Difference between revisions of "RMU build Gen-1.5: II. Teleport - C. Share RMU Services Via Teleport"
From Internet Computer Wiki
Katie.peters (talk | contribs) (Created page with "Ref: https://www.youtube.com/watch?v=cvW4b96aPL0 You can use proxmox to open separate shell windows to make copying/pasting between them easier. ===On the <code>teleport</co...") |
Katie.peters (talk | contribs) |
||
Line 21: | Line 21: | ||
#* <code>sudo vi /var/lib/teleport/token</code> | #* <code>sudo vi /var/lib/teleport/token</code> | ||
#**[[File:Screenshot 2023-10-30 at 3.36.42 PM.png]] | #**[[File:Screenshot 2023-10-30 at 3.36.42 PM.png]] | ||
+ | # Save the ca_pin generated on the Teleport server: | ||
+ | #* <code>sudo vi /var/lib/teleport/ca_pin</code> | ||
+ | |||
+ | ![Screenshot 2023-12-18 at 4.24.07 PM.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/3c759fcc-b170-476c-83a3-0afa17315dcd/f5cc3136-c5da-4e04-88bc-1c31614affcd/Screenshot_2023-12-18_at_4.24.07_PM.png) | ||
+ | |||
+ | # Edit the <code>/etc/teleport.yaml</code> to update the <code>ca_pin</code> resource: | ||
+ | #* <code>sudo vi /etc/teleport.yaml</code> | ||
+ | #* Update the <code>ca_pin</code> resource with the path to the <code>ca_pin</code> file <code>/var/lib/teleport/ca_pin</code> | ||
+ | #* Under <code>ssh_service:</code> in the same indentation of <code>enabled: “yes”</code> add the following | ||
+ | #**Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)<syntaxhighlight>jsx | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | login: "root" | ||
+ | </syntaxhighlight> | ||
+ | #* Remove <code>commands:</code> section<syntaxhighlight>yaml | ||
+ | commands: | ||
+ | - name: hostname | ||
+ | command: [hostname] | ||
+ | period: 1m0s | ||
+ | </syntaxhighlight> | ||
+ | #* Under name: <code><dc>-proxmox-webui</code> , in the same indentation of <code>insecure_skip_verify:</code>, change the value of <code>insecure_skip_verify:</code> to <code>true</code> and add the following: | ||
+ | #**Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)<syntaxhighlight>jsx | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | </syntaxhighlight> | ||
+ | #* Sample <code>/etc/teleport.yaml</code> file:<syntaxhighlight>yaml | ||
+ | version: v3 | ||
+ | teleport: | ||
+ | nodename: rmu | ||
+ | data_dir: /var/lib/teleport | ||
+ | join_params: | ||
+ | token_name: /var/lib/teleport/token | ||
+ | method: token | ||
+ | proxy_server: teleport.<dc>.<domain.name>:443 | ||
+ | log: | ||
+ | output: stderr | ||
+ | severity: INFO | ||
+ | format: | ||
+ | output: text | ||
+ | ca_pin: /var/lib/teleport/ca_pin | ||
+ | diag_addr: "" | ||
+ | auth_service: | ||
+ | enabled: "no" | ||
+ | ssh_service: | ||
+ | enabled: "yes" | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | login: "root" | ||
+ | proxy_service: | ||
+ | enabled: "no" | ||
+ | https_keypairs: [] | ||
+ | https_keypairs_reload_interval: 0s | ||
+ | acme: {} | ||
+ | app_service: | ||
+ | enabled: "yes" | ||
+ | debug_app: false | ||
+ | apps: | ||
+ | - name: <dc>-proxmox-webui | ||
+ | uri: https://localhost:8006 | ||
+ | public_addr: "" | ||
+ | insecure_skip_verify: true | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | |||
+ | #* add an entry of <code>10.10.100.22 teleport.<domain></code> | ||
+ | #**Note: what you made [here](https://www.notion.so/New-RMU-Build-Gen-1-5-28778d147e164cd1b668ebaa759fdcda?pvs=21) | ||
+ | |||
+ | ![Screenshot 2023-12-20 at 11.27.11 AM.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/3c759fcc-b170-476c-83a3-0afa17315dcd/5a669147-e25f-4186-ba8e-5dafba14df76/Screenshot_2023-12-20_at_11.27.11_AM.png) | ||
+ | |||
+ | #* Save and quit the file | ||
+ | # Start the teleport agent: | ||
+ | #* <code>sudo systemctl enable teleport</code> | ||
+ | #* <code>sudo systemctl start teleport</code> |
Revision as of 20:30, 23 February 2024
Ref: https://www.youtube.com/watch?v=cvW4b96aPL0
You can use proxmox to open separate shell windows to make copying/pasting between them easier.
