How to configure your Landscape deployment to provision workstations with Autoinstall via the Ubuntu installer¶
The Ubuntu installer (24.04 and later) can use Landscape to serve an autoinstall file. Your Landscape account must use OIDC authentication.
Note
This feature is available from Landscape server 25.10~beta.4 onwards.
Note
This feature is available on self-hosted and select accounts on SaaS. It is not generally available to all SaaS accounts.
Background information¶
Autoinstall is a means to automate an Ubuntu installation. Landscape integrates with the Ubuntu installer to deliver an Autoinstall file at installation time.
See the Ubuntu installation (Subiquity) documentation for more information.
On a Juju deployment¶
Note
This action is available on charm revision 189 and later.
Enable the service for a Landscape unit with the Juju action:
juju run landscape-server/<N> enable-ubuntu-installer-attach
If you have multiple Landscape server units, you can enable the service on each unit:
juju run landscape-server/0 enable-ubuntu-installer-attach
juju run landscape-server/1 enable-ubuntu-installer-attach
juju run landscape-server/2 enable-ubuntu-installer-attach
...
juju run landscape-server/<N> enable-ubuntu-installer-attach
You’ll need to provide additional configuration to the Landscape server units to enable the feature and set minimal service configuration:
juju config landscape-server additional_service_config='[ubuntu_installer_attach]
stores = main account-1
threads = 1
base_port = 53354
[features]
employee_management = true
'
To disable the service on a unit, run the following Juju action:
juju run landscape-server/<N> disable-ubuntu-installer-attach
On a manual install¶
Install the landscape-ubuntu-installer-attach package¶
Landscape requires an additional service for the Ubuntu installer attach experience. This example uses the Landscape Beta PPA.
sudo add-apt-repository ppa:landscape/self-hosted-beta
sudo apt update
sudo apt install landscape-ubuntu-installer-attach
Set configuration¶
In your service.conf, include the following section if not already present:
[ubuntu_installer_attach]
stores = main account-1
threads = 1
base_port = 53354
Include the following configuration in the [features] section of your service.conf:
[features]
employee_management = true
Configure the proxy¶
This feature uses gRPC and requires an upstream proxy to perform HTTP/2 and TLS termination.
Requirements¶
The installer connects to the proxy on port 50051.
The installer connects using HTTPS.
The
landscape-ubuntu-installer-attachservice listens on port 53354 by default.
Example configuration (HAProxy)¶
For example, if you’re using HAProxy, add the following to /etc/haproxy/haproxy.cfg:
frontend haproxy-0-grpc-ubuntu-installer
bind 0.0.0.0:50051 ssl crt /var/lib/haproxy/default.pem alpn h2
default_backend landscape-ubuntu-installer-attach-messenger
backend landscape-ubuntu-installer-attach-messenger
mode http
server landscape-ubuntu-installer-attach-messenger-0-0 localhost:53354 proto h2
(Optional) Configure the X-FQDN header¶
Note
This is only useful for multi-tenant deployments. If you are using self-hosted, you can disregard this.
For multi-tenant deployments, Landscape requires an X-FQDN header to disambiguate the tenant.
You’ll need to configure this X-FQDN in your proxy settings. For example, if you’re using HAProxy, add the following to /etc/haproxy/haproxy.cfg:
frontend haproxy-0-grpc-ubuntu-installer
bind 0.0.0.0:50051 ssl crt /var/lib/haproxy/default.pem alpn h2
default_backend landscape-ubuntu-installer-attach-messenger
acl host_found hdr(host) -m found
http-request set-var(req.full_fqdn) hdr(authority) if !host_found
http-request set-var(req.full_fqdn) hdr(host) if host_found
http-request set-header X-FQDN %[var(req.full_fqdn)]
Verify the connection¶
You should verify the connection to ensure that your server can be reached using HTTPS, and that the certificate is verifiable without additional flags. The Ubuntu installer expects a valid SSL certificate that is signed by a known CA.
For example:
curl -i https://<LANDSCAPE_SERVER_HOST>:50051
Sample output:
HTTP/2 200
content-type: application/grpc
grpc-status: 2
grpc-message: Bad method header