How to install Landscape Server with quickstart mode
The quickstart mode of deploying Landscape consists of installing all the necessary software on a single machine. Quickstart mode has limited scalability, so it may not be ideal for large production deployments.
Note: If you have an Ubuntu Pro subscription, we recommend you attach your Pro token for easy access to your Pro services. For more information, see how to attach your Ubuntu Pro subscription and how to enable Landscape in the Ubuntu Pro Client.
Contents:
- Check minimum requirements
- Install Landscape Server
- Install an SSL certificate
- Create a global administrator account
- Configure Postfix for email
Check minimum requirements
The following minimum requirements are needed to install Landscape Server:
- Operating system: Ubuntu 22.04 LTS (Jammy Jellyfish) or Ubuntu 24.04 LTS (Noble Numbat)
- Hardware: A dual-core 2 GHz processor, 4 GB of RAM, and 20 GB of disk space
- Networking: An IP address and FQDN with TCP communication allowed for SSH (typically port 22), HTTP (port 80), and HTTPS (port 443)
- If you wish to use LetsEncrypt to obtain an SSL certificate, DNS administration access for the hostname you’ll use to access Landscape
Install Landscape Server
Install prerequisites
To install prerequisites, run:
sudo apt update && sudo apt install -y ca-certificates software-properties-common
The add-apt-packages
command line utility is necessary to add the PPA which contains the Landscape Server software. The software-properties-common
package must be added to access add-apt-packages
.
Set environment variables
To set the necessary environment variables, run:
HOST_NAME={HOST_NAME}
DOMAIN={DOMAIN_NAME}
FQDN=$HOST_NAME.$DOMAIN
This code block includes the following values that must be changed:
{HOST_NAME}
: The host name you’re using for the Landscape installation
{DOMAIN_NAME}
: The domain name you’re using for the Landscape installation
It’s important to set HOST_NAME
, DOMAIN
and FQDN
correctly prior to installing Landscape Server. These variables are used by other commands later.
Set the machine’s host name
To set the machine’s host name, run:
sudo hostnamectl set-hostname "$FQDN"
When Landscape Server is installed, it will read the machine’s host name and use it in the Apache configuration.
Install landscape-server-quickstart
To install landscape-server-quickstart
:
-
Add the PPA for Landscape Server, replacing
{LANDSCAPE_PPA}
with the appropriate repository:sudo add-apt-repository {LANDSCAPE_PPA} -y
{LANDSCAPE_PPA}
: The PPA for the specific Landscape installation you’re using. The PPA for Landscape’s stable rolling release is:ppa:landscape/latest-stable
. The PPA for the most recent Landscape LTS is:ppa:landscape/self-hosted-24.04
.
-
Update packages and dependencies in your local system:
sudo apt-get update
-
Install
landscape-server-quickstart
:sudo DEBIAN_FRONTEND=noninteractive apt-get install -y landscape-server-quickstart
- This installation takes approximately five minutes.
Install an SSL certificate
If you have the fullchain.pem
and privkey.pem
files for your SSL certificate, skip these steps and configure Apache manually.
Install Certbot
Certbot is a command line utility which makes acquiring and renewing SSL certificates from LetsEncrypt an easy, free and automated process.
To install Certbot, run:
sudo snap install certbot --classic
Get an SSL certificate from LetsEncrypt
If your Landscape instance has a public IP, and your FQDN resolves to that public IP, run the following code to get a valid SSL certificate from LetsEncrypt:
sudo certbot --non-interactive --apache --no-redirect --agree-tos --email {[email protected]} --domains $FQDN
But, replace {[email protected]}
with an email address where certificate renewal reminders can be sent.
Create a global administrator account
At this point, visiting https://HOST_NAME.DOMAIN
prompts you to create Landscape’s first Global Administrator account. To add administrators:
- Click Settings
- Set a valid outgoing email address in the System email address field
- Click Save
By default, the email address will be pre-filled with noreply@HOST_NAME.DOMAIN. You may want to change this to noreply@DOMAIN, or another valid email address.
Configure Postfix for email
These steps use SendGrid as an example email service provider that can be configured to work with Postfix. They may still generally apply to other email service providers, such as Mailjet, Amazon SES or Google.
Detailed information is available for Postfix in the Ubuntu Server documentation.
Set environment variables
To set the necessary environment variables, run the following code. Replace {API_KEY}
with an API key from https://app.sendgrid.com/settings/api_keys
:
SMTP_HOST='smtp.sendgrid.net'
SMTP_PORT='587'
SMTP_USERNAME='apikey'
SMTP_PASSWORD='{API_KEY}'
Install Postfix
To install Postfix, run:
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y postfix
Use Postconf to configure the /etc/postfix/main.cf
file
-
Configure the
/etc/postfix/main.cf
file with Postconf:sudo postconf -e myhostname="$FQDN" sudo postconf -e mydomain="$DOMAIN" sudo postconf -e myorigin="$DOMAIN" sudo postconf -e masquerade_domains="$DOMAIN" sudo postconf -e mydestination=localhost sudo postconf -e default_transport=smtp sudo postconf -e relay_transport=smtp sudo postconf -e relayhost="[${SMTP_HOST}]:${SMTP_PORT}" sudo postconf -e smtp_sasl_auth_enable=yes sudo postconf -e smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd sudo postconf -e smtp_sasl_security_options=noanonymous sudo postconf -e header_size_limit=4096000
This code block includes the following values that must be changed:
{SMTP_HOST}
: The hostname or IP address of the SMTP server to which Postfix will relay outgoing emails{SMTP_PORT}
: The port number on which the SMTP server is listening for incoming connections -
SendGrid requires TLS encryption when connecting on Port 587, so you must make the following additional configurations:
sudo postconf -e smtp_use_tls=yes sudo postconf -e smtp_tls_security_level=encrypt sudo postconf -e smtp_sasl_tls_security_options=noanonymous
Finish configuration
-
Write
/etc/postfix/sasl_passwd
with the authentication credentials:sudo sh -c "echo \"[$SMTP_HOST]:$SMTP_PORT $SMTP_USERNAME:$SMTP_PASSWORD\" > /etc/postfix/sasl_passwd"
-
Generate a hashed version of that file:
sudo postmap /etc/postfix/sasl_passwd
-
Secure
/etc/postfix/sasl_passwd.db
:sudo chmod 600 /etc/postfix/sasl_passwd.db
-
Remove
/etc/postfix/sasl_passwd
for security:sudo rm /etc/postfix/sasl_passwd
-
Restart Postfix for these settings to take effect:
sudo /etc/init.d/postfix restart