Difference between revisions of "RMU build Gen-1.5: II. Teleport - B. Install Teleport Software"

From Internet Computer Wiki
Jump to: navigation, search
(Finishing page)
 
Line 13: Line 13:
 
         reboot
 
         reboot
 
         </syntaxhighlight>
 
         </syntaxhighlight>
#Create a non root administrator account (feel free to replace <code>admin</code> with whatever you like):<code>useradd -u1000 -U -m -c "Admin" -s /bin/bash admin</code>
+
#Login to the teleport server again if necessary, then create a non-root administrator account (feel free to replace <code>admin</code> with whatever you like):<code>useradd -u1000 -U -m -c "Admin" -s /bin/bash admin</code>
 
#Install Teleport:
 
#Install Teleport:
 
#*Browse to the following link: https://github.com/gravitational/teleport/releases
 
#*Browse to the following link: https://github.com/gravitational/teleport/releases
Line 47: Line 47:
 
     </syntaxhighlight>
 
     </syntaxhighlight>
 
#Create a <code>teleport</code> directory in the <code>root</code> home directory.<code>mkdir teleport</code>
 
#Create a <code>teleport</code> directory in the <code>root</code> home directory.<code>mkdir teleport</code>
#Use your favorite text editor and create a yaml file in <code>/root/teleport/</code>, feel free to name this yaml file to whatever you like. However make sure you also change the name in the <code>metadata.name</code> field. Also take notice of the <code><admin></code> listed in <code>logins:</code>, change this to whatever your admin username is.
+
#Use your favorite text editor and create a yaml file in <code>/root/teleport/</code>, feel free to name this yaml file to whatever you like. However make sure you also change the name in the <code>metadata.name</code> field. Also take notice of the <code><admin></code> listed in <code>logins:</code>, change this to whatever you set your username to be.
 
#In <code>/root/teleport/team.yaml</code>:<syntaxhighlight>yaml
 
#In <code>/root/teleport/team.yaml</code>:<syntaxhighlight>yaml
 
     kind: role
 
     kind: role
Line 82: Line 82:
 
#Run the following command to import it into the Teleport server:  <code>tctl create -f /root/teleport/team.yaml</code>
 
#Run the following command to import it into the Teleport server:  <code>tctl create -f /root/teleport/team.yaml</code>
 
#Create users (invitation links will be good for 24h):
 
#Create users (invitation links will be good for 24h):
#*To add users, run the following:<syntaxhighlight>bash
+
#*To add users, run the following using this exact syntax:<syntaxhighlight>for USER in <username> <username> <username> <username>; do
        for USER in <username> <username> <username> <username>; do
+
  tctl users add --roles=team --ttl=24h ${USER}
          tctl users add --roles=team --ttl=24h ${USER}
+
done </syntaxhighlight>
        done  
+
#*The above command generates a URL for every user listed. Click on the link with the respected user, and you will be directed to a page to configure a password and Multi-factor authentication. [[File:Screenshot 2023-12-18 at 4.11.40 PM.png|800x800px]]
        </syntaxhighlight>
 
#*The above command generates a URL for every user listed. Click on the link with the respected user, you will be directed to a page to configure a password and Multi-factor authentication. [[File:Screenshot 2023-12-18 at 4.11.40 PM.png|800x800px]]
 
 
#*Scan the QR Code with a Multi-factor authentication app.
 
#*Scan the QR Code with a Multi-factor authentication app.
 
#*[[File:Screenshot 2023-12-18 at 4.11.58 PM.png|800x800px]]
 
#*[[File:Screenshot 2023-12-18 at 4.11.58 PM.png|800x800px]]

Revision as of 19:57, 23 February 2024

This page is part of the Gen-1.5 RMU build runbook.

Go back to the previous section: A. Create Teleport CT

B. Install Teleport Software

  1. Update the Teleport host:
    • Select RMU > 122 (teleport) > Console
    • Login with root and the password you set when creating the container.
    • Run the following commands one at a time:
      bash
        apt update
        apt upgrade -y
        reboot
  2. Login to the teleport server again if necessary, then create a non-root administrator account (feel free to replace admin with whatever you like):useradd -u1000 -U -m -c "Admin" -s /bin/bash admin
  3. Install Teleport:
    • Browse to the following link: https://github.com/gravitational/teleport/releases
    • Edit the following command with the most updated version number on that page that has the Latest tag
      • Screenshot 2024-02-21 at 4.14.06 PM.png
        jsx
        apt install curl net-tools -y
        curl https://goteleport.com/static/install.sh | bash -s <teleport version>
    • Edit the email address & cluster-name to your own:
      • NOTE: cluster-name should tie back to your domain and DNS records created earlier teleport.<domain> (what you put [here]
    • Then run the command:<syntax
      bash
        teleport configure -o file \
            --acme --acme-email=<email address> \
            --cluster-name=teleport.<domain>
  4. With your favorite editor, open the /etc/teleport.yaml file and make the following adjustments:
    • Under ssh_service:
      • Add labels: section:
        yaml
            labels:
                dc: "<dc>"
                login: "<admin user login>"
      • Remove `commands: section:
        yaml
            commands:
              - name: hostname
                command: [hostname]
                period: 1m0s
      • Save and quit the file.
  5. Start the teleport service:
    yaml
    systemctl enable teleport
    systemctl start teleport
  6. Create a teleport directory in the root home directory.mkdir teleport
  7. Use your favorite text editor and create a yaml file in /root/teleport/, feel free to name this yaml file to whatever you like. However make sure you also change the name in the metadata.name field. Also take notice of the <admin> listed in logins:, change this to whatever you set your username to be.
  8. In /root/teleport/team.yaml:
    yaml
    kind: role
    version: v7
    metadata:
      name: team
    spec:
      allow:
        # List of logins to try for ssh
        logins: [root, ubuntu, <admin>, '{{internal.logins}}']
    
        # Allow PFOps access to all nodes (ssh)
        node_labels:
          '*': '*'
    
        # Automatic sudoers entry upon login
        host_sudoers:
        - 'ALL=(ALL) NOPASSWD: ALL'
    
        # Allow PFOps to access all Apps (web, etc)
        app_labels:
          '*': '*'
    
        # Future K8S stuff
        kubernetes_groups: ['{{internal.kubernetes_groups}}']
        kubernetes_labels:
          '*': '*'
        kubernetes_resources:
          - kind: '*'
            namespace: '*'
            name: '*'
            verbs: ['*']
  9. Run the following command to import it into the Teleport server: tctl create -f /root/teleport/team.yaml
  10. Create users (invitation links will be good for 24h):
    • To add users, run the following using this exact syntax:
      for USER in <username> <username> <username> <username>; do
  tctl users add --roles=team --ttl=24h ${USER}
done
    • The above command generates a URL for every user listed. Click on the link with the respected user, and you will be directed to a page to configure a password and Multi-factor authentication. Screenshot 2023-12-18 at 4.11.40 PM.png
    • Scan the QR Code with a Multi-factor authentication app.
    • Screenshot 2023-12-18 at 4.11.58 PM.png
  11. Once complete, you will be brought to the teleport home screen.
    • Screenshot 2023-12-18 at 4.13.43 PM.png


Continue to next section: C. Share RMU Services Via Teleport

Go to the index of the Gen-1.5 RMU build runbook.

Retrieved from "https://wiki.internetcomputer.org/w/index.php?title=RMU_build_Gen-1.5:_II._Teleport_-_B._Install_Teleport_Software&oldid=7385"