squashed a lot of bugs and added rhel support

2025-12-15 13:32:20 +11:00 · 2023-09-14 04:10:52 +10:00 · 2023-09-14 04:10:52 +10:00 · b9313a3bf7
commit b9313a3bf7
parent b724a23d32
3 changed files with 60 additions and 24 deletions
--- a/18
+++ b/18
@ -1,8 +1,18 @@
 hostnode:
    hosts:
-        t2.localhost:
-            vars: ansible_ssh_user=root ansible_ssh_common_args='-o StrictHostKeyChecking=no' ANSIBLE_HOST_KEY_CHECKING=False
+        t.localhost: #change me to your host
+    vars: 
+        #ansible_ssh_user: root
+        ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
 clients:
    hosts:
-        t2.localhost:
-            vars: ansible_ssh_user=root ansible_ssh_common_args='-o StrictHostKeyChecking=no' ANSIBLE_HOST_KEY_CHECKING=False
+        t-client.localhost: #change me to your clients
+    vars: 
+        #ansible_ssh_user: root
+        ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
+reverseproxy:
+    hosts:
+        t.localhost: #change me to your reverse proxy or host if you want reverse proxy installed for you
+    vars:
+        #ansible_ssh_user: root
+        ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
--- a/main.ansible.yml
+++ b/main.ansible.yml
@ -10,15 +10,15 @@
        - "vars/default.yml"
  tasks:
    - name: Check if teleport is installed.
-      ansible.builtin.stat: "path=/usr/local/bin/teleport"
+      ansible.builtin.shell: "teleport version"
      register: teleport_bin
-    
-    - debug:
-        msg: "{{ teleport_bin.stat }}"
+      ignore_errors: true

    - name: install teleport
      ansible.builtin.shell:
-        cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8'
+        cmd: 'curl https://goteleport.com/static/install.sh | bash -s {{ TELEPORT_VER }}'
+      when: not TELEPORT_VER in teleport_bin.stdout
+

    - name: Ensure teleport has selected state and enabled on boot.
      service:
@ -26,10 +26,9 @@
        state: 'started'
        enabled: yes

-    - name: sleep for 15 secs to wait for teleport to start
+    - name: sleep for 10 secs to wait for teleport to start
      ansible.builtin.wait_for:
-        timeout: 15
-      delegate_to: localhost
+        timeout: 10

    - name: Get teleport token
      ansible.builtin.shell:
@ -37,12 +36,19 @@
        executable: /bin/bash
      register: token

+    - name: "Add K8S Token and Hash to dummy host"
+      add_host:
+        name:   "TELE_TOKEN_HOLDER"
+        token_c:  "{{ token.stdout }}"
+
+
    - debug:
-        msg: token.stdout
+        msg: '{{ token.stdout }}'

 - hosts: "clients"
  name: Client setup
-  vars:
+  vars: 
+    token_clients: "{{ hostvars['TELE_TOKEN_HOLDER']['token_c'] }}"
  become: true
  pre_tasks:
    - name: Load variables
@ -52,22 +58,27 @@
  
  tasks:
    - name: Check if teleport is installed.
-      ansible.builtin.stat: "path=/usr/local/bin/teleport"
+      ansible.builtin.shell: "teleport version"
      register: teleport_bin_clients

    - name: install teleport
      ansible.builtin.shell:
        cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8'
-      when: teleport_bin_clients.stat.exists == false
+      when: not TELEPORT_VER in teleport_bin_clients.stdout
+    
+    - name: Ensure teleport is stopped.
+      service:
+        name: 'teleport'
+        state: 'stopped'

    - name: remove existing config if exists
      ansible.builtin.file:
        path: /etc/teleport.yaml
        state: absent
-
+    
    - name: Create teleport config
      ansible.builtin.shell:
-        cmd: '/usr/local/bin/teleport node configure --output=file:///etc/teleport.yaml --token={{ token.stdout }} --proxy={{ groups["hostnode"] | map("extract", hostvars, ["inventory_hostname"]) }}:443'
+        cmd: '/usr/local/bin/teleport node configure --output=file:///etc/teleport.yaml --token={{ token_clients }} --auth-server={{ SUBDOMAIN }}:3025'
        executable: /bin/bash

    - name: Ensure teleport has selected state and enabled on boot.
@ -76,12 +87,26 @@
        state: 'started'
        enabled: yes

-    - name: open ports for teleport
+    - name: open ports for teleport - ubuntu OS
      ansible.builtin.shell:
-        cmd: 'ufw allow 3022/tcp && ufw allow 443/tcp'
+        cmd: 'ufw allow 3022/tcp'
+      when: ansible_facts['distribution'] == "Ubuntu"
+    
+    - name: Install python3 firewall for rhel
+      ansible.builtin.dnf:
+        name: python3-firewall
+        state: present
+      when: ansible_facts['os_family'] == "RedHat"

+    - name: open ports for teleport RHEL
+      ansible.builtin.firewalld:
+        permanent: true
+        port: 3022/tcp
+        state: enabled
+        immediate: true
+      when: ansible_facts['os_family'] == "RedHat"

- hosts: "hostnode"
+- hosts: "reverseproxy"
  name: reverse proxy setup
  vars:
  become: true
--- a/vars/default.yml
+++ b/vars/default.yml
@ -5,7 +5,8 @@
 #run this when done("systemctl restart teleport")

 #if you do enable reverse proxy make sure your selected domain name is routed to that ip address and port forwarding is set to the teleport host for ports 80 and 443
-REVERSE_PROXY: true
+REVERSE_PROXY: false
 #subdomain is the subdomain you want tied to teleport for the reverse proxy this should also be your hostname for your teleport hostnode(use {your teleport hostname}.localhost to use an internal certificate)
-SUBDOMAIN: t2.localhost
-
+SUBDOMAIN: t.localhost
+# set teleport version here
+TELEPORT_VER: 13.3.8