Differences between revisions 33 and 34
Revision 33 as of 2010-08-30 17:17:42
Size: 10462
Editor: culross7
Comment:
Revision 34 as of 2010-09-13 22:19:23
Size: 10466
Editor: culross7
Comment:
Deletions are marked like this. Additions are marked like this.
Line 31: Line 31:
Here is an example that shows the lines beginning with `local`. The sequence of lines is important: Here is an example that shows the lines beginning with `local`. The order of lines is important:
Line 52: Line 52:
This gives you a list of the PPAs you are subscribed to, click on the '''View''' link for the '''Landscape Standalone Package''' PPA, copy and paste the "deb" line into your sources.list file. This gives you a list of the PPAs you are subscribed to. Click on the '''View''' link for the '''Landscape Standalone Package''' PPA. Copy and paste the "deb" line into your sources.list file.
Line 78: Line 78:
When prompted, enter the "landscape_superuser", select password authentication, and enter the password you entered above. When prompted, enter the "landscape_superuser". Select password authentication, and enter the password you entered above.
Line 96: Line 96:
This will create two new users, "landscape" and "landscape_maintenance", and setup the Landscape database schema.

== 7. Configuring Landscape Services to run. ==
This will create two new users: "landscape" and "landscape_maintenance". It will also setup the Landscape database schema.

== 7. Configure Landscape Services to run. ==
Line 118: Line 118:
And copy and paste the configuration file below. Please read the comments in the file and enter the correct values. You need to change the following: Now copy and paste the configuration file below. Please read the comments in the file and enter the correct values. You need to change the following:

Landscape Dedicated Server Quickstart Guide

You will need a CA signed SSL certificate. For instructions, please see this tutorial. To get started with LDS, open a terminal and enter the code as shown in the following steps:

1. Install PostgreSQL and required libraries.

  $ sudo apt-get install postgresql-8.4 python-smartpm postgresql-plpython-8.4

2. Create a landscape superuser.

 $ sudo -u postgres createuser --createdb --createrole --superuser --pwprompt landscape_superuser

3. Configure PostgreSQL.

 $ sudo vi /etc/postgresql/8.4/main/pg_hba.conf

And add the following line BEFORE the local all all ident line:

local all landscape,landscape_maintenance md5

Here is an example that shows the lines beginning with local. The order of lines is important:

local   all         postgres                          ident
local all landscape,landscape_maintenance md5
local   all         all                               ident

This allows users to connect to the loopback device, and authenticate with an md5 encrypted password.

Tell PostgreSQL to reload its configuration

 $ sudo /etc/init.d/postgresql-8.4 reload

4. Configure your apt sources.list file.

Visit https://launchpad.net/ and click on your username in the top right hand of the page.

Click the View your private PPA subscriptions link in the middle of the page.

This gives you a list of the PPAs you are subscribed to. Click on the View link for the Landscape Standalone Package PPA. Copy and paste the "deb" line into your sources.list file.

 $ sudo vi /etc/apt/sources.list

Now you need to add the key for this source to your package keyring.

 $ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4652B4E6

Now you need to update your APT package database.

 $ sudo apt-get update

Next you can install the landscape-server package.

 $ sudo apt-get install landscape-server

This pulls in a number of dependencies, and prompts you to configure LDS.

When prompted, enter the "landscape_superuser". Select password authentication, and enter the password you entered above.

5. Configure RabbitMQ

 $ sudo rabbitmqctl add_user landscape landscape
 $ sudo rabbitmqctl add_vhost landscape
 $ sudo rabbitmqctl set_permissions -p landscape landscape "" ".*" ".*"

6. Bootstrap the Landscape databases and settings.

The system prompts you to run setup-landscape-server after completing the installation.

 $ sudo setup-landscape-server

This will create two new users: "landscape" and "landscape_maintenance". It will also setup the Landscape database schema.

7. Configure Landscape Services to run.

Now, you need to modify /etc/default/landscape-server:

 $ sudo vi /etc/default/landscape-server

And change RUN_ALL to be "yes".

You can now either start all the services manually, or restart the machine.

8. Configure Apache

Create an Apache Virtual Host.

 $ sudo vi /etc/apache2/sites-available/landscape

Now copy and paste the configuration file below. Please read the comments in the file and enter the correct values. You need to change the following:

  • hostname
  • path to certificate and key files

<VirtualHost *:80>

    # This Hostname is the HTTP/1.1 hostname that users and Landscape clients will access
    # It must be the same as your SSL Certificate's CommonName
    # And the DNS Hostname for this machine
    # It is not recommended that you use an IP address here...
    ServerName <hostname>
    ServerAdmin webmaster@<hostname>
    ErrorLog /var/log/apache2/landscape.error-log
    CustomLog /var/log/apache2/landscape.access-log combined
    DocumentRoot /opt/canonical/landscape/canonical/landscape

    ErrorLog /var/log/apache2/landscape.local.error-log
    CustomLog /var/log/apache2/landscape.local.access-log combined

    # Set a Via header in outbound requests to the proxy, so proxied apps can
    # know who the actual client is
    ProxyVia on
    ProxyTimeout 10

    <Directory "/">
      Options +Indexes
      Order deny,allow
      Allow from all
      ErrorDocument 403 /static/offline/unauthorized.html
      ErrorDocument 404 /static/offline/notfound.html
    </Directory>

    Alias /packages /opt/canonical/landscape/packages
    Alias /static /opt/canonical/landscape/canonical/static

