Landscape beta: Juju Installation

The Juju based Landscape beta installation will deploy Landscape on a single machine, with each component in its own separate container.

Prerequisites:

  1. Ubuntu 22.04 or Ubuntu 20.04 installed on a machine with the following minimum specifications:
    • a dual core 2ghz processor
    • 4GB of RAM, or more
    • 10GB of disk space, or more
  2. An IP address with an FQDN. Using a domain name with a public IP allows for valid SSL certificates to be applied, via LetsEncrypt’s certbot.

You will be up and running in 3 simple steps:

  1. Install Juju and deploy the Landscape Scalable charm bundle:
sudo snap install juju --classic
juju bootstrap localhost
juju set-model-constraints arch=$(dpkg --print-architecture)
juju deploy landscape-scalable --channel edge
  1. Install certbot and obtain a valid SSL certificate for yourdomain.com (optional):
    replace all instances of yourdomain.com in the following steps with your own FQDN
sudo snap install certbot --classic
sudo certbot -d yourdomain.com --manual --preferred-challenges dns certonly
FULLCHAIN=$(sudo base64 -w 0 /etc/letsencrypt/live/yourdomain.com/fullchain.pem)
PRIVKEY=$(sudo base64 -w 0 /etc/letsencrypt/live/yourdomain.com/privkey.pem)
juju remove-application haproxy --force --no-wait
juju deploy haproxy --config default_timeouts='queue 60000, connect 5000, client 120000, server 120000' --config services='' --config ssl_cert=$FULLCHAIN --config ssl_key=$PRIVKEY --config global_default_bind_options='no-tlsv10' --series focal
juju relate landscape-server haproxy
  1. Expose HAProxy over the host machine’s network interface by opening the LXD firewall, and adding iptables port forwarding rules:
juju expose haproxy
INTERFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
INTERFACE_IP=$(ip -o -4 addr list $INTERFACE | awk '{print $4}' | cut -d'/' -f1)
CONTAINER_IP=$(juju run --unit haproxy/1 "network-get public --ingress-address=true")
PORT=443
sudo -E bash -c "iptables -t nat -I PREROUTING -i $INTERFACE -p tcp -d $INTERFACE_IP --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT -m comment --comment haproxy"
PORT=80
sudo -E bash -c "iptables -t nat -I PREROUTING -i $INTERFACE -p tcp -d $INTERFACE_IP --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT -m comment --comment haproxy"
1 Like