From 27e0c574c0f3733bb41c295ef14133a2276a03d8 Mon Sep 17 00:00:00 2001 From: stevenGravy Date: Sat, 9 Nov 2024 06:39:46 -0500 Subject: [PATCH 1/2] docs: update managed dbs --- .../mongodb-atlas.mdx | 141 ++++++------------ .../enroll-managed-databases/snowflake.mdx | 62 ++++---- 2 files changed, 80 insertions(+), 123 deletions(-) diff --git a/docs/pages/enroll-resources/database-access/enroll-managed-databases/mongodb-atlas.mdx b/docs/pages/enroll-resources/database-access/enroll-managed-databases/mongodb-atlas.mdx index 65305bc4bc706..e2d9fa303419b 100644 --- a/docs/pages/enroll-resources/database-access/enroll-managed-databases/mongodb-atlas.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-managed-databases/mongodb-atlas.mdx @@ -40,98 +40,7 @@ or AWS IAM: Service. - (!docs/pages/includes/tctl.mdx!) -## Step 1/4. Set up the Teleport Database Service - -(!docs/pages/includes/tctl-token.mdx serviceName="Database" tokenType="db" tokenFile="/tmp/token"!) - -Install Teleport on the host where you will run the Teleport Database Service: - -(!docs/pages/includes/install-linux.mdx!) - -Next, start the Database Service. - - - - -On the node where you will run the Database Service, start Teleport, pointing -the `--auth-server` flag at the address of your Teleport Proxy Service: - -```code -$ sudo teleport db start \ - --token=/tmp/token \ - --auth-server= \ - --name=mongodb-atlas \ - --protocol=mongodb \ - --uri=mongodb+srv://cluster0.abcde.mongodb.net \ - --labels=env=dev -``` - - - The `--auth-server` flag must point to the Teleport cluster's Proxy Service endpoint - because the Database Service always connects back to the cluster over a reverse - tunnel. - - - - - -On the node where you will run the Teleport Database Service, add the following -in `/etc/teleport.yaml`: - -```yaml -version: v3 -teleport: - auth_token: "/tmp/token" - proxy_server: - -# disable services that are on by default -ssh_service: { enabled: no } -proxy_service: { enabled: no } -auth_service: { enabled: no } - -db_service: - enabled: "yes" - databases: - - name: "mongodb-atlas" - protocol: "mongodb" - uri: "mongodb+srv://cluster0.abcde.mongodb.net" - static_labels: - env: "dev" -``` - -(!docs/pages/includes/start-teleport.mdx service="the Teleport Database Service"!) - -See the full [YAML reference](../../../reference/agent-services/database-access-reference/configuration.mdx) for details. - - - - -See below for details on how to configure the Teleport Database Service. - -### Connection endpoint - -You will need to provide your Atlas cluster's connection endpoint for the `db_service.databases[*].uri` configuration option or `--uri` CLI flag. You can find this via the Connect dialog on the Database Deployments overview page: - -![Connect](../../../../img/database-access/guides/atlas/atlas-connect-btn@2x.png) - -Go through the "Setup connection security" step and select "Connect with the -MongoDB shell" to view the connection string: - -![Connection string](../../../../img/database-access/guides/atlas/atlas-connect@2x.png) - -Use only the scheme and hostname parts of the connection string in the URI: - -```code -$ --uri=mongodb+srv://cluster0.abcde.mongodb.net -``` - -## Step 2/4. Create a Teleport user - -(!docs/pages/includes/database-access/create-user.mdx!) - -(!docs/pages/includes/database-access/mongodb-required-database-access.mdx!) - -## Step 3/4. Configure Atlas +## Step 1/4. Configure Atlas Teleport MongoDB Atlas integration supports two methods of authentication: - Self-managed X.509: This method relies on certificates for authentication, @@ -229,6 +138,54 @@ it exclusively supports authentication using AWS IAM roles. +## Step 2/4. Create a Teleport user + +(!docs/pages/includes/database-access/create-user.mdx!) + +(!docs/pages/includes/database-access/mongodb-required-database-access.mdx!) + +## Step 3/4. Set up the Teleport Database Service + +(!docs/pages/includes/tctl-token.mdx serviceName="Database" tokenType="db" tokenFile="/tmp/token"!) + +Install and configure Teleport where you will run the Teleport Database Service: + + + + +(!docs/pages/includes/install-linux.mdx!) + +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="mongodb-atlas" dbProtocol="mongodb" databaseAddress="mongodb+srv://cluster0.abcde.mongodb.net" !) + + + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. + + (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!) + + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="mongodb-atlas" dbProtocol="mongodb" databaseAddress="mongodb+srv://cluster0.abcde.mongodb.net" !) + + + +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) + +### Connection endpoint + +You will need to provide your Atlas cluster's connection endpoint for the `db_service.databases[*].uri` configuration option or `--uri` CLI