Connecting UEC to Landscape
This page describes how you can connect your UEC cloud to Canonical's Landscape service.
First of all you need a Landscape account. If you do not have one, you can get a 30-day trial account by registering here: https://landscape.canonical.com/trial-registration (you will need an Ubuntu SSO account).
Ensure that connectivity is available
- For Landscape to be able to start instances on your cloud, it (landscape.canonical.com) needs to be able to reach the cloud controller on port 443.
- For instances to report their status to Landscape, instances need to be able to reach landscape.canonical.com on port 80 and 443.
Note: if you have a standalone Landscape server (LDS) installed on your network, replace landscape.canonical.com with whathever hostname your LDS can be reached at.
As our firewall does not allow you to pass connections to your cloud controller (CLC) in the clear, the following workaround will allow you to open a connection via an ssl tunel.
One possible option is to use Apache to proxy SSL connections to Eucalyptus.
- Get an official SSL certificate from a root-trusted SSL certificate authority (CA). Alternatively, if you don't care about encrypting the traffic or be subject to MITM attacks, you can use a self-signed certificate or one signed by any CA. Just make sure the hostname matches the CN field.
- Use the Apache mod_ssl instructions from your provider. In the process, you will create a key then you will get a certificate from your CA. You need both files.
Edit /etc/apache2/sites-available/default-ssl and change the lines below to reflect the location of your SSL certificate and key:
SSLCertificateFile /path/to/your/certificate SSLCertificateKeyFile /path/to/your/key
Still in /etc/apache2/sites-available/default-ssl, configure Apache to forward the connections to Eucalyptus but preserving host information (add this to
ProxyPreserveHost On RewriteEngine on RewriteRule ^/(.*) http://localhost:8773/$1 [P]
- Install stunnel
sudo apt-get install stunnel4
- Once you have your certificate and you have stunnel installed, you need to combine the two into a pem file called /etc/stunnel/stunnel.pem :
cat key.key certificate.cert > /etc/stunnel/stunnel.pem
- Then do a
sudo stunnel -d 443 -r localhost:8773
To make the change persistent across reboots add this to the bottom of /etc/stunnel/stunnel.conf :
[Eucalyptus for Landscape] accept = landscape.canonical.com:443 connect = localhost:8773
Register your cloud with Landscape
In Landscape, click Cloud then Register a new cloud, under Cloud Provider choose Other then use the following URL for your endpoint:
Go to your eucarc file and examine the EC2_URL value, alternatively you could do a echo $EC2_URL (as long as you have included the eucarc in your environment) and note this URL.
Note: If you followed the above connectivity workaround, you will need to change the port number from 8773 to 443
- Use the Access Key ID and Secret Access Key from your Credentials page on your UEC web interface.
- Click Save and you should be done.