Set up a self-hosted Landscape Server
on UbuntuMinimum requirements for landscape server
- Ubuntu 20.04 LTS (Focal Fossa) or Ubuntu 22.04 LTS (Jammy Jellyfish)
- For hardware: a dual core 2 Ghz processor, 4 GB of RAM, and 20 GB of disk space
- For networking: an IP address and FQDN, with TCP communication allowed for SSH (typically port 22), HTTP (port 80), and HTTPS (port 443)
3 ways to install landscape server
The goal of these installation guides is to provide the fastest installation and configuration experience possible. Juju provides the fastest path to a fully configured Landscape installation. Juju is the preferred deployment method for more complex Landscape deployments, such as installations requiring high availability.
Install Landscape Server to manage machines and containers
The entire installation and configuration can be automated with Cloud Init, using this cloud-init.yaml file.
Install
-
Install prerequisites
sudo apt update && sudo apt install -y snapd ubuntu-advantage-tools curl
-
Install Juju
sudo snap install juju --channel latest/stable && mkdir -p ~/.local/share
-
Install LXD
sudo snap install lxd --channel latest/stable && sudo snap refresh lxd --channel latest/stable
-
Bootstrap Juju
juju bootstrap localhost landscape-controller
-
Add Juju Model
juju add-model landscape-model
-
State your CPU architecture
juju set-model-constraints arch=$(dpkg --print-architecture)
-
Deploy Landscape
juju deploy landscape-scalable
-
Identify the HAProxy IP
read -r HAPROXY_UNIT_IP < <(juju run --unit haproxy/0 'network-get public --ingress-address=true')
-
Identify the HAProxy instance ID
read -r HAPROXY_INSTANCE_ID < <(juju status haproxy --format=json | sed -n 's/.*"instance-id":"\([^"]*\).*/\1/p')
-
Route ports 80 and 443 to HAProxy
for PORT in 443 80; do lxc config device add $HAPROXY_INSTANCE_ID tcp${PORT}proxyv4 proxy listen=tcp:0.0.0.0:${PORT} connect=tcp:${HAPROXY_UNIT_IP}:${PORT}
Configure SSL
If you have the fullchain.pem and privkey.pem files for your SSL certificate already, skip to Step 3
-
Install Certbot
sudo snap install certbot --classic
-
Set an FQDN variable
Replace landscape.yourdomain.com with the FQDN pointing to your server.
FQDN=landscape.yourdomain.com
-
Get a valid SSL certificate
sudo certbot -d $FQDN --manual --preferred-challenges dns certonly
-
base64 encode the full certificate chain with no line breaks
FULLCHAIN=$(sudo base64 -w 0 /etc/letsencrypt/live/${FQDN}/fullchain.pem)
-
base64 encode the private key file with no line breaks
Replace landscape.yourdomain.com with the FQDN pointing to your server.
PRIVKEY=$(sudo base64 -w 0 /etc/letsencrypt/live/${FQDN}/privkey.pem)
-
Update HAProxy with your certificate
juju config haproxy ssl_cert="$FULLCHAIN" ssl_key="$PRIVKEY"
Configure postfix for email
The SMTP example in Step 1 uses SendGrid as an example, replace it with your own SMTP information
-
Set SMTP information in variables
SMTP_HOST='smtp.sendgrid.net' SMTP_PORT='465' SMTP_USERNAME='apikey' SMTP_PASSWORD='YOUR_API_KEY_GOES_HERE'
-
Deploy the postfix-relay subordinate charm
juju deploy postfix-relay --config smtp_auth_password="$SMTP_PASSWORD" --config smtp_auth_username="$SMTP_USERNAME" --config ssl_ca=$(curl -s https://www.thawte.com/roots/thawte_Primary_Root_CA.pem | base64 | tr -d '\n') --config relayhost="[${SMTP_HOST}]:${SMTP_PORT}"
-
Add charm relations
juju add-relation postfix-relay landscape-server
Install
-
Install prerequisites
sudo apt update && sudo apt install -y wget software-properties-common
-
Set your hostname using variables
Replace landscape.yourdomain.com with the FQDN pointing to your server, and set the HOSTNAME and DOMAIN variables based on the FQDN.
FQDN=landscape.yourdomain.com HOSTNAME=landscape DOMAIN=yourdomain.com PRETTY_HOSTNAME="My Landscape Server" sudo hostnamectl set-hostname "$FQDN" --static sudo hostnamectl set-hostname "$FQDN" --transient sudo hostnamectl set-hostname "$HOSTNAME" sudo hostnamectl set-hostname "$PRETTY_HOSTNAME" --pretty
-
Add the Landscape PPA
sudo add-apt-repository ppa:landscape/self-hosted-23.03
-
Install Landscape
sudo apt update && sudo apt install landscape-server-quickstart
Configure SSL
If you have the fullchain.pem and privkey.pem files for your SSL certificate, skip these steps and configure Apache manually.
-
Install certbot
sudo snap install certbot --classic
-
Get and install your certificate
sudo certbot --apache
Configure postfix for email
Detailed information is available for Postfix in the Ubuntu Server documentation.
