This page describes the necessary steps to perform an LDS upgrade when using just the lanscape-server package, that is, landscape-server-quickstart is not involved.
Shutdown all Landscape services in all machines, keeping just the database running. The clients also don't need to be touched.
This is a complex upgrade. Please read all steps carefully before attempting the upgrade to make sure you understand them all.
On the Database server
This LDS upgrade requires a new database and database user. Please run the following commands on the database server:
sudo -u postgres createuser -D -R -S -P clouddeck sudo -u postgres createdb landscape-standalone-clouddeck-main sudo -u postgres createdb landscape-standalone-clouddeck-account
Choose a good password for the clouddeck user when prompted. Take note of it as it will be needed later on.
Now allow the newly created clouddeck user to connect to the database. Edit /etc/postgresql/8.4/main/pg_hba.conf and edit the following line so that it contains clouddeck:
host all landscape,landscape_maintenance,landscape_superuser,clouddeck <IP-OF-APP> md5
Finally, restart PostgreSQL:
sudo /etc/init.d/postgresql-8.4 restart
This concludes the database part of the upgrade.
On the Application server
This section describes the changes needed on the application server.
Upgrade landscape-server
Please upgrade the landscape-server package:
sudo apt-get update sudo apt-get install landscape-server
During the upgrade, you will get questions about some configuration files that have changed (/etc/landscape/service.conf and /etc/default/landscape-server). This is expected: answer "N", so that the existing files remain untouched!
After the new package is installed, it will try to start the Landscape services again. If you are upgrading to version 11.03, please stop the services manually at this point:
for n in /etc/init.d/landscape-{api,appserver,async-frontend,combo-loader,job-handler,msgserver,pingserver}; do sudo $n stop; done
If you have chosen to not run schema upgrades automatically during package upgrades (a setting in /etc/default/landscape-server), then please run this command now to perform the upgrade:
sudo setup-landscape-server
Adjust rabbitmq
Unfortunately this specific rabbitmq version upgrade removes the existing users, so we need to recreate the landscape user. Please run the commands listed below and choose a good password for the landscape user:
sudo rabbitmqctl add_user landscape <password> sudo rabbitmqctl add_vhost landscape sudo rabbitmqctl set_permissions -p landscape landscape ".*" ".*" ".*"
Now edit /etc/landscape/service.conf and set the password line in the [broker] configuration to the password you chose above:
[broker] (...) password = <password>
Bootstrap clouddeck
Cloud Deck is the new cloud infrastructure used by Landscape. Please see CloudDeck and CloudDeckQuickStart for details.
Let's configure its database access. Edit /etc/clouddeck/stores.cfg and change the following:
in the [main-store] section:
password: use the password for the clouddeck user created in the database server earlier
host: use the IP or hostname of the database server
database: set it to landscape-standalone-clouddeck-main
in the [account-store] section:
password: use the password for the clouddeck user created in the database server earlier
host: use the IP or hostname of the database server
database: set it to landscape-standalone-clouddeck-account
Now let's bootstrap these databases, which takes only a few seconds. Run the following command:
sudo clouddeck-schema /etc/clouddeck/stores.cfg
We want clouddeck to start at boot, so change /etc/default/clouddeck:
RUN="1"
Now we need to create a service manager that Landscape can use. Below is the command to run and what its output looks like:
$ sudo clouddeck create-service-manager landscape | sed -e 's,access-key,service_access_key,;s,secret-key,service_secret_key,' service_access_key = JAIW0A3IUC8JBNHM08F3 service_secret_key = 0ipXHWSsJqKK/YhCO2/BadL5fVTgwIJFeovh9zaS
The sed bit is just to slightly change the names of the keywords that are returned by the clouddeck command to match what we need to use in the Landscape configuration file.
Add a [clouddeck] section to the /etc/landscape/service.conf file, together with the two lines you got from running the command above. It should look like this:
[clouddeck] service_uri = http://localhost:8500 service_access_key = JAIW0A3IUC8JBNHM08F3 service_secret_key = 0ipXHWSsJqKK/YhCO2/BadL5fVTgwIJFeovh9zaS ec2_uri = https://<hostname>:443/cloud/
Replace <hostname> with the FQDN of your LDS installation.
Finally, edit /etc/clouddeck/ec2.cfg and set root-url in its [ec2-api] section to exactly the same value as ec2_uri above:
[ec2-api] max-threads = 10 port = 8600 root-url = https://<hostname>:443/cloud/
Update /etc/default/landscape-server
There are a couple of new services available in this version of LDS. Please update the /etc/default/landscape-server with the following lines if they weren't added by the package already:
RUN_APISERVER="no" RUN_COMBO_LOADER="no"
There is a new feature that can be enabled in this file: the possibility of starting more than one instance of the application, message or ping server. If your hardware has several cores and enough memory (4Gb or more), running two or more of each will improve performance.
To run multiple instances of a service, just set the value in the respective RUN_ line to the number of instances. For example, if you want to run two message servers, just set:
RUN_MSGSERVER="2"
In order to take advantage of this multiple-instances setting, you need to configure some sort of load balancer or proxy. See the README.multiple-services file in the landscape-server package documentation directory for an example using Apache's proxy_loadbalancer module.
