May 18, 2018

Manage machines using Canonical Landscape

Landscape can be installed with limited/hobby licenses (10 physical, 50 container) on premesis. This allows full management of local or cloud servers, including updates and package deployment policies. In a later post, I will go over further configuration, but for now here's how to get up and running:

Prerequsisites

  • Ubuntu 16.04
  • Valid or self-signed SSL certifcates for the FQDN (no cert? try Let's Encrypt

Install the software

On the landscape server machine:

sudo add-apt-repository ppa:landscape/17.03 && \
sudo apt update && \
sudo apt install landscape-server-quickstart -y

Alternatively, you can install Landscape 16.06, just modify the repo command.

Certificates

Copy certs to /etc/ssl/certs/landscape_server.pem and the key file in
/etc/ssl/private/landscape_server.key and reconfigure this package.

steps:
scp CERTIFICATEFILES.* [email protected]:/home/user/
sudo cp FULLCHAIN.cer (for below)

sudo cp CERTIFICATE.crt /etc/ssl/certs/landscape_server.pem && \
sudo cp PRIVATECERTIFICATE.key /etc/ssl/private/landscape_server.key && \
sudo update-ca-certificates && \
sudo dpkg-reconfigure landscape-server-quickstart

make sure /etc/hosts & /etc/hostname contains name only not FQDN

<server> in the URL of the landscape-config command-line must match the server hostname as used in the certificate. Check the outputs of hostname -f and hostname on the landscape server .

Client install

sudo apt update && \
sudo apt install landscape-client -y && \
sudo landscape-config --account-name standalone --url https://FULLYQUALIFIEDDOMAINNAME/message-system --ping-url http://FULLYQUALIFIEDDOMAINNAME/ping

Answer the questions as prompted, all of these options can be changed later, after the machine is accepted into the Landscape server.