landscape client #35
Description
Landscape is a web-based tool for managing Ubuntu systems. This package is necessary if you want your machine to be managed in a Landscape account. This package provides the Landscape client and requires a Landscape account.
- Tags:
- ops ›
- monitoring ›
Overview
Landscape client is the agent for the Landscape administration system.
Usage
This subordinate charm is intended to be used to register a machine against a running Landscape server. Configuration needs to be supplied or it won't do anything. Here is a simple config.yaml to register against the hosted version of Landscape:
landscape-client:
account-name: <account_name_here>
registration-key: <registration_key_here>
tags: <csv_tag_list>
The following is a version if you need to customize the communication URL in case you are running against a dedicated version of Landscape (LDS). This version also sets Script exection, and allows landscape to become any user (even root), to execute scripts:
landscape-client:
account-name: standalone
registration-key: 128-qosk-7382
tags: laptop,xenial,developer
ping-url: http://landscape.example.com/ping
url: https://landscape.example.com/message-system
script-users: ALL
include-manager-plugins: ScriptExecution
Configuration
Landscape client has a number of configuration options available allowing customizability into a variety of environments where resources may be scarce or security may be a concern. The most useful and common options are documented below.
To get more detail on options, these correlate directly to configuration settings on landscape-client itself. (landscape-client(1), landscape-client --help)
account-name
: Name of the account to register against in the hosted version
of Landscape. In the dedicated version of Landscape (LDS), this will always be
"standalone"
registration-key
: The account registration key, found in the Landscape account
GUI.
tags
:Comma separated list of tags to apply to the computer once it is
registered.
url
: The server url to connect to, will usually be https and end with
/message-system
ping-url
: If the server url is specified, ping-url should also be specified.
Will usually be http and end with /ping
include-manager-plugins
: This option is primarily used to enable the
ScriptExecution plugin, which allows arbitrary scripts to be executed on the
registered computer.
script-users
: Comma-separated list of users that the landscape client can
become to execute scripts. Keyword "ALL" can be used to include all users on the
system.
ssl-public-key
: If needed, use this to give the client the CA certificate it
should use to verify the server certificate it is connecting to.
When registering the client against a server with a custom or not well known CA, you will need to use the ssl-public-key option. To insert the certificate contents into the charm config directly, just encode it in base64.
For example, let's assume ca.pem is a file with the CA certificate the client needs to use to verify the server:
cat ca.pem | openssl base64 -e > ca.encoded
Now insert the ca.encoded contents into the charm config, like this:
landscape-client:
url: ....
ping-url: ....
ssl-public-key: |
base64:<insert-here-
contents-of-ca.encoded>...
...
...
Contact Information
Author: Landscape Team landscape-team@canonical.com
Report bugs at: http://bugs.launchpad.net/charms/+source/landscape-client/+filebug
Location: http://jujucharms.com/charms/landscape-client
Configuration
- account-name
- (string) The account this computer belongs to.
- data-path
- (string) The directory to store data files in (default: '/var/lib/landscape/client/').
- disable-unattended-upgrades
- (boolean) If true, an override will be set in apt to disable unattended-upgrades regardless of the setting created by the unattended-upgrades package.
- exchange-interval
- (int) The number of seconds between server exchanges.
- http-proxy
- (string) The URL of the HTTP proxy, if one is needed.
- https-proxy
- (string) The URL of the HTTPS proxy, if one is needed.
- include-manager-plugins
- (string) A comma-separated list of manager plugins to load, in addition to the default ones.
- install_keys
- (string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
- install_sources
- (string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
- ['distro']
- log-dir
- (string) The directory to write log files to (default: '/var/log/landscape').
- log-level
- (string) One of debug, info, warning, error or critical.
- monitor-plugins
- (string) A comma-separated list of monitor plugins to use. ALL means use all plugins.
- ALL
- origin
- (string) *DEPRECATED*. See install_sources and install_keys Origin of ppa or private deb repository from which to install landscape-client. May be one of the following: distro (default), ppa:somecustom/ppa or a full APT url source entry with optional key. For example: "deb https://user:pass@private-ppa.launchpad.net/myrepo xenial main|YOURAPTKEY" Also supported is a public branch like lp:~landscape/landscape-client/trunk
- distro
- ping-interval
- (int) The number of seconds between pings.
- ping-url
- (string) The ping server URL to perform lightweight exchange initiation with. Normally http://fqdn/ping.
- registration-key
- (string) The account-wide key used for registering clients.
- script-users
- (string) A comma-separated list of users to allow scripts to run. To allow scripts to be run by any user, enter: ALL
- ssl-public-key
- (string) The CA certificate to verify the server certificate with. This can be a path to a file, or a base64 encoded entry of the certificate itself, prefixed with "base64:". This config is only used if the message server URL given above starts with https.
- (string) Comma separated list of tag names to be sent to the server.
- urgent-exchange-interval
- (int) The number of seconds between urgent server exchanges.
- url
- (string) The message server URL to connect to. Normally https://fqdn/message-system.