Difference between revisions of "RMU build Gen-1.5: II. Teleport - C. Share RMU Services Via Teleport"
From Internet Computer Wiki
Katie.peters (talk | contribs) |
Katie.peters (talk | contribs) (Finishing page) |
||
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | This page is part of the [[RMU build Gen-1.5|Gen-1.5 RMU build runbook]]. | ||
+ | |||
+ | Go back to the previous section: [[RMU build Gen-1.5: II. Teleport - B. Install Teleport Software|B. Install Teleport Software]] | ||
+ | |||
+ | == C. Share RMU Services Via Teleport == | ||
Ref: https://www.youtube.com/watch?v=cvW4b96aPL0 | Ref: https://www.youtube.com/watch?v=cvW4b96aPL0 | ||
Line 17: | Line 22: | ||
#* Ensure that <code>—-app-name</code> has the correct data center code (dc) code in the following command (IE tp1, bu1, dl1, etc) | #* Ensure that <code>—-app-name</code> has the correct data center code (dc) code in the following command (IE tp1, bu1, dl1, etc) | ||
#* <code>sudo teleport configure --output=file --proxy=teleport.<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006</code> | #* <code>sudo teleport configure --output=file --proxy=teleport.<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006</code> | ||
− | #**[[File:Screenshot 2023-12-20 at 11.17.14 AM.png]] | + | #**[[File:Screenshot 2023-12-20 at 11.17.14 AM.png|alt=|800x800px]] |
# Save the token generated on the Teleport server: | # Save the token generated on the Teleport server: | ||
− | #* <code>sudo vi /var/lib/teleport/token</code> | + | #*<code>sudo vi /var/lib/teleport/token</code> |
− | #**[[File:Screenshot 2023-10-30 at 3.36.42 PM.png]] | + | #**[[File:Screenshot 2023-10-30 at 3.36.42 PM.png|alt=|800x800px]] |
# Save the ca_pin generated on the Teleport server: | # Save the ca_pin generated on the Teleport server: | ||
− | #* <code>sudo vi /var/lib/teleport/ca_pin</code> | + | #*<code>sudo vi /var/lib/teleport/ca_pin</code> |
− | + | #* [[File:Screenshot 2023-12-18 at 4.24.07 PM.png|800x800px]] | |
− | |||
− | |||
# Edit the <code>/etc/teleport.yaml</code> to update the <code>ca_pin</code> resource: | # Edit the <code>/etc/teleport.yaml</code> to update the <code>ca_pin</code> resource: | ||
#* <code>sudo vi /etc/teleport.yaml</code> | #* <code>sudo vi /etc/teleport.yaml</code> | ||
Line 46: | Line 49: | ||
dc: "<dc>" | dc: "<dc>" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | #* Sample <code>/etc/teleport.yaml</code> file:<syntaxhighlight> | + | #* Sample <code>/etc/teleport.yaml</code> file: <syntaxhighlight lang="yaml"> |
− | + | version: v3 | |
− | + | teleport: | |
− | + | nodename: rmu | |
− | + | data_dir: /var/lib/teleport | |
− | + | join_params: | |
− | + | token_name: /var/lib/teleport/token | |
− | + | method: token | |
− | + | proxy_server: teleport.<dc>.<domain.name>:443 | |
− | + | log: | |
− | + | output: stderr | |
− | + | severity: INFO | |
− | + | format: | |
− | + | output: text | |
− | + | ca_pin: /var/lib/teleport/ca_pin | |
− | + | diag_addr: "" | |
− | + | auth_service: | |
− | + | enabled: "no" | |
− | + | ssh_service: | |
− | + | enabled: "yes" | |
− | + | labels: | |
− | + | dc: "<dc>" | |
− | + | login: "root" | |
− | + | proxy_service: | |
− | + | enabled: "no" | |
− | + | https_keypairs: [] | |
− | + | https_keypairs_reload_interval: 0s | |
− | + | acme: {} | |
− | + | app_service: | |
− | + | enabled: "yes" | |
− | + | debug_app: false | |
− | + | apps: | |
− | + | - name: <dc>-proxmox-webui | |
− | + | uri: https://localhost:8006 | |
− | + | public_addr: "" | |
− | + | insecure_skip_verify: true | |
− | + | labels: | |
− | + | dc: "<dc>" | |
− | + | </syntaxhighlight> | |
+ | # Add teleport to <code>/etc/hosts</code> | ||
+ | #*<code>sudo vi /etc/hosts</code> | ||
+ | #* add an entry of <code>10.10.100.22 teleport.<domain></code> | ||
+ | #** Note: what you made [[RMU build Gen-1.5: I. Prerequisites#Domain Name|in the domain section of prerequisites]]. | ||
+ | #**[[File:Screenshot 2023-12-20 at 11.27.11 AM.png|800x800px]]\ | ||
+ | #*Save and quit the file | ||
+ | #Start the teleport agent: | ||
+ | #*<code>sudo systemctl enable teleport</code> | ||
+ | #*<code>sudo systemctl start teleport</code> | ||
− | + | == Continue to next section: [[RMU build Gen-1.5: II. Teleport - D. Teleport Notes|D. Teleport Notes]] == | |
− | + | Go to the index of the [[RMU build Gen-1.5|Gen-1.5 RMU build runbook]]. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Latest revision as of 21:04, 23 February 2024
This page is part of the Gen-1.5 RMU build runbook.
