Landscape Dedicated Server Quickstart Guide

You will need a CA signed SSL certificate. For instructions, please see this tutorial. To get started with LDS, open a terminal and enter the code as shown in the following steps:

1. Install PostgreSQL and required libraries.

  $ sudo apt-get install postgresql-8.4 python-smartpm postgresql-plpython-8.4

2. Create a landscape superuser.

 $ sudo -u postgres createuser --createdb --createrole --superuser --pwprompt landscape_superuser

3. Configure PostgreSQL.

 $ sudo vi /etc/postgresql/8.4/main/pg_hba.conf

And add the following line BEFORE the local all all ident line:

local all landscape,landscape_maintenance md5

Here is an example that shows the lines beginning with local. The order of lines is important:

local   all         postgres                          ident
local all landscape,landscape_maintenance md5
local   all         all                               ident

This allows users to connect to the loopback device, and authenticate with an md5 encrypted password.

Tell PostgreSQL to reload its configuration

 $ sudo /etc/init.d/postgresql-8.4 reload

4. Configure your apt sources.list file.

Visit https://launchpad.net/ and click on your username in the top right hand of the page.

Click the View your private PPA subscriptions link in the middle of the page.

This gives you a list of the PPAs you are subscribed to. Click on the View link for the Landscape Standalone Package PPA. Copy and paste the "deb" line into your sources.list file.

 $ sudo vi /etc/apt/sources.list

Now you need to add the key for this source to your package keyring.

 $ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4652B4E6

Now you need to update your APT package database.

 $ sudo apt-get update

Next you can install the landscape-server package.

 $ sudo apt-get install landscape-server

This pulls in a number of dependencies, and prompts you to configure LDS.

When prompted, enter the "landscape_superuser". Select password authentication, and enter the password you entered above.

5. Configure RabbitMQ

 $ sudo rabbitmqctl add_user landscape landscape
 $ sudo rabbitmqctl add_vhost landscape
 $ sudo rabbitmqctl set_permissions -p landscape landscape "" ".*" ".*"

6. Bootstrap the Landscape databases and settings.

The system prompts you to run setup-landscape-server after completing the installation.

 $ sudo setup-landscape-server

This will create two new users: "landscape" and "landscape_maintenance". It will also setup the Landscape database schema.

7. Configure Landscape Services to run.

Now, you need to modify /etc/default/landscape-server:

 $ sudo vi /etc/default/landscape-server

And change RUN_ALL to be "yes".

You can now either start all the services manually, or restart the machine.

8. Configure Apache

Create an Apache Virtual Host.

 $ sudo vi /etc/apache2/sites-available/landscape

Now copy and paste the configuration file below. Please read the comments in the file and enter the correct values. You need to change the following:

  • hostname
  • path to certificate and key files

<VirtualHost *:80>

    # This Hostname is the HTTP/1.1 hostname that users and Landscape clients will access
    # It must be the same as your SSL Certificate's CommonName
    # And the DNS Hostname for this machine
    # It is not recommended that you use an IP address here...
    ServerName <hostname>
    ServerAdmin webmaster@<hostname>
    ErrorLog /var/log/apache2/landscape.error-log
    CustomLog /var/log/apache2/landscape.access-log combined
    DocumentRoot /opt/canonical/landscape/canonical/landscape

    ErrorLog /var/log/apache2/landscape.local.error-log
    CustomLog /var/log/apache2/landscape.local.access-log combined

    # Set a Via header in outbound requests to the proxy, so proxied apps can
    # know who the actual client is
    ProxyVia on
    ProxyTimeout 10

    <Directory "/">
      Options +Indexes
      Order deny,allow
      Allow from all
      ErrorDocument 403 /static/offline/unauthorized.html
      ErrorDocument 404 /static/offline/notfound.html
    </Directory>

    Alias /packages /opt/canonical/landscape/packages
    Alias /static /opt/canonical/landscape/canonical/static

    <Directory "/opt/canonical/landscape/packages">
        Order allow,deny
        Allow from all
    </Directory>
    <Location "/packages">
        Order allow,deny
        Allow from all
    </Location>
   <Location "/icons">
        Order allow,deny
        Allow from all
   </Location>
   <Location "/ping">
        Order allow,deny
        Allow from all
    </Location>

    <Location "/message-system">
        Order allow,deny
        Allow from all 
    </Location>

   <Location "/r">
      FileETag none
      ExpiresActive on
      ExpiresDefault "access plus 10 years"
      Header append Cache-Control "public"
   </Location>

    RewriteEngine On

    RewriteRule ^/r/([^/]+)/(.*) /$2 [L]

    # The Landscape Ping Server runs on port 8082
    RewriteRule ^/ping$ http://localhost:8082/ping [P]

    RewriteCond %{REQUEST_URI} !/server-status
    RewriteCond %{REQUEST_URI} !/icons
    RewriteCond %{REQUEST_URI} !/static
    RewriteCond %{REQUEST_URI} !/packages
    RewriteCond %{REQUEST_URI} !/handle_messages
    RewriteCond %{REQUEST_URI} !/message-system