flag. You can find this via the Connect dialog on the Database Deployments overview page: + +![Connect](../../../../img/database-access/guides/atlas/atlas-connect-btn@2x.png) + +Go through the "Setup connection security" step and select "Connect with the +MongoDB shell" to view the connection string: + +![Connection string](../../../../img/database-access/guides/atlas/atlas-connect@2x.png) + +Use only the scheme and hostname parts of the connection string in the URI: + +```code +$ --uri=mongodb+srv://cluster0.abcde.mongodb.net +``` + ## Step 4/4. Connect Log into your Teleport cluster and see available databases: diff --git a/docs/pages/enroll-resources/database-access/enroll-managed-databases/snowflake.mdx b/docs/pages/enroll-resources/database-access/enroll-managed-databases/snowflake.mdx index 0b38973b3278f..80718daac12a6 100644 --- a/docs/pages/enroll-resources/database-access/enroll-managed-databases/snowflake.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-managed-databases/snowflake.mdx @@ -37,36 +37,7 @@ forwards the user's requests to Snowflake as Teleport-authenticated messages. - (!docs/pages/includes/tctl.mdx!) -## Step 1/5. Set up the Teleport Database Service - -(!docs/pages/includes/tctl-token.mdx serviceName="Database" tokenType="db" tokenFile="/tmp/token"!) - -Install and configure Teleport where you will run the Teleport Database Service: - - - - -(!docs/pages/includes/install-linux.mdx!) - -(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="abc12345.snowflakecomputing.com" !) - - - - Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. - - (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!) - - (!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="abc12345.snowflakecomputing.com" !) - - - -(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) - -## Step 2/5. Create a Teleport user - -(!docs/pages/includes/database-access/create-user.mdx!) - -## Step 3/5. Export a public key +## Step 1/5. Export a public key Use the `tctl auth sign` command below to export a public key for your Snowflake user: @@ -78,7 +49,7 @@ The command will create a `server.pub` file with Teleport's public key. Teleport generate a JWT (JSON Web Token) that will be used to authenticate to Snowflake. -## Step 4/5. Add the public key to your Snowflake user +## Step 2/5. Add the public key to your Snowflake user Use the public key you generated earlier to enable key pair authentication. @@ -100,6 +71,35 @@ desc user alice; See the [Snowflake documentation](https://docs.snowflake.com/en/user-guide/key-pair-auth.html#step-4-assign-the-public-key-to-a-snowflake-user) for more details. +## Step 3/5. Create a Teleport user + +(!docs/pages/includes/database-access/create-user.mdx!) + +## Step 4/5. Set up the Teleport Database Service + +(!docs/pages/includes/tctl-token.mdx serviceName="Database" tokenType="db" tokenFile="/tmp/token"!) + +Install and configure Teleport where you will run the Teleport Database Service: + + + + +(!docs/pages/includes/install-linux.mdx!) + +(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="abc12345.snowflakecomputing.com" !) + + + + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. + + (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!) + + (!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="abc12345.snowflakecomputing.com" !) + + + +(!docs/pages/includes/database-access/multiple-instances-tip.mdx !) + ## Step 5/5. Connect Log in to your Teleport cluster and see the available databases: From 923eaf587e6a5e78b83c6e8580372ea271b1b084 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Mon, 6 Jan 2025 08:59:11 -0500 Subject: [PATCH 2/2] docs: verbiage changes for mged dbs Co-authored-by: Paul Gottschling --- .../database-access/enroll-managed-databases/snowflake.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/pages/enroll-resources/database-access/enroll-managed-databases/snowflake.mdx b/docs/pages/enroll-resources/database-access/enroll-managed-databases/snowflake.mdx index 80718daac12a6..46720b87881fd 100644 --- a/docs/pages/enroll-resources/database-access/enroll-managed-databases/snowflake.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-managed-databases/snowflake.mdx @@ -79,7 +79,7 @@ for more details. (!docs/pages/includes/tctl-token.mdx serviceName="Database" tokenType="db" tokenFile="/tmp/token"!) -Install and configure Teleport where you will run the Teleport Database Service: +Install and configure Teleport on the server where you will run the Teleport Database Service: @@ -90,7 +90,7 @@ Install and configure Teleport where you will run the Teleport Database Service: - Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters. + Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes clusters. (!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)