diff --git a/docs/pages/database-access/guides/cassandra-self-hosted.mdx b/docs/pages/database-access/guides/cassandra-self-hosted.mdx index 1e10e2abaa024..1988e25321b93 100644 --- a/docs/pages/database-access/guides/cassandra-self-hosted.mdx +++ b/docs/pages/database-access/guides/cassandra-self-hosted.mdx @@ -20,10 +20,10 @@ This guide will help you to: - Connect to your database through Teleport. -![Teleport Database Access Redis Self-Hosted](../../../img/database-access/guides/cassandra_selfhosted.png) +![Teleport Database Access Cassandra Self-Hosted](../../../img/database-access/guides/cassandra_selfhosted.png) -![Teleport Database Access Redis Cloud](../../../img/database-access/guides/cassandra_cloud.png) +![Teleport Database Access Cassandra Cloud](../../../img/database-access/guides/cassandra_cloud.png) ## Prerequisites @@ -38,55 +38,26 @@ This guide will help you to: (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service: +Install and configure Teleport where you will run the Teleport Database Service: -(!docs/pages/includes/install-linux.mdx!) - - - -Start the Teleport Database Service, pointing the `--auth-server` flag to the -address of your Teleport Proxy Service: - -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=example-cassandra \ - --protocol=cassandra \ - --uri=cassandra.example.com:9042 \ - --labels=env=dev -``` - - - -The `--auth-server` flag must point to the Teleport cluster's Proxy Service -endpoint because the Database Service always connects back to the cluster over a -reverse tunnel. + + - +(!docs/pages/includes/install-linux.mdx!) - - +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="cassandra" dbProtocol="cassandra" databaseAddress="cassandra.example.com:9042" !) -Start the Teleport Database Service, pointing the `--auth-server` flag to the -address of your Teleport Cloud tenant: + + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=example-cassandra \ - --protocol=cassandra \ - --uri=cassandra.example.com:9042 \ - --labels=env=dev -``` + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) - + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="cassandra" dbProtocol="cassandra" databaseAddress="cassandra.example.com:9042" !) + + - - You can start the Database Service using a configuration file instead of CLI flags. - See the [YAML reference](../reference/configuration.mdx) for details. - +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) ## Step 2/5. Create a Teleport user diff --git a/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx b/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx index 5a00e4c56e64f..15edd4fb5f356 100644 --- a/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx +++ b/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx @@ -39,52 +39,26 @@ This guide will help you to: (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service: - -(!docs/pages/includes/install-linux.mdx!) +Install and configure Teleport where you will run the Teleport Database Service: - -Start the Teleport Database Service, pointing the `--auth-server` flag to the address of your Teleport Proxy Service: + -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=roach \ - --protocol=cockroachdb \ - --uri=roach.example.com:26257 \ - --labels=env=dev -``` +(!docs/pages/includes/install-linux.mdx!) - - The `--auth-server` flag must point to the Teleport cluster's Proxy Service endpoint - because the Database Service always connects back to the cluster over a reverse - tunnel. - +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="roach" "dbProtocol="cockroachdb" databaseAddress="roach.example.com:26257" !) - - -Start the Teleport Database Service, pointing the `--auth-server` flag at the address of your Teleport Cloud tenant, e.g., `mytenant.teleport.sh`. + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=roach \ - --protocol=cockroachdb \ - --uri=roach.example.com:26257 \ - --labels=env=dev -``` + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="roach" dbProtocol="cockroachdb" databaseAddress="roach.example.com:26257" !) - - You can start the Database Service using a configuration file instead of CLI flags. - See [YAML reference](../reference/configuration.mdx). - +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) ## Step 