From 73a1e1fafc490072b829758df757755d480cebdc Mon Sep 17 00:00:00 2001 From: Ryan Cavicchioni Date: Sat, 22 Aug 2020 10:02:43 -0500 Subject: [PATCH] add teleport role --- roles/teleport/defaults/main.yaml | 21 +++++++ roles/teleport/handlers/main.yaml | 14 +++++ roles/teleport/tasks/Debian.yaml | 4 ++ roles/teleport/tasks/main.yaml | 63 ++++++++++++++++++++ roles/teleport/templates/teleport.service.j2 | 15 +++++ roles/teleport/vars/Debian.yaml | 2 + roles/teleport/vars/x86_64.yaml | 3 + 7 files changed, 122 insertions(+) create mode 100644 roles/teleport/defaults/main.yaml create mode 100644 roles/teleport/handlers/main.yaml create mode 100644 roles/teleport/tasks/Debian.yaml create mode 100644 roles/teleport/tasks/main.yaml create mode 100644 roles/teleport/templates/teleport.service.j2 create mode 100644 roles/teleport/vars/Debian.yaml create mode 100644 roles/teleport/vars/x86_64.yaml diff --git a/roles/teleport/defaults/main.yaml b/roles/teleport/defaults/main.yaml new file mode 100644 index 0000000..426a9a0 --- /dev/null +++ b/roles/teleport/defaults/main.yaml @@ -0,0 +1,21 @@ +--- +teleport_service_name: teleport +teleport_service_state: started +teleport_service_enabled: yes + +teleport_systemd_unit_path: /etc/systemd/system/teleport.service + +teleport_version: 4.3.5 +teleport_baseurl: https://get.gravitational.com + +teleport_roles: + - auth + - proxy + - node + +teleport_config_path: /etc/teleport.yaml +teleport_config_owner: root +teleport_config_group: root +teleport_config_mode: 0400 + +teleport_config: {} diff --git a/roles/teleport/handlers/main.yaml b/roles/teleport/handlers/main.yaml new file mode 100644 index 0000000..433b01a --- /dev/null +++ b/roles/teleport/handlers/main.yaml @@ -0,0 +1,14 @@ +--- +- name: autossh daemon-reload + systemd: + daemon_reload: yes + +- name: reload teleport + service: + name: "{{ teleport_service_name }}" + state: reloaded + +- name: restart teleport + service: + name: "{{ teleport_service_name }}" + state: restarted diff --git a/roles/teleport/tasks/Debian.yaml b/roles/teleport/tasks/Debian.yaml new file mode 100644 index 0000000..fa7c76f --- /dev/null +++ b/roles/teleport/tasks/Debian.yaml @@ -0,0 +1,4 @@ +--- +- name: install package + apt: + deb: "{{ teleport_package_url }}" diff --git a/roles/teleport/tasks/main.yaml b/roles/teleport/tasks/main.yaml new file mode 100644 index 0000000..2343e46 --- /dev/null +++ b/roles/teleport/tasks/main.yaml @@ -0,0 +1,63 @@ +--- +- name: gather architecture specific variables + include_vars: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_userspace_architecture }}.yaml" + - "default.yaml" + paths: + - vars + +- name: gather os specific variables + include_vars: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - vars + +- name: include os specific tasks + include_tasks: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - tasks + +- name: configure teleport + copy: + dest: "{{ teleport_config_path }}" + owner: "{{ teleport_config_owner }}" + group: "{{ teleport_config_group }}" + mode: "{{ teleport_config_mode }}" + content: "{{ teleport_config | to_yaml }}" + notify: + - reload teleport + no_log: true + +- name: systemd unit + template: + src: teleport.service.j2 + dest: "{{ teleport_systemd_unit_path }}" + owner: root + group: root + mode: 0644 + notify: + - restart teleport + - autossh daemon-reload + when: ansible_service_mgr == 'systemd' + +- name: manage service + service: + name: "{{ teleport_service_name }}" + state: "{{ teleport_service_state }}" + enabled: "{{ teleport_service_enabled }}" diff --git a/roles/teleport/templates/teleport.service.j2 b/roles/teleport/templates/teleport.service.j2 new file mode 100644 index 0000000..8f9d799 --- /dev/null +++ b/roles/teleport/templates/teleport.service.j2 @@ -0,0 +1,15 @@ +# {{ ansible_managed }} + +[Unit] +Description=Teleport SSH Service +After=network.target + +[Service] +Type=simple +Restart=on-failure +ExecStart=/usr/local/bin/teleport start --roles {{ teleport_roles | join(',') }} --config=/etc/teleport.yaml --pid-file=/run/teleport.pid +ExecReload=/bin/kill -HUP $MAINPID +PIDFile=/run/teleport.pid + +[Install] +WantedBy=multi-user.target diff --git a/roles/teleport/vars/Debian.yaml b/roles/teleport/vars/Debian.yaml new file mode 100644 index 0000000..621931b --- /dev/null +++ b/roles/teleport/vars/Debian.yaml @@ -0,0 +1,2 @@ +--- +teleport_package_url: "{{ teleport_baseurl }}/teleport_{{ teleport_version }}_{{ teleport_arch }}.deb" diff --git a/roles/teleport/vars/x86_64.yaml b/roles/teleport/vars/x86_64.yaml new file mode 100644 index 0000000..2778a69 --- /dev/null +++ b/roles/teleport/vars/x86_64.yaml @@ -0,0 +1,3 @@ +--- +teleport_arch: amd64 +teleport_checksum: 0b472d847b9c492f74757c6e806af5bad85c79d4dfa12cea1fc3c9ec1e5dc4ac