From 9b198f8451ea749bef11890e406e6889dd8d0f5f Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Thu, 13 Apr 2023 12:58:25 -0400 Subject: [PATCH 1/9] docs: update docker guide to allow for server access and show troubleshooting --- docs/pages/management/guides/docker.mdx | 195 ++++++++++++++++++++++-- 1 file changed, 180 insertions(+), 15 deletions(-) diff --git a/docs/pages/management/guides/docker.mdx b/docs/pages/management/guides/docker.mdx index 84dc4979f3af4..ee0137bf468a3 100644 --- a/docs/pages/management/guides/docker.mdx +++ b/docs/pages/management/guides/docker.mdx @@ -11,7 +11,9 @@ images and execute commands on that container via Teleport's `tsh` client. Since all of Teleport's services are run from the same binary, you can use our Docker image to run Node services (e.g., the Database Service or App -Service) or explore the Auth and Proxy Services locally. +Service) or explore the Auth and Proxy Services locally. The distroless container +does not allow running shells by default so an example of adding another Ubuntu container for +server access is given. @@ -81,12 +83,12 @@ $ mkdir -p ~/teleport/config ~/teleport/data # This container will write the config and immediately exit--this is expected. $ docker run --hostname localhost --rm \ --entrypoint=/usr/local/bin/teleport \ - ${TELEPORT_DOCKER_IMAGE} configure > ~/teleport/config/teleport.yaml + ${TELEPORT_DOCKER_IMAGE} configure --roles=proxy,auth > ~/teleport/config/teleport.yaml # Start Teleport with mounted config and data directories, plus all ports $ docker run --hostname localhost --name teleport \ -v ~/teleport/config:/etc/teleport \ -v ~/teleport/data:/var/lib/teleport \ - -p 3023:3023 -p 3025:3025 -p 3080:3080 \ + -p 3025:3025 -p 3080:3080 \ ${TELEPORT_DOCKER_IMAGE} ``` @@ -115,12 +117,12 @@ Move your `license.pem` file to `~/teleport/data`. # This container will write the config and immediately exit--this is expected. $ docker run --hostname localhost --rm \ --entrypoint=/usr/local/bin/teleport \ - ${TELEPORT_DOCKER_IMAGE} configure > ~/teleport/config/teleport.yaml + ${TELEPORT_DOCKER_IMAGE} configure --roles=proxy,auth > ~/teleport/config/teleport.yaml # Start Teleport with mounted config and data directories, plus all ports $ docker run --hostname localhost --name teleport \ -v ~/teleport/config:/etc/teleport \ -v ~/teleport/data:/var/lib/teleport \ - -p 3023:3023 -p 3025:3025 -p 3080:3080 \ + -p 3025:3025 -p 3080:3080 \ ${TELEPORT_DOCKER_IMAGE} ``` @@ -149,10 +151,104 @@ The Web UI will be available at the displayed URL. (!docs/pages/includes/insecure-certificate.mdx!) -## Step 4/4. tsh into your Teleport container +## Step 4/4. Try Server Access -After you have finished creating your user, open a second terminal and issue the -command, which will log in to your Teleport cluster via the Proxy Service at +This docker installation includes just the Teleport Proxy and Auth Service. You can try +accessing a server through Teleport by installing the Teleport SSH Service +on a Ubuntu docker container. Here are the steps. + +First start a Ubuntu image: +```code +$ docker run -it --name=example-server --hostname=example-server ubuntu:latest bash +``` + + + +```code +# Docker container will start and you can install Teleport +$ apt update && apt install curl -y +# Download Teleport's PGP public key + +$ curl https://apt.releases.teleport.dev/gpg \ +-o /usr/share/keyrings/teleport-archive-keyring.asc +# Source variables about OS version + +$ source /etc/os-release +# Add the Teleport APT repository for v12. You'll need to update this +# file for each major release of Teleport. +# Note: if using a fork of Debian or Ubuntu you may need to use '$ID_LIKE' +# and the codename your distro was forked from instead of '$ID' and '$VERSION_CODENAME'. +# Supported versions are listed here: https://github.com/gravitational/teleport/blob/master/build.assets/tooling/cmd/build-os-package-repos/runners.go#L42-L67 + +$ echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] \ +https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/v12" \ +| tee /etc/apt/sources.list.d/teleport.list > /dev/null +$ apt-get update +$ apt-get install teleport +``` + + +```code +# Docker container will start and you can install Teleport +$ apt update && apt install curl -y +# Download Teleport's PGP public key + +$ curl https://apt.releases.teleport.dev/gpg \ +-o /usr/share/keyrings/teleport-archive-keyring.asc +# Source variables about OS version + +$ source /etc/os-release +# Add the Teleport APT repository for v12. You'll need to update this +# file for each major release of Teleport. +# Note: if using a fork of Debian or Ubuntu you may need to use '$ID_LIKE' +# and the codename your distro was forked from instead of '$ID' and '$VERSION_CODENAME'. +# Supported versions are listed here: https://github.com/gravitational/teleport/blob/master/build.assets/tooling/cmd/build-os-package-repos/runners.go#L42-L67 + +$ echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] \ +https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/v12" \ +| tee /etc/apt/sources.list.d/teleport.list > /dev/null +$ apt-get update +$ apt-get install teleport-ent +``` + + + + +Keep the docker `example-server` Terminal running and run a separate command +in another terminal to add a node. + +```code +$ docker exec teleport tctl nodes add +# The invite token: 02adc78db14c4958a94a78e216fba689 +# This token will expire in 30 minutes. + +# Run this on the new node to join the cluster: + +# > teleport start \ + --roles=node \ + --token=02adc78db14c4958a94a78e216fba689 \ + --ca-pin=sha256:51c0e24825fae3133da0d8659f4dd533808e2dc92c000b577c8725b6cbcb66ae \ + --auth-server=172.17.0.2:3025 + +# Please note: + +# - This invitation token will expire in 30 minutes +# - 172.17.0.2:3025 must be reachable from the new node + ``` + +Copy the full `teleport start` command and run in the `example-server` docker terminal. + +Open another terminal windows and confirm the node was added + with `tctl nodes ls` on the `teleport` container. + +```code +$ docker exec teleport tctl nodes ls +# Host UUID Public Address Labels Version +# -------------- ------------------- --------------- ------ ------- +# example-server edc6b7ae-0ae5-43... 172.17.0.3:3022 12.2.2 +``` + +Issue this command, which will log in to your Teleport cluster via the Proxy Service at `localhost`. ```code @@ -189,24 +285,93 @@ Running the next command will display all Teleport Nodes you're connected to: ```code $ tsh ls - -# Node Name Address Labels -# --------- -------------- ------------------------------- -# localhost 127.0.0.1:3022 env=example, hostname=localhost +# Node Name Address Labels +# -------------- --------------- ------ +# example-server 172.17.0.3:3022 ``` -To SSH into the local Node called `localhost`: +To SSH into the local Node called `example-server`: ```code -$ tsh ssh root@localhost +$ tsh ssh root@example-server ``` This will bring up the Linux command prompt where you can issue Bash commands, traverse the directory tree, and explore the container contents: ```txt -root@localhost:~# +root@example-server:~# +``` + +After exiting the session you can replay the interaction from the command line: + +```code +$ tsh recordings ls +# ID Type Participants Hostname Timestamp +# ------------------------------------ ---- ------------ -------------- ------------------------ +# 1da4faa9-01e9-4241-875f-4143f302c9c4 ssh testuser example-server Apr 13 2023 16:46:59 UTC +$ tsh play 1da4faa9-01e9-4241-875f-4143f302c9c4 +``` + +## Troubleshooting + +Teleport provides a debug version that includes a Busybox shell. These are not intended +for production. You will need to stop the non-debug container and start again with the +debug version to use. + +```code +# Stop teleport container +$ docker stop teleport +# Remove teleport container so another can be started with the same name +$ docker rm teleport ``` + + + +Use the debug image with the same data and configuration. + +```code +# Debug Docker image to use. Defaults to the host architecture. Use the `--platform` +# option in `docker run` to override. +$ TELEPORT_DOCKER_IMAGE=(=teleport.latest_oss_debug_docker_image=) +# Start Teleport with mounted config and data directories, plus all ports +$ docker run --hostname localhost --name teleport \ + -v ~/teleport/config:/etc/teleport \ + -v ~/teleport/data:/var/lib/teleport \ + -p 3025:3025 -p 3080:3080 \ + ${TELEPORT_DOCKER_IMAGE} +``` + + + + + +Use the debug image with the same data and configuration. + +```code +# Debug Docker image to use. Defaults to the host architecture. Use the `--platform` +# option in `docker run` to override. +$ TELEPORT_DOCKER_IMAGE=(=teleport.latest_ent_debug_docker_image=) +# Start Teleport with mounted config and