2/4. Create a Teleport user diff --git a/docs/pages/database-access/guides/elastic.mdx b/docs/pages/database-access/guides/elastic.mdx index a584a3e001b6e..8503d7a3dba9d 100644 --- a/docs/pages/database-access/guides/elastic.mdx +++ b/docs/pages/database-access/guides/elastic.mdx @@ -34,118 +34,27 @@ This guide will help you to configure secured access to an Elasticsearch databas (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service. Make sure you've selected your installation type (OSS, Enterprise, Cloud): - -(!docs/pages/includes/install-linux.mdx!) - -Start the Teleport Database Service, pointing the `--auth-server` flag to the -address of your Teleport Proxy Service: +Install and configure Teleport where you will run the Teleport Database Service: - - - - -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=myelastic \ - --protocol=elasticsearch \ - --uri=elasticsearch.example.com:9200 \ - --labels=env=dev -``` - - - + -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=mytennant.teleport.sh:443 \ - --name=myelastic \ - --protocol=elasticsearch \ - --uri=elasticsearch.example.com:9200 \ - --labels=env=dev -``` - - - - - -The `--auth-server` flag must point to the Teleport cluster's Proxy Service -endpoint because the Database Service always connects back to the cluster over a -reverse tunnel. +(!docs/pages/includes/install-linux.mdx!) - +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="myelastic" dbProtocol="elastic" databaseAddress="elasticsearch.example.com:9200" !) - -Configure `teleport.yaml` using the example below: - - - -```yaml -version: v3 -teleport: - auth_token: - proxy_server: mytenant.teleport.sh:443 - -# disable services that are on by default -ssh_service: { enabled: no } -proxy_service: { enabled: no } -auth_service: { enabled: no } - -# db service config -db_service: - enabled: "yes" - resources: - - labels: - "*": "*" - databases: - - name: myelastic - protocol: elasticsearch - uri: elasticsearch.example.com:9200 - static_labels: - env: dev -``` + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. - - - - -```yaml -version: v3 -teleport: - auth_token: - proxy_server: teleport.example.com - -# disable services that are on by default -ssh_service: { enabled: no } -proxy_service: { enabled: no } -auth_service: { enabled: no } - -# db service config -db_service: - enabled: "yes" - resources: - - labels: - "*": "*" - databases: - - name: myelastic - protocol: elasticsearch - uri: elasticsearch.example.com:9200 - static_labels: - env: dev -``` - - - -Adjust for your environment, then start or restart Teleport. See the [YAML reference](../reference/configuration.mdx) for details. + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="myelastic" dbProtocol="elastic" databaseAddress="elasticsearch.example.com:9200" !) +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) + ## Step 2/5. Create a Teleport user (!docs/pages/includes/database-access/create-user.mdx!) diff --git a/docs/pages/database-access/guides/mongodb-self-hosted.mdx b/docs/pages/database-access/guides/mongodb-self-hosted.mdx index 56300d14b996e..371899b0587d2 100644 --- a/docs/pages/database-access/guides/mongodb-self-hosted.mdx +++ b/docs/pages/database-access/guides/mongodb-self-hosted.mdx @@ -38,50 +38,26 @@ In this guide you will: (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service: +Install and configure Teleport where you will run the Teleport Database Service: -(!docs/pages/includes/install-linux.mdx!) - - - -Start the Teleport Database Service, pointing the `--auth-server` flag to the -address of your Teleport Proxy Service: - -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=example-mongo \ - --protocol=mongodb \ - --uri=mongo.example.com:27017 \ - --labels=env=dev -``` - - + + -The `--auth-server` flag must point to the Teleport cluster's Proxy Service -endpoint because the Database Service always connects back to the cluster over a -reverse tunnel. +(!docs/pages/includes/install-linux.mdx!) - +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-mongo" dbProtocol="mongodb" databaseAddress="mongo.example.com:27017" !) - - + + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. -Start the Teleport Database Service, pointing