    # Replace the <hostname> with the DNS hostname for this machine.
    # If you change the port number that Apache is providing SSL on, you must change the 
    # port number 443 here.
    RewriteRule ^/(.*) https://<hostname>:443/$1 [R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName <hostname>
    ServerAdmin webmaster@<hostname>

    ErrorLog /var/log/apache2/landscape.error-log
    CustomLog /var/log/apache2/landscape.access-log combined

    DocumentRoot /opt/canonical/landscape/canonical/landscape

    SSLEngine On
    SSLCertificateFile <enter the path to your SSL .crt file>
    SSLCertificateKeyFile <enter the path to your SSL .key file>
    # If you have either an SSLCertificateChainFile or, a self-signed CA signed certificate
    # uncomment the line below.
    # SSLCertificateChainFile /etc/ssl/certs/landscape_server_ca.crt

    <Directory "/">
      Options -Indexes
      Order deny,allow
      Allow from all
      ErrorDocument 403 /static/offline/unauthorized.html
      ErrorDocument 404 /static/offline/notfound.html
    </Directory>

    <Location "/ajax">
      Order allow,deny
      Allow from all
    </Location>

   Alias /config /opt/canonical/landscape/apacheroot
   Alias /hash-id-databases /var/lib/landscape/hash-id-databases

    ProxyRequests off
    <Proxy *>
       Order deny,allow
       Allow from all
       ErrorDocument 403 /static/offline/unauthorized.html
       ErrorDocument 500 /static/offline/exception.html
       ErrorDocument 502 /static/offline/unplanned-offline.html
       ErrorDocument 503 /static/offline/unplanned-offline.html
    </Proxy>

    ProxyPass /robots.txt !
    ProxyPass /favicon.ico !
    ProxyPass /static !

    ProxyPreserveHost on


   <Location "/r">
      FileETag none
      ExpiresActive on
      ExpiresDefault "access plus 10 years"
      Header append Cache-Control "public"
   </Location>

    RewriteEngine On

    RewriteRule ^/r/([^/]+)/(.*) /$2 [L]
    RewriteRule ^/.*\+\+.* / [F]

    # We have two Landscape servers, one running on port 8080 and the other on
    # port 8081
    # Port 8080 is the Web-UI for users, port 8081 is the message server.

    # Replace the <hostname> with the DNS hostname for this machine.
    # If you change the port number that Apache is providing SSL on, you must change the 
    # port number 443 here.
    RewriteRule ^/message-system http://localhost:8081/++vh++https:<hostname>:443/++/message-system [P]

    RewriteRule ^/ajax http://localhost:9090/ [P]
    RewriteCond %{REQUEST_URI} !/robots.txt
    RewriteCond %{REQUEST_URI} !/favicon.ico
    RewriteCond %{REQUEST_URI} !/static
    RewriteCond %{REQUEST_URI} !/config
    RewriteCond %{REQUEST_URI} !/hash-id-databases

    # Replace the <hostname> with the DNS hostname for this machine.
    # If you change the port number that Apache is providing SSL on, you must change the 
    # port number 443 here.
    RewriteRule ^/(.*) http://localhost:8080/++vh++https:<hostname>:443/++/$1 [P]


    <Location /handle_messages>
      Order allow,deny
      Deny from all
    </Location>

    <Location /message-system>
      Order allow,deny
      Allow from all
    </Location>

    <Location />
        # Insert filter
        SetOutputFilter DEFLATE

        # Don't compress images or .debs
        SetEnvIfNoCase Request_URI \
        \.(?:gif|jpe?g|png|deb)$ no-gzip dont-vary

        # Make sure proxies don't deliver the wrong content
        Header append Vary User-Agent env=!dont-vary
    </Location>

</VirtualHost>

You can now enable this site with:

  $ sudo a2ensite landscape

After, we need to reload the apache configuration:

  $ sudo service apache2 reload

9. Setup the initial user

Visit https://<servername>/new-standalone-user

This prompts you to enter a username/password and create an account, and grants you access to the account.

10. Configure your first client...

$ sudo landscape-config --computer-title "My First Computer" --account-name standalone --url https://<servername>/message-system --ping-url http://<servername>/ping

You can now accept your client in the Landscape UI, and it begins to upload data.

11. Setup a mail alias for the landscape user

We recommend adding an alias for user landscape on your local environment, to ensure that important system emails get attention.

$ sudo vim /etc/aliases

Add a line landscape:        <insert recipient's email address> to this file and rebuild your aliases

$ sudo /usr/bin/newaliases

LDS/QuickStartElaineEdit (last edited 2010-09-13 22:19:23 by culross7)