RMU build Gen-1.5: II. Teleport - B. Install Teleport Software

This page is part of the Gen-1.5 RMU build runbook.

Go back to the previous section: A. Create Teleport CT

B. Install Teleport Software

Update the Teleport host:
- Select RMU > 122 (teleport) > Console
- Login with root and the password you set when creating the container.
- Run the following commands one at a time:
```
bash
        apt update
        apt upgrade -y
        reboot
```
Login to the teleport server again if necessary, then create a non-root administrator account (feel free to replace admin with whatever you like):useradd -u1000 -U -m -c "Admin" -s /bin/bash admin
Install Teleport:
- Browse to the following link: https://github.com/gravitational/teleport/releases
- Edit the following command with the most updated version number on that page that has the Latest tag
  - ```
  jsx
          apt install curl net-tools -y
          curl https://goteleport.com/static/install.sh | bash -s <teleport version>
```
- Edit the email address & cluster-name to your own:
  - NOTE: cluster-name should tie back to your domain and DNS records created earlier teleport.<domain> (here)
- Then run the command:<syntax
```
bash
        teleport configure -o file \
            --acme --acme-email=<email address> \
            --cluster-name=teleport.<domain>
```

With your favorite editor, open the /etc/teleport.yaml file and make the following adjustments:

Under ssh_service:

Add labels: section:

yaml
            labels:
                dc: "<dc>"
                login: "<admin user login>"

Remove `commands: section:

yaml
            commands:
              - name: hostname
                command: [hostname]
                period: 1m0s

Save and quit the file.

Start the teleport service:

yaml
    systemctl enable teleport
    systemctl start teleport

Create a teleport directory in the root home directory.mkdir teleport
Use your favorite text editor and create a yaml file in /root/teleport/, feel free to name this yaml file to whatever you like. However make sure you also change the name in the metadata.name field. Also take notice of the <admin> listed in logins:, change this to whatever you set your username to be.

In /root/teleport/team.yaml:

yaml
    kind: role
    version: v7
    metadata:
      name: team
    spec:
      allow:
        # List of logins to try for ssh
        logins: [root, ubuntu, <admin>, '{{internal.logins}}']
    
        # Allow PFOps access to all nodes (ssh)
        node_labels:
          '*': '*'
    
        # Automatic sudoers entry upon login
        host_sudoers:
        - 'ALL=(ALL) NOPASSWD: ALL'
    
        # Allow PFOps to access all Apps (web, etc)
        app_labels:
          '*': '*'
    
        # Future K8S stuff
        kubernetes_groups: ['{{internal.kubernetes_groups}}']
        kubernetes_labels:
          '*': '*'
        kubernetes_resources:
          - kind: '*'
            namespace: '*'
            name: '*'
            verbs: ['*']

Run the following command to import it into the Teleport server: tctl create -f /root/teleport/team.yaml
Create users (invitation links will be good for 24h):
- To add users, run the following using this exact syntax:
```
for USER in <username> <username> <username> <username>; do
  tctl users add --roles=team --ttl=24h ${USER}
done
```
- The above command generates a URL for every user listed. Click on the link with the respected user, and you will be directed to a page to configure a password and Multi-factor authentication.
- Scan the QR Code with a Multi-factor authentication app.
Once complete, you will be brought to the teleport home screen.

Continue to next section: C. Share RMU Services Via Teleport

Go to the index of the Gen-1.5 RMU build runbook.