data directories, plus all ports +$ docker run --hostname localhost --name teleport \ + -v ~/teleport/config:/etc/teleport \ + -v ~/teleport/data:/var/lib/teleport \ + -p 3025:3025 -p 3080:3080 \ + ${TELEPORT_DOCKER_IMAGE} +``` + + + + +Now you can open a `sh` shell within the docker container to perform any troubleshooting. + +```code +$ docker exec -it teleport sh +$ tctl status +``` + + + ## Next steps - Try out one of our [Helm Guides](../../deploy-a-cluster/helm-deployments.mdx). From 083b1e9b406c1a5440ce42830c8f69b4d067506c Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Fri, 14 Apr 2023 14:47:26 -0400 Subject: [PATCH 2/9] Apply suggestions from code review Co-authored-by: Paul Gottschling --- docs/pages/management/guides/docker.mdx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/pages/management/guides/docker.mdx b/docs/pages/management/guides/docker.mdx index ee0137bf468a3..3961ad75bec79 100644 --- a/docs/pages/management/guides/docker.mdx +++ b/docs/pages/management/guides/docker.mdx @@ -151,13 +151,13 @@ The Web UI will be available at the displayed URL. (!docs/pages/includes/insecure-certificate.mdx!) -## Step 4/4. Try Server Access +## Step 4/4. Try server access -This docker installation includes just the Teleport Proxy and Auth Service. You can try +The Teleport container we spun up earlier runs the Teleport Proxy and Auth Services. You can try accessing a server through Teleport by installing the Teleport SSH Service -on a Ubuntu docker container. Here are the steps. +on an Ubuntu Docker container. Here are the steps. -First start a Ubuntu image: +First start an Ubuntu container: ```code $ docker run -it --name=example-server --hostname=example-server ubuntu:latest bash ``` @@ -238,7 +238,7 @@ $ docker exec teleport tctl nodes add Copy the full `teleport start` command and run in the `example-server` docker terminal. -Open another terminal windows and confirm the node was added +Open another terminal window and confirm the node was added with `tctl nodes ls` on the `teleport` container. ```code @@ -314,7 +314,7 @@ $ tsh play 1da4faa9-01e9-4241-875f-4143f302c9c4 ## Troubleshooting -Teleport provides a debug version that includes a Busybox shell. These are not intended +Teleport provides a container image that includes a Busybox shell. This image is not intended for production. You will need to stop the non-debug container and start again with the debug version to use. @@ -363,7 +363,7 @@ $ docker run --hostname localhost --name teleport \ -Now you can open a `sh` shell within the docker container to perform any troubleshooting. +Now you can open a `sh` shell within the Docker container to perform any troubleshooting. ```code $ docker exec -it teleport sh From d162b68fa672059efaa84bf081a14a6210f2f3f9 Mon Sep 17 00:00:00 2001 From: alexfornuto Date: Fri, 14 Apr 2023 16:48:39 -0500 Subject: [PATCH 3/9] formatting --- docs/pages/management/guides/docker.mdx | 40 +++++++++++++------------ 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/docs/pages/management/guides/docker.mdx b/docs/pages/management/guides/docker.mdx index 3961ad75bec79..ef0f39b0cec8a 100644 --- a/docs/pages/management/guides/docker.mdx +++ b/docs/pages/management/guides/docker.mdx @@ -24,11 +24,11 @@ server access is given. - Docker v(=docker.version=) or later. -```code -$ docker version -# Client: Docker Engine - Community -# Version: (=docker.version=) -``` + ```code + $ docker version + # Client: Docker Engine - Community + # Version: (=docker.version=) + ``` - The `tsh` client tool, which ships with the `teleport` binary. Visit [Download Teleport](https://goteleport.com/download/) to download `tsh`. @@ -40,11 +40,11 @@ $ docker version Teleport Sales Team. - Docker v(=docker.version=) or later. -```code -$ docker version -# Client: Docker Engine - Community -# Version: (=docker.version=) -``` + ```code + $ docker version + # Client: Docker Engine - Community + # Version: (=docker.version=) + ``` - The `tsh` client tool, which ships with the `teleport` binary. Visit the [customer portal](https://dashboard.gravitational.com/web/login) to download Teleport. @@ -108,6 +108,7 @@ $ TELEPORT_DOCKER_IMAGE=(=teleport.latest_ent_docker_image=) # into the container. $ mkdir -p ~/teleport/config ~/teleport/data ``` + (!docs/pages/includes/enterprise/obtainlicense.mdx!) Move your `license.pem` file to `~/teleport/data`. @@ -158,12 +159,14 @@ accessing a server through Teleport by installing the Teleport SSH Service on an Ubuntu Docker container. Here are the steps. First start an Ubuntu container: + ```code $ docker run -it --name=example-server --hostname=example-server ubuntu:latest bash ``` + ```code # Docker container will start and you can install Teleport $ apt update && apt install curl -y @@ -186,8 +189,10 @@ https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/v12" \ $ apt-get update $ apt-get install teleport ``` + + ```code # Docker container will start and you can install Teleport $ apt update && apt install curl -y @@ -210,12 +215,12 @@ https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/v12" \ $ apt-get update $ apt-get install teleport-ent ``` + - -Keep the docker `example-server` Terminal running and run a separate command -in another terminal to add a node. +Keep the docker `example-server` terminal running and run a separate command +in another terminal to add a node: ```code $ docker exec teleport tctl nodes add @@ -256,7 +261,7 @@ $ tsh login --proxy=localhost --insecure --user=testuser ``` - The `--insecure` flag is not recommended in production but can be used to bypass certain TLS and port requirements when testing locally. +The `--insecure` flag is not recommended in production but can be used to bypass certain TLS and port requirements when testing locally. You will be prompted to enter the password and One-Time Passcode you created for your user `testuser`: @@ -269,7 +274,7 @@ Enter your OTP token: After successfully authenticating you should see the following in your terminal: -``` +```text WARNING: You are using insecure connection to Teleport proxy https://localhost:3080 > Profile URL: https://localhost:3080 Logged in as: testuser @@ -290,7 +295,7 @@ $ tsh ls # example-server 172.17.0.3:3022 ``` -To SSH into the local Node called `example-server`: +To SSH into the local container called `example-server`: ```code $ tsh ssh root@example-server @@ -345,7 +350,6 @@ $ docker run --hostname localhost --name teleport \ - Use the debug image with the same data and configuration. ```code @@ -370,8 +374,6 @@ $ docker exec -it teleport sh $ tctl status ``` - - ## Next steps - Try out one of our [Helm Guides](../../deploy-a-cluster/helm-deployments.mdx). From 93d903b2688b4c2cd50e9e1330ff33dcc0fa6da4 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Tue, 25 Apr 2023 05:48:51 -0700 Subject: [PATCH 4/9] Updates including providing info on distroless, usage change --- docs/pages/includes/docker-images-oss.mdx | 5 ++++- docs/pages/includes/enterprise/docker-images.mdx | 4 +++- docs/pages/management/guides/docker.mdx | 6 +----- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/docs/pages/includes/docker-images-oss.mdx b/docs/pages/includes/docker-images-oss.mdx index cc93575904ca2..fe5df259e79ad 100644 --- a/docs/pages/includes/docker-images-oss.mdx +++ b/docs/pages/includes/docker-images-oss.mdx @@ -1,5 +1,8 @@ We provide a pre-built multi-arch Docker image for every version of Teleport, -including images for `amd64`, `arm`, and `arm64` architectures. +including images for `amd64`, `arm`, and `arm64` architectures. Our +images are provided as distroless that provides only Teleport binaries +and their application dependencies. To learn more about the advantages +and specifics of distroless images see the [Distroless Debian 11 README](https://github.com/GoogleContainerTools/distroless). These images are hosted on Amazon ECR Public. All tags under `public.ecr.aws/gravitational/teleport-distroless` [are Teleport Open Source images](https://gallery.ecr.aws/gravitational/teleport-distroless). diff --git a/docs/pages/includes/enterprise/docker-images.mdx b/docs/pages/includes/enterprise/docker-images.mdx index 1261a2f3641ed..fdc7f9ce9d04a 100644 --- a/docs/pages/includes/enterprise/docker-images.mdx +++ b/docs/pages/includes/enterprise/docker-images.mdx @@ -1,5 +1,7 @@ This table gives an idea of how our image naming scheme works. We offer images which point to a static version of Teleport Enterprise, as well as images which are -automatically rebuilt every night. +automatically rebuilt every night. Our images are provided as distroless that provides only Teleport binaries +and their application dependencies. To learn more about the advantages +and specifics of distroless images see the [Distroless