35db1ee435
puppet: Only include "app_service" section if there are apps.
...
This works around gravitational/teleport#12256 , but also produces config
files that are slightly cleaner.
2022-04-26 16:36:13 -07:00
f6a701090c
setup-apt-repos: Don’t install lsb_release.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-14 16:38:53 -08:00
4d7e6b26df
puppet: Provide more attributes to teleport on ssh nodes.
2022-01-12 14:15:45 -08:00
4f51d32676
puppet: Add a teleport application server.
...
This requires switching to a reverse tunnel for the auth connection,
with the side effect that the `zulip_ops::teleport::node` manifest can
be applied on servers anywhere in the Internet; they do not need to
have any publicly-available open ports.
2021-06-02 18:38:38 -07:00
c59421682f
puppet: Add a teleport node on every host.
...
Teleport nodes[1] are the equivalent to SSH servers. In addition to
this config, joining the teleport cluster will require presenting a
one-time "join token" from the proxy server[2], which may either be
short-lived or static.
[1] https://goteleport.com/docs/architecture/nodes/
[2] https://goteleport.com/docs/admin-guide/#adding-nodes-to-the-cluster
2021-06-02 18:38:38 -07:00
Alex Vandiver
Anders Kaseorg