the `--auth-server` flag to the -address of your Teleport Cloud tenant: + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=example-mongo \ - --protocol=mongodb \ - --uri=mongo.example.com:27017 \ - --labels=env=dev -``` + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-mongo" dbProtocol="mongodb" databaseAddress="mongo.example.com:27017" !) + + - +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) You can specify either a single connection address or a MongoDB [connection string](https://docs.mongodb.com/manual/reference/connection-string/) @@ -99,11 +75,6 @@ connection string setting: $ --uri="mongodb://mongo1.example.com:27017,mongo2.example.com:27017/?replicaSet=rs0&readPreference=secondary" ``` - - You can start the Database Service using a configuration file instead of CLI flags. - See the [YAML reference](../reference/configuration.mdx) for details. - - ### Create a Teleport user (!docs/pages/includes/database-access/create-user.mdx!) diff --git a/docs/pages/database-access/guides/mysql-self-hosted.mdx b/docs/pages/database-access/guides/mysql-self-hosted.mdx index 23bf62f57f0ad..12bb81d129fa8 100644 --- a/docs/pages/database-access/guides/mysql-self-hosted.mdx +++ b/docs/pages/database-access/guides/mysql-self-hosted.mdx @@ -25,14 +25,10 @@ This guide will help you to: Service. - (!docs/pages/includes/tctl.mdx!) -## Step 1/4. Set up the Teleport Database Service +## Step 1/4. Create the Teleport Database Token (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service: - -(!docs/pages/includes/install-linux.mdx!) - ## Step 2/4. Create a certificate/key pair (!docs/pages/includes/database-access/tctl-auth-sign.mdx!) @@ -137,101 +133,29 @@ in the MariaDB documentation for more details. (!docs/pages/includes/database-access/create-user.mdx!) -### Start the Database Service +### Configure and Start the Database Service -You can configure Teleport to start the Database Service and access MySQL or -MariaDB by running the `teleport` daemon either with CLI flags or a -configuration file. +Install and configure Teleport where you will run the Teleport Database Service: - - -On the host where you will run the Teleport Database Service, run the following -command: - - - -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=test \ - --protocol=mysql \ - --uri=mysql.example.com:3306 \ - --labels=env=dev -``` + -Note that the `--auth-server` flag must point to the Teleport cluster's Proxy -Service endpoint because Database Service always connects back to the cluster -over a reverse tunnel. - - - - -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=test \ - --protocol=mysql \ - --uri=mysql.example.com:3306 \ - --labels=env=dev -``` - -Note that the `--auth-server` flag must point to your Teleport Cloud tenant -address. +(!docs/pages/includes/install-linux.mdx!) - +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-mysql" dbProtocol="mysql" databaseAddress="mysql.example.com:3306" !) - + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. -On the host where you will run the Teleport Database Service, create a -configuration file at `/etc/teleport.yaml`: - - - -```code -$ teleport db configure create \ - -o file \ - --token=/tmp/token \ - --proxy=teleport.example.com:3080 \ - --name=test \ - --protocol=mysql \ - --uri=mysql.example.com:3306 \ - --labels=env=dev -``` - - - - -```code -$ teleport db configure create \ - -o file \ - --token=/tmp/token \ - --proxy=mytenant.teleport.sh:443 \ - --name=test \ - --protocol=mysql \ - --uri=mysql.example.com:3306 \ - --labels=env=dev -``` - - - - - A single Teleport process can run multiple services, for example - multiple Database Access instances as well as other services such the - SSH Service or Application Service. - - -(!docs/pages/includes/start-teleport.mdx service="the Teleport Database Service"!) + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-mysql" dbProtocol="mysql" databaseAddress="mysql.example.com:3306" !) +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) + ## Step 4/4. Connect Once the Database Service has joined the cluster, log in to see the available @@ -242,9 +166,9 @@ databases: ```code $ tsh login --proxy=teleport.example.com --user=testuser $ tsh db ls -# Name Description Labels -# ------- ------------- -------- -# example Example MySQL env=dev +# Name Description Labels +# ------------- ------------- -------- +# example-mysql Example MySQL env=dev ``` @@ -253,9 +177,9 @@ $ tsh db ls ```code $ tsh login --proxy=mytenant.teleport.sh --user=testuser $ tsh db ls -# Name Description Labels -# ------- ------------- -------- -# example Example MySQL env=dev +# Name Description Labels +# ------------- ------------- -------- +# example-mysql Example MySQL env=dev ``` @@ -266,14 +190,14 @@ the [RBAC](../rbac.mdx) guide for more details. To retrieve credentials for a database and connect to it: ```code -$ tsh db connect example +$ tsh db connect example-mysql ``` You can optionally specify the database name and the user to use by default when connecting to the database instance: ```code -$ tsh db connect --db-user=root --db-name=mysql example +$ tsh db connect --db-user=root --db-name=mysql example-mysql ``` @@ -285,7 +209,7 @@ To log out of the database and remove credentials: ```code # Remove credentials for a particular database instance. -$ tsh db logout example +$ tsh db logout example-mysql # Remove credentials for all database instances. $ tsh db logout ``` diff --git a/docs/pages/database-access/guides/oracle-self-hosted.mdx b/docs/pages/database-access/guides/oracle-self-hosted.mdx index ab0af5483c556..1e78196cb6027 100644 --- a/docs/pages/database-access/guides/oracle-self-hosted.mdx +++ b/docs/pages/database-access/guides/oracle-self-hosted.mdx @@ -27,53 +27,30 @@ This guide will help you to: - The `sqlcl` [Oracle client](https://www.oracle.com/pl/database/sqldeveloper/technologies/sqlcl/) installed and added to your system's `PATH` environment variable or any GUI client that supports JDBC Oracle thin client. -## Step 1/6. Create a Teleport user - -(!docs/pages/includes/database-access/create-user.mdx!) - -## Step 2/6. Create a Database Service configuration +## Step 1/5. Create a Teleport token and user (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service: - -(!docs/pages/includes/install-linux.mdx!) - -Create the Database Service configuration: - -```code -$ teleport db configure create \ - -o file \ - --token=/tmp/token \ - --proxy= \ - --name=example-oracle \ - --protocol=oracle \ - --uri=oracle.example.com:2484 \ - --labels=env=dev -``` - -## Step 3/6. Start the Database Service - -(!docs/pages/includes/start-teleport.mdx service="the Database Service"!) +(!docs/pages/includes/database-access/create-user.mdx!) -## Step 4/6. Create a certificate/key pair and Teleport Oracle Wallet +## Step 2/5. Create a certificate/key pair and Teleport Oracle Wallet (!docs/pages/includes/database-access/tctl-auth-sign.mdx!) Follow the instructions below to generate TLS credentials for your database. ```code -# Export Teleport's certificate authority and a generate certificate/key pair +# Export Teleport's certificate authority and a generated certificate/key pair # for host db.example.com with a 1-year validity period. $ tctl auth sign --format=oracle --host=db.example.com --out=server --ttl=2190h ``` (!docs/pages/includes/database-access/ttl-note.mdx!) -If `tctl` finds the Orapki tool in your local environment, the `tctl auth sign --format=oracle --hostdb.example.com --out=server --ttl=2190h` command will produce an Oracle Wallet and +If `tctl` finds the Orapki tool in your local environment, the `tctl auth sign --format=oracle --host=db.example.com --out=server --ttl=2190h` command will produce an Oracle Wallet and instructions how to configure the Oracle TCPS listener with Teleport Oracle Wallet. Otherwise the `tctl auth sign --format=oracle` command will produce a `p12` certificate and instructions on how to create an Oracle Wallet on your Oracle Database instance. -## Step 5/6. Configure Oracle Database +## Step 3/5. Configure Oracle Database In order to enable the Teleport Oracle integration you will need to configure the TCPS Oracle listener and use the Teleport Oracle Wallet created in the previous step. @@ -109,21 +86,51 @@ Additionally, your Oracle Database user accounts must be configured to require a CREATE USER alice IDENTIFIED EXTERNALLY AS 'CN=alice'; GRANT CREATE SESSION TO alice; ``` +## Step 4/5. Configure and Start the Database Service +Install and configure Teleport where you will run the Teleport Database Service: + + + -## Step 6/6. Connect +(!docs/pages/includes/install-linux.mdx!) + +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="oracle" dbProtocol="oracle" databaseAddress="oracle.example.com:2484" dbName="oracle" !) + + + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. + + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) + + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="oracle" dbProtocol="oracle" databaseAddress="oracle.example.com:2484" dbName="oracle" !) + + + +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) + +## Step 5/5. Connect Once the Database Service has joined the cluster, log in to see the available databases: + ```code -$ tsh login --proxy= --user=testuser +$ tsh login --proxy=teleport.example.com --user=testuser $ tsh db ls -# Name Description Allowed Users Labels Connect -# ------ ----------- ------------- ------- ------- -# oracle [*] env=dev +# Name Description Allowed Users Labels Connect +# ------ -------------- ------------- ------- ------- +# oracle Oracle Example [*] env=dev ``` - -To connect to the Oracle `XE` Oracle SID/SERVICE_NAME: + + +```code +$ tsh login --proxy=mytenant.teleport.sh --user=testuser +$ tsh db ls +# Name Description Allowed Users Labels Connect +# ------ -------------- ------------- ------- ------- +# oracle Oracle Example [*] env=dev +``` + ```code $ tsh db connect --db-user=alice --db-name=XE oracle diff --git a/docs/pages/database-access/guides/postgres-self-hosted.mdx b/docs/pages/database-access/guides/postgres-self-hosted.mdx index 457ba1c366bf8..f6572dd3d1577 100644 --- a/docs/pages/database-access/guides/postgres-self-hosted.mdx +++ b/docs/pages/database-access/guides/postgres-self-hosted.mdx @@ -26,14 +26,10 @@ This guide will help you to: Service. - (!docs/pages/includes/tctl.mdx!) -## Step 1/5. Set up the Teleport Database Service +## Step 1/5. Create a Teleport token and user (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service: - -(!docs/pages/includes/install-linux.mdx!) - ### Create a Teleport user (!docs/pages/includes/database-access/create-user.mdx!) @@ -86,100 +82,29 @@ certificate-based Teleport login will fail. See [The pg_hba.conf File](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) in the PostgreSQL documentation for more details. -## Step 4/5. Start the Database Service +## Step 4/5. Configure and Start the Database Service -On the host where you will run the Teleport Database Service, start Teleport -with the appropriate configuration. +Install and configure Teleport where you will run the Teleport Database Service: - - -You can start the Teleport Database Service without configuration file using a -CLI command: - - - -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=test \ - --protocol=postgres \ - --uri=postgres.example.com:5432 \ - --labels=env=dev -``` + -Note that the `--auth-server` flag must point to the Teleport cluster's Proxy -Service endpoint because the Database Service always connects back to the -cluster over a reverse tunnel. - - - - -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=test \ - --protocol=postgres \ - --uri=postgres.example.com:5432 \ - --labels=env=dev -``` - -Note that the `--auth-server` flag must point to your Teleport Cloud tenant -address. +(!docs/pages/includes/install-linux.mdx!) - +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-postgres" dbProtocol="postgres" databaseAddress="postgres.example.com:5432" !) - + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. -Generate a configuration file at `/etc/teleport.yaml` for the Database Service: - - - -```code -$ teleport db configure create \ - -o file \ - --token=/tmp/token \ - --proxy=teleport.example.com:3080 \ - --name=test \ - --protocol=postgres \ - --uri=postgres.example.com:5432 \ - --labels=env=dev -``` - - - - -```code -$ teleport db configure create \ - -o file \ - --token=/tmp/token \ - --proxy=mytenant.teleport.sh:443 \ - --name=test \ - --protocol=postgres \ - --uri=postgres.example.com:5432 \ - --labels=env=dev -``` - - - - - A single Teleport process can run multiple different services, for example - multiple Database Service agents as well as the SSH Service or Application - Service. - - - -(!docs/pages/includes/start-teleport.mdx service="the Teleport Database Service"!) + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-postgres" dbProtocol="postgres" databaseAddress="postgres.example.com:5432" !) +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) + ## Step 5/5. Connect Once the Database Service has joined the cluster, log in to see the available @@ -190,9 +115,9 @@ databases: ```code $ tsh login --proxy=teleport.example.com --user=testuser $ tsh db ls -# Name Description Labels -# ------- ------------------ -------- -# example Example PostgreSQL env=dev +# Name Description Labels +# ---------------- ------------------ -------- +# example-postgres Example PostgreSQL env=dev ``` @@ -201,9 +126,9 @@ $ tsh db ls ```code $ tsh login --proxy=mytenant.teleport.sh --user=testuser $ tsh db ls -# Name Description Labels -# ------- ------------------ -------- -# example Example PostgreSQL env=dev +# Name Description Labels +# ---------------- ------------------ -------- +# example-postgres Example PostgreSQL env=dev ``` @@ -214,21 +139,21 @@ Note that you will only be able to see databases your role has access to. See To retrieve credentials for a database and connect to it: ```code -$ tsh db connect example +$ tsh db connect example-postgres ``` You can optionally specify the database name and the user to use by default when connecting to the database instance: ```code -$ tsh db connect --db-user=postgres --db-name=postgres example +$ tsh db connect --db-user=postgres --db-name=postgres example-postgres ``` To log out of the database and remove credentials: ```code # Remove credentials for a particular database instance. -$ tsh db logout example +$ tsh db logout example-postgres # Remove credentials for all database instances. $ tsh db logout ``` diff --git a/docs/pages/database-access/guides/redis-cluster.mdx b/docs/pages/database-access/guides/redis-cluster.mdx index 5732a3586cb55..0f4ff89a1a247 100644 --- a/docs/pages/database-access/guides/redis-cluster.mdx +++ b/docs/pages/database-access/guides/redis-cluster.mdx @@ -46,55 +46,26 @@ This guide will help you to: (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service: +Install and configure Teleport where you will run the Teleport Database Service: -(!docs/pages/includes/install-linux.mdx!) - - - -Start the Teleport Database Service, pointing the `--auth-server` flag to the -address of your Teleport Proxy Service: - -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=example-redis \ - --protocol=redis \ - --uri=rediss://redis.example.com:6379?mode=cluster \ - --labels=env=dev -``` - - - -The `--auth-server` flag must point to the Teleport cluster's Proxy Service -endpoint because the Database Service always connects back to the cluster over a -reverse tunnel. + + - +(!docs/pages/includes/install-linux.mdx!) - - +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-redis" dbProtocol="redis" databaseAddress="rediss://redis.example.com:6379?mode=cluster" !) -Start the Teleport Database Service, pointing the `--auth-server` flag to the -address of your Teleport Cloud tenant: + + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=example-redis \ - --protocol=redis \ - --uri=rediss://redis.example.com:6379?mode=cluster \ - --labels=env=dev -``` + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) - + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-redis" dbProtocol="redis" databaseAddress="rediss://redis.example.com:6379?mode=cluster" !) + + - - You can start the Database Service using a configuration file instead of CLI flags. - See the [YAML reference](../reference/configuration.mdx) for details. - +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) ## Step 2/6. Create a Teleport user diff --git a/docs/pages/database-access/guides/redis.mdx b/docs/pages/database-access/guides/redis.mdx index c302d2155016d..db174bd7b4a67 100644 --- a/docs/pages/database-access/guides/redis.mdx +++ b/docs/pages/database-access/guides/redis.mdx @@ -51,55 +51,26 @@ This guide will help you to: (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service: +Install and configure Teleport where you will run the Teleport Database Service: -(!docs/pages/includes/install-linux.mdx!) - - - -Start