Teleport Auto Updater

README.md

Simple systemd service that checks /etc/teleport.yaml for the proxy URL, checks the teleport version of the proxy, and attempts to upgrade and apt-mark hold the teleport package. timer unit kicks it off once a day.

to install:

dependencies include curl and yq

apt-get update && apt-get -y install curl
wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq && chmod +x /usr/local/bin/yq

sudo cp auto-update-teleport /usr/sbin/auto-update-teleport
sudo chmod a+x /usr/sbin/auto-update-teleport

sudo cp auto-update-teleport.service auto-update-teleport.timer /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable auto-update-teleport.timer
sudo systemctl start auto-update-teleport.timer

to manually invoke once

sudo systemctl start auto-update-teleport.service

auto-update-teleport

#!/bin/bash

set -e

PROXY=$(cat /etc/teleport.yaml | yq '.teleport | .auth_servers[0] // .proxy_server')
VERSION=$(curl -s https://${PROXY}/webapi/ping | yq -r .server_version)

apt-get update 2>&1 > /dev/null
apt-get install -y --allow-change-held-packages teleport-ent=${VERSION}
apt-mark hold teleport-ent

teleport configure --test /etc/teleport.yaml

systemctl reload teleport

auto-update-teleport.service

[Unit]
Description=Check for teleport upgrade

[Service]
Type=oneshot
User=root
ExecStart=/usr/sbin/auto-update-teleport

auto-update-teleport.timer

[Unit]
Description=Run auto-update-teleport.service once a day

[Timer]
OnCalendar=*-*-* 04:10:00
RandomizedDelaySec=600
Persistent=true

[Install]
WantedBy=timers.target