Debian 11 README](https://github.com/GoogleContainerTools/distroless). Nightly images point to the latest version of Teleport Enterprise from the three most recent release branches. They are stable, and we recommend their use to easily keep your Teleport Enterprise installation up to date. diff --git a/docs/pages/management/guides/docker.mdx b/docs/pages/management/guides/docker.mdx index ef0f39b0cec8a..cc2e3ba09c34d 100644 --- a/docs/pages/management/guides/docker.mdx +++ b/docs/pages/management/guides/docker.mdx @@ -7,16 +7,12 @@ h1: Run Teleport using Docker This guide will explain how to run a container using one of Teleport's Docker images and execute commands on that container via Teleport's `tsh` client. - - Since all of Teleport's services are run from the same binary, you can -use our Docker image to run Node services (e.g., the Database Service or App +use our Docker image to run Teleport services (e.g., the Database Service or App Service) or explore the Auth and Proxy Services locally. The distroless container does not allow running shells by default so an example of adding another Ubuntu container for server access is given. - - ## Prerequisites From 5549aa603f3a0696fc2098bb10d1ccd236758d41 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Thu, 27 Apr 2023 09:51:54 -0700 Subject: [PATCH 5/9] format length --- .../includes/enterprise/docker-images.mdx | 35 ++++++++++++------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/docs/pages/includes/enterprise/docker-images.mdx b/docs/pages/includes/enterprise/docker-images.mdx index fdc7f9ce9d04a..88190fabdcdff 100644 --- a/docs/pages/includes/enterprise/docker-images.mdx +++ b/docs/pages/includes/enterprise/docker-images.mdx @@ -1,15 +1,24 @@ -This table gives an idea of how our image naming scheme works. We offer images which point to a static version of Teleport Enterprise, as well as images which are -automatically rebuilt every night. Our images are provided as distroless that provides only Teleport binaries -and their application dependencies. To learn more about the advantages -and specifics of distroless images see the [Distroless Debian 11 README](https://github.com/GoogleContainerTools/distroless). - -Nightly images point to the latest version of Teleport Enterprise from the three most recent release branches. -They are stable, and we recommend their use to easily keep your Teleport Enterprise installation up to date. - -These images are hosted on our [Amazon ECR Public repository](https://gallery.ecr.aws/gravitational/teleport-ent-distroless). All tags under `public.ecr.aws/gravitational/teleport-ent-distroless` are Teleport Enterprise images. Each tag points to a multi-arch image, containing Teleport for `arm`, `arm64` and `amd64`. +This table gives an idea of how our image naming scheme works. We offer images +which point to a static version of Teleport Enterprise, as well as images which are +automatically rebuilt every night. Our images are provided as distroless that +provides only Teleport binaries and their application dependencies. To learn +more about the advantages and specifics of distroless images see +the [Distroless Debian 11 README](https://github.com/GoogleContainerTools/distroless). + +Nightly images point to the latest version of Teleport Enterprise from the three +most recent release branches. They are stable, and we recommend their use to easily +keep your Teleport Enterprise installation up to date. + +These images are hosted on our [Amazon ECR Public repository](https://gallery.ecr.aws/gravitational/teleport-ent-distroless). +All tags under `public.ecr.aws/gravitational/teleport-ent-distroless` are +Teleport Enterprise images. Each tag points to a multi-arch image, containing +Teleport for `arm`, `arm64` and `amd64`. FIPS images are still posted to our [Legacy Amazon ECR Public repository](https://gallery.ecr.aws/gravitational/teleport-ent). -You can specify the architecture of a Teleport FIPS Docker image by adding a postfix to the image tag, e.g., `public.ecr.aws/gravitational/teleport:(=teleport.major_version=)-arm64`. Versions without an architecture postfix use the `amd64` architecture, e.g., `public.ecr.aws/gravitational/teleport:(=teleport.major_version=)`. +You can specify the architecture of a Teleport FIPS Docker image by adding a +postfix to the image