Skip to content

Bootstrap provisioner

Jump to bottom
mvgijssel edited this page May 26, 2023 · 3 revisions

Setup Server

  1. Add SSH - Provisioner Ed25519 SSH Key to 1Password and store in private Vault.

  2. Install Raspberry Pi Imager https://www.raspberrypi.com/software/

  3. Select Ubuntu Server 22.10 64-bit and flash to sd card.

  4. Use the Raspberry Pi Imager to set parts of the configuration already including public key SSH - Provisioner Ed25519

    image

  5. Flash the sd card and put into Raspberry Pi

  6. Update hostname and ip using Unifi:

    • ip: 192.168.1.31
    • hostname: provisioner

  7. Create tmp/1password-service-account-token-prod using item Service Account Auth Token: vgijssel-prod from vgijssel-prod 1Password Vault.

  8. Run provision SETUP_ENV=prod bazel run //provisioner:provision

Setup Teleport

  1. SSH into the provisioner ssh [email protected]
  2. Create the teleport-admin user sudo tctl users add teleport-admin --roles=editor,access --logins=ubuntu
  3. Setup password and MFA following the prompt

Setup BuildBuddy

  1. Login to the provisioner tsh ssh ubuntu@provisioner
  2. Create buildbuddy teleport user tctl users add --roles access buildbuddy
  3. Setup password and MFA following the prompt
  4. Create identity file expiring after 90 days tctl auth sign -o identity --user buildbuddy --format file --ttl 2160h
  5. Copy the content of the identity file
  6. Remove the identity file
  7. Navigate to https://app.buildbuddy.io/settings/org/secrets and create TELEPORT_BUILDBUDDY_IDENTITY with the file content
Clone this wiki locally