Update /etc/landscape/service.conf
The main LDS configuration file needs many changes. Please update /etc/landscape/service.conf as described below:
[combo-loader]
Add a [combo-loader] section:
[combo-loader] base-port = 9070 threads = 10
[job-handler]
Add the following lines to the existing [job-handler] section:
diskstore = /var/lib/landscape/landscape-disk-store mailer = queue mailer-path = /var/lib/landscape/landscape-mail-queue-1
[api]
Changes to the existing [api] section:
- add the following lines:
mailer = queue mailer-path = /var/lib/landscape/landscape-mail-queue-1
change the base-port number:
base-port = 9080
[maintenance] and [scripts]
Replace the mailer-path line in the existing [maintenance] and [scripts] sections to:
mailer-path = /var/lib/landscape/landscape-mail-queue-1
[pingserver]
Changes to the existing [pingserver] section:
replace the pingtracker_log line with:
pingtracker_log = /var/log/landscape/pingtracker-%(instance)s.log
change the base-port number to:
base-port = 8070
[message-server]
Changes to the existing [message-server] section:
replace the access-log line with:
access-log = message_server_access-%(instance)s.log
replace the event-log line with:
event-log = message_server-%(instance)s.log
replace the oops-key line with:
oops-key = DM%(instance-letter)s
replace the base-port line with:
base-port = 8090
[landscape]
Changes to the existing [landscape] section:
replace the access-log line with:
access-log = landscape_access-%(instance)s.log
replace the oops-key line with:
oops-key = DF%(instance-letter)s
replace the mailer-path line with:
mailer-path = /var/lib/landscape/landscape-mail-queue-%(instance)s
replace the event-log line with:
event-log = landscape-%(instance)s.log
Update the Apache configuration for the LDS vhost
We need to basically change the port numbers of some existing services and add redirect rules for new services. Please edit the Apache vhost configuration file for Landscape (usually /etc/apache2/sites-available/landscape) and follow the instructions below carefully.
change the existing ping server RewriteRule to use the port 8070:
RewriteRule ^/ping$ http://localhost:8070/ping [P]
change the existing message server RewriteRule to use the port 8090. Keep your original hostname after the https part:
RewriteRule ^/message-system http://localhost:8090/++vh++https:@hostname@:443/++/message-system [P,L]
add the following new RewriteRules right below the existing /ajax one and add the L flag to the /ajax rule, so it looks like this:
RewriteRule ^/ajax http://localhost:9090/ [P,L] RewriteRule ^/combo http://localhost:9070/ [P,L] RewriteRule ^/api http://localhost:9080/ [P,L] RewriteRule ^/cloud/(.*) http://localhost:8600/$1 [P,L]
add the following ProxyTimeout directive to the https vhost. For example, right after the existing SSLCertificateKeyFile directive:
# Try to keep this close to the storm timeout. Not less, maybe slightly # more ProxyTimeout 305
remove the L flag from the /r/ RewriteRule in the https vhost so that line reads as follows:
<VirtualHost *:443> (...) RewriteRule ^/r/([^/]+)/(.*) /$2
Now please restart Apache:
sudo /etc/init.d/apache2 restart
Start services
Finally it's time to start the services. Let's begin with clouddeck:
sudo /etc/init.d/clouddeck start
This will start three services: clouddeck-service, clouddeck-poller and clouddeck-ec2.
Now it's Landscape's turn:
for n in /etc/init.d/landscape-{api,appserver,async-frontend,job-handler,msgserver,pingserver,combo-loader}; do sudo $n start; done
They may take a few seconds to start, even though the initscript already returned. After a while, list the running processes. You should see something like this (example with /etc/default/landscape-server configured to start two instances of the ping, app and message servers):
(...) 5195 ? S 0:00 /usr/bin/python /usr/bin/clouddeck-service /etc/clouddeck --logfile=(...) 5202 ? Sl 0:00 /usr/bin/python /usr/bin/clouddeck-poller /etc/clouddeck --logfile=(...) 5211 ? S 0:00 /usr/bin/python /usr/bin/clouddeck-ec2 /etc/clouddeck --logfile=(...) 5264 ? D 0:01 /usr/bin/python /usr/bin/twistd -y /opt/canonical/landscape/api (...) 5281 ? D 0:01 python /opt/canonical/landscape/landscape 5292 ? D 0:01 python /opt/canonical/landscape/landscape 5338 ? D 0:01 /usr/bin/python /usr/bin/twistd -y /opt/canonical/landscape/job-handler (...) 5358 ? D 0:01 python /opt/canonical/landscape/message-server 5370 ? D 0:01 python /opt/canonical/landscape/message-server 5388 ? R 0:01 /usr/bin/python /usr/bin/twistd -y /opt/canonical/landscape/pingserver (...) 5400 ? R 0:01 /usr/bin/python /usr/bin/twistd -y /opt/canonical/landscape/pingserver (...) 5429 ? R 0:01 /usr/bin/python /usr/bin/twistd -y /opt/canonical/landscape/combo-loader (...) 5441 ? Sl 0:00 /usr/bin/python /usr/bin/twistd -y /opt/canonical/landscape/async-frontend (...)