Hello World,
In a previous post, we have provided some information about Ubuntu Landscape software solution (see Ubuntu – Installing Ubuntu self-hosted Landscape Server). When we wrote this post, the Ubuntu landscape version was set to 23.03. Since then, a new version of the software has been released which can be installed on top of Ubuntu 24.04. This post is based on the information found on the Ubuntu Website
- https://ubuntu.com/landscape/install (really simple step by step instructions)
- https://ubuntu.com/landscape/docs/how-to-guides (detailed documentations and instructions – advanced users)
So, in this post, we will provide a quick and dirty installation guide for a self hosted landscape server. We will not repeat all the information provided in our previous post. However, in this post, we will be focusing a little bit more on the certificates configuration side which seems to be most complicated part of the setup.
So, let’s do this quickly….
Overview
What’s Landscape ?
Ubuntu Landscape is system management tool provided by Canonical that can be used to manage your Ubuntu Infrastructure. Landscape can help organization in simplify operation and maintenance of large number of Ubuntu machines. Landscape solution is a web based software interface and offers
- inventory management
- automation
- security hardening
- compliance management,
- reporting
- software distribution
- patching
Ubuntu landscape could be compared to SCCM or MECM solution in Microsoft World or could be compared to RedHat Satellite solution. They basically provide the same kind of patching, inventory and automation capabilities but for non-Ubuntu machines….
Landscape come in 3 different editions
- Landscape SaaS
- Self hosted
- Managed Saas
So, normally, Landscape would be made available to you through your Ubuntu Pro Subscription (for more info about Ubuntu Pro – check this link) which means that you would need to pay a certain price to benefit from the product. Canonical does offer a free version through the Self-hosted solution. Self-hosted Landscape has a free tier for up to 10 machines for personal use, or evaluation purposes.
Note :
Beyond the free tier, Ubuntu Pro is required for more than 10 machines on self-hosted Landscape
So, now that you know what Ubuntu Landscape refers to, it’s time to try deploying the software and see how it looks like and what it can do for system administrators…
Step by Step Installation
The Installation Method – QuickStart
Since we just want to test and evaluate the latest version of Ubuntu 24.04, we have chosen to deploy the Ubuntu landscape through the QuickStart method. We will be deploying Landscape on-premises (self hosted). In this post, we want to evaluate the latest version of Landscape which is set to 24.04.
To be able to run Landscape version 24.04, you will need to following requirements
- You need an internet connection (we are not covering air gap scenario here)
- You need to install landscape on Ubuntu 22.04 or 24.04 LTS.
- Min Ram 4 GB – Recommeded 16 GB
- Min Disk Space 20 GB – Recommended 512 GB
- 2 TB of disk space if you plan to mirror Ubuntu Repository
- Static IP Address on your network
- Fully Qualified Domain Name (FQDN)
- DNS Server with Landscape records in it
- SSL certficates (if you want to secure your communication)
- IP address + FQDN with port ssh, http and https
Landscape server will be using the following ports when communicating with clients
- 80/TCP (HTTP)
- 443/TCP (HTTPS)
- 22/TCP (SSH) (optional – mainly for performing maintenance of your landscape server remotely)
You also need to access a certain number of urls on internet. You will need to ensure that your firewall/proxy allows access to the following external resources
- https://usn.ubuntu.com (used to make distinction between security and regular updates)
- http://changelogs.ubuntu.com (used to update hash-id-db files and detect new distribution. If no access, upgrade feature will not work
- https://landscape.canonical.com (used to check for available self-hosted Landscape releases)
Installing Landscape Software
In this step, we will perform the step by step installation of the Landscape software. We assume that you have your Ubuntu 22.04/24.04 machine up to date, connected to internet and ready to perform the installation process. So, let’s move to the real work now….
Step 1 – Configuring your Hostname & FQDN
First of all, we will need to ensure that our Ubuntu 22.04/24.04 machine has a properly formatted hostname and FQDN. To configure your machine, use the following code example and run it on your Ubuntu computer.
sudo hostnamectl set-hostname "$FQDN"
Where $FQDN is your FQDN name.
In the screenshot below, you can see that our FQDN is set to landscape.c-nergy.lab
Click on Picture for better Resolution
Do not overlook this step. When Landscape Server is installed, it will read the machine’s host name and use it in the Apache configuration. This will also be used when generating self-signed certificates during the landscape setup.
