give a status of connection to proxy/auth via CLI

[anthonysomerset]

What would you like Teleport to do?

So this is tangentially related to #3657 I needed to login to some nodes and was confused when i couldn't find them in teleport

i had to go into backup SSH to see some random error in when checking teleport service status about failing to resolve tunnel address (some transient DNS issue) where it got stuck however systemd thought eh service was active and running without issues

in my case restarting the service brought it back onto our cluster and able to be connected to, however this doesn't help me

I would like for the teleport binary to be able to report the status of its connectivity/health to its configured auth/proxy servers perhaps via some CLI command or perhaps to properly and gracefully error to the point that systemd can pick it up and restart

If i can poll the health of a given connection then i can monitor it and also take proactive action

What problem does this solve?

ability to proactively remediate issues with the teleport agent

If a workaround exists, please include it.

[zmb3]

It seems the root of the issue here is that a transient networking issue put Teleport in a state where the service was running but did not have a healthy connection to the control plane, which was resolved by a restart.

There are several ways to address this:

• Have the service detect that it is unhealthy and exit (so that systemd can restart it)
• Have the service recover on its own so that a restart is not necessary

The latter seems the better option, as it does not rely on any particular supervisor. In order for us to diagnose why Teleport wasn't able to function correctly without a restart, we'll need more details - this includes the specific versions you are running and reproduction steps.

[rosstimothy]

It is also already possible to determine the health of a Teleport process, see https://goteleport.com/docs/management/diagnostics/monitoring/ for more details.