On the teleport
server:
- Create a short lived token to “invite” the Proxmox application. Be sure to edit the
<dc>
portion in the following commandsudo tctl tokens add --type=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006
- Take note of the
token
andca_pin
values
On the rmu server
:
- Install pre-req packages:
apt update -y && apt upgrade -y && apt install sudo -y
- Install the teleport agent:
- Ensure you run the following command with the version of teleport you installed
sudo curl https://goteleport.com/static/install.sh | bash -s <Teleport Version>
- create the teleport application config:
- Ensure that the
proxy
is pointed to your teleport domain name in the following command - Ensure that
—-app-name
has the correct data center code (dc) code in the following command (IE tp1, bu1, dl1, etc) sudo teleport configure --output=file --proxy=teleport.<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006
- Ensure that the
- Save the token generated on the Teleport server:
- Save the ca_pin generated on the Teleport server:
sudo vi /var/lib/teleport/ca_pin
![Screenshot 2023-12-18 at 4.24.07 PM.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/3c759fcc-b170-476c-83a3-0afa17315dcd/f5cc3136-c5da-4e04-88bc-1c31614affcd/Screenshot_2023-12-18_at_4.24.07_PM.png)
- Edit the
/etc/teleport.yaml
to update theca_pin
resource:sudo vi /etc/teleport.yaml
- Update the
ca_pin
resource with the path to theca_pin
file/var/lib/teleport/ca_pin
- Under
ssh_service:
in the same indentation ofenabled: “yes”
add the following- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
jsx labels: dc: "<dc>" login: "root"
- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
- Remove
commands:
sectionyaml commands: - name: hostname command: [hostname] period: 1m0s
- Under name:
<dc>-proxmox-webui
, in the same indentation ofinsecure_skip_verify:
, change the value ofinsecure_skip_verify:
totrue
and add the following:- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
jsx labels: dc: "<dc>"
- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
- Sample
/etc/teleport.yaml
file:yaml version: v3 teleport: nodename: rmu data_dir: /var/lib/teleport join_params: token_name: /var/lib/teleport/token method: token proxy_server: teleport.<dc>.<domain.name>:443 log: output: stderr severity: INFO format: output: text ca_pin: /var/lib/teleport/ca_pin diag_addr: "" auth_service: enabled: "no" ssh_service: enabled: "yes" labels: dc: "<dc>" login: "root" proxy_service: enabled: "no" https_keypairs: [] https_keypairs_reload_interval: 0s acme: {} app_service: enabled: "yes" debug_app: false apps: - name: <dc>-proxmox-webui uri: https://localhost:8006 public_addr: "" insecure_skip_verify: true labels: dc: "<dc>"
- add an entry of
10.10.100.22 teleport.<domain>
- Note: what you made [here](https://www.notion.so/New-RMU-Build-Gen-1-5-28778d147e164cd1b668ebaa759fdcda?pvs=21)
- add an entry of
![Screenshot 2023-12-20 at 11.27.11 AM.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/3c759fcc-b170-476c-83a3-0afa17315dcd/5a669147-e25f-4186-ba8e-5dafba14df76/Screenshot_2023-12-20_at_11.27.11_AM.png)
- Save and quit the file
- Start the teleport agent:
sudo systemctl enable teleport
sudo systemctl start teleport