使用Ubuntu系统管理工具Landscape来构建离线APT仓库：第三篇

by liam zheng on 26 January 2022

继续第二篇博客文章，现在我们将注册Landscape客户端到服务端并管理软件仓库。

使用 https注册客户端

客户端可以通过https的方式进行注册从而使用本地软件仓库。大概的操作步骤如下：

sudo apt-get update
sudo apt-get install landscape-client
从Landscape服务器传送/etc/ssl/certs/landscape_server_ca.crt landscape到客户端
客户端能解析到Landscape服务器的FQDN
sudo landscape-config –account-name standalone –url https://<server>/message-system –ping-url http://<server>/ping
从Landscape server 仪表板接受注册的客端

演示代码如下：

ubuntu@vm-ceph1:~$ sudo mv landscape_server_ca.crt /etc/ssl/certs/
ubuntu@vm-ceph1:~$ ping -c1 vm-landscape-server.maas
PING vm-landscape-server.maas (192.168.122.91) 56(84) bytes of data.
64 bytes from vm-landscape-server.maas (192.168.122.91): icmp_seq=1 ttl=64 time=0.430 ms
ubuntu@vm-ceph1:~$
ubuntu@vm-ceph1:~$ sudo landscape-config --account-name standalone --url https://vm-landscape-server.maas/message-system --ping-url http://vm-landscape-server.maas/ping
enabled

This script will interactively set up the Landscape client. It will
ask you a few questions about this computer and your Landscape
account, and will submit that information to the Landscape server.
After this computer is registered it will need to be approved by an
account administrator on the pending computers page.

Please see https://landscape.canonical.com for more information.

The computer title you provide will be used to represent this
computer in the Landscape user interface. It's important to use
a title that will allow the system to be easily recognized when
it appears on the pending computers page.

This computer's title [vm-ceph1]:

A registration key may be associated with your Landscape
account to prevent unauthorized registration attempts. This
is not your personal login password. It is optional, and unless
explicitly set on the server, it may be skipped here.

If you don't remember the registration key you can find it
at https://landscape.canonical.com/account/standalone

Account registration key:

The Landscape client communicates with the server over HTTP and
HTTPS. If your network requires you to use a proxy to access HTTP
and/or HTTPS web sites, please provide the address of these
proxies now. If you don't use a proxy, leave these fields empty.

HTTP proxy URL:
HTTPS proxy URL:

Landscape has a feature which enables administrators to run
arbitrary scripts on machines under their control. By default this
feature is disabled in the client, disallowing any arbitrary script
execution. If enabled, the set of users that scripts may run as is
also configurable.

Enable script execution? [Y/n]: y

By default, scripts are restricted to the 'landscape' and
'nobody' users. Please enter a comma-delimited list of users
that scripts will be restricted to. To allow scripts to be run
by any user, enter "ALL".

Script users [ALL]:

You may provide an access group for this computer e.g. webservers.

Access group [ceph]:

You may provide tags for this computer e.g. server,precise.

Tags [vm-ceph1]:
Please wait...

Request a new registration for this computer now? [Y/n]: Y
System successfully registered.
ubuntu@vm-ceph1:~$

完成上述操作后，从仪表板接受客户端：

接受后，您可以看到这台计算机的标签是“vm-ceph1”，此标签将用于下一步的操作。

管理软件仓库

要让由Landscape管理的客户端使用您的本地仓库，您还需要进行下面的操作：

软件仓库创建一个存储库配置文件，如：
landscape-api create-repository-profile –description “This profile is for Landscape On-Premises servers.” example-profile
计算机与存储库配置文件相关联，如：
landscape-api associate-repository-profile –tags example-tag example-profile
将Pockets添加到存储库配置文件，如：
landscape-api add-pockets-to-repository-profile example-profile release,updates,security bionic ubuntu
确认客户端 /etc/apt/source.list 变成：
deb http://your-server.com/repository/standalone/ubuntu focal-security main restricted universe multiverse
deb http://your-server.com/repository/standalone/ubuntu focal main restricted universe multiverse
deb http://your-server.com/repository/standalone/ubuntu focal-updates main restricted universe multiverse
如果需要恢复：
landscape-api disassociate-repository- profile –tags example-tag example-profile

