Difference between revisions of "RMU build Gen-1.5: III. Maas - C. Share Services Via Teleport"
From Internet Computer Wiki
Katie.peters (talk | contribs) (Updating page) |
LouiseVelayo (talk | contribs) m (remove "<" and ">" from url to install teleport agent (including it results in an error).) |
||
(5 intermediate revisions by one other user not shown) | |||
Line 4: | Line 4: | ||
== C. Share Services Via Teleport == | == C. Share Services Via Teleport == | ||
− | Ref: | + | Ref: https://www.youtube.com/watch?v=cvW4b96aPL0 |
=== On the <code>teleport</code> server: === | === On the <code>teleport</code> server: === | ||
Line 15: | Line 15: | ||
# Install the Teleport agent: | # Install the Teleport agent: | ||
− | #* <code>sudo curl | + | #*<code>sudo curl <nowiki>https://goteleport.com/static/install.sh</nowiki> | bash -s <teleport version></code> |
# create the Teleport application config: | # create the Teleport application config: | ||
− | #* <code>sudo teleport configure --output=file --proxy=<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-maas --app-uri=<nowiki>http://localhost:5240</nowiki></code> | + | #*<code>sudo teleport configure --output=file --proxy=<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-maas --app-uri=<nowiki>http://localhost:5240</nowiki></code> |
+ | #* [[File:Screenshot 2023-12-20 at 11.49.50 AM.png|800x800px]] | ||
# Save the token generated on the Teleport server: | # Save the token generated on the Teleport server: | ||
− | #* <code>sudo vi /var/lib/teleport/token</code> | + | #*<code>sudo vi /var/lib/teleport/token</code> |
+ | #* [[File:Screenshot 2023-10-30 at 3.36.42 PM.png|800x800px]] | ||
# Save the ca_pin generated on the Teleport server: | # Save the ca_pin generated on the Teleport server: | ||
− | #* <code>sudo vi /var/lib/teleport/ca_pin</code> | + | #*<code>sudo vi /var/lib/teleport/ca_pin</code> |
+ | #* [[File:Screenshot 2023-12-19 at 11.25.37 AM.png|800x800px]] | ||
# Edit the <code>/etc/teleport.yaml</code> to update the <code>ca_pin</code> resource: | # Edit the <code>/etc/teleport.yaml</code> to update the <code>ca_pin</code> resource: | ||
− | #* <code>sudo vi /etc/teleport.yaml</code> | + | #*<code>sudo vi /etc/teleport.yaml</code> |
#* Update the <code>ca_pin</code> resource with the file path to the token <code>/var/lib/teleport/ca_pin</code> | #* Update the <code>ca_pin</code> resource with the file path to the token <code>/var/lib/teleport/ca_pin</code> | ||
− | #* Add <code>labels:</code> section under <code>ssh_service:</code> | + | #* Add <code>labels:</code> section under <code>ssh_service:</code><syntaxhighlight lang="yaml"> |
− | # Remove <code>commands:</code> section under <code>ssh_service:</code> | + | labels: |
− | # Add <code>labels:</code> under <code>app_service: -> apps: -> <dc>-maas</code> service | + | dc: "<dc>" |
− | # Sample <code>/etc/teleport.yaml</code> file | + | login: "<admin user login>" |
+ | </syntaxhighlight> | ||
+ | #* Remove <code>commands:</code> section under <code>ssh_service:</code><syntaxhighlight lang="yaml"> | ||
+ | commands: | ||
+ | - name: hostname | ||
+ | command: [hostname] | ||
+ | period: 1m0s | ||
+ | </syntaxhighlight> | ||
+ | #* Add <code>labels:</code> under <code>app_service: -> apps: -> <dc>-maas</code> service<syntaxhighlight lang="yaml"> | ||
+ | - name: <dc>-maas | ||
+ | uri: http://localhost:5240 | ||
+ | public_addr: "" | ||
+ | insecure_skip_verify: false | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | type: "maas" | ||
+ | </syntaxhighlight> | ||
+ | #* Sample <code>/etc/teleport.yaml</code> file<syntaxhighlight lang="yaml" line="1"> | ||
+ | version: v3 | ||
+ | teleport: | ||
+ | nodename: maas | ||
+ | data_dir: /var/lib/teleport | ||
+ | join_params: | ||
+ | token_name: /var/lib/teleport/token | ||
