
$join_token = zulipsecret('secrets', 'teleport_join_token', '')
|
2021-06-02 03:44:37 +02:00
|
|
|
concat { '/etc/teleport_node.yaml':
|
|
|
|
ensure => present,
|
2021-06-02 03:43:49 +02:00
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
mode => '0644',
|
2023-03-15 15:37:54 +01:00
|
|
|
notify => Service['teleport_node'],
|
2021-06-02 03:44:37 +02:00
|
|
|
}
|
|
|
|
concat::fragment { 'teleport_node_base':
|
2024-01-30 20:55:29 +01:00
|
|
|
target => '/etc/teleport_node.yaml',
|
2024-02-06 21:40:19 +01:00
|
|
|
content => template('kandra/teleport_node.yaml.template.erb'),
|
2024-01-30 20:55:29 +01:00
|
|
|
order => '01',
|
2021-06-02 03:43:49 +02:00
|
|
|
}
|
|
|
|
|
2024-02-06 21:40:19 +01:00
|
|
|
kandra::teleport::part { 'node': }
|
2021-06-02 03:43:49 +02:00
|
|
|
}
|