Go back to the previous section: B. Install Teleport Software
Ref: https://www.youtube.com/watch?v=cvW4b96aPL0
You can use proxmox to open separate shell windows to make copying/pasting between them easier.
On the teleport
server:
- Create a short lived token to “invite” the Proxmox application. Be sure to edit the
<dc>
portion in the following commandsudo tctl tokens add --type=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006
- Take note of the
token
andca_pin
values
On the rmu server
:
- Install pre-req packages:
apt update -y && apt upgrade -y && apt install sudo -y
- Install the teleport agent:
- Ensure you run the following command with the version of teleport you installed
sudo curl https://goteleport.com/static/install.sh | bash -s <Teleport Version>
- create the teleport application config:
- Ensure that the
proxy
is pointed to your teleport domain name in the following command - Ensure that
—-app-name
has the correct data center code (dc) code in the following command (IE tp1, bu1, dl1, etc) sudo teleport configure --output=file --proxy=teleport.<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006
- Ensure that the
- Save the token generated on the Teleport server:
- Save the ca_pin generated on the Teleport server:
- Edit the
/etc/teleport.yaml
to update theca_pin
resource:sudo vi /etc/teleport.yaml
- Update the
ca_pin
resource with the path to theca_pin
file/var/lib/teleport/ca_pin
- Under
ssh_service:
in the same indentation ofenabled: “yes”
add the following- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
jsx labels: dc: "<dc>" login: "root"
- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
- Remove
commands:
sectionyaml commands: - name: hostname command: [hostname] period: 1m0s
- Under name:
<dc>-proxmox-webui
, in the same indentation ofinsecure_skip_verify:
, change the value ofinsecure_skip_verify:
totrue
and add the following:- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
jsx labels: dc: "<dc>"
- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
- Sample
/etc/teleport.yaml
file:version: v3 teleport: nodename: rmu data_dir: /var/lib/teleport join_params: token_name: /var/lib/teleport/token method: token proxy_server: teleport.<dc>.<domain.name>:443 log: output: stderr severity: INFO format: output: text ca_pin: /var/lib/teleport/ca_pin diag_addr: "" auth_service: enabled: "no" ssh_service: enabled: "yes" labels: dc: "<dc>" login: "root" proxy_service: enabled: "no" https_keypairs: [] https_keypairs_reload_interval: 0s acme: {} app_service: enabled: "yes" debug_app: false apps: - name: <dc>-proxmox-webui uri: https://localhost:8006 public_addr: "" insecure_skip_verify: true labels: dc: "<dc>"
- Add teleport to
/etc/hosts
sudo vi /etc/hosts
- add an entry of
10.10.100.22 teleport.<domain>
- Note: what you made in the domain section of prerequisites.
- \
- Save and quit the file
- Start the teleport agent:
sudo systemctl enable teleport
sudo systemctl start teleport
Continue to next section: D. Teleport Notes
Go to the index of the Gen-1.5 RMU build runbook.