the Teleport Database Service, pointing the `--auth-server` flag to the -address of your Teleport Proxy Service: - -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=example-redis \ - --protocol=redis \ - --uri=rediss://redis.example.com:6379 \ - --labels=env=dev -``` - - - -The `--auth-server` flag must point to the Teleport cluster's Proxy Service -endpoint because the Database Service always connects back to the cluster over a -reverse tunnel. + + - +(!docs/pages/includes/install-linux.mdx!) - - +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-redis" dbProtocol="redis" databaseAddress="rediss://redis.example.com:6379" !) -Start the Teleport Database Service, pointing the `--auth-server` flag to the -address of your Teleport Cloud tenant: + + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. -```code -$ teleport db start \ - --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=example-redis \ - --protocol=redis \ - --uri=rediss://redis.example.com:6379 \ - --labels=env=dev -``` + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) - + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-redis" dbProtocol="redis" databaseAddress="rediss://redis.example.com:6379" !) + + - - You can start the Database Service using a configuration file instead of CLI flags. - See the [YAML reference](../reference/configuration.mdx) for details. - +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) ## Step 2/5. Create a Teleport user diff --git a/docs/pages/database-access/guides/snowflake.mdx b/docs/pages/database-access/guides/snowflake.mdx index f0d598be88421..05cc07a01ae32 100644 --- a/docs/pages/database-access/guides/snowflake.mdx +++ b/docs/pages/database-access/guides/snowflake.mdx @@ -44,55 +44,26 @@ This guide will help you to: (!docs/pages/includes/database-access/token.mdx!) -Install Teleport on the host where you will run the Teleport Database Service: +Install and configure Teleport where you will run the Teleport Database Service: -(!docs/pages/includes/install-linux.mdx!) - - - - Start the Teleport Database Service, pointing the `--auth-server` flag to the - address of your Teleport Proxy Service: - - ```code - $ teleport db start \ - --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=example-snowflake \ - --protocol=snowflake \ - --uri=https://abc12345.snowflakecomputing.com \ - --labels=env=dev - ``` - - - - The `--auth-server` flag must point to the Teleport cluster's Proxy Service - endpoint because the Database Service always connects back to the cluster over a - reverse tunnel. + + - +(!docs/pages/includes/install-linux.mdx!) - - +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="https://abc12345.snowflakecomputing.com" !) - Start the Teleport Database Service, pointing the `--auth-server` flag to the - address of your Teleport Cloud tenant: + + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. - ```code - $ teleport db start \ - --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=example-snowflake \ - --protocol=snowflake \ - --uri=https://abc12345.snowflakecomputing.com \ - --labels=env=dev - ``` + (!docs/pages/kubernetes-access/helm/includes/helm-repo-add.mdx!) - + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="https://abc12345.snowflakecomputing.com" !) + + - - You can start the Database Service using a configuration file instead of CLI flags. - See the [YAML reference](../reference/configuration.mdx) for details. - +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) ## Step 2/5. Create a Teleport user diff --git a/docs/pages/includes/database-access/db-configure-start.mdx b/docs/pages/includes/database-access/db-configure-start.mdx new file mode 100644 index 0000000000000..de490acba732a --- /dev/null +++ b/docs/pages/includes/database-access/db-configure-start.mdx @@ -0,0 +1,122 @@ +{{ dbName="test" }} + + +On the host where you will run the Teleport Database Service, start Teleport +with the appropriate configuration. + +Note that a single Teleport process can run multiple different services, for +example multiple Database Service agents as well as the SSH Service or Application +Service. The step below will overwrite an existing configuration file, so if +you're running multiple services add `--output=stdout` to