Shellcheck is a linter for shell scripts. Since we have quite a few of
those for release packaging and examples, we'll benefit from an extra
set of (robot) eyes.
Note: I disabled https://github.com/koalaman/shellcheck/wiki/Sc2086 to
make this PR smaller. That specific check is for the most frequent
mistake in our scripts - not quoting env var expansions. I'll do a
separate PR cleaning those up.
`build.assets/pkg` is no longer used and was removed.
* Update docs aws terraform ami example to 4.3.5 from 4.2.3
* Apply suggestions from code review
Co-authored-by: Gus Luxton <gus@gravitational.com>
Co-authored-by: Ben Arent <ben@gravitational.com>
Co-authored-by: Gus Luxton <gus@gravitational.com>
The prefix fetching logic has a bug: it treats everything starting with
`/teleport` as the legacy prefix data, even if it's `/teleport-foo/bar`.
This is an issue if user specifies `/teleport-foo` as their custom
prefix. Each restart will copy the data from `/teleport-foo/...` to
`/teleport-foo-foo/...`.
Set the legacy prefix const to `/teleport/` instead. This avoids
excessive copying during startup.
Prefixes can still be confused later on, with `Watch` and `GetRange`,
but this is harder to migrate with backwards-compatibility.
* SEO changes in Documentation
* All documentation pages have dedicated <title> tag
* All documentation pages have dedicated <meta description> tag
* Fixed a few broken links
* Fixed missing <H1> tags
* Renamed some pages to make SEO-friendly URLs
* Found and updated all links to the renamed pages
* Compress PNGs
Co-authored-by: Ben Arent <ben@gravitational.com>
This script is similar to `examples/gke-auth/get-kubeconfig.sh` but
should work for any k8s setup.
It uses a service account bearer token for authentication instead of TLS
key/cert. These tokens shouldn't expire and are more appropriate for
automation. It also fetches the CA cert from the service account secret,
which is more reliable than assuming a `kube-dns` pod exists in the
cluster.
In addition, this script sets up the needed k8s RBAC objects for
impersonation, saving the user a few extra steps.
* cleanup of old files and updates to latest them along with UI/UX improvements
Co-authored-by: Alexander Wolfe <alexanderwolfe@Alexanders-MacBook-Air.local>
Co-authored-by: Ben Arent <ben@gravitational.com>
* Updates
- set to false for enhanced logging since other similar services (PAM) are set to false
- Added multiplex configuration information for nodes
- Modified master/slave language to leader/worker for example roles
* Add question on reverse tunnels
* Updates
- modified master/slave language to leader/worker
- changed enhanced logging to false in example configuration to match similar services (pam)
- added multiplexing info
* Add multiplexer question
* Add tsh info for openssh
* Add tsh info for connecting to openssh
* Base fork for 4.3 docs
* [docs] external email identities and Kube Users (#3628)
* Base fork for 4.3 docs
* [docs] external email identities and Kube Users (#3628)
* Remove trailing whitespace from docs files
Some editors will do this automatically on save. This causes a lot of
diffs when editing the docs in such an editor.
Clean them up once now and we'll try to keep it tidy going forward.
* Add make rules for docs whitespace and milv
docs-test-whitespace: checks for trailing whitespace in all .md files
under docs/.
docs-fix-whitespace: removes trailing whitespace in all .md files under
docs/.
docs-test-links: runs milv in all docs/ subdirectories that have
milv.config.yaml.
docs-test: runs whitespace and links tests, used during `make docs`
* Document the new `--use-local-ssh-agent` flag for tsh
The flag is used to bypass the local SSH agent even when it's running.
Specifically, this helps with agents that don't support certs.
The flag was added in #3721
* Remove pam_script.so docs from SSH PAM page
With #3725 we now populate teleport-specific env vars in a way that's
accessible to `pam_exec.so`. There's no longer any reason to install
pam_script.so separately and duplicate our docs.
Updates #3692
* Using the correct --insecure-no-tls flag
* Run docs-fix-whitespace make rule in a busybox container
* Fixes#3414
Co-authored-by: Andrew Lytvynov <andrew@gravitational.com>
Co-authored-by: Gus Luxton <gus@gravitational.com>
Co-authored-by: Steven Martin <steven@gravitational.com>
Co-authored-by: Gus Luxton <webvictim@gmail.com>
With #3725 we now populate teleport-specific env vars in a way that's
accessible to `pam_exec.so`. There's no longer any reason to install
pam_script.so separately and duplicate our docs.
Updates #3692
Automatic creation of the data folder in teleport does the right thing -
only make it accessible to owner. All other scripts and docs should do
the same.
Updates #3701
* [docs] Add links to examples directory in Github repo.
* PR Feedback.
- Updated the Quick Start guide to link to the Production Guide instead.
Co-authored-by: Ben Arent <ben@gravitational.com>
Adding following principals:
- `localhost`
- `127.0.0.1`
- `::1`
With these, `tsh` (both `ssh` and `join`) works with a local proxy
without any SSH handshake errors.
Removed the warning from quickstart docs, but keeping `--proxy=grav-00`
since that implies to the reader that proxy is usually remote.
Fixes#2910
- consistently use "certificate" instead of "public key"
- make diagram in "local users" section match the text (user "sandra"
doesn't have access to "grav-02")
- de-duplicate docs on session streaming between auth and proxy pages
Expanded instructions to include installing BCC within a Amazon 2 Linux. Moved some instruction steps for flow since amazon 2 linux doesn't require building the bcc tools.
* Correct Msft azure ad link in docs
MSFT AzureAD link wasn't properly formatted to produce a browser. fixed
* Warning tip on federation document was not in the styling format to render correctly. Fixed.
Co-authored-by: Ben Arent <ben@gravitational.com>
The URL provided in the documentation for the tarball's checksum was
missing a `-`, and resulted in a 404 when actually trying to run the
`curl`. This adds the missing `-` so that the `curl` call will succeed
as expected.
Co-authored-by: Ben Arent <ben@gravitational.com>
* Updating gsuite ssh instructions
showing using the client id
* Changed display to match api scopes
* Update gsuite api images
* Updated gsuite instructions
Update to use the client id instead of the email of the service account for Gsuite api permissions
It's not obvious from the current wording that you are **either** running `tsh ssh` or `kubectl` - it makes it look like you first need to SSH to a node, _then_ run `kubectl`. Trying to clear that up.
Co-authored-by: Ben Arent <ben@gravitational.com>