-
Set SMTP information in variables
SMTP_HOST='smtp.sendgrid.net' SMTP_PORT='465' SMTP_USERNAME='apikey' SMTP_PASSWORD='YOUR_API_KEY_GOES_HERE'
-
Download an SSL CA file
sudo wget https://www.thawte.com/roots/thawte_Primary_Root_CA.pem -O /etc/postfix/thawte_Primary_Root_CA.pem
-
Set appropriate permissions
sudo chmod 400 /etc/postfix/thawte_Primary_Root_CA.pem
-
Install postfix
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y postfix
-
Configure postfix
sudo postconf -e myhostname="$FQDN" sudo postconf -e mydomain="$DOMAIN" sudo postconf -e default_transport=smtp sudo postconf -e relay_transport=smtp sudo postconf -e relayhost="[${SMTP_HOST}]:${SMTP_PORT}" sudo postconf -e smtp_tls_security_level=encrypt sudo postconf -e smtp_sasl_auth_enable=yes sudo postconf -e smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd sudo postconf -e header_size_limit=4096000 sudo postconf -e smtp_sasl_security_options=noanonymous sudo postconf -e smtp_tls_CAfile=/etc/postfix/thawte_Primary_Root_CA.pem sudo postconf -e smtp_use_tls=yes
-
Write sasl_passwd
sudo sh -c "echo \"[$SMTP_HOST]:$SMTP_PORT $SMTP_USERNAME:$SMTP_PASSWORD\" > /etc/postfix/sasl_passwd"
-
Generate sasl_passwd.db
sudo postmap /etc/postfix/sasl_passwd
-
Secure sasl_passwd.db
sudo chmod 600 /etc/postfix/sasl_passwd.db
-
Remove sasl_passwd
sudo rm /etc/postfix/sasl_passwd
-
Restart postfix
sudo /etc/init.d/postfix restart
Set aside some time
Read the Manual Installation documentation
Install Landscape
Follow the Manual Installation documentation
4 ways to install landscape client
Install Landscape Client
to manage machines and containersLandscape Client can be installed from Ubuntu's main repository. The latest version can be obtained from the Landscape 23.03 PPA. The latest features, including awareness of Ubuntu Pro, is only available in Landscape Client hosted in the 23.03 PPA for Ubuntu versions 18.04 (Bionic Beaver), 20.04 (Focal Fossa), and 22.04 (Jammy Jellyfish). The latest features are available in the main repository for 23.04 (Lunar Lobster).
The main repository and PPA installation methods are suitable when performing the installation through a terminal or shell scripting. Cloud Init is suitable if it is available during a machine's provisioning stage, and the subordinate charm is most appropriate when using charmed operators.
Install
-
Install the package
sudo apt update && sudo apt install -y landscape-client
Configure
-
Define parameters in variables
Self-hosted Landscape users should set LANDSCAPE_ACCOUNT_NAME as
standalone
, Landscape SaaS customers should specify their account name.LANDSCAPE_ACCOUNT_NAME='standalone' LANDSCAPE_FQDN='landscape.yourdomain.com' LANDSCAPE_COMPUTER_TITLE='My Computer'
-
Configure
sudo landscape-config --silent --account-name="${LANDSCAPE_ACCOUNT_NAME}" --computer-title="${LANDSCAPE_COMPUTER_TITLE}" --tags="" --script-users='nobody,landscape,root'
Install
-
Install prerequisites
sudo apt update && sudo apt install -y software-properties-common
-
Add the PPA
sudo add-apt-repository -y ppa:landscape/self-hosted-23.03
-
Install
sudo apt update && sudo apt install -y landscape-client
Configure
-
Define parameters in variables
Self-hosted Landscape users should set LANDSCAPE_ACCOUNT_NAME as
standalone
, Landscape SaaS customers should specify their account name.LANDSCAPE_ACCOUNT_NAME='standalone' LANDSCAPE_FQDN='landscape.yourdomain.com' LANDSCAPE_COMPUTER_TITLE='My Computer'
-
Configure
sudo landscape-config --silent --account-name="${LANDSCAPE_ACCOUNT_NAME}" --computer-title="${LANDSCAPE_COMPUTER_TITLE}" --tags='' --script-users='nobody,landscape,root' --ping-url="http://${LANDSCAPE_FQDN}/ping" --url="https://${LANDSCAPE_FQDN}/message-system"
Install
-
Deploy the charm
juju deploy landscape-client --config account-name='standalone' --config tags='' --config script-users='nobody,landscape,root' --config ping-url="http://${LANDSCAPE_FQDN}/ping" --config url="https://${LANDSCAPE_FQDN}/message-system"
Configure
-
Relate the charm
juju relate landscape-client <charm-name>
Define variables using Jinja
# LANDSCAPE_ACCOUNT_NAME: self-hosted Landscape users can leave this as `standalone`
# Landscape SaaS users can find the account name here: https://landscape.canonical.com/settings
{% set LANDSCAPE_ACCOUNT_NAME = 'standalone' %}
# LANDSCAPE_FQDN: `landscape.canonical.com` is only for Landscape SaaS users
# Fully Qualified Domain Name of your Landscape instance
{% set LANDSCAPE_FQDN = 'landscape.canonical.com' %}
# LANDSCAPE_COMPUTER_TITLE: default value is fine
# human readable name in Landscape
{% set LANDSCAPE_COMPUTER_TITLE = "dedicated server" %}
Install within the runcmd section of Cloud Init
landscape-config --silent --account-name='{{ LANDSCAPE_ACCOUNT_NAME }}' --computer-title="{{ LANDSCAPE_COMPUTER_TITLE }}" --tags="{{ VPROJECT }}" --script-users='nobody,landscape,root' --ping-url="http://{{ LANDSCAPE_FQDN }}/ping" --url="https://{{ LANDSCAPE_FQDN }}/message-system"