On Sun, Dec 01, 2019 at 04:48:03PM +0000, Mike Gabriel wrote: > I dearly recommend having a proper DM between system boot and session > start.
Yes, might be better. > I will bring the x2gothinclient src:pkg to Debian unstable within the > next week. Once we have that, thin client functionality should be > fully covered as a combination of ltsp + x2gothinclient-minidesktop. > The minidesktop uses LightDMs auto-login feature... Nice, looking forward to it. In the meantime I tried to get a bit into the new ltsp and I can come up with a script (setup_debian_edu_ltsp) that turns a Debian Edu Buster (or Bullseye) workstation with two network interfaces into an LTSP server with support for both Diskless Workstations and Thin Clients. Requirements: Moved to kerberized NFS inside the Debian Edu backbone network, workstation added to LDAP using GOSa². The Debian Edu Buster manual contains an explanation how to setup kerberized NFS, see: https://wiki.debian.org/DebianEdu/Documentation/Buster/HowTo/Administration#Kerberized_NFS I ran: './setup_debian_edu_ltsp amd64' on a Debian Edu Buster workstation followed by './setup_debian_edu_ltsp i386 testing no'. The generated iPXE boot menu looks like this: https://edu.schweer-online.de/edu-ltsp_menu.png All three options have been tested inside a virtual network. It would be nice if someone could test this approach inside a real world deployment. Script attached (which contains configuration as HERE documents and a bit documentation). Wolfgang
#!/bin/bash # # Turn a Debian Edu workstation into an LTSP server for diskless workstations # (and thin clients using X2Go). # The configuration below applies to a Debian Edu workstation in the internal # backbone network with two NICs. The system needs to be configured w/ GOSa². Also, # kerberized NFS is needed, see: # https://www/debian-edu-doc/en/debian-edu-buster-manual.html#Administration--Kerberized_NFS # The modified system provides a separate LTSP client network (192.168.67.0/24) attached to eth1. # # Wolfgang Schweer <wschw...@arcor.de>, November 2019 set -e # usage if [ -z "$1" ] ; then echo "Use $0 -h or $0 --help for more information" exit 0 fi if [ "$1" = "-h" ] || [ "$1" = "--help" ] ; then cat <<EOF Usage information: $0 <arch> <dist> <diskless_workstation> Turn a Debian Edu workstation into an LTSP server for both diskless workstations and thin clients (using X2Go): $0 amd64 (64-bit) Thin client support only: $0 amd64 testing no (64-bit) Additional support for very old systems: $0 i386 testing no (32-bit) Applies to a system with two NICs inside the internal backbone network. Parameters: <arch> can be amd64 or i386. <dist> can be testing or sid. <diskless workstation> can be yes or no; default is yes. EOF exit 0 fi arch=$1 arch=${arch:-amd64} kernel_arch=$1 # dist applies only for thin client chroot setup. dist=$2 dist=${dist:-testing} dns_server=${dns_server:-10.0.2.2} diskless_workstation=$3 diskless_workstation=${diskless_workstation:-yes} if [ "i386" == "$arch" ] ; then #kernel_arch="686-pae" # next one optimal for very old TC machines w/o PAE. kernel_arch="686" fi # Two cases: buster and bullseye. if grep -q 10 /etc/debian_version ; then # First get ltsp 19.11 and install it manually (ltsp not available in Buster). if [ ! -x /usr/share/ltsp/ltsp ] ; then if [ ! -f ltsp_19.11-1_all.deb ] ; then wget http://ftp.debian.org/debian/pool/main/l/ltsp/ltsp_19.11-1_all.deb fi apt install ./ltsp_19.11-1_all.deb apt -yq install debootstrap dnsmasq x2goserver ipxe iptables net-tools nfs-kernel-server squashfs-tools fi else if [ ! -x /usr/share/ltsp/ltsp ] ; then apt -yq install ltsp debootstrap dnsmasq x2goserver ipxe iptables net-tools nfs-kernel-server squashfs-tools fi fi # Can't get name resolution working w/o this. apt -yq purge resolvconf # Common Debian Edu specific configuration (dirs and HERE documents), only minor # difference for thin and diskless (in ltsp.conf), see below. if [ ! -d /etc/ltsp/client ] ; then mkdir -p /etc/ltsp/client/init # Debian Edu uses LDAP/NFS/Kerberos (krb5i) instead of sshfs for home dirs. touch /etc/ltsp/client/init/54-pam.sh # Debian Edu wants a greeter w/o user list, i.e. don't modify existing config. touch /etc/ltsp/client/init/55-display-manager.sh # make ipxe menu entries more user friendly. cat <<EOF > /etc/ltsp/ltsp.conf # /bin/sh -n # LTSP configuration file # Documentation=man:ltsp.conf(5) # Provide a full menu name for thin/i386.img IPXE_I386_IMG="Thin Client (very old machines, 32-Bit)" # Provide a full menu name for