How to install Landscape Server with quickstart mode

The quickstart mode of deploying Landscape consists of installing all the necessary software on a single machine. Quickstart mode has limited scalability, so it may not be ideal for large production deployments.

Note: If you have an Ubuntu Pro subscription, we recommend you attach your Pro token for easy access to your Pro services. For more information, see how to attach your Ubuntu Pro subscription and how to enable Landscape in the Ubuntu Pro Client.

Contents:

  1. Check minimum requirements
  2. Install Landscape Server
  3. Install an SSL certificate
  4. Create a global administrator account
  5. Configure Postfix for email

Check minimum requirements

The following minimum requirements are needed to install Landscape Server:

  • Operating system: Ubuntu 22.04 LTS (Jammy Jellyfish) or Ubuntu 24.04 LTS (Noble Numbat)
  • Hardware: A dual-core 2 GHz processor, 4 GB of RAM, and 20 GB of disk space
  • Networking: An IP address and FQDN with TCP communication allowed for SSH (typically port 22), HTTP (port 80), and HTTPS (port 443)
  • If you wish to use LetsEncrypt to obtain an SSL certificate, DNS administration access for the hostname you’ll use to access Landscape

Install Landscape Server

Install prerequisites

To install prerequisites, run:

sudo apt update && sudo apt install -y ca-certificates software-properties-common

The add-apt-packages command line utility is necessary to add the PPA which contains the Landscape Server software. The software-properties-common package must be added to access add-apt-packages.

Set environment variables

To set the necessary environment variables, run:

HOST_NAME={HOST_NAME}
DOMAIN={DOMAIN_NAME}
FQDN=$HOST_NAME.$DOMAIN

This code block includes the following values that must be changed:

{HOST_NAME}: The host name you’re using for the Landscape installation

{DOMAIN_NAME}: The domain name you’re using for the Landscape installation

It’s important to set HOST_NAME, DOMAIN and FQDN correctly prior to installing Landscape Server. These variables are used by other commands later.

Set the machine’s host name

To set the machine’s host name, run:

sudo hostnamectl set-hostname "$FQDN"

When Landscape Server is installed, it will read the machine’s host name and use it in the Apache configuration.

Install landscape-server-quickstart

To install landscape-server-quickstart:

  1. Add the PPA for Landscape Server, replacing {LANDSCAPE_PPA} with the appropriate repository:

    sudo add-apt-repository -y {LANDSCAPE_PPA}
    
    • {LANDSCAPE_PPA}: The PPA for the specific Landscape installation you’re using. The PPA for Landscape’s stable rolling release is: ppa:landscape/latest-stable. The PPA for the most recent Landscape LTS is: ppa:landscape/self-hosted-24.04.
  2. Update packages and dependencies in your local system:

    sudo apt-get update
    
  3. Install landscape-server-quickstart:

    sudo DEBIAN_FRONTEND=noninteractive apt-get install -y landscape-server-quickstart
    
    • This installation takes approximately five minutes.

Install an SSL certificate

If you have the fullchain.pem and privkey.pem files for your SSL certificate, skip these steps and configure Apache manually.

Install Certbot

Certbot is a command line utility which makes acquiring and renewing SSL certificates from LetsEncrypt an easy, free and automated process.

To install Certbot, run:

sudo snap install certbot --classic

Get an SSL certificate from LetsEncrypt

If your Landscape instance has a public IP, and your FQDN resolves to that public IP, run the following code to get a valid SSL certificate from LetsEncrypt:

sudo certbot --non-interactive --apache --no-redirect --agree-tos --email {EMAIL@ADDRESS.COM} --domains $FQDN

But, replace {EMAIL@ADDRESS.COM} with an email address where certificate renewal reminders can be sent.

Create a global administrator account

At this point, visiting https://HOST_NAME.DOMAIN prompts you to create Landscape’s first Global Administrator account. To add administrators:

  1. Click Settings
  2. Set a valid outgoing email address in the System email address field
  3. Click Save

By default, the email address will be pre-filled with noreply@HOST_NAME.DOMAIN. You may want to change this to noreply@DOMAIN, or another valid email address.

Configure Postfix for email

These steps use SendGrid as an example email service provider that can be configured to work with Postfix. They may still generally apply to other email service providers, such as Mailjet, Amazon SES or Google.

Detailed information is available for Postfix in the Ubuntu Server documentation.

Set environment variables

To set the necessary environment variables, run the following code. Replace {API_KEY} with an API key from https://app.sendgrid.com/settings/api_keys:

SMTP_HOST='smtp.sendgrid.net'
SMTP_PORT='587'
SMTP_USERNAME='apikey'
SMTP_PASSWORD='{API_KEY}'

Install Postfix

To install Postfix, run:

sudo DEBIAN_FRONTEND=noninteractive apt-get install -y postfix

Use Postconf to configure the /etc/postfix/main.cf file

  1. Configure the /etc/postfix/main.cf file with Postconf:

    sudo postconf -e myhostname="$FQDN"
    sudo postconf -e mydomain="$DOMAIN"
    sudo postconf -e myorigin="$DOMAIN"
    sudo postconf -e masquerade_domains="$DOMAIN"
    sudo postconf -e mydestination=localhost
    sudo postconf -e default_transport=smtp
    sudo postconf -e relay_transport=smtp
    sudo postconf -e relayhost="[${SMTP_HOST}]:${SMTP_PORT}"
    sudo postconf -e smtp_sasl_auth_enable=yes
    sudo postconf -e smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
    sudo postconf -e smtp_sasl_security_options=noanonymous
    sudo postconf -e header_size_limit=4096000
    

    This code block includes the following values that must be changed:

    {SMTP_HOST}: The hostname or IP address of the SMTP server to which Postfix will relay outgoing emails

    {SMTP_PORT}: The port number on which the SMTP server is listening for incoming connections

  2. SendGrid requires TLS encryption when connecting on Port 587, so you must make the following additional configurations:

    sudo postconf -e smtp_use_tls=yes
    sudo postconf -e smtp_tls_security_level=encrypt
    sudo postconf -e smtp_sasl_tls_security_options=noanonymous
    

Finish configuration

  1. Write /etc/postfix/sasl_passwd with the authentication credentials:

    sudo sh -c "echo \"[$SMTP_HOST]:$SMTP_PORT $SMTP_USERNAME:$SMTP_PASSWORD\" > /etc/postfix/sasl_passwd"
    
  2. Generate a hashed version of that file:

    sudo postmap /etc/postfix/sasl_passwd
    
  3. Secure /etc/postfix/sasl_passwd.db:

    sudo chmod 600 /etc/postfix/sasl_passwd.db
    
  4. Remove /etc/postfix/sasl_passwd for security:

    sudo rm /etc/postfix/sasl_passwd
    
  5. Restart Postfix for these settings to take effect:

    sudo /etc/init.d/postfix restart
    

This page was last modified 9 days ago. Help improve this document in the forum.