tag, e.g., `public.ecr.aws/gravitational/teleport:(=teleport.major_version=)-arm64`. +Versions without an architecture postfix use the `amd64` architecture, e.g., +`public.ecr.aws/gravitational/teleport:(=teleport.major_version=)`. | Image name | Open Source or Enterprise? | Teleport version | Image automatically updated? | Includes troubleshooting tools | Image base | | - | - | - | - | - | - | @@ -20,10 +29,12 @@ You can specify the architecture of a Teleport FIPS Docker image by adding a pos | `(=teleport.latest_ent_debug_docker_image=)` | Enterprise | The version specified in the image's tag (i.e. (=teleport.version=)) | No | Yes | [Distroless Debian 11](https://github.com/GoogleContainerTools/distroless) | | `(=teleport.latest_ent_docker_image=)-fips` | Enterprise FIPS | The version specified in the image's tag (i.e. (=teleport.version=)) | No | Yes | [Ubuntu 20.04](https://hub.docker.com/\_/ubuntu) | -For testing, we always recommend that you use the latest release version of Teleport Enterprise, which is currently `(=teleport.latest_ent_docker_image=)`. +For testing, we always recommend that you use the latest release version of +Teleport Enterprise, which is currently `(=teleport.latest_ent_docker_image=)`. [Ubuntu 20.04](https://hub.docker.com/\_/ubuntu)-based images for non-FIPS Teleport are available from our [Legacy Amazon ECR Public repository](https://gallery.ecr.aws/gravitational/teleport-ent). -The `*-debug` images include a Busybox shell and tool suite in addition to Teleport, and are intended for troubleshooting deployments only. They are not intended for production use. +The `*-debug` images include a Busybox shell and tool suite in addition to Teleport, +and are intended for troubleshooting deployments only. They are not intended for production use. From 08a2c1cc461ce8c04f68cfaf2be54836e9e2f966 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Fri, 28 Apr 2023 05:26:31 -0700 Subject: [PATCH 6/9] Lint fix --- docs/pages/management/guides/docker.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/pages/management/guides/docker.mdx b/docs/pages/management/guides/docker.mdx index cc2e3ba09c34d..eff66e6b85763 100644 --- a/docs/pages/management/guides/docker.mdx +++ b/docs/pages/management/guides/docker.mdx @@ -34,6 +34,7 @@ server access is given. - A Teleport Enterprise account. If you do not have one, use our [signup form](https://goteleport.com/signup/enterprise/) to schedule a demo with the Teleport Sales Team. + - Docker v(=docker.version=) or later. ```code From 92453bc534037cd618ab224eb1b0e423c4daabd7 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Fri, 28 Apr 2023 11:48:22 -0400 Subject: [PATCH 7/9] verbiage update Co-authored-by: Paul Gottschling --- docs/pages/includes/docker-images-oss.mdx | 6 ++---- docs/pages/includes/enterprise/docker-images.mdx | 5 +---- docs/pages/management/guides/docker.mdx | 12 +++++------- 3 files changed, 8 insertions(+), 15 deletions(-) diff --git a/docs/pages/includes/docker-images-oss.mdx b/docs/pages/includes/docker-images-oss.mdx index fe5df259e79ad..a7c86c82f03ca 100644 --- a/docs/pages/includes/docker-images-oss.mdx +++ b/docs/pages/includes/docker-images-oss.mdx @@ -1,8 +1,6 @@ We provide a pre-built multi-arch Docker image for every version of Teleport, -including images for `amd64`, `arm`, and `arm64` architectures. Our -images are provided as distroless that provides only Teleport binaries -and their application dependencies. To learn more about the advantages -and specifics of distroless images see the [Distroless Debian 11 README](https://github.com/GoogleContainerTools/distroless). +including images for `amd64`, `arm`, and `arm64` architectures. Our images contain only Teleport binaries +and their application dependencies. These images are hosted on Amazon ECR Public. All tags under `public.ecr.aws/gravitational/teleport-distroless` [are Teleport Open Source images](https://gallery.ecr.aws/gravitational/teleport-distroless). diff --git a/docs/pages/includes/enterprise/docker-images.mdx b/docs/pages/includes/enterprise/docker-images.mdx index 88190fabdcdff..25ad0334044ed 100644 --- a/docs/pages/includes/enterprise/docker-images.mdx +++ b/docs/pages/includes/enterprise/docker-images.mdx @@ -1,9 +1,6 @@ This table gives an idea of how our image naming scheme works. We offer images which point to a static version of Teleport Enterprise, as well as images which are -automatically