Generate a gateway token. Log into the Admin UI and select Gateways on the left navigation bar. Click on the add gateway button in the upper right, and a box will pop up. You can rename the gateway here, or do it later. Advertised host should be the IP address or host that the gateway will be listening on. Select a TCP port (default 5000) for the service to listen on. Bind IP should be
0.0.0.0 unless you only want the gateway to listen on one specific interface. Finally, the second port field should match the first unless you need to map the Docker ports differently in step five below.
Click on create and the gateway token will appear onscreen.
Copy the gateway token and put it aside, being careful to capture every character. You will need it again below.
sdm relay create-gateway if you want to generate a token via the CLI.
If you have not already done so, install Docker
Please note that the gateway MUST be installed on an ‘always up’ machine, as it will form the connection to strongDM for all users accessing the database. You may repurpose a pre-existing machine (e.g. bastion host), or in AWS parlance, any general purpose instance with at least 2 CPU and 4 GBs memory (e.g. the M3 or M4s are a solid choice).
Execute the docker command
$ docker pull quay.io/sdmrepo/relay
To activate your relay, type the following Docker command replacing XXX with the actual token you created:
$ docker run --restart=always [--net=host] --name sdm-relay -e SDM_RELAY_TOKEN=XXX -p 5000:5000 -d quay.io/sdmrepo/relay
Note: The “net=host” option is only necessary if the destination database is known as “localhost” (running sdm-relay colocated with the DB), otherwise the Docker default will work fine. If the destination database is already in a container, we can provide a separate pattern for configuring Docker container linking
Login to the Admin UI. In that section, the gateway you created should appear Online, with a heartbeat.
If any errors occur or if the gateway does not report “online” status, please contact firstname.lastname@example.org for assistance.