Difference between revisions of "RMU build Gen-1.5: II. Teleport - B. Install Teleport Software"
From Internet Computer Wiki
Katie.peters (talk | contribs) (Finishing page) |
Katie.peters (talk | contribs) |
||
Line 13: | Line 13: | ||
reboot | reboot | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | # | + | #Login to the teleport server again if necessary, then create a non-root administrator account (feel free to replace <code>admin</code> with whatever you like):<code>useradd -u1000 -U -m -c "Admin" -s /bin/bash admin</code> |
#Install Teleport: | #Install Teleport: | ||
#*Browse to the following link: https://github.com/gravitational/teleport/releases | #*Browse to the following link: https://github.com/gravitational/teleport/releases | ||
Line 47: | Line 47: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
#Create a <code>teleport</code> directory in the <code>root</code> home directory.<code>mkdir teleport</code> | #Create a <code>teleport</code> directory in the <code>root</code> home directory.<code>mkdir teleport</code> | ||
− | #Use your favorite text editor and create a yaml file in <code>/root/teleport/</code>, feel free to name this yaml file to whatever you like. However make sure you also change the name in the <code>metadata.name</code> field. Also take notice of the <code><admin></code> listed in <code>logins:</code>, change this to whatever your | + | #Use your favorite text editor and create a yaml file in <code>/root/teleport/</code>, feel free to name this yaml file to whatever you like. However make sure you also change the name in the <code>metadata.name</code> field. Also take notice of the <code><admin></code> listed in <code>logins:</code>, change this to whatever you set your username to be. |
#In <code>/root/teleport/team.yaml</code>:<syntaxhighlight>yaml | #In <code>/root/teleport/team.yaml</code>:<syntaxhighlight>yaml | ||
kind: role | kind: role | ||
Line 82: | Line 82: | ||
#Run the following command to import it into the Teleport server: <code>tctl create -f /root/teleport/team.yaml</code> | #Run the following command to import it into the Teleport server: <code>tctl create -f /root/teleport/team.yaml</code> | ||
#Create users (invitation links will be good for 24h): | #Create users (invitation links will be good for 24h): | ||
− | #*To add users, run the following:<syntaxhighlight> | + | #*To add users, run the following using this exact syntax:<syntaxhighlight>for USER in <username> <username> <username> <username>; do |
− | + | tctl users add --roles=team --ttl=24h ${USER} | |
− | + | done </syntaxhighlight> | |
− | + | #*The above command generates a URL for every user listed. Click on the link with the respected user, and you will be directed to a page to configure a password and Multi-factor authentication. [[File:Screenshot 2023-12-18 at 4.11.40 PM.png|800x800px]] | |
− | |||
− | #*The above command generates a URL for every user listed. Click on the link with the respected user, you will be directed to a page to configure a password and Multi-factor authentication. [[File:Screenshot 2023-12-18 at 4.11.40 PM.png|800x800px]] | ||
#*Scan the QR Code with a Multi-factor authentication app. | #*Scan the QR Code with a Multi-factor authentication app. | ||
#*[[File:Screenshot 2023-12-18 at 4.11.58 PM.png|800x800px]] | #*[[File:Screenshot 2023-12-18 at 4.11.58 PM.png|800x800px]] |
Revision as of 19:57, 23 February 2024
This page is part of the Gen-1.5 RMU build runbook.
Go back to the previous section: A. Create Teleport CT
B. Install Teleport Software
- Update the Teleport host:
- Select
RMU
>122 (teleport)
>Console
- Login with
root
and the password you set when creating the container. - Run the following commands one at a time:
bash apt update apt upgrade -y reboot
- Select
- Login to the teleport server again if necessary, then create a non-root administrator account (feel free to replace
admin
with whatever you like):useradd -u1000 -U -m -c "Admin" -s /bin/bash admin
- Install Teleport:
- Browse to the following link: https://github.com/gravitational/teleport/releases
- Edit the following command with the most updated version number on that page that has the
Latest
tag - Edit the email address & cluster-name to your own:
- NOTE: cluster-name should tie back to your domain and DNS records created earlier
teleport.<domain>
(what you put [here]
- NOTE: cluster-name should tie back to your domain and DNS records created earlier
- Then run the command:<syntax
bash teleport configure -o file \ --acme --acme-email=<email address> \ --cluster-name=teleport.<domain>
- With your favorite editor, open the
/etc/teleport.yaml
file and make the following adjustments:- Under
ssh_service:
- Add
labels:
section:yaml labels: dc: "<dc>" login: "<admin user login>"
- Remove `commands: section:
yaml commands: - name: hostname command: [hostname] period: 1m0s
- Save and quit the file.
- Add
- Under
- Start the teleport service:
yaml systemctl enable teleport systemctl start teleport
- Create a
teleport
directory in theroot
home directory.mkdir teleport
- Use your favorite text editor and create a yaml file in
/root/teleport/
, feel free to name this yaml file to whatever you like. However make sure you also change the name in themetadata.name
field. Also take notice of the<admin>
listed inlogins:
, change this to whatever you set your username to be. - In
/root/teleport/team.yaml
:yaml kind: role version: v7 metadata: name: team spec: allow: # List of logins to try for ssh logins: [root, ubuntu, <admin>, '{{internal.logins}}'] # Allow PFOps access to all nodes (ssh) node_labels: '*': '*' # Automatic sudoers entry upon login host_sudoers: - 'ALL=(ALL) NOPASSWD: ALL' # Allow PFOps to access all Apps (web, etc) app_labels: '*': '*' # Future K8S stuff kubernetes_groups: ['{{internal.kubernetes_groups}}'] kubernetes_labels: '*': '*' kubernetes_resources: - kind: '*' namespace: '*' name: '*' verbs: ['*']
- Run the following command to import it into the Teleport server:
tctl create -f /root/teleport/team.yaml
- Create users (invitation links will be good for 24h):
- To add users, run the following using this exact syntax:
for USER in <username> <username> <username> <username>; do tctl users add --roles=team --ttl=24h ${USER} done
- The above command generates a URL for every user listed. Click on the link with the respected user, and you will be directed to a page to configure a password and Multi-factor authentication.
- Scan the QR Code with a Multi-factor authentication app.
- To add users, run the following using this exact syntax:
- Once complete, you will be brought to the teleport home screen.
Go to the index of the Gen-1.5 RMU build runbook.