diff --git a/README.md b/README.md index 05eec95..3c4773a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,10 @@ [![Build Status](https://travis-ci.org/woohgit/ansible-role-teleport.svg?branch=master)](https://travis-ci.org/woohgit/ansible-role-teleport) -An Ansible Role that installs Teleport on RHEL/CentOS, Debian/Ubuntu. +An Ansible Role that installs [Teleport](https://gravitational.com/teleport/) on RHEL/CentOS, Debian/Ubuntu, SUSE. + +Teleport is an SSH for Clusters and Teams + ## Requirements @@ -51,6 +54,8 @@ If you want to disable the WebUI (proxy), set this setting to `false`. teleport_proxy_https_key_file: '' teleport_proxy_https_cert_file: '' +For full reference see the official [teleport documentation by gravitational](http://gravitational.com/teleport/docs/quickstart/). + ## Dependencies None. diff --git a/tasks/configure-Sysvinit.yml b/tasks/configure-Sysvinit.yml new file mode 100644 index 0000000..aca4ae3 --- /dev/null +++ b/tasks/configure-Sysvinit.yml @@ -0,0 +1,8 @@ +--- +- name: Create teleport service (SysVinit). + template: + src: "teleport.sysvinit.j2" + dest: "/etc/init.d/teleport" + owner: "root" + group: "root" + mode: 0744 \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index d6be003..690fbce 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,6 +14,7 @@ url: "https://github.com/gravitational/teleport/releases/download/v{{ teleport_version }}/teleport-v{{ teleport_version }}-linux-amd64-bin.tar.gz" dest: "/tmp/teleport-v{{ teleport_version }}-linux-amd64-bin.tar.gz" mode: 0755 + validate_certs: no when: not teleport_bin.stat.exists - name: Unarchive teleport. @@ -42,6 +43,9 @@ - include: configure-Upstart.yml when: ansible_service_mgr == 'upstart' + +- include: configure-Sysvinit.yml + when: ansible_service_mgr == 'sysvinit' - name: Ensure teleport has selected state and enabled on boot. service: diff --git a/templates/teleport.sysvinit.j2 b/templates/teleport.sysvinit.j2 new file mode 100644 index 0000000..bef4fd8 --- /dev/null +++ b/templates/teleport.sysvinit.j2 @@ -0,0 +1,137 @@ +#! /bin/sh +# +# Author: Adam Papai +# +# /etc/init.d/teleport +# +# +### BEGIN INIT INFO +# Provides: teleport +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Should-Start: haveged auditd +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Description: Start the teleport daemon +### END INIT INFO + +TELEPORT_BIN=/usr/local/bin/teleport +test -x $TELEPORT_BIN || exit 5 + +TELEPORT_PIDFILE={{ teleport_pidfile }} + +TELEPORT_OPTS="start --config={{ teleport_config_path }}" + +. /etc/rc.status + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status + +function soft_stop () { + echo -n "Shutting down the listening teleport daemon" + killproc -p $TELEPORT_PIDFILE -TERM $TELEPORT_BIN +} + +function force_stop () { + echo -n "Shutting down teleport daemon *with all active connections*" + trap '' TERM + killall sshd 2>/dev/null + trap - TERM +} + +# First reset status of this service +rc_reset + +case "$1" in + start) + echo -n "Starting teleport daemon" + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + startproc -f -p $TELEPORT_PIDFILE $TELEPORT_BIN $TELEPORT_OPTS + + # Remember status and be verbose + rc_status -v + ;; + stop) + # If we're shutting down, kill active teleport connections so they're not + # left hanging. + runlevel=$(set -- $(runlevel); eval "echo \$$#") + if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then + force_stop + else + soft_stop + fi + + # Remember status and be verbose + rc_status -v + ;; + soft-stop) + ## Stop the listener daemon process with killproc(8) and if this + ## fails set echo the echo return value. + soft_stop + + # Remember status and be verbose + rc_status -v + ;; + force-stop) + ## stop all running teleport + force_stop + + # Remember status and be verbose + rc_status -v + ;; + try-restart) + ## Stop the service and if this succeeds (i.e. the + ## service was running before), start it again. + $0 status >/dev/null && $0 restart + + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service without closing live connections + ## and start it again regardless of whether it was + ## running or not + $0 soft-stop + $0 start + + # Remember status and be quiet + rc_status + ;; + force-reload|reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + echo -n "Reload service sshd" + + killproc -p $TELEPORT_PIDFILE -HUP $TELEPORT_BIN + + rc_status -v + + ;; + status) + echo -n "Checking for service teleport " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + checkproc -p $TELEPORT_PIDFILE $TELEPORT_BIN + + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|soft-stop|force-stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit \ No newline at end of file diff --git a/vars/Suse.yml b/vars/Suse.yml new file mode 100644 index 0000000..104b4fe --- /dev/null +++ b/vars/Suse.yml @@ -0,0 +1,2 @@ +--- +systemd_service_dir: '/usr/lib/systemd/system' \ No newline at end of file