RMU build Gen-1.5: III. Maas - C. Share Services Via Teleport

From Internet Computer Wiki
Jump to: navigation, search

This page is part of the Gen-1.5 RMU build runbook.

Go back to the previous section: B. Install Maas Software via APT

C. Share Services Via Teleport

Ref: https://www.youtube.com/watch?v=cvW4b96aPL0

On the teleport server:

  1. Create a short lived token to “invite” the MaaS application
    • tctl tokens add --type=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
    • Take note of the token and ca_pin values

On the maas server:

  1. Install the Teleport agent:
    • sudo curl https://goteleport.com/static/install.sh | bash -s <teleport version>
  2. create the Teleport application config:
    • sudo teleport configure --output=file --proxy=<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
    • Screenshot 2023-12-20 at 11.49.50 AM.png
  3. Save the token generated on the Teleport server:
    • sudo vi /var/lib/teleport/token
    • Screenshot 2023-10-30 at 3.36.42 PM.png
  4. Save the ca_pin generated on the Teleport server:
    • sudo vi /var/lib/teleport/ca_pin
    • Screenshot 2023-12-19 at 11.25.37 AM.png
  5. Edit the /etc/teleport.yaml to update the ca_pin resource:
    • sudo vi /etc/teleport.yaml
    • Update the ca_pin resource with the file path to the token /var/lib/teleport/ca_pin
    • Add labels: section under ssh_service:
      labels:
    dc: "<dc>"
    login: "<admin user login>"
    • Remove commands: section under ssh_service:
      commands:
  - name: hostname
    command: [hostname]
    period: 1m0s
    • Add labels: under app_service: -> apps: -> <dc>-maas service
      - name: <dc>-maas
    uri: http://localhost:5240
    public_addr: ""
    insecure_skip_verify: false
    labels:
      dc: "<dc>"
      type: "maas"
    • Sample /etc/teleport.yaml file
       1version: v3
 2teleport:
 3  nodename: maas
 4  data_dir: /var/lib/teleport
 5  join_params:
 6    token_name: /var/lib/teleport/token
 7    method: token
 8  proxy_server: teleport.<domain>:443
 9  log:
10    output: stderr
11    severity: INFO
12    format:
13      output: text
14  ca_pin: /var/lib/teleport/ca_pin
15  diag_addr: ""
16auth_service:
17  enabled: "no"
18ssh_service:
19  enabled: "yes"
20  labels:
21    dc: "<dc>"
22    login: "maas"
23proxy_service:
24  enabled: "no"
25  https_keypairs: []
26  https_keypairs_reload_interval: 0s
27  acme: {}
28app_service:
29  enabled: "yes"
30  debug_app: false
31  apps:
32  - name: bo1-maas
33    uri: http://localhost:5240
34    public_addr: ""
35    insecure_skip_verify: false
36    labels:
37      dc: "<dc>"
38      type: "maas"
  6. Add Teleport to /etc/hosts
    • sudo vi /etc/hosts
    • add an entry of 10.10.100.22 <Domain name of your teleport server> (what you made here)
    • Screenshot 2023-12-19 at 11.39.48 AM.png
    • Save and quit the file
  7. Start the Teleport agent:
    • sudo systemctl enable teleport
    • sudo systemctl start teleport

Continue to next section: D. Initial Configuration of Maas Server

Go to the index of the Gen-1.5 RMU build runbook.

Retrieved from "https://wiki.internetcomputer.org/w/index.php?title=RMU_build_Gen-1.5:_III._Maas_-_C._Share_Services_Via_Teleport&oldid=7738"