Step 2 – Install some pre-requisites software
Run the following command in your terminal console
sudo apt update && sudo apt install -y ca-certificates software-properties-common
Step 3 – Add the Landscape Repository
You will need to obtain and download the landscape version 24.04 packages. You will need to add the landscape repo to your computer. To perform this operation, you simply execute the following command
sudo add-apt-repository -y ppa:landscape/self-hosted-24.04
Step 4 – Install Landscape
Time to perform the real installation. Again, as a reminder, we will use the quick start deployment method because it is the fastest and easiest way to install and test Landscape for free on a self hosted scenario.
sudo apt update && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y landscape-server-quickstart
Click on Picture for better Resolution
Wait for the installation to complete
Configuring SSL Certificates on the Ubuntu Landscape Server
In this post, we will be using the self-signed certificate generated during the setup of Landscape. We will not generate any self-signed certificates or third-party certificates. This is just to demonstrate how to perform the installation. Obviously, you could use the same approach if you want to use any other certificates on your Ubuntu Landscape server.
Step 1 – SSL Configuration on the Ubuntu Landscape Server
After installing the landscape software, you can open your firefox browser and provide the fqdn in the url. so in our example, we will provide the following url
https://landscape.c-nergy.lab
As you can see, we are using the https (secure connection). The first time you connect to the page, you will probably see that Firefox is telling you that the page is not secure and you can leave or bypass the warning
Click on Picture for better Resolution
So, we want to fix this issue right away. We will need to perform the following actions in order to have the self signed certificate trusted.
During the landscape setup, the wizard has created self-signed certificates and place them in the following location
/etc/ssl/certs
In this folder, you will find 3 certificates generated by the setup
- landscape_server_ca.pem
- landscape_server_ca.crt
- landscape_server.pem
You will need to copy the landscape_server_ca.crt into the folder /usr/local/share/ca-certificates. So you can execute the following command in the Terminal console
sudo cp /etc/ssl/certs/landscape_server_ca.crt /usr/local/share/ca-certificates
After this, you will need to issue the following command to let the system know about this new certificate
sudo update-ca-certificates
After this operation, you can test already that the connection is trusted by using the curl utility (you might need to install it on your system using sudo apt-get install curl). To test the https connection, simply execute the following command in the terminal console
curl https://landscape.c-nergy.lab (replace by your own url obvioulsy !!!)
After performing this operation, you can try again the curl test… This time you should see something like this
Click on Picture for better Resolution
Step 2 – Firefox Browsers SSL Configuration
However, if you try to open the url via the Firefox browser, you will again end up on the warning page and you will not see the admin interface of the Landscape software.
Click on Picture for better Resolution
It seems that Firefox is not using the CA Trusted location used by Ubuntu. This means that even if you have configured properly your certificates and you trust them accordingly, you might still get an error in firefox stating that the certificate is not trusted. At this stage, if you need to trust the certificate in a firefox browser, we can only offer you a manual procedure. You will need to open the Settings of the Browser and search for certificates. Click on the View Certificates Button. In the popup box locate the Authorities tab and click on import button to add the root ca into the trusted store location.
Click on Picture for better Resolution
We have searched for a way to perform the same configuration using the command line. So, we have found a way to do that.
You will first need to install the certutil tool on your linux machine by issuing the following command
sudo apt-get install libnss3-tools
After you have installed this tool, you can issue the following command in your terminal console
Note: update the script to use your own value if different than the one used in this post….
#Test
CertificateName="PKIROOT"
certificateFile="/etc/ssl/certs/landscape_server_ca.crt"
for certDB in $(find ~/snap/firefox/common/.mozilla/firefox/* -name "cert9.db")
do
certDir=$(dirname ${certDB});
echo "mozilla certificate" "install '${certificateName}' in ${certDir}"
certutil -A -n "${certificateName}" -t "TC" -i ${certificateFile} -d ${certDir}
done
Step 3 – Access the Web Interface and create Admin Accounts
It’s time to fire up your favorite browser and type in the url the name of your server (in our case, we will go to https://landscape.c-nergy.lab). If you have followed the instructions above, the certificate should be trusted and you will access the page to create the first admin account. Time to provide the requested information and to click on signup button
Click on Picture for better Resolution
If the registration is successful, you will end up on the main Landscape dashboard… At this stage, you have installed on Landscape server on your network…
Click on Picture for better Resolution
You can see at the bottom of the page that we are now running landscape version 24.04.
Step 4 – Configuring postfix (Skipped)
The instructions provided by Canonical explain how to configure the postfix server. We have not configured the postfix for this step by step guide. The postfix is useful to send mails and alerts to users. In our case, we have decided to skip this part (for the moment) and we will not be using the postfix component in our infrastructure.
