Landscape client mass registration

The basic problem we want to solve is to register many Landscape client machines automatically with as little user interaction as possible. This boils down to:

  • delivering landscape-client to the machine
  • running landscape-config with all the information it needs so it's not interactive
  • getting rid of the registration acceptance step in the Landscape web interface

The first two steps could be as simple as running this script remotely:

apt-get install -y landscape-client
landscape-config --silent \
  -a myaccount \
  -t $(hostname) \
  --script-users=ALL \

Of course, we would want to make the script more robust, but that's the basic idea. There is also a tiny assumption implied here: that we can get remote access to the machine. There is no way around this really: we need to be able to execute commands remotely on the machine.

The usual way this is solved in big networks varies:

  • use Puppet
  • use ssh
  • have the machine be deployed from an image server and with landscape-client already installed. A first-boot type of initscript could perform the landscape-config call

There are several ways. We will show a few here, but sysadmins should have no problem in being able to execute the necessary commands in the remote machines.

/!\ DO NOT register one Landscape client machine and then use it as an image template for others: each Landscape registration is unique! If you suddenly have several different machines talking to the same Landscape server using the same registration identification, nothing will work. If you are using some sort of imaging system, be sure to wipe clean the /var/lib/landscape directory before deploying the copy, and run the registration again.

Let's see some scenarios.

Cloud instances registration

If you intend to run EC2 or UEC cloud instances that become registered machines in Landscape, then the easiest way to accomplish this is to use Landscape itself to start these instances. The default AMIs provided by Landscape for several versions of Ubuntu already have landscape-client installed and configured for the cloud environment, which means the instances will register themselves with Landscape automatically and without further user interaction.

If, however, you intend to use your own AMIs, or have your own mechanism to start and stop instances in the cloud, then you will benefit if you use landscape-client's cloud integration features. Let's see how we can do that.

Already running instance

Preparing an AMI with landscape-client

Using Puppet

If you already have a puppet infrastructure in place, it makes sense to use it to deploy and configure landscape-client using it.

Here is a sample puppet recipe that does just that:

# change the value below to point at your landscape account name
$my_account = "my-landscape-account"

define landscape_config(
    $account,
    $ping_url = "http://landscape.canonical.com/ping",
    $message_url = "https://landscape.canonical.com/message-system",
    $script_users = "ALL",
    $computer_title) {

    file { "/etc/landscape/client.conf":
        owner => landscape,
        group => root,
        mode => 0600,
        content => "[client]
url = $message_url
computer_title = $computer_title
data_path = /var/lib/landscape/client
ping_url = $ping_url
include_manager_plugins = ScriptExecution
script_users = $script_users
account_name = $account
",
        require => Package["landscape-client"],
    }
}
class landscape-client {

    case $lsbdistcodename {
        "": {
            fail("Error, lsbdistcodename is empty")
        }
        default: {
            exec { "apt-get update":
                alias => "aptgetupdate",
                group => root,
                user => root,
                timeout => 600,
                refreshonly => true,
                path => '/usr/bin',
            }
            package { "landscape-client":
                ensure => installed,
                require => Exec["aptgetupdate"],
            }
        }
    }

    file { "/etc/default/landscape-client":
        owner => root,
        group => root,
        mode => 0644,
        content => "RUN=1\n",
        require => Package["landscape-client"],
    }

    landscape_config { "client.conf":
        account => "$my_account",
        computer_title => $hostname,
    }

    service { "landscape-client":
        hasrestart => true,
        hasstatus => true,
        enable => true,
        ensure => running,
        require => [Package["landscape-client"],
                    File["/etc/default/landscape-client"],
                    Landscape_config["client.conf"]],
        subscribe => File["/etc/landscape/client.conf"]
    }
}

include landscape-client

Some comments about this recipe:

  • adjust the landscape_config definition to your use. You can set account name, URLs, script users and computer title. By default the recipe allows all users to run scripts and uses the hostname as title, but you really need to change the account name.

  • there is no need to call landscape-config, since the client, once running as a daemon on an unregistered machine and with a working client.conf file, will attempt to register itself periodically.

  • Use this like: sudo puppet apply -v -d landscape.pp

Using SSH

The basic idea with SSH is the following:

  • get a list of all the hosts we want to manage with Landscape
  • ssh into each one of them and execute the necessary commands
  • periodically go to the Landscape web interface and accept the pending computers

In this example we will use two scripts: one to install landscape-client and configure it, and another to send this script to each machine and execute it remotely.

The assumption is that we have root login over ssh access. There is no way around this really, we need to be able to execute commands remotely on the machine as root. The usual way this is solved in big networks varies, but sysadmins should have no problem in being able to execute the necessary commands in their remote machines.

Script which runs remotely and installs and configures landscape-client: install-configure-landscape-client.sh. Please change the following section of the script to suit your needs:

##############################################################################
# YOU NEED TO CONFIGURE THESE VALUES:

# Landscape account name
ACCOUNT="my-landscape-account"

# the landscape server to use
SERVER_URL="https://landscape.canonical.com"

# shell function that returns the title that should be used
# for the computer. The default one below will just use the hostname
function computer_title() {
    echo $(hostname)
}

# landscape-config options. Note that "--silent" is always used
OPTIONS="-a $ACCOUNT -t $(computer_title) \
  --url=${SERVER_URL%/}/message-system \
  --ping=${SERVER_URL%/}/ping"

# END OF USER CONFIGURABLE PART
##############################################################################

Save it as install-configure-landscape-client.sh. We will be copying it over to the clients and execute it. If, for example, you need to set a proxy, then add --http-proxy=http://your.proxy.host:port to the OPTIONS line. Consult the landscape-config manpage for a list of all the possible options.

Here is a simple script that iterates over all your hosts, sends to each one of them the above script and then runs it:

host_list="host1 host2 host3"
for h in $host_list; do
    scp install-configure-landscape-client.sh root@$h:
    ssh root@$h ./install-configure-landscape-client.sh
done

Automating pending computer acceptance

If you have Landscape On-Premises deployed inside your network, you can take advantage of a feature which allows you to skip the acceptance phase of pending registrations. All you need to do is to set a password for the "standalone" account by going to the url https://<youservername>/account/standalone. Click on "edit" and set a password. This is the same password that you now must use in the client when requesting the registration:

landscape-config --registration-password <password> ...other options...

Now the clients registered as above won't need an acceptance step in the Landscape UI anymore.

MassClientRegistration (last edited 2018-08-29 16:28:27 by alexmoldovan)