[Discussion] Teleport Setup Group

AndyatFocallocal · May 19, 2023, 8:53pm

I’ve set up this thread for us exploring and setting up Teleport. We can use this thread to chat about how its going, and any needs, suggestions or questions we have, and turn discussions here into tasks to be completed.

The current status is that myself, Tom and Marvelous have access and can make you an account and and grant you access when we are online at the same time. The reason is that the account creation link we send you needs to be clicked within 1hr or it expires. The BTM server is connected. The PHM and Master servers need to be connected.

The goals of this thread are to get all our servers setup on Teleport and good documentation created for everything we learn so its all as easy as possible for everyone who follows us.

AndyatFocallocal · May 22, 2023, 9:56am

Anyone online today to receive their link?

Marvelxy · May 23, 2023, 3:03pm

I’ve done the link part, right?

AndyatFocallocal · May 23, 2023, 3:07pm

Yes. Can you see anything listed in the ‘servers’ tab?

There seems to be an issue with it that Tom’s looking at now.

Marvelxy · May 23, 2023, 3:21pm

I don’t see anything listed.

okay

AndyatFocallocal · May 23, 2023, 3:23pm

Thanks. I guess its not yet set up correctly. we’re you able to access our server on Digital Ocean with the SSH key i hooked up?

If you want to have a chat with Tom on Slack to see if he needs any help with finding the issue with Teleport i’m sure he’d love that

Marvelxy · May 23, 2023, 3:25pm

Haven’t tried it yet, I will do that this week.

Marvelxy · May 23, 2023, 3:26pm

Since Tom is looking at it, we I won’t want to put pressure on him.

AndyatFocallocal · May 15, 2023, 10:20pm

[here’s a related post i’ve moved into this thread]

Huge thanks to @tmcnulty, we are back into Teleport

Its only currently set up for the BTM server, so we’ll need to set it up for PHM and our Testing Server, then you’ll all have access and also the ability to give others temporary access for events or trouble shooting.

@Marvelxy and @zhna123 i’ll set up you now. If anyone wants to take on this task and get all three servers set up with it that would be very useful

AndyatFocallocal · June 27, 2023, 4:35pm

Cool, thank you. If you want help i’m sure @gastonsk on and @zhna123 would be happy to join in as they are both eager for access. I just asked Tom if he’s available to look at it and he’s going to try and upgrade Teleport for us.

From memory there were two issues.

First was that there is some kind of hard coded redirect in the sever code for the testing server, forcing a redirect to the old url: https://testing.publichappinessmovement.com

This one doesn’t redirect, but also doesn’t run: https://testing-maps.publichappinessmovement.com

Tom suggested someone goes into the server and has a look around in the obvious places. @Marvelxy you already have access to Digital Ocean, when would you be able to take this on? I can also add an SSH key for either of the others if you’re busy as the Testing Server isn’t doing anything important right now.

The other one was that Teleport was giving with it requiring root access. So users either had full all areas access or no-access. The last suggestion i remember was that we remove PHM and BTM from Teleport for now and use it to allow full access to the Testing Server as he wasn’t sure if we could restrict it to the appropriate levels.

@tmcnulty is going to have a little look to see if that is resolved when Teleport is updated to the latest version first.

tmcnulty · June 27, 2023, 4:45pm

I upgraded Teleport. I hope it’d help with the roles not seeing servers? I have to touch every node and re-enroll them. Will probably upgrade the version on the nodes then too.

Teleport v13.1.4 git:api/v13.1.4-0-g25e6197 go1.20.5

I’ve reset access to one of the testing servers. When you log in to tools.focallocal.org you should see something like this:

Can someone confirm?

tmcnulty · June 27, 2023, 4:47pm

Resetting access on the other test machine is running now.

AndyatFocallocal · June 27, 2023, 4:56pm

I can’t seem to login. Will keep trying

AndyatFocallocal · June 27, 2023, 5:00pm

@tmcnulty can you send me another reset link. I think the upgrade may have locked the accounts down.

Can anyone else login?

AndyatFocallocal · June 27, 2023, 5:56pm

Thanks Tom. I’m in and i see this:

If anyone else needs their access reset just post here

AndyatFocallocal · June 27, 2023, 7:53pm

@tmcnulty I notice that in ‘Roles’ we appear to have the ability to refine what level of access each role gives users. Can that solve our permissions issue?

AndyatFocallocal · June 30, 2023, 8:04pm

@SysAdmin

The issue I mentioned in DMs is that the accounts seem to be sharing access with each other like a game of whack-a-mole, in that only one person can have access at a time and so sometimes an account has server access via Teleport, and sometimes it doesn’t.

That sounds pretty specific, can anyone find someone talking about a similar issue, and a suggestion to solve it?

AndyatFocallocal · July 4, 2023, 1:52am

@zhna123 can you please share your password question here as I’m not sure the answer. @tmcnulty @Marvelxy do you know the app-user password on the server?

AndyatFocallocal · July 4, 2023, 1:11pm

@zhna123, @tmcnulty is at work but has fixed the issue. You shouldn’t need a password now.

zhna123 · July 4, 2023, 3:32pm

Cool. Thank you all.