search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.63k stars 1.76k forks source link

Example ha-autoscale-cluster Terraform locks.tf misleading comment "for demonstration purposes only" #6784

Closed highb closed 3 years ago

highb commented 3 years ago

https://github.com/gravitational/teleport/blob/82185f232ae8974258397e121b3bc2ed0c3729ed/examples/aws/terraform/ha-autoscale-cluster/locks.tf#L4

// Locks is a dynamodb table used as a distributed lock
// to make sure there is only one auth server doing
// letsencrypt certificate renewal, this is not critical for teleport
// and is purely for demonstration purposes

This comment implies that the locks table isn't necessary and could be removed. So, I did! πŸ˜† But the teleport-lock script still expects that table to be available by default. The comment about this table being "for demonstration purposes only" is inaccurate as the application seemingly will not start without it. I have re-added the locks.tf code and I'm going to create the locks table now, so hopefully that resolves the issue. 🀞 

[root@ip-10-251-0-157 ec2-user]# journalctl | grep teleport | less
...
May 07 21:00:01 ip-10-251-0-157.us-west-2.compute.internal teleport-lock[18938]: ++ TELEPORT_INFLUXDB_ADDRESS=http://engops-teleport-monitor-de7d2268cd711c5e.elb.us-west-2.amazonaws.com:80[root@ip-10-251-0-157 ec2-user]# aws dynamodb put-item --region us-west-2 --table-name --item '{"Lock": {"S": "/auth/servers"}, "Expires":
> {"S": "1620352734"}, "Process": {"S": "ip-10-251-0-157.us-west-2.compute.internal"}}' '--condition-expression=(attribute_not_exists(Expires) OR Expires <= :timestamp) OR Process = :process
> ' --expression-attribute-values '{":timestamp":{"S":"1620349074"}, ":process":{"S":"ip-10-251-0-157.us-west-2.compute.internal"}}'
Note: AWS CLI version 2, the latest major version of the AWS CLI, is now stable and recommended for general use. For more information, see the AWS CLI version 2 installation instructions at: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:

  aws help
  aws <command> help
  aws <command> <subcommand> help
aws: error: argument --table-name: expected one argument
webvictim commented 3 years ago

Fixed, thanks for the issue!

highb commented 3 years ago

Thanks for the fix!