RMU build Gen-1.5: III. Maas - C. Share Services Via Teleport

From Internet Computer Wiki
Jump to: navigation, search

This page is part of the Gen-1.5 RMU build runbook.

Go back to the previous section: B. Install Maas Software via APT

C. Share Services Via Teleport

Ref: https://www.youtube.com/watch?v=cvW4b96aPL0

On the teleport server:

  1. Create a short lived token to “invite” the MaaS application
    • tctl tokens add --type=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
    • Take note of the token and ca_pin values

On the maas server:

  1. Install the Teleport agent:
    • sudo curl https://goteleport.com/static/install.sh | bash -s <teleport version>
  2. create the Teleport application config:
    • sudo teleport configure --output=file --proxy=<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
    • Screenshot 2023-12-20 at 11.49.50 AM.png
  3. Save the token generated on the Teleport server:
    • sudo vi /var/lib/teleport/token
    • Screenshot 2023-10-30 at 3.36.42 PM.png
  4. Save the ca_pin generated on the Teleport server:
    • sudo vi /var/lib/teleport/ca_pin
    • Screenshot 2023-12-19 at 11.25.37 AM.png
  5. Edit the /etc/teleport.yaml to update the ca_pin resource:
    • sudo vi /etc/teleport.yaml
    • Update the ca_pin resource with the file path to the token /var/lib/teleport/ca_pin
    • Add labels: section under ssh_service:
      labels:
          dc: "<dc>"
          login: "<admin user login>"
      
    • Remove commands: section under ssh_service:
      commands:
        - name: hostname
          command: [hostname]
          period: 1m0s
      
    • Add labels: under app_service: -> apps: -> <dc>-maas service
      - name: <dc>-maas
          uri: http://localhost:5240
          public_addr: ""
          insecure_skip_verify: false
          labels:
            dc: "<dc>"
            type: "maas"
      
    • Sample /etc/teleport.yaml file
       1version: v3
       2teleport:
       3  nodename: maas
       4  data_dir: /var/lib/teleport
       5  join_params:
       6    token_name: /var/lib/teleport/token
       7    method: token
       8  proxy_server: teleport.<domain>:443
       9  log:
      10    output: stderr
      11    severity: INFO
      12    format:
      13      output: text
      14  ca_pin: /var/lib/teleport/ca_pin
      15  diag_addr: ""
      16auth_service:
      17  enabled: "no"
      18ssh_service:
      19  enabled: "yes"
      20  labels:
      21    dc: "<dc>"
      22    login: "maas"
      23proxy_service:
      24  enabled: "no"
      25  https_keypairs: []
      26  https_keypairs_reload_interval: 0s
      27  acme: {}
      28app_service:
      29  enabled: "yes"
      30  debug_app: false
      31  apps:
      32  - name: bo1-maas
      33    uri: http://localhost:5240
      34    public_addr: ""
      35    insecure_skip_verify: false
      36    labels:
      37      dc: "<dc>"
      38      type: "maas"
      
  6. Add Teleport to /etc/hosts
    • sudo vi /etc/hosts
    • add an entry of 10.10.100.22 <Domain name of your teleport server> (what you made here)
    • Screenshot 2023-12-19 at 11.39.48 AM.png
    • Save and quit the file
  7. Start the Teleport agent:
    • sudo systemctl enable teleport
    • sudo systemctl start teleport

Continue to next section: D. Initial Configuration of Maas Server

Go to the index of the Gen-1.5 RMU build runbook.