RMU build Gen-1.5: II. Teleport - B. Install Teleport Software
From Internet Computer Wiki
This page is part of the Gen-1.5 RMU build runbook.
Go back to the previous section: A. Create Teleport CT
B. Install Teleport Software
- Update the Teleport host:
- Select
RMU
>122 (teleport)
>Console
- Login with
root
and the password you set when creating the container. - Run the following commands one at a time:
bash apt update apt upgrade -y reboot
- Select
- Login to the teleport server again if necessary, then create a non-root administrator account (feel free to replace
admin
with whatever you like):useradd -u1000 -U -m -c "Admin" -s /bin/bash admin
- Install Teleport:
- Browse to the following link: https://github.com/gravitational/teleport/releases
- Edit the following command with the most updated version number on that page that has the
Latest
tag - Edit the email address & cluster-name to your own:
- NOTE: cluster-name should tie back to your domain and DNS records created earlier
teleport.<domain>
(here)
- NOTE: cluster-name should tie back to your domain and DNS records created earlier
- Then run the command:<syntax
bash teleport configure -o file \ --acme --acme-email=<email address> \ --cluster-name=teleport.<domain>
- With your favorite editor, open the
/etc/teleport.yaml
file and make the following adjustments:- Under
ssh_service:
- Add
labels:
section:yaml labels: dc: "<dc>" login: "<admin user login>"
- Remove `commands: section:
yaml commands: - name: hostname command: [hostname] period: 1m0s
- Save and quit the file.
- Add
- Under
- Start the teleport service:
yaml systemctl enable teleport systemctl start teleport
- Create a
teleport
directory in theroot
home directory.mkdir teleport
- Use your favorite text editor and create a yaml file in
/root/teleport/
, feel free to name this yaml file to whatever you like. However make sure you also change the name in themetadata.name
field. Also take notice of the<admin>
listed inlogins:
, change this to whatever you set your username to be. - In
/root/teleport/team.yaml
:yaml kind: role version: v7 metadata: name: team spec: allow: # List of logins to try for ssh logins: [root, ubuntu, <admin>, '{{internal.logins}}'] # Allow PFOps access to all nodes (ssh) node_labels: '*': '*' # Automatic sudoers entry upon login host_sudoers: - 'ALL=(ALL) NOPASSWD: ALL' # Allow PFOps to access all Apps (web, etc) app_labels: '*': '*' # Future K8S stuff kubernetes_groups: ['{{internal.kubernetes_groups}}'] kubernetes_labels: '*': '*' kubernetes_resources: - kind: '*' namespace: '*' name: '*' verbs: ['*']
- Run the following command to import it into the Teleport server:
tctl create -f /root/teleport/team.yaml
- Create users (invitation links will be good for 24h):
- To add users, run the following using this exact syntax:
for USER in <username> <username> <username> <username>; do tctl users add --roles=team --ttl=24h ${USER} done
- The above command generates a URL for every user listed. Click on the link with the respected user, and you will be directed to a page to configure a password and Multi-factor authentication.
- Scan the QR Code with a Multi-factor authentication app.
- To add users, run the following using this exact syntax:
- Once complete, you will be brought to the teleport home screen.
Go to the index of the Gen-1.5 RMU build runbook.