Skip to content

Commit

Permalink
next
Browse files Browse the repository at this point in the history
  • Loading branch information
@sclevine
sclevine committed Feb 11, 2025
1 parent 6b84e46 commit 1ed1c09
Showing 1 changed file with 17 additions and 17 deletions.
34 changes: 17 additions & 17 deletions docs/pages/reference/cli/teleport-update.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,27 +25,27 @@ The primary commands for `teleport-update` are as follows:

## teleport-update enable

Initializes a certificate destination directory for access from a separate bot
user. Allows for certificates to be written to disks other than a Machine ID
client, configuring either file or POSIX ACL permissions.
Enables agent auto-updates and performs an initial installation of the Teleport agent.
This command also creates a systemd timer that periodically runs the update subcommand.

Note that most use cases should instead use tbot's runtime ACL management by
specifying allowed reader users and groups in the
[destination configuration](../machine-id/configuration.mdx#directory).
If Teleport is already installed, `enable` will update to the cluster-advertised version
and ensure managed updates are enabled.

Most flags passed to `enable` are persisted for `update`.
To change these flags, run `enable` again with the new flags.

### Flags

| Flag | Description |
|---------------------|------------------------------------------------------------------------------------------------------------------------|
| `-d/--debug` | Enable verbose logging to stderr. |
| `-c/--config` | Path to a Machine ID configuration file. |
| `--destination-dir` | Directory to write short-lived machine certificates to. |
| `--owner` | Defines the Linux `user:group` owner of `--destination-dir`. Defaults to the Linux user running `tbot` if unspecified. |
| `--bot-user` | Enables POSIX ACLs and defines the Linux user that can read/write short-lived certificates to `--destination-dir`. |
| `--reader-user` | Enables POSIX ACLs and defines the Linux user that will read short-lived certificates from `--destination-dir`. |
| `--init-dir` | If using a config file and multiple destinations are configured, controls which destination dir to configure. |
| `--clean` | If set, remove unexpected files and directories from the destination. |
| `--log-format` | Controls the format of output logs. Can be `json` or `text`. Defaults to `text`. |
| Flag | Description |
|----------------------|------------------------------------------------------------------------------------------------------------------------|
| -d, --[no-]debug | Verbose logging to stdout. |
| --data-dir | Teleport data directory. Access to this directory should be limited. |
| --log-format | Controls the format of output logs. Can be `json` or `text`. Defaults to `text`. |
| -i, --install-suffix | Suffix for creating an agent installation outside of the default $PATH. Note: this changes the default data directory. |
| -p, --proxy | Address of the Teleport Proxy. |
| -g, --group | Update group for this agent installation. |
| -b, --base-url | Base URL used to override the Teleport download URL. |
| -o, --[no-]overwrite | Allow existing installed Teleport binaries to be overwritten. |

### Examples

Expand Down

0 comments on commit 1ed1c09

Please sign in to comment.