forked from flatcar/sysext-bakery
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcreate_teleport_sysext.sh
executable file
·64 lines (53 loc) · 2.16 KB
/
create_teleport_sysext.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash
set -euo pipefail
export ARCH="${ARCH-amd64}"
SCRIPTFOLDER="$(dirname "$(readlink -f "$0")")"
if [ $# -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage: $0 VERSION SYSEXTNAME"
echo "The script will download the Teleport release binaries (e.g., for v9.6.23) and create a sysext squashfs image with the name SYSEXTNAME.raw in the current folder."
echo "A temporary directory named SYSEXTNAME in the current folder will be created and deleted again."
echo "All files in the sysext image will be owned by root."
echo "To use arm64 pass 'ARCH=arm64' as environment variable (current value is '${ARCH}')."
"${SCRIPTFOLDER}"/bake.sh --help
exit 1
fi
VERSION="$1"
SYSEXTNAME="$2"
if [ "${ARCH}" = aarch64 ]; then
ARCH=arm64
fi
rm -f teleport
# install teleport binaries.
rm -rf "${SYSEXTNAME}"
mkdir -p "${SYSEXTNAME}"/usr/bin
curl "https://cdn.teleport.dev/teleport-v${VERSION}-linux-${ARCH}-bin.tar.gz" | tar xvz -C "${SYSEXTNAME}"/usr/bin --strip-components=1 teleport/teleport
chmod +x "${SYSEXTNAME}"/usr/bin/teleport
# setup kubelet service.
mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system"
cat > "${SYSEXTNAME}/usr/lib/systemd/system/teleport.service" <<-'EOF'
[Unit]
Description=Teleport SSH Service
After=network.target
After=systemd-machine-id-commit.service
Requires=systemd-machine-id-commit.service
[Service]
Type=simple
Restart=on-failure
Environment=TELEPORT_OPTIONS=
EnvironmentFile=-/etc/default/teleport
# Set the nodes roles with the `--roles`
# In most production environments you will not
# want to run all three roles on a single host
# --roles='proxy,auth,node' is the default value
# if none is set
ExecStart=/usr/bin/teleport start --roles=node --config=/etc/teleport.yaml --pid-file=/run/teleport.pid --token=%m --nodename=%H $TELEPORT_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
PIDFile=/run/teleport.pid
LimitNOFILE=524288
[Install]
WantedBy=multi-user.target
EOF
mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d"
{ echo "[Unit]"; echo "Upholds=teleport.service"; } > "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d/10-teleport-service.conf"
"${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}"
rm -rf "${SYSEXTNAME}"