UBUNTU LANDSCAPE DEDICATED SERVER (LDS)
The starting point for our lab is now the following:
1 STEP – CONFIGURE LANDSCAPE SERVER AND CLIENT WITH SSL CERT
Once we’ve done that tasks we can pass to configure the SSL cert, from our Maas Server we’ve run the following command
$: juju switch landscapelab
then connecting via SSH on LXD container dedicated to Landscape Server
$: juju ssh ubuntu@landscape-server/0
then we will now have an SSL cert at
/etc/ssl/certs/landscape_server_ca.crt which we need to copy and make a note of.
$: cat /etc/ssl/certs/landscape_server_ca.crt -----BEGIN CERTIFICATE----- MIIBzTCCATagAwIBAgIJAL2ZXAm4PVtjMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV BAMMCjEwLjIwLjgxLjUwHhcNMTcwNTMwMTMxNzE0WhcNMjcwNTI4MTMxNzE0WjAV ............ -----END CERTIFICATE-----
Make a safe note of the contents of that file. Next, switch over to our client server:
$: juju switch serverslab
then connecting via SSH on LXD container dedicated to Landscape Client
$: juju ssh ubuntu@12
Next, create the file /etc/landscape/server.pem and then paste the content of the server SSL cert into this file.
$: sudo nano /etc/landscape/server.pem
After this, we need to add the variable ssl_public_key to our Landscape configuration file /etc/landscape/client.conf
$: sudo nano /etc/landscape/client.conf
and adding the line
ssl_public_key = /etc/landscape/server.pem
The final step is to run the configuration utility on the client machine, as suggested us on our Landscape Server dashboard:
run the following command on client server
$: sudo landscape-config --computer-title "webserver1" --account-name standalone -p 128-qosk-7382 --url https://10.20.81.5/message-system --ping-url http://10.20.81.5/ping
We’ll be asked a few questions
The Landscape client must be started on boot to operate correctly. Start Landscape client on boot? (Y/n): y This script will interactively set up the Landscape client. It will ask you a few questions about this computer and your Landscape account, and will submit that information to the Landscape server. After this computer is registered it will need to be approved by an account administrator on the pending computers page. Please see https://landscape.canonical.com for more information. The Landscape client communicates with the server over HTTP and HTTPS. If your network requires you to use a proxy to access HTTP and/or HTTPS web sites, please provide the address of these proxies now. If you don't use a proxy, leave these fields empty. HTTP proxy URL: HTTPS proxy URL: Landscape has a feature which enables administrators to run arbitrary scripts on machines under their control. By default this feature is disabled in the client, disallowing any arbitrary script execution. If enabled, the set of users that scripts may run as is also configurable. Enable script execution? [Y/n]y By default, scripts are restricted to the 'landscape' and 'nobody' users. Please enter a comma-delimited list of users that scripts will be restricted to. To allow scripts to be run by any user, enter "ALL". Script users [ALL]: You may provide an access group for this computer e.g. webservers. Access group: webserver You may provide tags for this computer e.g. server,precise. Tags [server,xenial,web]: [ ok ] Restarting landscape-client (via systemctl): landscape-client.service. Please wait... Request a new registration for this computer now? (Y/n): n
after that on Landscape Server Dashboard we’ll have our Computer added. Now that the machine is registered as a pending computer it can be accepted into our account.
at moment also the third part is ended.
Disclaimer: All the tutorials included on this site are performed in a lab environment to simulate a real world production scenario. As everything is done to provide the most accurate steps to date, we take no responsibility if you implement any of these steps in a production environment.
“We learn from our mistakes”