Difference between revisions of "RMU build Gen-1.5: III. Maas - C. Share Services Via Teleport"
From Internet Computer Wiki
Katie.peters (talk | contribs) (Adding code) |
Katie.peters (talk | contribs) (Finished page (hopefully!)) |
||
Line 33: | Line 33: | ||
login: "<admin user login>" | login: "<admin user login>" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | # Remove <code>commands:</code> section under <code>ssh_service:</code><syntaxhighlight lang="yaml"> | + | #* Remove <code>commands:</code> section under <code>ssh_service:</code><syntaxhighlight lang="yaml"> |
commands: | commands: | ||
- name: hostname | - name: hostname | ||
Line 39: | Line 39: | ||
period: 1m0s | period: 1m0s | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | # Add <code>labels:</code> under <code>app_service: -> apps: -> <dc>-maas</code> service<syntaxhighlight lang="yaml"> | + | #* Add <code>labels:</code> under <code>app_service: -> apps: -> <dc>-maas</code> service<syntaxhighlight lang="yaml"> |
- name: <dc>-maas | - name: <dc>-maas | ||
uri: http://localhost:5240 | uri: http://localhost:5240 | ||
Line 48: | Line 48: | ||
type: "maas" | type: "maas" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | # Sample <code>/etc/teleport.yaml</code> file | + | #* Sample <code>/etc/teleport.yaml</code> file<syntaxhighlight lang="yaml" line="1"> |
+ | version: v3 | ||
+ | teleport: | ||
+ | nodename: maas | ||
+ | data_dir: /var/lib/teleport | ||
+ | join_params: | ||
+ | token_name: /var/lib/teleport/token | ||
+ | method: token | ||
+ | proxy_server: teleport.<domain>:443 | ||
+ | log: | ||
+ | output: stderr | ||
+ | severity: INFO | ||
+ | format: | ||
+ | output: text | ||
+ | ca_pin: /var/lib/teleport/ca_pin | ||
+ | diag_addr: "" | ||
+ | auth_service: | ||
+ | enabled: "no" | ||
+ | ssh_service: | ||
+ | enabled: "yes" | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | login: "maas" | ||
+ | proxy_service: | ||
+ | enabled: "no" | ||
+ | https_keypairs: [] | ||
+ | https_keypairs_reload_interval: 0s | ||
+ | acme: {} | ||
+ | app_service: | ||
+ | enabled: "yes" | ||
+ | debug_app: false | ||
+ | apps: | ||
+ | - name: bo1-maas | ||
+ | uri: http://localhost:5240 | ||
+ | public_addr: "" | ||
+ | insecure_skip_verify: false | ||
+ | labels: | ||
+ | dc: "<dc>" | ||
+ | type: "maas" | ||
+ | </syntaxhighlight> | ||
# Add Teleport to <code>/etc/hosts</code> | # Add Teleport to <code>/etc/hosts</code> | ||
#*<code>sudo vi /etc/hosts</code> | #*<code>sudo vi /etc/hosts</code> |
Revision as of 19:27, 26 February 2024
This page is part of the Gen-1.5 RMU build runbook.
Go back to the previous section: B. Install Maas Software via APT
Ref: https://www.youtube.com/watch?v=cvW4b96aPL0
On the teleport
server:
- Create a short lived token to “invite” the MaaS application
tctl tokens add --type=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
- Take note of the
token
andca_pin
values
On the maas server
:
- Install the Teleport agent:
sudo curl <https://goteleport.com/static/install.sh> | bash -s <teleport version>
- create the Teleport application config:
- Save the token generated on the Teleport server:
- Save the ca_pin generated on the Teleport server:
- Edit the
/etc/teleport.yaml
to update theca_pin
resource:sudo vi /etc/teleport.yaml
- Update the
ca_pin
resource with the file path to the token/var/lib/teleport/ca_pin
- Add
labels:
section underssh_service:
labels: dc: "<dc>" login: "<admin user login>"
- Remove
commands:
section underssh_service:
commands: - name: hostname command: [hostname] period: 1m0s
- Add
labels:
underapp_service: -> apps: -> <dc>-maas
service- name: <dc>-maas uri: http://localhost:5240 public_addr: "" insecure_skip_verify: false labels: dc: "<dc>" type: "maas"
- Sample
/etc/teleport.yaml
file1version: v3 2teleport: 3 nodename: maas 4 data_dir: /var/lib/teleport 5 join_params: 6 token_name: /var/lib/teleport/token 7 method: token 8 proxy_server: teleport.<domain>:443 9 log: 10 output: stderr 11 severity: INFO 12 format: 13 output: text 14 ca_pin: /var/lib/teleport/ca_pin 15 diag_addr: "" 16auth_service: 17 enabled: "no" 18ssh_service: 19 enabled: "yes" 20 labels: 21 dc: "<dc>" 22 login: "maas" 23proxy_service: 24 enabled: "no" 25 https_keypairs: [] 26 https_keypairs_reload_interval: 0s 27 acme: {} 28app_service: 29 enabled: "yes" 30 debug_app: false 31 apps: 32 - name: bo1-maas 33 uri: http://localhost:5240 34 public_addr: "" 35 insecure_skip_verify: false 36 labels: 37 dc: "<dc>" 38 type: "maas"
- Add Teleport to
/etc/hosts
sudo vi /etc/hosts
- add an entry of
10.10.100.22 <Domain name of your teleport server>
Note: what you made here - Save and quit the file
- Start the Teleport agent:
sudo systemctl enable teleport
sudo systemctl start teleport
Continue to next section: D. Initial Configuration of Maas Server
Go to the index of the Gen-1.5 RMU build runbook.