print the config in +your terminal, and manually adjust `/etc/teleport.yaml`. + +Generate a configuration file at `/etc/teleport.yaml` for the Database Service: + + + +```code +$ teleport db configure create \ + -o file \ + --token=/tmp/token \ + --proxy=teleport.example.com:443 \ + --name={{ dbName }} \ + --protocol={{ dbProtocol }} \ + --uri={{ databaseAddress }} \ + --labels=env=dev +``` + + + + +```code +$ teleport db configure create \ + -o file \ + --token=/tmp/token \ + --proxy=mytenant.teleport.sh:443 \ + --name={{ dbName }} \ + --protocol={{ dbProtocol }} \ + --uri={{ databaseAddress }} \ + --labels=env=dev +``` + + + +Configure the Database Service to start automatically when the host boots up by +creating a systemd service for it. The instructions depend on how you installed +the Database Service. + + + + +On the host where you will run {{ service }}, start Teleport: + +```code +$ sudo systemctl enable teleport +$ sudo systemctl start teleport +``` + + + + +On the host where you will run {{ service }}, create a systemd service +configuration for Teleport, enable the Teleport service, and start Teleport: + +```code +$ sudo teleport install systemd -o /etc/systemd/system/teleport.service +$ sudo systemctl enable teleport +$ sudo systemctl start teleport +``` + + + + + + + +You can start the Teleport Database Service without configuration file using a +CLI command: + + + +```code +$ teleport db start \ + --token=/tmp/token \ + --auth-server=teleport.example.com:443 \ + --name={{ dbName }} \ + --protocol={{ dbProtocol }} \ + --uri={{ databaseAddress }} \ + --labels=env=dev +``` + +Note that the `--auth-server` flag must point to the Teleport cluster's Proxy +Service endpoint because the Database Service always connects back to the +cluster over a reverse tunnel. + + + + +```code +$ teleport db start \ + --token=/tmp/token \ + --auth-server=mytenant.teleport.sh:443 \ + --name={{ dbName }} \ + --protocol={{ dbProtocol }} \ + --uri={{ databaseAddress }} \ + --labels=env=dev +``` + +Note that the `--auth-server` flag must point to your Teleport Cloud tenant +address. + + + + + + + + +The `--auth-server` flag must point to the Teleport cluster's Proxy Service +endpoint because the Database Service always connects back to the cluster over a +reverse tunnel. + + diff --git a/docs/pages/includes/database-access/db-helm-install.mdx b/docs/pages/includes/database-access/db-helm-install.mdx new file mode 100644 index 0000000000000..101973bb0a461 --- /dev/null +++ b/docs/pages/includes/database-access/db-helm-install.mdx @@ -0,0 +1,41 @@ +{{ dbName="test" }} + +Install the Teleport Kube Agent into your Kubernetes Cluster +with the Teleport Database Service configuration. + +```code +$ JOIN_TOKEN=$(cat /tmp/token) +$ helm install teleport-kube-agent teleport/teleport-kube-agent \ + --create-namespace \ + --namespace teleport-agent \ + --set roles=db \ + --set proxyAddr=teleport.example.com:443 \ + --set authToken=${JOIN_TOKEN?} \ + --set "databases[0].name={{ dbName }}" \ + --set "databases[0].uri={{ databaseAddress }}" \ + --set "databases[0].protocol={{ dbProtocol }}" \ + --set "labels.env=dev" \ + --version (=teleport.version=) +``` + + + +Install the Teleport Kube Agent into your Kubernetes Cluster +with the Teleport Database Service configuration. + +```code +$ JOIN_TOKEN=$(cat /tmp/token) +$ helm install teleport-kube-agent teleport/teleport-kube-agent \ + --create-namespace \ + --namespace teleport-agent \ + --set roles=db \ + --set proxyAddr=mytenant.teleport.sh:443 \ + --set authToken=${JOIN_TOKEN?} \ + --set "databases[0].name={{ dbName }}" \ + --set "databases[0].uri={{ databaseAddress }}" \ + --set "databases[0].protocol={{ dbProtocol }}" \ + --set "labels.env=dev" \ + --version (=cloud.version=) +``` + + diff --git a/docs/pages/includes/database-access/multiple-instances-tip.mdx b/docs/pages/includes/database-access/multiple-instances-tip.mdx new file mode 100644 index 0000000000000..e423ac8a9f5ac --- /dev/null +++ b/docs/pages/includes/database-access/multiple-instances-tip.mdx @@ -0,0 +1,8 @@ + + A single Teleport process can run multiple services, for example + multiple Database Service instances as well as other services such the + SSH Service or Application Service. +