RMU build Gen-1.5: III. Maas - C. Share Services Via Teleport
From Internet Computer Wiki
This page is part of the Gen-1.5 RMU build runbook.
Go back to the previous section: B. Install Maas Software via APT
Ref: https://www.youtube.com/watch?v=cvW4b96aPL0
On the teleport
server:
- Create a short lived token to “invite” the MaaS application
tctl tokens add --type=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
- Take note of the
token
andca_pin
values
On the maas server
:
- Install the Teleport agent:
sudo curl https://goteleport.com/static/install.sh | bash -s <teleport version>
- create the Teleport application config:
- Save the token generated on the Teleport server:
- Save the ca_pin generated on the Teleport server:
- Edit the
/etc/teleport.yaml
to update theca_pin
resource:sudo vi /etc/teleport.yaml
- Update the
ca_pin
resource with the file path to the token/var/lib/teleport/ca_pin
- Add
labels:
section underssh_service:
labels: dc: "<dc>" login: "<admin user login>"
- Remove
commands:
section underssh_service:
commands: - name: hostname command: [hostname] period: 1m0s
- Add
labels:
underapp_service: -> apps: -> <dc>-maas
service- name: <dc>-maas uri: http://localhost:5240 public_addr: "" insecure_skip_verify: false labels: dc: "<dc>" type: "maas"
- Sample
/etc/teleport.yaml
file1version: v3 2teleport: 3 nodename: maas 4 data_dir: /var/lib/teleport 5 join_params: 6 token_name: /var/lib/teleport/token 7 method: token 8 proxy_server: teleport.<domain>:443 9 log: 10 output: stderr 11 severity: INFO 12 format: 13 output: text 14 ca_pin: /var/lib/teleport/ca_pin 15 diag_addr: "" 16auth_service: 17 enabled: "no" 18ssh_service: 19 enabled: "yes" 20 labels: 21 dc: "<dc>" 22 login: "maas" 23proxy_service: 24 enabled: "no" 25 https_keypairs: [] 26 https_keypairs_reload_interval: 0s 27 acme: {} 28app_service: 29 enabled: "yes" 30 debug_app: false 31 apps: 32 - name: bo1-maas 33 uri: http://localhost:5240 34 public_addr: "" 35 insecure_skip_verify: false 36 labels: 37 dc: "<dc>" 38 type: "maas"
- Add Teleport to
/etc/hosts
sudo vi /etc/hosts
- add an entry of
10.10.100.22 <Domain name of your teleport server>
(what you made here) - Save and quit the file
- Start the Teleport agent:
sudo systemctl enable teleport
sudo systemctl start teleport
Continue to next section: D. Initial Configuration of Maas Server
Go to the index of the Gen-1.5 RMU build runbook.