landscape client ^#35

By landscape-charmers
stable

Supports: trusty xenial bionic focal

Description

Landscape is a web-based tool for managing Ubuntu systems. This package is necessary if you want your machine to be managed in a Landscape account. This package provides the Landscape client and requires a Landscape account.

Overview

Landscape client is the agent for the Landscape administration system.

Usage

This subordinate charm is intended to be used to register a machine against a running Landscape server. Configuration needs to be supplied or it won't do anything. Here is a simple config.yaml to register against the hosted version of Landscape:

landscape-client:
    account-name: <account_name_here>
    registration-key: <registration_key_here>
    tags: <csv_tag_list>

The following is a version if you need to customize the communication URL in case you are running against a dedicated version of Landscape (LDS). This version also sets Script exection, and allows landscape to become any user (even root), to execute scripts:

landscape-client:
    account-name: standalone
    registration-key: 128-qosk-7382
    tags: laptop,xenial,developer
    ping-url: http://landscape.example.com/ping
    url: https://landscape.example.com/message-system
    script-users: ALL
    include-manager-plugins: ScriptExecution

Configuration

Landscape client has a number of configuration options available allowing customizability into a variety of environments where resources may be scarce or security may be a concern. The most useful and common options are documented below.

To get more detail on options, these correlate directly to configuration settings on landscape-client itself. (landscape-client(1), landscape-client --help)

account-name: Name of the account to register against in the hosted version of Landscape. In the dedicated version of Landscape (LDS), this will always be "standalone"

registration-key: The account registration key, found in the Landscape account GUI.

tags:Comma separated list of tags to apply to the computer once it is registered.

url: The server url to connect to, will usually be https and end with /message-system

ping-url: If the server url is specified, ping-url should also be specified. Will usually be http and end with /ping

include-manager-plugins: This option is primarily used to enable the ScriptExecution plugin, which allows arbitrary scripts to be executed on the registered computer.

script-users: Comma-separated list of users that the landscape client can become to execute scripts. Keyword "ALL" can be used to include all users on the system.

ssl-public-key: If needed, use this to give the client the CA certificate it should use to verify the server certificate it is connecting to.

When registering the client against a server with a custom or not well known CA, you will need to use the ssl-public-key option. To insert the certificate contents into the charm config directly, just encode it in base64.

For example, let's assume ca.pem is a file with the CA certificate the client needs to use to verify the server:

cat ca.pem | openssl base64 -e > ca.encoded

Now insert the ca.encoded contents into the charm config, like this:

landscape-client:
    url: ....
    ping-url: ....
    ssl-public-key: |
        base64:<insert-here-
        contents-of-ca.encoded>...
        ...
        ...

Contact Information

Author: Landscape Team landscape-team@canonical.com
Report bugs at: http://bugs.launchpad.net/charms/+source/landscape-client/+filebug
Location: http://jujucharms.com/charms/landscape-client

Configuration

account-name: (string) The account this computer belongs to.
data-path: (string) The directory to store data files in (default: '/var/lib/landscape/client/').
disable-unattended-upgrades: (boolean) If true, an override will be set in apt to disable unattended-upgrades regardless of the setting created by the unattended-upgrades package.
exchange-interval: (int) The number of seconds between server exchanges.
http-proxy: (string) The URL of the HTTP proxy, if one is needed.
https-proxy: (string) The URL of the HTTPS proxy, if one is needed.
include-manager-plugins: (string) A comma-separated list of manager plugins to load, in addition to the default ones.
install_keys: (string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources: (string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.; ['distro']
log-dir: (string) The directory to write log files to (default: '/var/log/landscape').
log-level: (string) One of debug, info, warning, error or critical.
monitor-plugins: (string) A comma-separated list of monitor plugins to use. ALL means use all plugins.; ALL
origin: (string) *DEPRECATED*. See install_sources and install_keys Origin of ppa or private deb repository from which to install landscape-client. May be one of the following: distro (default), ppa:somecustom/ppa or a full APT url source entry with optional key. For example: "deb https://user:pass@private-ppa.launchpad.net/myrepo xenial main|YOURAPTKEY" Also supported is a public branch like lp:~landscape/landscape-client/trunk; distro
ping-interval: (int) The number of seconds between pings.
ping-url: (string) The ping server URL to perform lightweight exchange initiation with. Normally http://fqdn/ping.
registration-key: (string) The account-wide key used for registering clients.
script-users: (string) A comma-separated list of users to allow scripts to run. To allow scripts to be run by any user, enter: ALL
ssl-public-key: (string) The CA certificate to verify the server certificate with. This can be a path to a file, or a base64 encoded entry of the certificate itself, prefixed with "base64:". This config is only used if the message server URL given above starts with https.
tags: (string) Comma separated list of tag names to be sent to the server.
urgent-exchange-interval: (int) The number of seconds between urgent server exchanges.
url: (string) The message server URL to connect to. Normally https://fqdn/message-system.