Difference between revisions of "RMU build Gen-1.5: III. Maas - C. Share Services Via Teleport"
From Internet Computer Wiki
Katie.peters (talk | contribs) (Adding code) |
Katie.peters (talk | contribs) (Finished page (hopefully!)) |
||
| Line 33: | Line 33: | ||
login: "<admin user login>" | login: "<admin user login>" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | # Remove <code>commands:</code> section under <code>ssh_service:</code><syntaxhighlight lang="yaml"> | + | #* Remove <code>commands:</code> section under <code>ssh_service:</code><syntaxhighlight lang="yaml"> |
commands: | commands: | ||
- name: hostname | - name: hostname | ||
| Line 39: | Line 39: | ||
period: 1m0s | period: 1m0s | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | # Add <code>labels:</code> under <code>app_service: -> apps: -> <dc>-maas</code> service<syntaxhighlight lang="yaml"> | + | #* Add <code>labels:</code> under <code>app_service: -> apps: -> <dc>-maas</code> service<syntaxhighlight lang="yaml"> |
- name: <dc>-maas | - name: <dc>-maas | ||
uri: http://localhost:5240 | uri: http://localhost:5240 | ||
| Line 48: | Line 48: | ||
type: "maas" | type: "maas" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | # Sample <code>/etc/teleport.yaml</code> file | + | #* Sample <code>/etc/teleport.yaml</code> file<syntaxhighlight lang="yaml" line="1"> |
| + | version: v3 | ||
| + | teleport: | ||
| + | nodename: maas | ||
| + | data_dir: /var/lib/teleport | ||
| + | join_params: | ||
| + | token_name: /var/lib/teleport/token | ||
| + | method: token | ||
| + | proxy_server: teleport.<domain>:443 | ||
| + | log: | ||
| + | output: stderr | ||
| + | severity: INFO | ||
| + | format: | ||
| + | output: text | ||
| + | ca_pin: /var/lib/teleport/ca_pin | ||
| + | diag_addr: "" | ||
| + | auth_service: | ||
| + | enabled: "no" | ||
| + | ssh_service: | ||
| + | enabled: "yes" | ||
| + | labels: | ||
| + | dc: "<dc>" | ||
| + | login: "maas" | ||
| + | proxy_service: | ||
| + | enabled: "no" | ||
| + | https_keypairs: [] | ||
| + | https_keypairs_reload_interval: 0s | ||
| + | acme: {} | ||
| + | app_service: | ||
| + | enabled: "yes" | ||
| + | debug_app: false | ||
| + | apps: | ||
| + | - name: bo1-maas | ||
| + | uri: http://localhost:5240 | ||
| + | public_addr: "" | ||
| + | insecure_skip_verify: false | ||
| + | labels: | ||
| + | dc: "<dc>" | ||
| + | type: "maas" | ||
| + | </syntaxhighlight> | ||
# Add Teleport to <code>/etc/hosts</code> | # Add Teleport to <code>/etc/hosts</code> | ||
#*<code>sudo vi /etc/hosts</code> | #*<code>sudo vi /etc/hosts</code> | ||
Revision as of 19:27, 26 February 2024
This page is part of the Gen-1.5 RMU build runbook.
Go back to the previous section: B. Install Maas Software via APT
Ref: https://www.youtube.com/watch?v=cvW4b96aPL0
On the teleport server:
- Create a short lived token to “invite” the MaaS application
tctl tokens add --type=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240- Take note of the
tokenandca_pinvalues
On the maas server:
- Install the Teleport agent:
sudo curl <https://goteleport.com/static/install.sh> | bash -s <teleport version>
- create the Teleport application config:
sudo teleport configure --output=file --proxy=<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
- Save the token generated on the Teleport server:
sudo vi /var/lib/teleport/token
- Save the ca_pin generated on the Teleport server:
sudo vi /var/lib/teleport/ca_pin
- Edit the
/etc/teleport.yamlto update theca_pinresource:sudo vi /etc/teleport.yaml- Update the
ca_pinresource with the file path to the token/var/lib/teleport/ca_pin - Add
labels:section underssh_service:labels: dc: "<dc>" login: "<admin user login>"
- Remove
commands:section underssh_service:commands: - name: hostname command: [hostname] period: 1m0s
- Add
labels:underapp_service: -> apps: -> <dc>-maasservice- name: <dc>-maas uri: http://localhost:5240 public_addr: "" insecure_skip_verify: false labels: dc: "<dc>" type: "maas"
- Sample
/etc/teleport.yamlfile1version: v3 2teleport: 3 nodename: maas 4 data_dir: /var/lib/teleport 5 join_params: 6 token_name: /var/lib/teleport/token 7 method: token 8 proxy_server: teleport.<domain>:443 9 log: 10 output: stderr 11 severity: INFO 12 format: 13 output: text 14 ca_pin: /var/lib/teleport/ca_pin 15 diag_addr: "" 16auth_service: 17 enabled: "no" 18ssh_service: 19 enabled: "yes" 20 labels: 21 dc: "<dc>" 22 login: "maas" 23proxy_service: 24 enabled: "no" 25 https_keypairs: [] 26 https_keypairs_reload_interval: 0s 27 acme: {} 28app_service: 29 enabled: "yes" 30 debug_app: false 31 apps: 32 - name: bo1-maas 33 uri: http://localhost:5240 34 public_addr: "" 35 insecure_skip_verify: false 36 labels: 37 dc: "<dc>" 38 type: "maas"
- Add Teleport to
/etc/hostssudo vi /etc/hosts- add an entry of
10.10.100.22 <Domain name of your teleport server>Note: what you made here 
- Save and quit the file
- Start the Teleport agent:
sudo systemctl enable teleportsudo systemctl start teleport
Continue to next section: D. Initial Configuration of Maas Server
Go to the index of the Gen-1.5 RMU build runbook.