rebuilt every night. Our images are provided as distroless that -provides only Teleport binaries and their application dependencies. To learn -more about the advantages and specifics of distroless images see -the [Distroless Debian 11 README](https://github.com/GoogleContainerTools/distroless). +automatically rebuilt every night. Our images contain only Teleport binaries and their application dependencies. Nightly images point to the latest version of Teleport Enterprise from the three most recent release branches. They are stable, and we recommend their use to easily diff --git a/docs/pages/management/guides/docker.mdx b/docs/pages/management/guides/docker.mdx index eff66e6b85763..65959f943e655 100644 --- a/docs/pages/management/guides/docker.mdx +++ b/docs/pages/management/guides/docker.mdx @@ -8,10 +8,8 @@ This guide will explain how to run a container using one of Teleport's Docker images and execute commands on that container via Teleport's `tsh` client. Since all of Teleport's services are run from the same binary, you can -use our Docker image to run Teleport services (e.g., the Database Service or App -Service) or explore the Auth and Proxy Services locally. The distroless container -does not allow running shells by default so an example of adding another Ubuntu container for -server access is given. +use our Docker image to run Teleport services (e.g., the Database Service or Application +Service) or explore the Auth and Proxy Services locally. In this guide, we will also show you how to join a server (in this case, an Ubuntu container) to your local Dockerized Teleport cluster. ## Prerequisites @@ -160,7 +158,7 @@ First start an Ubuntu container: ```code $ docker run -it --name=example-server --hostname=example-server ubuntu:latest bash ``` - +After you start your shell within the Ubuntu container, run the following commands to install the Teleport SSH Service: @@ -217,7 +215,7 @@ $ apt-get install teleport-ent Keep the docker `example-server` terminal running and run a separate command -in another terminal to add a node: +in another terminal to create a join token that the Teleport SSH Service will use to establish trust with your Teleport cluster: ```code $ docker exec teleport tctl nodes add @@ -240,7 +238,7 @@ $ docker exec teleport tctl nodes add Copy the full `teleport start` command and run in the `example-server` docker terminal. -Open another terminal window and confirm the node was added +Open another terminal window and confirm that you joined the SSH Service to the cluster with `tctl nodes ls` on the `teleport` container. ```code From 3f2d1b2f26d098946f935a475192b7239c30517d Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Fri, 28 Apr 2023 11:49:06 -0400 Subject: [PATCH 8/9] verbiage update Co-authored-by: Paul Gottschling --- docs/pages/management/guides/docker.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/management/guides/docker.mdx b/docs/pages/management/guides/docker.mdx index 65959f943e655..566da43792794 100644 --- a/docs/pages/management/guides/docker.mdx +++ b/docs/pages/management/guides/docker.mdx @@ -214,7 +214,7 @@ $ apt-get install teleport-ent -Keep the docker `example-server` terminal running and run a separate command +Keep the Docker `example-server` terminal running and run a separate command in another terminal to create a join token that the Teleport SSH Service will use to establish trust with your Teleport cluster: ```code From 7eb4b2865efc452a7e23ab58b721fea871563fc2 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Fri, 28 Apr 2023 11:49:18 -0400 Subject: [PATCH 9/9] verbiage update Co-authored-by: Paul Gottschling --- docs/pages/management/guides/docker.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/management/guides/docker.mdx b/docs/pages/management/guides/docker.mdx index 566da43792794..aa129761315b8 100644 --- a/docs/pages/management/guides/docker.mdx +++ b/docs/pages/management/guides/docker.mdx @@ -236,7 +236,7 @@ $ docker exec teleport tctl nodes add # - 172.17.0.2:3025 must be reachable from the new node ``` -Copy the full `teleport start` command and run in the `example-server` docker terminal. +Copy the full `teleport start` command and run it in the `example-server` Docker container shell. Open another terminal window and confirm that you joined the SSH Service to the cluster with `tctl nodes ls` on the `teleport` container.