    <Directory "/opt/canonical/landscape/packages">
        Order allow,deny
        Allow from all
    </Directory>
    <Location "/packages">
        Order allow,deny
        Allow from all
    </Location>
   <Location "/icons">
        Order allow,deny
        Allow from all
   </Location>
   <Location "/ping">
        Order allow,deny
        Allow from all
    </Location>

    <Location "/message-system">
        Order allow,deny
        Allow from all 
    </Location>

   <Location "/r">
      FileETag none
      ExpiresActive on
      ExpiresDefault "access plus 10 years"
      Header append Cache-Control "public"
   </Location>

    RewriteEngine On

    RewriteRule ^/r/([^/]+)/(.*) /$2 [L]

    # The Landscape Ping Server runs on port 8082
    RewriteRule ^/ping$ http://localhost:8082/ping [P]

    RewriteCond %{REQUEST_URI} !/server-status
    RewriteCond %{REQUEST_URI} !/icons
    RewriteCond %{REQUEST_URI} !/static
    RewriteCond %{REQUEST_URI} !/packages
    RewriteCond %{REQUEST_URI} !/handle_messages
    RewriteCond %{REQUEST_URI} !/message-system

    # Replace the <hostname> with the DNS hostname for this machine.
    # If you change the port number that Apache is providing SSL on, you must change the 
    # port number 443 here.
    RewriteRule ^/(.*) https://<hostname>:443/$1 [R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName <hostname>
    ServerAdmin webmaster@<hostname>

    ErrorLog /var/log/apache2/landscape.error-log
    CustomLog /var/log/apache2/landscape.access-log combined

    DocumentRoot /opt/canonical/landscape/canonical/landscape

    SSLEngine On
    SSLCertificateFile <enter the path to your SSL .crt file>
    SSLCertificateKeyFile <enter the path to your SSL .key file>
    # If you have either an SSLCertificateChainFile or, a self-signed CA signed certificate
    # uncomment the line below.
    # SSLCertificateChainFile /etc/ssl/certs/landscape_server_ca.crt

    <Directory "/">
      Options -Indexes
      Order deny,allow
      Allow from all
      ErrorDocument 403 /static/offline/unauthorized.html
      ErrorDocument 404 /static/offline/notfound.html
    </Directory>

    <Location "/ajax">
      Order allow,deny
      Allow from all
    </Location>

   Alias /config /opt/canonical/landscape/apacheroot
   Alias /hash-id-databases /var/lib/landscape/hash-id-databases

    ProxyRequests off
    <Proxy *>
       Order deny,allow
       Allow from all
       ErrorDocument 403 /static/offline/unauthorized.html
       ErrorDocument 500 /static/offline/exception.html
       ErrorDocument 502 /static/offline/unplanned-offline.html
       ErrorDocument 503 /static/offline/unplanned-offline.html
    </Proxy>

    ProxyPass /robots.txt !
    ProxyPass /favicon.ico !
    ProxyPass /static !

    ProxyPreserveHost on


   <Location "/r">
      FileETag none
      ExpiresActive on
      ExpiresDefault "access plus 10 years"
      Header append Cache-Control "public"
   </Location>

    RewriteEngine On

    RewriteRule ^/r/([^/]+)/(.*) /$2 [L]
    RewriteRule ^/.*\+\+.* / [F]

    # We have two Landscape servers, one running on port 8080 and the other on
    # port 8081
    # Port 8080 is the Web-UI for users, port 8081 is the message server.

    # Replace the <hostname> with the DNS hostname for this machine.
    # If you change the port number that Apache is providing SSL on, you must change the 
    # port number 443 here.
    RewriteRule ^/message-system http://localhost:8081/++vh++https:<hostname>:443/++/message-system [P]

    RewriteRule ^/ajax http://localhost:9090/ [P]
    RewriteCond %{REQUEST_URI} !/robots.txt
    RewriteCond %{REQUEST_URI} !/favicon.ico
    RewriteCond %{REQUEST_URI} !/static
    RewriteCond %{REQUEST_URI} !/config
    RewriteCond %{REQUEST_URI} !/hash-id-databases

    # Replace the <hostname> with the DNS hostname for this machine.
    # If you change the port number that Apache is providing SSL on, you must change the 
    # port number 443 here.
    RewriteRule ^/(.*) http://localhost:8080/++vh++https:<hostname>:443/++/$1 [P]


    <Location /handle_messages>
      Order allow,deny
      Deny from all
    </Location>

    <Location /message-system>
      Order allow,deny
      Allow from all
    </Location>

    <Location />
        # Insert filter
        SetOutputFilter DEFLATE

        # Don't compress images or .debs
        SetEnvIfNoCase Request_URI \
        \.(?:gif|jpe?g|png|deb)$ no-gzip dont-vary

        # Make sure proxies don't deliver the wrong content
        Header append Vary User-Agent env=!dont-vary
    </Location>

</VirtualHost>

You can now enable this site with:

  $ sudo a2ensite landscape

After, we need to reload the apache configuration:

  $ sudo service apache2 reload

9. Setup the initial user

Visit https://<servername>/new-standalone-user

This prompts you to enter a username/password and create an account, and grants you access to the account.

10. Configure your first client...

$ sudo landscape-config --computer-title "My First Computer" --account-name standalone --url https://<servername>/message-system --ping-url http://<servername>/ping

You can now accept your client in the Landscape UI, and it begins to upload data.

11. Setup a mail alias for the landscape user

We recommend adding an alias for user landscape on your local environment, to ensure that important system emails get attention.

$ sudo vim /etc/aliases

Add a line landscape:        <insert recipient's email address> to this file and rebuild your aliases

$ sudo /usr/bin/newaliases

LDS/QuickStartElaineEdit (last edited 2010-09-13 22:19:23 by culross7)