mirror of
https://github.com/zulip/zulip.git
synced 2025-11-03 05:23:35 +00:00
1a65315566
There is no reason that the base node access method should be run under supervisor, which exists primarily to give access to the `zulip` user to restart its managed services. This access is unnecessary for Teleport, and also causes unwanted restarts of Teleport services when the `supervisor` base configuration changes. Additionally, supervisor does not support the in-place upgrade process that Teleport uses, as it replaces its core process with a new one. Switch to installing a systemd configuration file (as generated by `teleport install systemd`) for each part of Teleport, customized to pass a `--config` path. As such, we explicitly disable the `teleport` service provided by the package. The supervisor process is shut down by dint of no longer installing the file, which purges it from the managed directory, and reloads Supervisor to pick up the removed service.
19 lines
539 B
Puppet
19 lines
539 B
Puppet
# @summary Provide Teleport SSH access to a node.
|
|
#
|
|
# https://goteleport.com/docs/admin-guide/#adding-nodes-to-the-cluster
|
|
# details additional manual steps to allow a node to join the cluster.
|
|
class zulip_ops::teleport::db {
|
|
include zulip_ops::teleport::base
|
|
|
|
file { '/etc/teleport_db.yaml':
|
|
ensure => file,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
content => template('zulip_ops/teleport_db.yaml.template.erb'),
|
|
notify => Service['teleport_db'],
|
|
}
|
|
|
|
zulip_ops::teleport::part { 'db': }
|
|
}
|