Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: update managed dbs #48725

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

docs: update managed dbs #48725

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
27e0c57
docs: update managed dbs
stevenGravy Nov 9, 2024
c959589
Merge branch 'master' into stevenGravy/cloud-managed-db
stevenGravy Jan 6, 2025
923eaf5
docs: verbiage changes for mged dbs
stevenGravy Jan 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
141 changes: 49 additions & 92 deletions ...ges/enroll-resources/database-access/enroll-managed-databases/mongodb-atlas.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,98 +40,7 @@ or AWS IAM:
Service.
- (!docs/pages/includes/tctl.mdx!)

## Step 1/4. Set up the Teleport Database Service

(!docs/pages/includes/tctl-token.mdx serviceName="Database" tokenType="db" tokenFile="/tmp/token"!)

Install Teleport on the host where you will run the Teleport Database Service:

(!docs/pages/includes/install-linux.mdx!)

Next, start the Database Service.

<Tabs>
<TabItem label="Teleport CLI">

On the node where you will run the Database Service, start Teleport, pointing
the `--auth-server` flag at the address of your Teleport Proxy Service:

```code
$ sudo teleport db start \
--token=/tmp/token \
--auth-server=<Var name="example.teleport.sh:443" /> \
--name=mongodb-atlas \
--protocol=mongodb \
--uri=mongodb+srv://cluster0.abcde.mongodb.net \
--labels=env=dev
```

<Admonition type="note">
The `--auth-server` flag must point to the Teleport cluster's Proxy Service endpoint
because the Database Service always connects back to the cluster over a reverse
tunnel.
</Admonition>

</TabItem>
<TabItem label="Configuration file">

On the node where you will run the Teleport Database Service, add the following
in `/etc/teleport.yaml`:

```yaml
version: v3
teleport:
auth_token: "/tmp/token"
proxy_server: <Var name="example.teleport.sh:443" />

# disable services that are on by default
ssh_service: { enabled: no }
proxy_service: { enabled: no }
auth_service: { enabled: no }

db_service:
enabled: "yes"
databases:
- name: "mongodb-atlas"
protocol: "mongodb"
uri: "mongodb+srv://cluster0.abcde.mongodb.net"
static_labels:
env: "dev"
```

(!docs/pages/includes/start-teleport.mdx service="the Teleport Database Service"!)

See the full [YAML reference](../../../reference/agent-services/database-access-reference/configuration.mdx) for details.

</TabItem>
</Tabs>

See below for details on how to configure the Teleport Database Service.

### Connection endpoint

You will need to provide your Atlas cluster's connection endpoint for the `db_service.databases[*].uri` configuration option or `--uri` CLI flag. You can find this via the Connect dialog on the Database Deployments overview page:

![Connect](../../../../img/database-access/guides/atlas/[email protected])

Go through the "Setup connection security" step and select "Connect with the
MongoDB shell" to view the connection string:

![Connection string](../../../../img/database-access/guides/atlas/[email protected])

Use only the scheme and hostname parts of the connection string in the URI:

```code
$ --uri=mongodb+srv://cluster0.abcde.mongodb.net
```

## Step 2/4. Create a Teleport user

(!docs/pages/includes/database-access/create-user.mdx!)

(!docs/pages/includes/database-access/mongodb-required-database-access.mdx!)

## Step 3/4. Configure Atlas
## Step 1/4. Configure Atlas

Teleport MongoDB Atlas integration supports two methods of authentication:
- Self-managed X.509: This method relies on certificates for authentication,
Expand Down Expand Up @@ -229,6 +138,54 @@ it exclusively supports authentication using AWS IAM roles.
</TabItem>
</Tabs>

## Step 2/4. Create a Teleport user

(!docs/pages/includes/database-access/create-user.mdx!)

(!docs/pages/includes/database-access/mongodb-required-database-access.mdx!)

## Step 3/4. Set up the Teleport Database Service

(!docs/pages/includes/tctl-token.mdx serviceName="Database" tokenType="db" tokenFile="/tmp/token"!)

Install and configure Teleport where you will run the Teleport Database Service:

<Tabs>
<TabItem label="Linux Server">

(!docs/pages/includes/install-linux.mdx!)

(!docs/pages/includes/database-access/db-configure-start.mdx dbName="mongodb-atlas" dbProtocol="mongodb" databaseAddress="mongodb+srv://cluster0.abcde.mongodb.net" !)

</TabItem>
<TabItem label="Kubernetes Cluster">
Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters.

