add teleport role

roles/teleport/defaults/main.yaml

@@ -0,0 +1,21 @@
+---
+teleport_service_name: teleport
+teleport_service_state: started
+teleport_service_enabled: yes
+
+teleport_systemd_unit_path: /etc/systemd/system/teleport.service
+
+teleport_version: 4.3.5
+teleport_baseurl: https://get.gravitational.com 
+
+teleport_roles:
+  - auth
+  - proxy
+  - node
+
+teleport_config_path: /etc/teleport.yaml
+teleport_config_owner: root
+teleport_config_group: root
+teleport_config_mode: 0400
+
+teleport_config: {}

roles/teleport/handlers/main.yaml

@@ -0,0 +1,14 @@
+---
+- name: autossh daemon-reload
+  systemd:
+    daemon_reload: yes
+
+- name: reload teleport
+  service:
+    name: "{{ teleport_service_name }}"
+    state: reloaded
+
+- name: restart teleport
+  service:
+    name: "{{ teleport_service_name }}"
+    state: restarted

roles/teleport/tasks/Debian.yaml

@@ -0,0 +1,4 @@
+---
+- name: install package
+  apt:
+    deb: "{{ teleport_package_url }}"

roles/teleport/tasks/main.yaml

@@ -0,0 +1,63 @@
+---
+- name: gather architecture specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_userspace_architecture }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: gather os specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  include_tasks: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- name: configure teleport
+  copy:
+    dest: "{{ teleport_config_path }}"
+    owner: "{{ teleport_config_owner }}"
+    group: "{{ teleport_config_group }}"
+    mode: "{{ teleport_config_mode }}"
+    content: "{{ teleport_config | to_yaml }}"
+  notify:
+    - reload teleport
+  no_log: true
+
+- name: systemd unit
+  template:
+    src: teleport.service.j2
+    dest: "{{ teleport_systemd_unit_path }}"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart teleport
+    - autossh daemon-reload
+  when: ansible_service_mgr == 'systemd'
+
+- name: manage service
+  service:
+    name: "{{ teleport_service_name }}"
+    state: "{{ teleport_service_state }}"
+    enabled: "{{ teleport_service_enabled }}"

roles/teleport/templates/teleport.service.j2

@@ -0,0 +1,15 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=Teleport SSH Service
+After=network.target
+
+[Service]
+Type=simple
+Restart=on-failure
+ExecStart=/usr/local/bin/teleport start --roles {{ teleport_roles | join(',') }} --config=/etc/teleport.yaml --pid-file=/run/teleport.pid
+ExecReload=/bin/kill -HUP $MAINPID
+PIDFile=/run/teleport.pid
+
+[Install]
+WantedBy=multi-user.target

roles/teleport/vars/Debian.yaml

@@ -0,0 +1,2 @@
+---
+teleport_package_url: "{{ teleport_baseurl }}/teleport_{{ teleport_version }}_{{ teleport_arch }}.deb"

roles/teleport/vars/x86_64.yaml

@@ -0,0 +1,3 @@
+---
+teleport_arch: amd64
+teleport_checksum: 0b472d847b9c492f74757c6e806af5bad85c79d4dfa12cea1fc3c9ec1e5dc4ac