Difference between revisions of "RMU build Gen-1.5: III. Maas - C. Share Services Via Teleport"

Revision as of 19:24, 26 February 2024

This page is part of the Gen-1.5 RMU build runbook.

Go back to the previous section: B. Install Maas Software via APT

C. Share Services Via Teleport

Ref: https://www.youtube.com/watch?v=cvW4b96aPL0

On the `teleport` server:

Create a short lived token to “invite” the MaaS application
- tctl tokens add --type=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
- Take note of the token and ca_pin values

On the `maas server`:

Install the Teleport agent:
- sudo curl <https://goteleport.com/static/install.sh> | bash -s <teleport version>
create the Teleport application config:
- sudo teleport configure --output=file --proxy=<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
Save the token generated on the Teleport server:
- sudo vi /var/lib/teleport/token
Save the ca_pin generated on the Teleport server:
- sudo vi /var/lib/teleport/ca_pin
Edit the /etc/teleport.yaml to update the ca_pin resource:
- sudo vi /etc/teleport.yaml
- Update the ca_pin resource with the file path to the token /var/lib/teleport/ca_pin
- Add labels: section under ssh_service:
Remove commands: section under ssh_service:
Add labels: under app_service: -> apps: -> <dc>-maas service
Sample /etc/teleport.yaml file
Add Teleport to /etc/hosts
- sudo vi /etc/hosts
- add an entry of 10.10.100.22 <Domain name of your teleport server> Note: what you made here
- Save and quit the file
Start the Teleport agent:
- sudo systemctl enable teleport
- sudo systemctl start teleport

Continue to next section: D. Initial Configuration of Maas Server

Go to the index of the Gen-1.5 RMU build runbook.

@@ Line 17: / Line 17: @@
 #* <code>sudo curl <<nowiki>https://goteleport.com/static/install.sh</nowiki>> | bash -s <teleport version></code>
 # create the Teleport application config:
-#* <code>sudo teleport configure --output=file --proxy=<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-maas --app-uri=<nowiki>http://localhost:5240</nowiki></code>
+#*<code>sudo teleport configure --output=file --proxy=<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-maas --app-uri=<nowiki>http://localhost:5240</nowiki></code>
+#* [[File:Screenshot 2023-12-20 at 11.49.50 AM.png|800x800px]]
 # Save the token generated on the Teleport server:
-#* <code>sudo vi /var/lib/teleport/token</code>
+#*<code>sudo vi /var/lib/teleport/token</code>
+#* [[File:Screenshot 2023-10-30 at 3.36.42 PM.png|800x800px]]
 # Save the ca_pin generated on the Teleport server:
-#* <code>sudo vi /var/lib/teleport/ca_pin</code>
+#*<code>sudo vi /var/lib/teleport/ca_pin</code>
+#* [[File:Screenshot 2023-12-19 at 11.25.37 AM.png|800x800px]]
 # Edit the <code>/etc/teleport.yaml</code> to update the <code>ca_pin</code> resource:
 #* <code>sudo vi /etc/teleport.yaml</code>
@@ Line 30: / Line 33: @@
 # Sample <code>/etc/teleport.yaml</code> file
 # Add Teleport to <code>/etc/hosts</code>
-#* <code>sudo vi /etc/hosts</code>
+#*<code>sudo vi /etc/hosts</code>
 #* add an entry of <code>10.10.100.22 <Domain name of your teleport server></code>  Note: what you made [[RMU build Gen-1.5: I. Prerequisites#Domain Name|here]]
+#* [[File:Screenshot 2023-12-19 at 11.39.48 AM.png|800x800px]]
 #* Save and quit the file
 # Start the Teleport agent:

Difference between revisions of "RMU build Gen-1.5: III. Maas - C. Share Services Via Teleport"

Revision as of 19:24, 26 February 2024

C. Share Services Via Teleport

On the teleport server:

On the maas server:

Continue to next section: D. Initial Configuration of Maas Server

On the `teleport` server:

On the `maas server`: