Closed rgreil closed 4 months ago
This doesn't seem in scope for a tool like Teleport..
This doesn't seem in scope for a tool like Teleport..
Why not? Pretty sure that I'm not the only one who shuts down nodes when they are not used.
This doesn't seem in scope for a tool like Teleport..
Why not? Pretty sure that I'm not the only one who shuts down nodes when they are not used.
If there are some examples from access use cases like ssh
that already work that would be helpful to know. Otherwise it seems other tools are used to start or unsuspend machines.
This is all what's needed to start a maschine via WOL:
echo -e $(echo $(printf 'f%.0s' {1..12}; printf "$(echo $MAC | sed 's/://g')%.0s" {1..16}) | sed -e 's/../\x&/g') | nc -w1 -u -b 255.255.255.255 4000
It would be just super convenient having this in the web gui. Then the user could start the machine and afterwards ssh into it.
Teleport access is largely based on long-lived reverse tunnels. In most deployments the Teleport proxy has no way to reach out to a node unless the tunnel is already open.
Teleport access is largely based on long-lived reverse tunnels. In most deployments the Teleport proxy has no way to reach out to a node unless the tunnel is already open.
At least for Windows, the proxy needs to be in the local network. Otherwise RDP would need to be opened to the Internet. This proxy would bei the perfect place for doing wol.
The windows agent has to be in the same network, but not the teleport proxy which is what serves the web UI.
While this would work for RDP, we do not have a similar "gateway" mode for SSH. The agent runs on the instance that would be powered down, so this wouldn't work.
We see the request, and will consider a closer look in the future if we see a large amount of interest.
There is some discussion of a potential "gateway" mode for the ssh_service
which would make this slightly more viable: https://github.com/gravitational/teleport/issues/28541
There is a more fundamental issue here though; Teleport is a layer 3 tool which relies on IP connectivity, whereas WOL is a layer 2 operation which would require that Teleport keep a record of every node's MAC address. This would be a substantial change.
There is some discussion of a potential "gateway" mode for the
ssh_service
which would make this slightly more viable: #28541There is a more fundamental issue here though; Teleport is a layer 3 tool which relies on IP connectivity, whereas WOL is a layer 2 operation which would require that Teleport keep a record of every node's MAC address. This would be a substantial change.
I would request the user to configure the MAC. E.g. wol_mac
Haven't seen significant interest or traction here, so closing as not planned for now. Happy to reevaluate in the future if things change.
What would you like Teleport to do?
Tun on nodes via Wake on LAN.
What problem does this solve?
Using 3rd party tools to turn on nodes which are shut down.
If a workaround exists, please include it.
Using 3rd party tools which can tun on nodes via Wake on LAN.