谢谢您的订阅!
当新的内容发布后您将开始接收邮件。您也可以点击邮件内的链接随时取消订阅。关闭Close

使用Ubuntu系统管理工具Landscape来构建离线APT仓库:第三篇

by liam zheng on 26 January 2022

继续第二篇博客文章,现在我们将注册Landscape客户端到服务端并管理软件仓库。

使用 https注册客户端

客户端可以通过https的方式进行注册从而使用本地软件仓库。大概的操作步骤如下:

  • sudo apt-get update
  • sudo apt-get install landscape-client
  • 从Landscape服务器传送/etc/ssl/certs/landscape_server_ca.crt landscape到客户端
  • 客户端能解析到Landscape服务器的FQDN
  • sudo landscape-config –account-name standalone –url https://<server>/message-system –ping-url http://<server>/ping
  • 从Landscape server 仪表板接受注册的客端 

演示代码如下:

ubuntu@vm-ceph1:~$ sudo mv landscape_server_ca.crt /etc/ssl/certs/
ubuntu@vm-ceph1:~$ ping -c1 vm-landscape-server.maas
PING vm-landscape-server.maas (192.168.122.91) 56(84) bytes of data.
64 bytes from vm-landscape-server.maas (192.168.122.91): icmp_seq=1 ttl=64 time=0.430 ms
ubuntu@vm-ceph1:~$
ubuntu@vm-ceph1:~$ sudo landscape-config --account-name standalone --url https://vm-landscape-server.maas/message-system --ping-url http://vm-landscape-server.maas/ping
enabled

This script will interactively set up the Landscape client. It will
ask you a few questions about this computer and your Landscape
account, and will submit that information to the Landscape server.
After this computer is registered it will need to be approved by an
account administrator on the pending computers page.

Please see https://landscape.canonical.com for more information.


The computer title you provide will be used to represent this
computer in the Landscape user interface. It's important to use
a title that will allow the system to be easily recognized when
it appears on the pending computers page.

This computer's title [vm-ceph1]: 

A registration key may be associated with your Landscape
account to prevent unauthorized registration attempts.  This
is not your personal login password.  It is optional, and unless
explicitly set on the server, it may be skipped here.

If you don't remember the registration key you can find it
at https://landscape.canonical.com/account/standalone

Account registration key: 

The Landscape client communicates with the server over HTTP and
HTTPS.  If your network requires you to use a proxy to access HTTP
and/or HTTPS web sites, please provide the address of these
proxies now.  If you don't use a proxy, leave these fields empty.

HTTP proxy URL: 
HTTPS proxy URL: 

Landscape has a feature which enables administrators to run
arbitrary scripts on machines under their control. By default this
feature is disabled in the client, disallowing any arbitrary script
execution. If enabled, the set of users that scripts may run as is
also configurable.

Enable script execution? [Y/n]: y

By default, scripts are restricted to the 'landscape' and
'nobody' users. Please enter a comma-delimited list of users
that scripts will be restricted to. To allow scripts to be run
by any user, enter "ALL".

Script users [ALL]: 

You may provide an access group for this computer e.g. webservers.

Access group [ceph]: 

You may provide tags for this computer e.g. server,precise.

Tags [vm-ceph1]: 
Please wait...

Request a new registration for this computer now? [Y/n]: Y
System successfully registered.
ubuntu@vm-ceph1:~$

完成上述操作后,从仪表板接受客户端:

接受后,您可以看到这台计算机的标签是“vm-ceph1”,此标签将用于下一步的操作。

管理软件仓库

要让由Landscape管理的客户端使用您的本地仓库,您还需要进行下面的操作:

  1. 软件仓库创建一个存储库配置文件,如:
    landscape-api create-repository-profile –description “This profile is for Landscape On-Premises servers.” example-profile
  2. 计算机与存储库配置文件相关联,如:
    landscape-api associate-repository-profile –tags example-tag example-profile
  3. 将Pockets添加到存储库配置文件,如:
    landscape-api add-pockets-to-repository-profile example-profile release,updates,security bionic ubuntu
  4. 确认客户端 /etc/apt/source.list 变成:
    deb http://your-server.com/repository/standalone/ubuntu focal-security main restricted universe multiverse
    deb http://your-server.com/repository/standalone/ubuntu focal main restricted universe multiverse
    deb http://your-server.com/repository/standalone/ubuntu focal-updates main restricted universe multiverse
  5. 如果需要恢复:
    landscape-api disassociate-repository- profile –tags example-tag example-profile

