-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: simplify machine-id getting started #47552
Merged
stevenGravy
merged 3 commits into
master
from
stevenGravy/docs/machine-idgettingstarted
Oct 15, 2024
Merged
Changes from all commits
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -49,17 +49,8 @@ Before you create a bot user, you need to determine which role(s) you want to | |
assign to it. You can use the `tctl` command below to examine what roles exist | ||
on your system. | ||
|
||
<Tabs> | ||
<TabItem scope={["cloud"]} label="Teleport Enterprise Cloud"> | ||
On your client machine, log in to Teleport using `tsh`, then use `tctl` to examine | ||
what roles exist on your system. | ||
</TabItem> | ||
<TabItem scope={["oss","enterprise"]} label="Self-Hosted"> | ||
Connect to the Teleport Auth Server and use `tctl` to examine what roles exist on | ||
your system. | ||
</TabItem> | ||
|
||
</Tabs> | ||
|
||
```code | ||
$ tctl get roles --format=text | ||
|
@@ -179,29 +170,10 @@ this by omitting this. | |
|
||
Replace the following fields with values from your own cluster. | ||
|
||
<Tabs> | ||
<TabItem scope={["cloud"]} label="Teleport Enterprise Cloud"> | ||
|
||
- `token` is the token output by the `tctl bots add` command or the name of your IAM method token. | ||
- `destination-dir` is where Machine ID writes user certificates that can be used by applications and tools. | ||
- `data-dir` is where Machine ID writes its private data, including its own short-lived renewable certificates. These should not be used by applications and tools. | ||
- `auth-server` is the address of your Teleport Cloud Proxy Server, for example `example.teleport.sh:443`. | ||
|
||
</TabItem> | ||
<TabItem scope={["oss","enterprise"]} label="Self-Hosted"> | ||
|
||
- `token` is the token output by the `tctl bots add` command or the name of your IAM method token. | ||
- `ca-pin` is the CA Pin for your Teleport cluster, and is output by the `tctl bots add` command. | ||
- `destination-dir` is where Machine ID writes user certificates that can be used by applications and tools. | ||
- `data-dir` is where Machine ID writes its private data, including its own short-lived renewable certificates. These should not be used by applications and tools. | ||
- `auth-server` is typically the address of your Teleport Proxy Server | ||
(`teleport.example.com:443`), but can also be the address of the | ||
Auth Server is direct connectivity is available. | ||
`teleport.example.com:443`. | ||
|
||
</TabItem> | ||
|
||
</Tabs> | ||
- `proxy-server` is the address of your Teleport Proxy service, for example `example.teleport.sh:443`. | ||
|
||
Now that Machine ID has successfully started, let's investigate the | ||
`/opt/machine-id` directory to see what was written to disk. | ||
|
@@ -257,19 +229,9 @@ $ ssh -F /opt/machine-id/ssh_config [email protected] | |
In addition to the `ssh` client you can use `tsh`. Replace the `--proxy` parameter | ||
with your proxy address. | ||
|
||
<Tabs> | ||
<TabItem scope={["oss","enterprise"]} label="Self-Hosted"> | ||
```code | ||
$ tsh ssh --proxy=teleport.example.com -i /opt/machine-id/identity root@node-name | ||
``` | ||
</TabItem> | ||
<TabItem scope={["cloud"]} label="Teleport Enterprise Cloud"> | ||
```code | ||
$ tsh ssh --proxy=mytenant.teleport.sh -i /opt/machine-id/identity root@node-name | ||
``` | ||
</TabItem> | ||
|
||
</Tabs> | ||
|
||
<Admonition type="note" title="Roles must have logins defined"> | ||
The below error can occur when the bot does not have permission to log in to | ||
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Yeah - this is much simpler. I don't know why we ever had this split....