RMU build Gen-1.5: III. Maas - C. Share Services Via Teleport

From Internet Computer Wiki
Jump to: navigation, search

This page is part of the Gen-1.5 RMU build runbook.

Go back to the previous section: B. Install Maas Software via APT

C. Share Services Via Teleport

Ref: https://www.youtube.com/watch?v=cvW4b96aPL0

On the teleport server:

  1. Create a short lived token to “invite” the MaaS application
    • tctl tokens add --type=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
    • Take note of the token and ca_pin values

On the maas server:

  1. Install the Teleport agent:
    • sudo curl https://goteleport.com/static/install.sh | bash -s <teleport version>
  2. create the Teleport application config:
    • sudo teleport configure --output=file --proxy=<domain name>:443 --token=/var/lib/teleport/token --roles=app,node --app-name=<dc>-maas --app-uri=http://localhost:5240
    • Screenshot 2023-12-20 at 11.49.50 AM.png
  3. Save the token generated on the Teleport server:
    • sudo vi /var/lib/teleport/token
    • Screenshot 2023-10-30 at 3.36.42 PM.png
  4. Save the ca_pin generated on the Teleport server:
    • sudo vi /var/lib/teleport/ca_pin
    • Screenshot 2023-12-19 at 11.25.37 AM.png
  5. Edit the /etc/teleport.yaml to update the ca_pin resource:
    • sudo vi /etc/teleport.yaml
    • Update the ca_pin resource with the file path to the token /var/lib/teleport/ca_pin
    • Add labels: section under ssh_service:
      labels:
    dc: "<dc>"
    login: "<admin user login>"
    • Remove commands: section under ssh_service:
      commands:
  - name: hostname
    command: [hostname]
    period: 1m0s
    • Add labels: under app_service: -> apps: -> <dc>-maas service
      - name: <dc>-maas
    uri: http://localhost:5240
    public_addr: ""
    insecure_skip_verify: false
    labels:
      dc: "<dc>"
      type: "maas"
    • Sample /etc/teleport.yaml file
      version: v3
teleport:
  nodename: maas
  data_dir: /var/lib/teleport
  join_params:
    token_name: /var/lib/teleport/token
    method: token
  proxy_server: teleport.<domain>:443
  log:
    output: stderr
    severity: INFO
    format:
      output: text
  ca_pin: /var/lib/teleport/ca_pin
  diag_addr: ""
auth_service:
  enabled: "no"
ssh_service:
  enabled: "yes"
  labels:
    dc: "<dc>"
    login: "maas"
proxy_service:
  enabled: "no"
  https_keypairs: []
  https_keypairs_reload_interval: 0s
  acme: {}
app_service:
  enabled: "yes"
  debug_app: false
  apps:
  - name: bo1-maas
    uri: http://localhost:5240
    public_addr: ""
    insecure_skip_verify: false
    labels:
      dc: "<dc>"
      type: "maas"
  6. Add Teleport to /etc/hosts
    • sudo vi /etc/hosts
    • add an entry of 10.10.100.22 <Domain name of your teleport server> (what you made here)
    • Screenshot 2023-12-19 at 11.39.48 AM.png
    • Save and quit the file
  7. Start the Teleport agent:
    • sudo systemctl enable teleport
    • sudo systemctl start teleport

Continue to next section: D. Initial Configuration of Maas Server

Go to the index of the Gen-1.5 RMU build runbook.

Retrieved from "https://wiki.internetcomputer.org/w/index.php?title=RMU_build_Gen-1.5:_III._Maas_-_C._Share_Services_Via_Teleport&oldid=7738"