Difference between revisions of "RMU build Gen-1.5: II. Teleport - C. Share RMU Services Via Teleport"
From Internet Computer Wiki
Katie.peters (talk | contribs) |
Katie.peters (talk | contribs) (Finishing page) |
||
Line 1: | Line 1: | ||
+ | This page is part of the [[RMU build Gen-1.5|Gen-1.5 RMU build runbook]]. | ||
+ | |||
+ | Go back to the previous section: [[RMU build Gen-1.5: II. Teleport - B. Install Teleport Software|B. Install Teleport Software]] | ||
+ | |||
+ | == C. Share RMU Services Via Teleport == | ||
Ref: https://www.youtube.com/watch?v=cvW4b96aPL0 | Ref: https://www.youtube.com/watch?v=cvW4b96aPL0 | ||
Line 24: | Line 29: | ||
#*<code>sudo vi /var/lib/teleport/ca_pin</code> | #*<code>sudo vi /var/lib/teleport/ca_pin</code> | ||
#* [[File:Screenshot 2023-12-18 at 4.24.07 PM.png|800x800px]] | #* [[File:Screenshot 2023-12-18 at 4.24.07 PM.png|800x800px]] | ||
− | |||
# Edit the <code>/etc/teleport.yaml</code> to update the <code>ca_pin</code> resource: | # Edit the <code>/etc/teleport.yaml</code> to update the <code>ca_pin</code> resource: | ||
− | #*<code>sudo vi /etc/teleport.yaml</code> | + | #* <code>sudo vi /etc/teleport.yaml</code> |
#* Update the <code>ca_pin</code> resource with the path to the <code>ca_pin</code> file <code>/var/lib/teleport/ca_pin</code> | #* Update the <code>ca_pin</code> resource with the path to the <code>ca_pin</code> file <code>/var/lib/teleport/ca_pin</code> | ||
#* Under <code>ssh_service:</code> in the same indentation of <code>enabled: “yes”</code> add the following | #* Under <code>ssh_service:</code> in the same indentation of <code>enabled: “yes”</code> add the following | ||
Line 45: | Line 49: | ||
dc: "<dc>" | dc: "<dc>" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | #* Sample <code>/etc/teleport.yaml</code> file: | + | #* Sample <code>/etc/teleport.yaml</code> file: <syntaxhighlight lang="yaml"> |
− | # | + | version: v3 |
− | # | + | teleport: |
− | # | + | nodename: rmu |
− | # | + | data_dir: /var/lib/teleport |
− | # | + | join_params: |
− | # | + | token_name: /var/lib/teleport/token |
− | # | + | method: token |
− | # | + | proxy_server: teleport.<dc>.<domain.name>:443 |
− | # | + | log: |
+ | output: stderr | ||
+ | severity: INFO | ||
+ | format: | ||
+ | output: text | ||
+ | ca_pin: /var/lib/teleport/ca_pin | ||
+ | diag_addr: "" | ||
+ | auth_service: | ||
+ | enabled: "no" | ||
+ | ssh_service: | ||
+ | enabled: "yes" | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | login: "root" | ||
+ | proxy_service: | ||
+ | enabled: "no" | ||
+ | https_keypairs: [] | ||
+ | https_keypairs_reload_interval: 0s | ||
+ | acme: {} | ||
+ | app_service: | ||
+ | enabled: "yes" | ||
+ | debug_app: false | ||
+ | apps: | ||
+ | - name: <dc>-proxmox-webui | ||
+ | uri: https://localhost:8006 | ||
+ | public_addr: "" | ||
+ | insecure_skip_verify: true | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | </syntaxhighlight> | ||
+ | # Add teleport to <code>/etc/hosts</code> | ||
+ | #*<code>sudo vi /etc/hosts</code> | ||
+ | #* add an entry of <code>10.10.100.22 teleport.<domain></code> | ||
+ | #** Note: what you made [[RMU build Gen-1.5: I. Prerequisites#Domain Name|in the domain section of prerequisites]]. | ||
+ | #**[[File:Screenshot 2023-12-20 at 11.27.11 AM.png|800x800px]]\ | ||
+ | #*Save and quit the file | ||
+ | #Start the teleport agent: | ||
+ | #*<code>sudo systemctl enable teleport</code> | ||
+ | #*<code>sudo systemctl start teleport</code> | ||
+ | |||
+ | == Continue to next section: [[RMU build Gen-1.5: II. Teleport - D. Teleport Notes|D. Teleport Notes]] == | ||
+ | Go to the index of the [[RMU build Gen-1.5|Gen-1.5 RMU build runbook]]. |
Latest revision as of 21:04, 23 February 2024
This page is part of the Gen-1.5 RMU build runbook.
