#title Using Landscape to Manage UEC ## try to use a title for the page which uses capitalization and spaces between words, as above ||<
><>|| = Connecting UEC to Landscape = This page describes how you can connect your UEC cloud to Canonical's Landscape service. = Getting Started = == Landscape account == First of all you need a Landscape account. If you do not have one, you can get a 30-day trial account by registering here: https://landscape.canonical.com/trial-registration (you will need an Ubuntu SSO account). == Ensure that connectivity is available == * For Landscape to be able to start instances on your cloud, it (landscape.canonical.com) needs to be able to reach the cloud controller on port 443. * For instances to report their status to Landscape, instances need to be able to reach landscape.canonical.com on port 80 and 443. ''Note: if you have a standalone Landscape server (LDS) installed on your network, replace landscape.canonical.com with whathever hostname your LDS can be reached at.'' === Connectivity work-around === As our firewall does not allow you to pass connections to your cloud controller (CLC) in the clear, the following workaround will allow you to open a connection via an ssl tunel. ==== Using Apache ==== One possible option is to use Apache to proxy SSL connections to Eucalyptus. 1. Get an official SSL certificate from a root-trusted SSL certificate authority (CA). Alternatively, if you don't care about encrypting the traffic or be subject to MITM attacks, you can use a self-signed certificate or one signed by any CA. Just make sure the hostname matches the CN field. 1. Use the Apache mod_ssl instructions from your provider. In the process, you will create a key then you will get a certificate from your CA. You need both files. 1. Edit '''/etc/apache2/sites-available/default-ssl''' and change the lines below to reflect the location of your SSL certificate and key: {{{ SSLCertificateFile /path/to/your/certificate SSLCertificateKeyFile /path/to/your/key }}} 1. Still in '''/etc/apache2/sites-available/default-ssl''', configure Apache to forward the connections to Eucalyptus but preserving host information (add this to {{{ ProxyPreserveHost On RewriteEngine on RewriteRule ^/(.*) http://localhost:8773/$1 [P] }}} ==== Using stunnel ==== 1. Install stunnel {{{ sudo apt-get install stunnel4 }}} 1. Once you have your certificate and you have stunnel installed, you need to combine the two into a pem file called /etc/stunnel/stunnel.pem : {{{ cat key.key certificate.cert > /etc/stunnel/stunnel.pem }}} 1. Then do a {{{ sudo stunnel -d 443 -r localhost:8773 }}} To make the change persistent across reboots add this to the bottom of /etc/stunnel/stunnel.conf : {{{ [Eucalyptus for Landscape] accept = landscape.canonical.com:443 connect = localhost:8773 }}} == Register your cloud with Landscape == In Landscape, click Cloud then Register a new cloud, under Cloud Provider choose Other then use the following URL for your endpoint: 1. Go to your eucarc file and examine the EC2_URL value, alternatively you could do a {{{echo $EC2_URL}}} (as long as you have included the eucarc in your environment) and note this URL. ''Note: If you followed the above connectivity workaround, you will need to change the port number from 8773 to 443'' 1. Use the Access Key ID and Secret Access Key from your Credentials page on your UEC web interface. 1. Click Save and you should be done.