示例命令和输出:

ubuntu@vm-landscape-server:~$ landscape-api create-repository-profile --description "This profile is for Landscape On-Premises servers." example-profile
{u'access_group': u'global',
 u'all_computers': False,
 u'apt_sources': [],
 u'description': u'This profile is for Landscape On-Premises servers.',
 u'id': 1,
 u'name': u'example-profile',
 u'pending_count': 0,
 u'pockets': [],
 u'tags': [],
 u'title': u'example-profile'}
ubuntu@vm-landscape-server:~$

ubuntu@vm-landscape-server:~$ landscape-api associate-repository-profile --tags vm-ceph1 example-profile
{u'access_group': u'global',
 u'all_computers': False,
 u'apt_sources': [],
 u'description': u'This profile is for Landscape On-Premises servers.',
 u'id': 1,
 u'name': u'example-profile',
 u'pending_count': 1,
 u'pockets': [],
 u'tags': [u'vm-ceph1'],
 u'title': u'example-profile'}
ubuntu@vm-landscape-server:~$

ubuntu@vm-landscape-server:~$ landscape-api add-pockets-to-repository-profile example-profile updates focal ubuntu
{u'access_group': u'global',
 u'all_computers': False,
 u'apt_sources': [],
 u'description': u'This profile is for Landscape On-Premises servers.',
 u'id': 1,
 u'name': u'example-profile',
 u'pending_count': 1,
 u'pockets': [{u'apt_source_line': u'deb http://vm-landscape-server.maas/repository/standalone/ubuntu focal-updates restricted',
               u'architectures': [u'amd64'],
               u'components': [u'restricted'],
               u'creation_time': u'2022-01-04T08:50:46Z',
               u'gpg_key': {u'fingerprint': u'be50:6aea:aaaa:977f:0302:b161:c308:d9a6:a02f:e060',
                            u'has_secret': True,
                            u'id': 1,
                            u'key_id': u'C308D9A6A02FE060',
                            u'name': u'mirror-key'},
               u'include_udeb': False,
               u'mirror_suite': u'focal-updates',
               u'mirror_uri': u'http://hk.archive.ubuntu.com/ubuntu/',
               u'mode': u'mirror',
               u'name': u'updates'}],
 u'tags': [u'vm-ceph1'],
 u'title': u'example-profile'}
ubuntu@vm-landscape-server:~$

到此就完成了利用Landscape创建APT本地离线软件仓库的教程。Landscape系统管理工具可免费在10台机器上使用,如您有超过10台的机器需要使用Landscape来管理,那么建议您通过Ubuntu Advantage订阅服务来获得单节点最多40000台机器的功能。

如您有相关问题,可联系我们以了解更多关于Landscape的支持服务内容。

附录: 有用的参考文档链接

可继续阅读:第一篇第二篇博客文章。

订阅博客文章

订阅您感兴趣的主题

在提交此表格的同时,我确认已阅读和同意的隐私声明隐私政策。

查看更多内容

Canonical 发布 Ubuntu 25.04 Plucky Puffin

Ubuntu 的最新临时版本,引入了适用于如 Spring 等热门框架的“开发软件包”,同时在各种硬件设备上增强了性能。 发布日期:2025 年 4 月 17 日 Canonical 宣布发布 Ubuntu 25.04,代号“Plucky Puffin”,用户可前往 ubuntu.com/download 进行下载并安装。   Ubuntu 25.04 搭载最新的 GNOME 48 桌面环境,支持三重缓冲技术,提供更好的安装和启动体验。引入适用于 Spring 框架的“开发软件包”,进一步扩大了 Ubuntu 中的工具链可用性。Canonical 携手合作伙伴在芯片技术上取得的进步,不仅为 Intel GPU 上人工智能工作负载提升了性能,同时还支持 AMD SEV-SN […]

最新 IDC 研究 — 70% 的 IT 团队每周在安全补丁方面耗费时间超 6 小时

Canonical 与国际数据公司(IDC)开展的最新研究表明,在严苛的 CVE 补丁更新规定下,企业组织难以笃定地应用补丁,并且在开源软件供应链方面也面临着其他严峻挑战。 今日,Ubuntu 发行商 Canonical 发布了一份与 IDC 合作完成并由 Google Cloud 联合赞助的研究报告,其揭示了有关企业组织在安全补丁和不断加重的监管负担方面所面临压力与挑战的全新见解。这份题为《软件供应链现状:安全挑战、机遇以及借助开源软件实现韧性的路径》的报告,对 500 家拥有 250 名以上全职员工的企业组织进行了调查,确定了他们所面临的最紧迫问题。最值得注意的是,这些问题都是企业组织在漏洞和补丁管理、软件依赖关系或软件供应链可视性不足以及软件来源可信度方面面临的难题 […]

Ubuntu 20.04 LTS 标准支持周期终止 — 激活 ESM

ESM 确保设备集群的安全与运行性能 Focal Fossa 的标准支持周期将于 2025 年 5 月终止,也称生命周期终止(EOL)。Ubuntu 20.04 LTS 已然成为全球数百万物联网和嵌入式设备的关键组件,广泛应用于自助服务终端、数字引导牌、工业设备以及机器人系统等设备。该版本是医疗保健到制造业等各行业的企业进行创新的基础。与其他所有迎来标准支持周期终止的 Ubuntu LTS 版本一样,Focal Fossa 将转为扩展安全维护(EOL)模式。本文将为开发者和企业介绍相关选择,并说明如何启用 ESM 以持续获得支持。 在深入探讨之前,我们先来回顾一下 Ubuntu 版本为何存在生命周期终止(EOL)。 Ubuntu 版本为何存在 EOL? 每个 Ubuntu […]