From 7bfbd978d21ee213a44cede93281b1a6228251a2 Mon Sep 17 00:00:00 2001 From: Adam Papai Date: Mon, 8 Aug 2016 15:14:58 +0000 Subject: [PATCH] [#3] Extract static tokens (node, proxy, auth) Separate static tokens. --- README.md | 9 ++++++--- defaults/main.yml | 4 +++- templates/teleport.yaml.j2 | 13 ++++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 9e65c7a..feda2df 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,9 @@ Teleport stores the data locally under the `teleport_data_dir`. teleport_auth_enabled: true teleport_auth_listen_address: '0.0.0.0:3025' teleport_auth_cluster_name: 'main' - teleport_auth_tokens: [] + teleport_auth_tokens_node: [] + teleport_auth_tokens_proxy: [] + teleport_auth_tokens_auth: [] teleport_auth_trusted_clusters: [] teleport_auth_oidc_connectors: [] @@ -83,7 +85,8 @@ For more details about teleport architecture, please refer to the [official docu *Inside `vars/main.yml`* teleport_ssh_enabled: false - teleport_auth_tokens: xxxx-yyyy-xxxx + teleport_auth_tokens_node: + - xxxx-yyyy-xxxx If you want to be able to login to the proxy host too using teleport, set `teleport_ssh_enabled` to `true`. @@ -105,7 +108,7 @@ You can automatically connect a node to the proxy server by providing same same teleport_auth_enabled: false teleport_proxy_enabled: false teleport_auth_servers: - - + - teleport_auth_token: xxxx-yyyy-xxxx diff --git a/defaults/main.yml b/defaults/main.yml index b4a9fbd..b82c51d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -16,7 +16,9 @@ teleport_pidfile: '/var/run/teleport.pid' teleport_auth_enabled: true teleport_auth_listen_address: '0.0.0.0:3025' teleport_auth_cluster_name: 'main' -teleport_auth_tokens: [] +teleport_auth_tokens_node: [] +teleport_auth_tokens_proxy: [] +teleport_auth_tokens_auth: [] teleport_auth_trusted_clusters: [] teleport_auth_oidc_connectors: [] diff --git a/templates/teleport.yaml.j2 b/templates/teleport.yaml.j2 index 257bd9a..cc78a9a 100644 --- a/templates/teleport.yaml.j2 +++ b/templates/teleport.yaml.j2 @@ -32,10 +32,17 @@ auth_service: - key_file: {{ cluster_ca }} {% endfor %} {% endif %} -{% if teleport_auth_tokens|length > 0 %} +{% if teleport_auth_tokens_node|length > 0 or teleport_auth_tokens_proxy|length > 0 or teleport_auth_tokens_auth|length > 0 %} tokens: - - "proxy,node:{{ teleport.token }}" - - "auth:{{ teleport.token }}" +{% for token in teleport_auth_tokens_node %} + - "node:{{ token }}" +{% endfor %} +{% for token in teleport_auth_tokens_proxy %} + - "proxy:{{ token }}" +{% endfor %} +{% for token in teleport_auth_tokens_auth %} + - "auth:{{ token }}" +{% endfor %} {% endif %} {% else %} enabled: "no"