Upgrade Self-Hosted Teleport Clusters on Linux
- Available for:
This guide explains how to upgrade self-hosted Teleport clusters running on Linux servers.
Familiarity with the Upgrading Compatibility Overview guide, which describes the sequence in which to upgrade components of your cluster.
A self-hosted Teleport cluster in which the Auth Service and Proxy Service run on Linux servers.
If you are running more than one Auth Service instance, you must reduce the size of the Auth Service instance pool to one in order to perform an upgrade.
tshclient tools version >= 15.1.1.tctl version
Teleport v15.1.1 go1.21tsh version
Teleport v15.1.1 go1.21
To check that you can connect to your Teleport cluster, sign in with
tsh login, then verify that you can run
tctlcommands using your current credentials.
tctlis supported on macOS and Linux machines.
For example:tsh login --proxy=teleport.example.com --user=[email protected]tctl status
CA pin sha256:abdc1245efgh5678abdc1245efgh5678abdc1245efgh5678abdc1245efgh5678
If you can connect to the cluster and run the
tctl statuscommand, you can use your current credentials to run subsequent
tctlcommands from your workstation. If you host your own Teleport cluster, you can also run
tctlcommands on the computer that hosts the Teleport Auth Service for full permissions.
Complete the following steps on all servers that run the Auth Service and Proxy Service, then on each of your agents:
Install the latest Teleport version on the host.
Select an edition, then follow the instructions for that edition to install Teleport.
Confirm that the version of the
teleportbinary is the one you expect:teleport version
Now that you have installed a more recent
teleportbinary on your Auth Service and Proxy Service servers, restart Teleport on these servers to run the new version.
Configure your Teleport instance to start automatically when the host boots up by creating a systemd service for it. The instructions depend on how you installed your Teleport instance.
You can check the status of your Teleport instance with
systemctl status teleportand view its logs with
journalctl -fu teleport.