jamdoog.teleport
Ansible Role: Teleport
This role installs Teleport on a server.
What it does:
You can customize your Teleport deployment using variables.
- Install Teleport using DEB/RPM with GPG check.
- Install Teleport from a tarball with GPG check (for systems without apt/rpm).
- Automatically register as a node for SSH.
- Deploy "commands" or labels for SSH and applications like Kernel, Teleport, and more.
- Automatically create an invite token.
Requirements
Must run on a system using systemd. Tested on:
- Debian 10/11
- RHEL 7/8/9
- openSUSE 15.0/1/2/3/Tumbleweed
How token generation works:
- Creates a token using the tctl command in JSON format.
- Extracts the token.
- Updates the "INVITE_TOKEN" variable.
How to use token generation:
Set these variables:
GENERATE_TOKEN: true# Required to start token generation.GENERATE_TOKEN_COMBO: true# Generates both app and node token; do not combine with "GENERATE_TOKEN_<....>_ONLY".GENERATE_TOKEN_SSH_ONLY: false# Generates only a node token.GENERATE_TOKEN_APP_ONLY: false# Generates only an app token.TELEPORT_TOKEN_HOST: "Jump"# The host (via SSH) where tctl will run.TOKEN_TTL: "2m"# Time-to-live for the token.
Role Variables
Group Variables:
| Name | Type | Example |
|---|---|---|
INVITE_TOKEN |
string | 4f622402dawdawdaw |
CA_PIN |
string | sha256:2awdwadwad678767awd768awdd |
TELEPORT_HOST |
string | teleport.domain.tld:443 |
TELEPORT_MAJOR_VERSION |
INT | 10 |
TELEPORT_MINOR_VERSION |
FLOAT | 3.5 |
GENERATE_TOKEN |
bool | true |
GENERATE_TOKEN_COMBO |
bool | true |
GENERATE_TOKEN_SSH_ONLY |
bool | false |
GENERATE_TOKEN_APP_ONLY |
bool | false |
TELEPORT_TOKEN_HOST |
string | "Jump" |
TOKEN_TTL |
string | "10m" |
Host Variables:
| Name | Type | Example |
|---|---|---|
SSH_SERVICE |
bool | true |
APP_SERVICE |
bool | true |
CREATE_SSH_COMMANDS |
bool | true |
CREATE_APP_COMMANDS |
bool | true |
CREATE_COMMAND |
bool | true |
CREATE_OS_COMMAND |
bool | true |
CREATE_KERNEL_COMMAND |
bool | true |
CREATE_TELEPORT_COMMAND |
bool | true |
CREATE_HOSTNAME_COMMAND |
bool | true |
CREATE_VIRTUALIZATION_COMMAND |
bool | true |
TELEPORT_APPLICATION_NAME |
string | proxmox |
TELEPORT_APPLICATION_IGNORE_TLS |
string | true |
TELEPORT_APPLICATION_URI |
string | https://192.168.200.1:8006 |
Dependencies
No dependencies for this role.
Example Playbook
PLAYBOOK (NO GENERATED TOKEN):
- hosts: teleport
become: true
roles:
- jamdoog.teleport
vars:
- INVITE_TOKEN: 4f622402dawdawdaw
- CA_PIN: sha256:2awdwadwad678767awd768awdd
- TELEPORT_HOST: domain.tld:443
- TELEPORT_MINOR_VERSION: 3.2
- TELEPORT_MAJOR_VERSION: 10
- SSH_SERVICE: true
- APP_SERVICE: true
- CREATE_COMMANDS: true
- CREATE_HOSTNAME_COMMAND: true
- CREATE_OS_COMMAND: true
- CREATE_KERNEL_COMMAND: true
- CREATE_TELEPORT_COMMAND: true
- CREATE_VIRTUALIZATION_COMMAND: true
- TELEPORT_APPLICATION_NAME: "proxmox"
- TELEPORT_APPLICATION_IGNORE_TLS: true
- TELEPORT_APPLICATION_URI: "https://192.168.200.1:8006"
PLAYBOOK (GENERATED TOKEN):
- hosts: teleport
become: true
roles:
- jamdoog.teleport
vars:
- GENERATE_TOKEN: true
- GENERATE_TOKEN_COMBO: true
- GENERATE_TOKEN_SSH_ONLY: false
- GENERATE_TOKEN_APP_ONLY: false
- TELEPORT_TOKEN_HOST: "Jump"
- TOKEN_TTL: "2m"
- CA_PIN: sha256:2awdwadwad678767awd768awdd
- TELEPORT_HOST: domain.tld:443
- TELEPORT_MINOR_VERSION: 3.2
- TELEPORT_MAJOR_VERSION: 10
- SSH_SERVICE: true
- APP_SERVICE: true
- CREATE_COMMANDS: true
- CREATE_HOSTNAME_COMMAND: true
- CREATE_OS_COMMAND: true
- CREATE_KERNEL_COMMAND: true
- CREATE_TELEPORT_COMMAND: true
- CREATE_VIRTUALIZATION_COMMAND: true
- TELEPORT_APPLICATION_NAME: "proxmox"
- TELEPORT_APPLICATION_IGNORE_TLS: true
- TELEPORT_APPLICATION_URI: "https://192.168.200.1:8006"
License
BSD
Author Information
This role was created by James Ledger. You can find more on https://jamesledger.net.