Connecting UEC to Landscape

This page describes how you can connect your UEC cloud to Canonical's Landscape service.

Getting Started

Landscape account

First of all you need a Landscape account. If you do not have one, you can get a 30-day trial account by registering here: https://landscape.canonical.com/trial-registration (you will need an Ubuntu SSO account).

Ensure that connectivity is available

  • For Landscape to be able to start instances on your cloud, it (landscape.canonical.com) needs to be able to reach the cloud controller on port 443.
  • For instances to report their status to Landscape, instances need to be able to reach landscape.canonical.com on port 80 and 443.

Note: if you have a standalone Landscape server (LDS) installed on your network, replace landscape.canonical.com with whathever hostname your LDS can be reached at.

Connectivity work-around

As our firewall does not allow you to pass connections to your cloud controller (CLC) in the clear, the following workaround will allow you to open a connection via an ssl tunel.

Using Apache

One possible option is to use Apache to proxy SSL connections to Eucalyptus.

  1. Get an official SSL certificate from a root-trusted SSL certificate authority (CA). Alternatively, if you don't care about encrypting the traffic or be subject to MITM attacks, you can use a self-signed certificate or one signed by any CA. Just make sure the hostname matches the CN field.
  2. Use the Apache mod_ssl instructions from your provider. In the process, you will create a key then you will get a certificate from your CA. You need both files.

  3. Edit /etc/apache2/sites-available/default-ssl and change the lines below to reflect the location of your SSL certificate and key: 

 SSLCertificateFile   /path/to/your/certificate
 SSLCertificateKeyFile /path/to/your/key

  1. Still in /etc/apache2/sites-available/default-ssl, configure Apache to forward the connections to Eucalyptus but preserving host information (add this to 

        ProxyPreserveHost On
        RewriteEngine on
        RewriteRule ^/(.*) http://localhost:8773/$1 [P]

Using stunnel

  1. Install stunnel 
    sudo apt-get install stunnel4
  2. Once you have your certificate and you have stunnel installed, you need to combine the two into a pem file called /etc/stunnel/stunnel.pem : 
    cat  key.key certificate.cert > /etc/stunnel/stunnel.pem
  3. Then do a 
    sudo stunnel -d 443 -r localhost:8773

To make the change persistent across reboots add this to the bottom of /etc/stunnel/stunnel.conf : 

  • [Eucalyptus for Landscape]
accept  = landscape.canonical.com:443
connect = localhost:8773

Register your cloud with Landscape

In Landscape, click Cloud then Register a new cloud, under Cloud Provider choose Other then use the following URL for your endpoint:

  1. Go to your eucarc file and examine the EC2_URL value, alternatively you could do a echo $EC2_URL (as long as you have included the eucarc in your environment) and note this URL.

    • Note: If you followed the above connectivity workaround, you will need to change the port number from 8773 to 443

  2. Use the Access Key ID and Secret Access Key from your Credentials page on your UEC web interface.
  3. Click Save and you should be done.

UEC/Landscape (last edited 2011-01-20 13:03:04 by host-41)