Go back to the previous section: B. Install Teleport Software
Ref: https://www.youtube.com/watch?v=cvW4b96aPL0
You can use proxmox to open separate shell windows to make copying/pasting between them easier.
On the teleport
server:
- Create a short lived token to “invite” the Proxmox application. Be sure to edit the
<dc>
portion in the following commandsudo tctl tokens add --type=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006
- Take note of the
token
andca_pin
values
On the rmu server
:
- Install pre-req packages:
apt update -y && apt upgrade -y && apt install sudo -y
- Install the teleport agent:
- Ensure you run the following command with the version of teleport you installed
sudo curl https://goteleport.com/static/install.sh | bash -s <Teleport Version>
- create the teleport application config:
- Ensure that the
proxy
is pointed to your teleport domain name in the following command - Ensure that
—-app-name
has the correct data center code (dc) code in the following command (IE tp1, bu1, dl1, etc) sudo teleport configure --output=file --proxy=teleport.<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-proxmox-webui --app-uri=https://localhost:8006
- Ensure that the
- Save the token generated on the Teleport server:
- Save the ca_pin generated on the Teleport server:
- Edit the
/etc/teleport.yaml
to update theca_pin
resource:sudo vi /etc/teleport.yaml
- Update the
ca_pin
resource with the path to theca_pin
file/var/lib/teleport/ca_pin
- Under
ssh_service:
in the same indentation ofenabled: “yes”
add the following- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
jsx labels: dc: "<dc>" login: "root"
- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
- Remove
commands:
sectionyaml commands: - name: hostname command: [hostname] period: 1m0s
- Under name:
<dc>-proxmox-webui
, in the same indentation ofinsecure_skip_verify:
, change the value ofinsecure_skip_verify:
totrue
and add the following:- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
jsx labels: dc: "<dc>"
- Note: change <dc> to your site’s DC code (IE tp1, sh1, bu1, dl1 etc.)
- Sample
/etc/teleport.yaml
file:version: v3 teleport: nodename: rmu data_dir: /var/lib/teleport join_params: token_name: /var/lib/teleport/token method: token proxy_server: teleport.<dc>.<domain.name>:443 log: output: stderr severity: INFO format: output: text ca_pin: /var/lib/teleport/ca_pin diag_addr: "" auth_service: enabled: "no" ssh_service: enabled: "yes" labels: dc: "<dc>" login: "root" proxy_service: enabled: "no" https_keypairs: [] https_keypairs_reload_interval: 0s acme: {} app_service: enabled: "yes" debug_app: false apps: - name: <dc>-proxmox-webui uri: https://localhost:8006 public_addr: "" insecure_skip_verify: true labels: dc: "<dc>"
- Add teleport to
/etc/hosts
sudo vi /etc/hosts
- add an entry of
10.10.100.22 teleport.<domain>
- Note: what you made in the domain section of prerequisites.
- \
- Save and quit the file
- Start the teleport agent:
sudo systemctl enable teleport
sudo systemctl start teleport
Continue to next section: D. Teleport Notes
Go to the index of the Gen-1.5 RMU build runbook.