mirror of
https://github.com/Expand-sys/ansibleteleportsetup
synced 2025-12-17 06:22:19 +11:00
93 lines
2.4 KiB
YAML
93 lines
2.4 KiB
YAML
---
|
|
- hosts: "hostnode"
|
|
name: Teleport setup
|
|
vars:
|
|
become: true
|
|
pre_tasks:
|
|
- name: Load variables
|
|
ansible.builtin.include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- "vars/default.yml"
|
|
tasks:
|
|
- name: Check if teleport is installed.
|
|
ansible.builtin.stat: "path=/usr/local/bin/teleport"
|
|
register: teleport_bin
|
|
|
|
- debug:
|
|
msg: "{{ teleport_bin }}"
|
|
|
|
- name: install teleport
|
|
ansible.builtin.shell:
|
|
cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8'
|
|
|
|
|
|
- name:
|
|
|
|
- name: Ensure teleport has selected state and enabled on boot.
|
|
service:
|
|
name: 'teleport'
|
|
state: 'started'
|
|
enabled: yes
|
|
|
|
- name: Get teleport token
|
|
ansible.builtin.shell:
|
|
cmd: '/usr/local/bin/tctl tokens add --type=node --format=text'
|
|
executable: /bin/bash
|
|
register: token
|
|
|
|
- debug:
|
|
msg: token.stdout
|
|
|
|
- hosts: "clients"
|
|
name: Client setup
|
|
vars:
|
|
become: true
|
|
pre_tasks:
|
|
- name: Load variables
|
|
ansible.builtin.include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- "vars/default.yml"
|
|
|
|
tasks:
|
|
- name: Check if teleport is installed.
|
|
ansible.builtin.stat: "path=/usr/local/bin/teleport"
|
|
register: teleport_bin_clients
|
|
|
|
- name: install teleport
|
|
ansible.builtin.shell:
|
|
cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8'
|
|
when: teleport_bin_clients.stat.exists == false
|
|
|
|
- name: remove existing config if exists
|
|
ansible.builtin.file:
|
|
path: /etc/teleport.yaml
|
|
state: absent
|
|
|
|
- name: Create teleport config
|
|
ansible.builtin.shell:
|
|
cmd: '/usr/local/bin/teleport node configure --output=file:///etc/teleport.yaml --token={{ token.stdout }} --proxy={{ groups["hostnode"] | map("extract", hostvars, ["inventory_hostname"]) }}:443'
|
|
executable: /bin/bash
|
|
|
|
- name: Ensure teleport has selected state and enabled on boot.
|
|
service:
|
|
name: 'teleport'
|
|
state: 'started'
|
|
enabled: yes
|
|
|
|
- name: open ports for teleport
|
|
ansible.builtin.shell:
|
|
cmd: 'ufw allow 3022/tcp && ufw allow 443/tcp'
|
|
|
|
|
|
- hosts: "hostnode"
|
|
name: reverse proxy setup
|
|
vars:
|
|
become: true
|
|
pre_tasks:
|
|
- name: Load variables
|
|
ansible.builtin.include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- "vars/default.yml"
|
|
tasks:
|
|
- include_tasks: reverseproxy.ansible.yml
|
|
when: {{ REVERSE_PROXY }}
|