Difference between revisions of "RMU build Gen-1.5: II. Teleport - C. Share RMU Services Via Teleport"

From Internet Computer Wiki
Jump to: navigation, search
Line 47: Line 47:
 
#* Sample <code>/etc/teleport.yaml</code> file:
 
#* Sample <code>/etc/teleport.yaml</code> file:
 
#* Add teleport to <code>/etc/hosts</code>
 
#* Add teleport to <code>/etc/hosts</code>
#** <code>sudo vi /etc/hosts</code>
+
#**<code>sudo vi /etc/hosts</code>
 
#** add an entry of <code>10.10.100.22 teleport.<domain></code>
 
#** add an entry of <code>10.10.100.22 teleport.<domain></code>
 
#*** Note: what you made [[RMU build Gen-1.5: I. Prerequisites#Domain Name|in the domain section of prerequisites]].
 
#*** Note: what you made [[RMU build Gen-1.5: I. Prerequisites#Domain Name|in the domain section of prerequisites]].
 
#***[[File:Screenshot 2023-12-20 at 11.27.11 AM.png|800x800px]]\
 
#***[[File:Screenshot 2023-12-20 at 11.27.11 AM.png|800x800px]]\
#**Save and quit the file<syntaxhighlight>yaml
+
#**Save and quit the file
        version: v3
+
#*Start the teleport agent:
        teleport:
+
#**<code>sudo systemctl enable teleport</code>
          nodename: rmu
+
#**<code>sudo systemctl start teleport</code>
          data_dir: /var/lib/teleport
 
          join_params:
 
            token_name: /var/lib/teleport/token
 
            method: token
 
          proxy_server: teleport.<dc>.<domain.name>:443
 
          log:
 
            output: stderr
 
            severity: INFO
 
            format:
 
              output: text
 
          ca_pin: /var/lib/teleport/ca_pin
 
          diag_addr: ""
 
        auth_service:
 
          enabled: "no"
 
        ssh_service:
 
          enabled: "yes"
 
          labels:
 
            dc: "<dc>"
 
            login: "root"
 
        proxy_service:
 
          enabled: "no"
 
          https_keypairs: []
 
          https_keypairs_reload_interval: 0s
 
          acme: {}
 
        app_service:
 
          enabled: "yes"
 
          debug_app: false
 
          apps:
 
          - name: <dc>-proxmox-webui
 
              uri: https://localhost:8006
 
              public_addr: ""
 
              insecure_skip_verify: true
 
              labels:
 
                dc: "<dc>"
 
        </syntaxhighlight>
 
 
 
#  
 
 
 
*<br />
 
 
 
#**
 
 
 
# Start the teleport agent:
 
#* <code>sudo systemctl enable teleport</code>
 
#* <code>sudo systemctl start teleport</code>
 

Revision as of 21:00, 23 February 2024

Ref: https://www.youtube.com/watch?v=cvW4b96aPL0

You can use proxmox to open separate shell windows to make copying/pasting between them easier.

On the teleport server:

  1. Create a short lived token to “invite” the Proxmox application. Be sure to edit the <dc> portion in the following command
    • sudo tctl tokens add --type=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006
    • Take note of the token and ca_pin values

On the rmu server:

  1. Install pre-req packages:
    • apt update -y && apt upgrade -y && apt install sudo -y
  2. Install the teleport agent:
  3. create the teleport application config:
    • Ensure that the proxy is pointed to your teleport domain name in the following command
    • Ensure that —-app-name has the correct data center code (dc) code in the following command (IE tp1, bu1, dl1, etc)
    • sudo teleport configure --output=file --proxy=teleport.<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006
  4. Save the token generated on the Teleport server:
    • sudo vi /var/lib/teleport/token
  5. Save the ca_pin generated on the Teleport server:
    • sudo vi /var/lib/teleport/ca_pin
    • Screenshot 2023-12-18 at 4.24.07 PM.png
  1. Edit the /etc/teleport.yaml to update the ca_pin resource:
    • sudo vi /etc/teleport.yaml
    • Update the ca_pin resource with the path to the ca_pin file /var/lib/teleport/ca_pin
    • Under ssh_service: in the same indentation of enabled: “yes” add the following
      • Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
        jsx
              labels:
                dc: "<dc>"      
                login: "root"
    • Remove commands: section
      yaml
            commands:
              - name: hostname
                command: [hostname]
                period: 1m0s
    • Under name: <dc>-proxmox-webui , in the same indentation of insecure_skip_verify:, change the value of insecure_skip_verify: to true and add the following:
      • Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
        jsx
                  labels:
                    dc: "<dc>"
    • Sample /etc/teleport.yaml file:
    • Add teleport to /etc/hosts
    • Start the teleport agent:
      • sudo systemctl enable teleport
      • sudo systemctl start teleport
Retrieved from "https://wiki.internetcomputer.org/w/index.php?title=RMU_build_Gen-1.5:_II._Teleport_-_C._Share_RMU_Services_Via_Teleport&oldid=7398"