Explicitly set agent nodename to the host's FQDN

Justin Cameronrequested to merge
jcamgl/manually-specify-nodename into master

This explicitly sets the nodename config value (see https://goteleport.com/docs/reference/deployment/config/#instance-wide-settings) to the fully-qualified domain name.

Why?

nodename is the value Teleport uses to identify individual agents. If unset, it defaults to the hostname.

This would usually not be an issue, however there are cases where multiple hosts share the same hostname. This can occur with high availability or sharding configurations such as gitlab.com's Gitaly infrastructure

https://gitlab.com/gitlab-com/gl-infra/production-engineering/-/work_items/27571+ is either caused or exacerbated by this misconfiguration.

Impact

  1. All teleport nodes will undergo a name change
  2. The teleport agent service will need to be restarted on all nodes, which will kill any existing sessions.

As all teleport nodes are currently using their hostname as nodename, this change will cause all existing nodes to change their names.

Join tokens should not need to be re-provisioned, however there is a possibility that some nodes may require this. This change was manually tested on a single staging node and the node was able to re-connect successfully without a join token.

Edited by Justin Cameron

Merge request reports