mariaDB-teleport
MariaDB with Teleport Agent for https://goteleport.com/docs/database-access/guides/mysql-self-hosted/
How to Use
Data Dir of mysql server /var/lib/mysql
Use with Teleport
Create a Token for Connection with Teleport Proxy
tctl tokens add --type=db
Create Config for Teleport
you will get a output with something like this
teleport db configure create \
--token=YOUR TOKEN \
--ca-pin=YOUR CA PIN \
--proxy=PROXY NODE \
--name=NAME YOUR DB \
--protocol=mysql \
--uri=localhost:3306 \
--output teleport.yaml
Copy or Bind teleport.yaml to /etc/teleport.yaml Bind a Data Folder for Teleport on /var/lib/teleport it will store the
- host_uuid
- proc
- log
Create Certs for DB Connection over Teleport Proxy
Generate Certs with Teleport Agent or on Teleport Node, Certs will be valid for 3 Monthes if not less or big change --ttl
tctl auth sign --format=db --host=localhost --out=server --ttl=2190h
Copy or Bind a Folder with the Files to /certs/
- server.crt
- server.key
- server.cas
Start Docker Container here
Create User or Update Existing ones
If you're creating a new user:
CREATE USER 'alice'@'%' REQUIRE SUBJECT '/CN=alice';
If you're updating an existing user:
ALTER USER 'alice'@'%' REQUIRE SUBJECT '/CN=alice';
By default, the created user may not have access to anything and won't be able to connect, so let's grant it some permissions:
GRANT ALL ON `%`.* TO 'alice'@'%';