+ | method: token | ||
+ | proxy_server: teleport.<domain>:443 | ||
+ | log: | ||
+ | output: stderr | ||
+ | severity: INFO | ||
+ | format: | ||
+ | output: text | ||
+ | ca_pin: /var/lib/teleport/ca_pin | ||
+ | diag_addr: "" | ||
+ | auth_service: | ||
+ | enabled: "no" | ||
+ | ssh_service: | ||
+ | enabled: "yes" | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | login: "maas" | ||
+ | proxy_service: | ||
+ | enabled: "no" | ||
+ | https_keypairs: [] | ||
+ | https_keypairs_reload_interval: 0s | ||
+ | acme: {} | ||
+ | app_service: | ||
+ | enabled: "yes" | ||
+ | debug_app: false | ||
+ | apps: | ||
+ | - name: bo1-maas | ||
+ | uri: http://localhost:5240 | ||
+ | public_addr: "" | ||
+ | insecure_skip_verify: false | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | type: "maas" | ||
+ | </syntaxhighlight> | ||
# Add Teleport to <code>/etc/hosts</code> | # Add Teleport to <code>/etc/hosts</code> | ||
− | #* <code>sudo vi /etc/hosts</code> | + | #*<code>sudo vi /etc/hosts</code> |
− | #* add an entry of <code>10.10.100.22 <Domain name of your teleport server></code> | + | #* add an entry of <code>10.10.100.22 <Domain name of your teleport server></code> (what you made [[RMU build Gen-1.5: III. Maas - B. Install Maas Software via APT|here]]) |
+ | #* [[File:Screenshot 2023-12-19 at 11.39.48 AM.png|800x800px]] | ||
#* Save and quit the file | #* Save and quit the file | ||
# Start the Teleport agent: | # Start the Teleport agent: |
Latest revision as of 09:05, 6 May 2024
This page is part of the Gen-1.5 RMU build runbook.
Go back to the previous section: B. Install Maas Software via APT
Ref: https://www.youtube.com/watch?v=cvW4b96aPL0
On the teleport
server:
- Create a short lived token to “invite” the MaaS application
tctl tokens add --type=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
- Take note of the
token
andca_pin
values
On the maas server
:
- Install the Teleport agent:
sudo curl https://goteleport.com/static/install.sh | bash -s <teleport version>
- create the Teleport application config:
- Save the token generated on the Teleport server:
- Save the ca_pin generated on the Teleport server:
- Edit the
/etc/teleport.yaml
to update theca_pin
resource:sudo vi /etc/teleport.yaml
- Update the
ca_pin
resource with the file path to the token/var/lib/teleport/ca_pin
- Add
labels:
section underssh_service:
labels: dc: "<dc>" login: "<admin user login>"
- Remove
commands:
section underssh_service:
commands: - name: hostname command: [hostname] period: 1m0s
- Add
labels:
underapp_service: -> apps: -> <dc>-maas
service- name: <dc>-maas uri: http://localhost:5240 public_addr: "" insecure_skip_verify: false labels: dc: "<dc>" type: "maas"
- Sample
/etc/teleport.yaml
file1version: v3 2teleport: 3 nodename: maas 4 data_dir: /var/lib/teleport 5 join_params: 6 token_name: /var/lib/teleport/token 7 method: token 8 proxy_server: teleport.<domain>:443 9 log: 10 output: stderr 11 severity: INFO 12 format: 13 output: text 14 ca_pin: /var/lib/teleport/ca_pin 15 diag_addr: "" 16auth_service: 17 enabled: "no" 18ssh_service: 19 enabled: "yes" 20 labels: 21 dc: "<dc>" 22 login: "maas" 23proxy_service: 24 enabled: "no" 25 https_keypairs: [] 26 https_keypairs_reload_interval: 0s 27 acme: {} 28app_service: 29 enabled: "yes" 30 debug_app: false 31 apps: 32 - name: bo1-maas 33 uri: http://localhost:5240 34 public_addr: "" 35 insecure_skip_verify: false 36 labels: 37 dc: "<dc>" 38 type: "maas"
- Add Teleport to
/etc/hosts
sudo vi /etc/hosts
- add an entry of
10.10.100.22 <Domain name of your teleport server>
(what you made here) - Save and quit the file
- Start the Teleport agent:
sudo systemctl enable teleport
sudo systemctl start teleport
Continue to next section: D. Initial Configuration of Maas Server
Go to the index of the Gen-1.5 RMU build runbook.