(!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)

(!docs/pages/includes/database-access/db-helm-install.mdx dbName="mongodb-atlas" dbProtocol="mongodb" databaseAddress="mongodb+srv://cluster0.abcde.mongodb.net" !)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should change this partial so it doesn't include tabs. Otherwise, we get a nested Tabs component, which is a poor user experience.

</TabItem>
</Tabs>

(!docs/pages/includes/database-access/multiple-instances-tip.mdx !)

### Connection endpoint

You will need to provide your Atlas cluster's connection endpoint for the `db_service.databases[*].uri` configuration option or `--uri` CLI flag. You can find this via the Connect dialog on the Database Deployments overview page:

![Connect](../../../../img/database-access/guides/atlas/[email protected])

Go through the "Setup connection security" step and select "Connect with the
MongoDB shell" to view the connection string:

![Connection string](../../../../img/database-access/guides/atlas/[email protected])

Use only the scheme and hostname parts of the connection string in the URI:

```code
$ --uri=mongodb+srv://cluster0.abcde.mongodb.net
```

## Step 4/4. Connect

Log into your Teleport cluster and see available databases:
Expand Down
62 changes: 31 additions & 31 deletions docs/pages/enroll-resources/database-access/enroll-managed-databases/snowflake.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,36 +37,7 @@ forwards the user's requests to Snowflake as Teleport-authenticated messages.

- (!docs/pages/includes/tctl.mdx!)

## Step 1/5. Set up the Teleport Database Service

(!docs/pages/includes/tctl-token.mdx serviceName="Database" tokenType="db" tokenFile="/tmp/token"!)

Install and configure Teleport where you will run the Teleport Database Service:

<Tabs>
<TabItem label="Linux Server">

(!docs/pages/includes/install-linux.mdx!)

(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="abc12345.snowflakecomputing.com" !)

</TabItem>
<TabItem label="Kubernetes Cluster">
Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters.

(!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)

(!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="abc12345.snowflakecomputing.com" !)
</TabItem>
</Tabs>

(!docs/pages/includes/database-access/multiple-instances-tip.mdx !)

## Step 2/5. Create a Teleport user

(!docs/pages/includes/database-access/create-user.mdx!)

## Step 3/5. Export a public key
## Step 1/5. Export a public key

Use the `tctl auth sign` command below to export a public key for your Snowflake user:

Expand All @@ -78,7 +49,7 @@ The command will create a `server.pub` file with Teleport's public key. Teleport
generate a JWT (JSON Web Token) that will be used to authenticate to Snowflake.


## Step 4/5. Add the public key to your Snowflake user
## Step 2/5. Add the public key to your Snowflake user

Use the public key you generated earlier to enable key pair authentication.

Expand All @@ -100,6 +71,35 @@ desc user alice;
See the [Snowflake documentation](https://docs.snowflake.com/en/user-guide/key-pair-auth.html#step-4-assign-the-public-key-to-a-snowflake-user)
for more details.

## Step 3/5. Create a Teleport user

(!docs/pages/includes/database-access/create-user.mdx!)

## Step 4/5. Set up the Teleport Database Service

(!docs/pages/includes/tctl-token.mdx serviceName="Database" tokenType="db" tokenFile="/tmp/token"!)

Install and configure Teleport where you will run the Teleport Database Service:
stevenGravy marked this conversation as resolved.
Show resolved Hide resolved

<Tabs>
<TabItem label="Linux Server">

(!docs/pages/includes/install-linux.mdx!)

(!docs/pages/includes/database-access/db-configure-start.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="abc12345.snowflakecomputing.com" !)

</TabItem>
<TabItem label="Kubernetes Cluster">
Teleport provides Helm charts for installing the Teleport Database Service in Kubernetes Clusters.
stevenGravy marked this conversation as resolved.
Show resolved Hide resolved

(!docs/pages/includes/kubernetes-access/helm/helm-repo-add.mdx!)

(!docs/pages/includes/database-access/db-helm-install.mdx dbName="example-snowflake" dbProtocol="snowflake" databaseAddress="abc12345.snowflakecomputing.com" !)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This partial also includes a Tabs component, leading to more nested tabs. Since the two tab items are nearly identical, I think it would make sense to use variables where the values differ between tabs and explain the user how to assign values.

</TabItem>
</Tabs>

(!docs/pages/includes/database-access/multiple-instances-tip.mdx !)

## Step 5/5. Connect

Log in to your Teleport cluster and see the available databases:
Expand Down
Loading