thin/amd64.img IPXE_AMD64_IMG="Thin Client (64-Bit)" # Provide a full menu name for x86_64.img IPXE_X86_64_IMG="Diskless Workstation (64-Bit)" # Debian Edu specific DNS_SERVER=10.0.2.2 SEARCH_DOMAIN=intern # In the special [clients] section, parameters for all clients can be defined. # Most ltsp.conf parameters should be placed here. [clients] EOF # needed for thin client auto login user. mkdir -p /etc/ltsp/getty@tty1.service.d cat <<EOF > /etc/ltsp/getty@tty1.service.d/override.conf [Service] ExecStart= ExecStart=-/usr/sbin/agetty -a thin --noclear %I $TERM RestartSec=10 EOF # needed for thin client autofs setup. mkdir -p /etc/ltsp/autofs cat <<EOF > /etc/ltsp/autofs/extra.autofs /- /etc/auto.usb0 --mode=0777 --timeout=3 EOF cat <<EOF > /etc/ltsp/autofs/auto.usb0 /usb0 -fstype=auto,rw,user,umask=000 :/dev/sda1 EOF # needed for thin client auto login configuration (startx). mkdir -p /etc/ltsp/skel cat <<EOF > /etc/ltsp/skel/.profile while true ; do startx done EOF # needed for thin client auto login configuration (x2goclient start). cat <<EOF > /etc/ltsp/skel/.xinitrc exec x2goclient --no-menu --add-to-known-hosts --no-session-edit --close-disconnect EOF # needed for thin client x2goclient configuration. mkdir -p /etc/ltsp/skel/.x2goclient cat <<EOF > /etc/ltsp/skel/.x2goclient/printing [General] pdfview=false showdialog=true [CUPS] defaultprinter= [print] command=lpr ps=false startcmd=false stdin=false [view] command=xpdf open=true EOF # needed for thin client x2goclient configuration. cat <<EOF > /etc/ltsp/skel/.x2goclient/sessions [default] autologin=false clipboard=both command=XFCE defsndport=true directrdp=false directrdpsettings= directxdmcp=false directxdmcpsettings= display=1 dpi=96 export="/usb0:1;" fstunnel=true fullscreen=true height=600 host=$(hostname -s) icon=/usr/share/icons/hicolor/64x64/apps/x2goclient.png iconvfrom=ISO8859-1 iconvto=UTF-8 krbdelegation=false krblogin=false maxdim=false multidisp=false name=Debian Edu Thin Client pack=16m-jpeg print=true published=false quality=9 rootless=false setdpi=true sndport=4713 sound=true soundsystem=pulse soundtunnel=true speed=4 sshport=22 sshproxyautologin=false startsoundsystem=true type=auto useiconv=false usekbd=true usesshproxy=false width=800 xdmcpclient=Xnest xdmcpserver=localhost xinerama=false EOF # needed for thin client x2goclient configuration. cat <<EOF > /etc/ltsp/skel/.x2goclient/settings [toolbar] show=false EOF fi # setup thin client chroot if [ ! -d /opt/ltsp/thin/$arch/etc/ltsp ] ; then mkdir -p /opt/ltsp/thin/$arch debootstrap --arch=$arch --variant=minbase --include=locales,console-setup,linux-image-$kernel_arch,\ initramfs-tools,dbus-user-session,pulseaudio,xserver-xorg-core,xserver-xorg-input-all,xpdf,autofs,\ xserver-xorg-video-all,xinit,ltsp,x2goclient,openssh-server $dist /opt/ltsp/thin/$arch https://deb.debian.org/debian cp /etc/locale.gen /opt/ltsp/thin/$arch/etc/ cp /etc/default/locale /opt/ltsp/thin/$arch/etc/default chroot /opt/ltsp/thin/$arch/ locale-gen cp /etc/default/keyboard /opt/ltsp/thin/$arch/etc/default cp /etc/default/console-setup /opt/ltsp/thin/$arch/etc/default chroot /opt/ltsp/thin/$arch/ setupcon -k ltsp image /opt/ltsp/thin/$arch # Create a runtime user for x2go login terminal. cat <<EOF >> /etc/ltsp/ltsp.conf POST_INIT_THIN_USER='useradd -G disk -m -d /run/home/thin -k /etc/ltsp/skel -r thin' POST_INIT_SYSTEMD='mkdir /etc/systemd/system/getty@tty1.service.d && \ cp /etc/ltsp/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty1.service.d' POST_INIT_AUTOFS='cp /etc/ltsp/autofs/extra.autofs /etc/auto.master.d && \ cp /etc/ltsp/autofs/auto.* /etc' EOF ltsp initrd ltsp ipxe mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/$arch/ltsp.img sed -i '/POST_INIT/d' /etc/ltsp/ltsp.conf fi # generate image for diskless workstation if [ "yes" == "$diskless_workstation" ] ; then ltsp image / ltsp initrd ltsp ipxe mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/$(uname -m)/ltsp.img fi # ipxe menue edit sed -i 's#ltsp/ltsp.img#ltsp/${img}/ltsp.img#' /srv/tftp/ltsp/ltsp.ipxe ltsp nfs ltsp dnsmasq -d0 -p0 --dns-server="$dns_server" # use legacy network interfaces names if ! grep -q net.ifnames /etc/default/grub ; then sed -i 's/quiet/net.ifnames=0 quiet/' /etc/default/grub update-grub fi # tweak network interfaces file to match the use case cat <<EOF > /etc/network/interfaces auto eth0 iface eth0 inet dhcp post-up /usr/sbin/update-hostname-from-ip allow-hotplug eth1 iface eth1 inet static address 192.168.67.1 EOF
signature.asc
Description: PGP signature