Is it possible to prebuild connectors say you are using a Pi or microboard computer to distribute to edge sites? What if any considerations need to be accounted for?
great question! In short, yes, you could prebuild Pis and preconfigure them before sending them to various sites and turning them on.
We actually have an internal project you can start from and that does something a bit similar.
Take a look here for the source code: GitHub - Twingate-Solutions/twingate-raspberry-pi: Raspberry Pi utilities for Twingate
Since it’s an internal project, it isn’t documented but in short, here is what the repo contains:
- backend folder: contains a lightweight Flask API server wrapping around the Twingate API itself and able to handle various operations such as creating a remote network, a connector, creating tokens, installing a Connector, etc.
- frontend folder: contains a lightweight web frontend that allows a user connecting to it to specify the URL of your Admin Console and a Twingate API key and, once provided, will do the following:
- validate the admin console URL, the structure and scope of the API (needs to have Read, Write and Provision permissions)
- create a Remote Network
- create a Connector
- create tokens for the Connector
- install the Connector locally on the Raspberry Pi
- detect the subnet the Raspberry Pi is on
- create a Twingate Resource corresponding to said subnet
- assign the Resource to the “Everyone” group
Forgot to mention a couple of important points:
We have packaged both the backend and frontend services with systemd on a standard Pi image, this makes it easy for us to clone the existing image, put it in a Pi and quickly bootstrap the Pi with the right tenant name and Connector tokens before shipping it. (happy to make the base image available to you if you’d like).
Depending on the specifics of your use case and if you want to use this code base as a starting point, you will undoubtedly have to change some of the specifics such as the default name of the Remote Network we create, Connector name we use, remove the creation of the Resource on the subnet, etc.
Thanks Bren I am sorry for delayed response and was very helpful information here. I am going to review the Git Repo and would be very interested in getting a look at Pi image. The use case very generically speaking is to be able to access our management network at the edge site.
Would it be possilbe to discuss the Pi Image and my use case further ?
Hi @baileb-ssh, sure, let me DM you so we can sync up.