示例命令和输出：

ubuntu@vm-landscape-server:~$ landscape-api create-repository-profile --description "This profile is for Landscape On-Premises servers." example-profile
{u'access_group': u'global',
 u'all_computers': False,
 u'apt_sources': [],
 u'description': u'This profile is for Landscape On-Premises servers.',
 u'id': 1,
 u'name': u'example-profile',
 u'pending_count': 0,
 u'pockets': [],
 u'tags': [],
 u'title': u'example-profile'}
ubuntu@vm-landscape-server:~$

ubuntu@vm-landscape-server:~$ landscape-api associate-repository-profile --tags vm-ceph1 example-profile
{u'access_group': u'global',
 u'all_computers': False,
 u'apt_sources': [],
 u'description': u'This profile is for Landscape On-Premises servers.',
 u'id': 1,
 u'name': u'example-profile',
 u'pending_count': 1,
 u'pockets': [],
 u'tags': [u'vm-ceph1'],
 u'title': u'example-profile'}
ubuntu@vm-landscape-server:~$

ubuntu@vm-landscape-server:~$ landscape-api add-pockets-to-repository-profile example-profile updates focal ubuntu
{u'access_group': u'global',
 u'all_computers': False,
 u'apt_sources': [],
 u'description': u'This profile is for Landscape On-Premises servers.',
 u'id': 1,
 u'name': u'example-profile',
 u'pending_count': 1,
 u'pockets': [{u'apt_source_line': u'deb http://vm-landscape-server.maas/repository/standalone/ubuntu focal-updates restricted',
               u'architectures': [u'amd64'],
               u'components': [u'restricted'],
               u'creation_time': u'2022-01-04T08:50:46Z',
               u'gpg_key': {u'fingerprint': u'be50:6aea:aaaa:977f:0302:b161:c308:d9a6:a02f:e060',
                            u'has_secret': True,
                            u'id': 1,
                            u'key_id': u'C308D9A6A02FE060',
                            u'name': u'mirror-key'},
               u'include_udeb': False,
               u'mirror_suite': u'focal-updates',
               u'mirror_uri': u'http://hk.archive.ubuntu.com/ubuntu/',
               u'mode': u'mirror',
               u'name': u'updates'}],
 u'tags': [u'vm-ceph1'],
 u'title': u'example-profile'}
ubuntu@vm-landscape-server:~$

到此就完成了利用Landscape创建APT本地离线软件仓库的教程。Landscape系统管理工具可免费在10台机器上使用，如您有超过10台的机器需要使用Landscape来管理，那么建议您通过Ubuntu Advantage订阅服务来获得单节点最多40000台机器的功能。

如您有相关问题，可联系我们以了解更多关于Landscape的支持服务内容。

附录: 有用的参考文档链接

快速启动安装：https://docs.ubuntu.com/landscape/en/landscape-install-quickstart
API访问：https://landscape.canonical.com/static/doc/api/api -client-package.html
存储库管理：https//docs.ubuntu.com/landscape/en/repositories

可继续阅读：第一篇、第二篇博客文章。

查看更多内容

Canonical 官方构建版 OpenJDK – 正式发布

长久以来，Java 在大型企业级软件开发领域占据领军地位，90% 的《财富》500 强企业将其用于后端开发，尤其在金融、医疗及政府等关键行业。相较于大多数开发者，Java 开发者更需要承担这样的任务：在实现新功能与满足遗留应用的安全性、稳定性和性能等关键要求之间取得平衡。管理不同的 Java 版本、安全更新及部署构件，面临极大的复杂度。基于上述原因，我们决定加强对工具链的投入，提供一套更全面的解决方案，让企业用户和社区成员都能从中受益。Canonical 的 OpenJDK 支持方案围绕以下核心原则构建：下面我们将针对上述各要素逐步展开深入探讨。安全增强保障：提供长效安全保障与稳定运行支持 Ubuntu Pro 订阅服务为所有 OpenJDK LTS 构建版提供 […]

Canonical 发布 Ubuntu 25.04 Plucky Puffin

Ubuntu 的最新临时版本，引入了适用于如 Spring 等热门框架的“开发软件包”，同时在各种硬件设备上增强了性能。发布日期：2025 年 4 月 17 日 Canonical 宣布发布 Ubuntu 25.04，代号“Plucky Puffin”，用户可前往 ubuntu.com/download 进行下载并安装。 Ubuntu 25.04 搭载最新的 GNOME 48 桌面环境，支持三重缓冲技术，提供更好的安装和启动体验。引入适用于 Spring 框架的“开发软件包”，进一步扩大了 Ubuntu 中的工具链可用性。Canonical 携手合作伙伴在芯片技术上取得的进步，不仅为 Intel GPU 上人工智能工作负载提升了性能，同时还支持 AMD SEV-SN […]

Canonical 通过 NVIDIA 企业级 AI 工厂认证

Canonical 通过 NVIDIA 企业级 AI 工厂认证设计交付 Kubernetes 平台与开源安全解决方案参考架构加速智能代理 AI 项目上市进程为简化企业 AI 应用路径，加速 AI 洞察向商业价值的转化，NVIDIA 近日发布 NVIDIA 企业 AI 工厂验证设计，该方案作为集成式解决方案生态，可实现与企业系统、数据源及安全基础设施的无缝连接。NVIDIA 软硬件设计模板专为现代 AI 项目定制，涵盖物理 AI 与 HPC，重点关注智能代理 AI 工作负载。 Canonical 荣膺 NVIDIA 企业级 AI 工厂验证设计生态伙伴Canonical Kubernetes 容器编排方案，支持在高性能基础设施上高效构建、部署及管理多样化且持续演进的 A […]