Install Landscape Client
At this stage, we have no client reporting to the Landscape server. We will need to install a agent on each Ubuntu machine that needs to be managed by Landscape server. To do that, you can perform the following action
Step 1 – Install the Package by issuing the following command
sudo apt update && sudo apt install -y landscape-client
Click on Picture for better Resolution
Ensure Name Resolution from your Client
This is probably already in place but you will need to ensure that your Ubuntu clients that will be connecting to Landscape server have proper name resolution in place. Indeed, the client needs to be able to connect to the landscape server. Configuring Name resolution is out of scope of this post and we are expecting that such capability exists on your network already (DNS server, Host files…)
Click on Picture for better Resolution
Ensure SSL Certificate is Trusted on the Client
You will need to ensure that the SSL Certificate you are using is trusted by the landscape client. You can check if you will be able to register an Ubuntu Client to Landscape server by issuing the following command
curl https://<%landscape_server_url %>
So, in our case, we would need to type in a Terminal console, the following command
curl https://landscape.c-nergy.lab
If the certificate is not trusted by the client, you will see something like this
Click on Picture for better Resolution
So before trying to register the client to your Landscape server, you will need to ensure that SSL certificate is configured properly and trusted by the Landscape clients. In this demonstration, we will be using the Certificates generated by the setup of the application. You can find the certificate(s) under /etc/ssl/certs on the landscape server. The certificate we are looking for should be called something like landscape_server_ca.crt
You will need to copy this certificate on any clients that will need to connect to landscape server. When the file is copied, you will need to copy (you need sudo rigths !!!) the file under the following location
/usr/local/share/ca-certificates
After copying the file there, you will need to update the Certificate Trusted store by issuing the following command
sudo update-ca-certificates
Click on Picture for better Resolution
After performing this operation, you can try again the curl test… This time you should see something like this
Click on Picture for better Resolution
Register the client with the Landscape server
Because we have installed a self-hosted instance of Landscape, we will need to specify specific values when we will try to register a client to the Landscape Server. To simplify the process of registration, we have pre-defined some variable hereafter
LANDSCAPE_ACCOUNT_NAME='standalone' LANDSCAPE_FQDN='landscape.c-nergy.lab' LANDSCAPE_COMPUTER_TITLE='HP01'
Note :
Self-hosted Landscape users should set LANDSCAPE_ACCOUNT_NAME as standalone, Landscape SaaS customers should specify their account name and set LANDSCAPE_FQDN as landscape.canonical.com.
So, open your Terminal console, copy/paste the variable you have defined above. Then, copy the code below in order to “attach” your client to the Landscape server.
sudo landscape-config --silent --account-name="${LANDSCAPE_ACCOUNT_NAME}" --computer-title="${LANDSCAPE_COMPUTER_TITLE}" --tags='' --script-users='nobody,landscape,root' --ping-url="http://${LANDSCAPE_FQDN}/ping" --url="https://${LANDSCAPE_FQDN}/message-system"
If everything is configure correctly, you will see the message Registration succesful as shown in the picture below
Click on Picture for better Resolution
Authorize the client within the Landscape web interface
We are almost done. It’s time to go back into the Landscape web interface and authorize/approve the newly registered client. Open your browser and open the web interface Landscape. In the Dashboard, on the right side, you will see information about authorization that needs your attention as shown in the screenshot below
Click on Picture for better Resolution
If you click on the hyperlink; you will be redirected to the pending computers page. Select the computer or computers that you need to approve. When done, press on the approve button.
Click on Picture for better Resolution
If you click on the computers node in the web interface, you will list all the computers connected to your Landscape server and you can start managing all these computers from a single interface.
Click on Picture for better Resolution
New Web Interface
At this stage, you should have a working Landscape server on your network. Landscape 24.04 is introducing a bunch of new features that we will not develop in this post. This post is becoming too long… One of the new feature provided by landscape 24.04 is a new web interface. To access this web interface, after you have logged on, you will on the top menu bar the option Repository (new)
Click on Picture for better Resolution
After clicking on this option, you will access the new web admin interface which seems pretty nice and modern. This is a good change and a valid reason to upgrade your landscape server installation.
Click on Picture for better Resolution
Final Notes
This is it for this post !
We have seen that the installation of Landscape software is quite easy. There are some small pitfalls (about ssl certificates) but once you know what to do, it should be quite easy to get your hands on the software. In this post, we have simply demonstrated how to install a self-hosted landscape server. The new version introduce a new webadmin interface which seems really nice and modern. If time permit, we might want to provide more information about Ubuntu landscape and we will try to provide more guides on how to use it
Hope you enjoyed this post
Stay Tune
Till next time