On Sun, Dec 01, 2019 at 04:48:03PM +0000, Mike Gabriel wrote: > I dearly recommend having a proper DM between system boot and session > start. Yes, might be better. > I will bring the x2gothinclient src:pkg to Debian unstable within the > next week. Once we have that, thin client functionality should be > fully covered as a combination of ltsp + x2gothinclient-minidesktop. > The minidesktop uses LightDMs auto-login feature... Nice, looking forward to it. In the meantime I tried to get a bit into the new ltsp and I can come up with a script (setup_debian_edu_ltsp) that turns a Debian Edu Buster (or Bullseye) workstation with two network interfaces into an LTSP server with support for both Diskless Workstations and Thin Clients. Requirements: Moved to kerberized NFS inside the Debian Edu backbone network, workstation added to LDAP using GOSa². The Debian Edu Buster manual contains an explanation how to setup kerberized NFS, see: https://wiki.debian.org/DebianEdu/Documentation/Buster/HowTo/Administration#Kerberized_NFS I ran: './setup_debian_edu_ltsp amd64' on a Debian Edu Buster workstation followed by './setup_debian_edu_ltsp i386 testing no'. The generated iPXE boot menu looks like this: https://edu.schweer-online.de/edu-ltsp_menu.png All three options have been tested inside a virtual network. It would be nice if someone could test this approach inside a real world deployment. Script attached (which contains configuration as HERE documents and a bit documentation). Wolfgang
#!/bin/bash
#
# Turn a Debian Edu workstation into an LTSP server for diskless workstations
# (and thin clients using X2Go).
# The configuration below applies to a Debian Edu workstation in the internal
# backbone network with two NICs. The system needs to be configured w/ GOSa². Also,
# kerberized NFS is needed, see:
# https://www/debian-edu-doc/en/debian-edu-buster-manual.html#Administration--Kerberized_NFS
# The modified system provides a separate LTSP client network (192.168.67.0/24) attached to eth1.
#
# Wolfgang Schweer <wschweer@arcor.de>, November 2019
set -e
# usage
if [ -z "$1" ] ; then
echo "Use $0 -h or $0 --help for more information"
exit 0
fi
if [ "$1" = "-h" ] || [ "$1" = "--help" ] ; then
cat <<EOF
Usage information:
$0 <arch> <dist> <diskless_workstation>
Turn a Debian Edu workstation into an LTSP server for both diskless
workstations and thin clients (using X2Go):
$0 amd64 (64-bit)
Thin client support only:
$0 amd64 testing no (64-bit)
Additional support for very old systems:
$0 i386 testing no (32-bit)
Applies to a system with two NICs inside the internal backbone network.
Parameters:
<arch> can be amd64 or i386.
<dist> can be testing or sid.
<diskless workstation> can be yes or no; default is yes.
EOF
exit 0
fi
arch=$1
arch=${arch:-amd64}
kernel_arch=$1
# dist applies only for thin client chroot setup.
dist=$2
dist=${dist:-testing}
dns_server=${dns_server:-10.0.2.2}
diskless_workstation=$3
diskless_workstation=${diskless_workstation:-yes}
if [ "i386" == "$arch" ] ; then
#kernel_arch="686-pae"
# next one optimal for very old TC machines w/o PAE.
kernel_arch="686"
fi
# Two cases: buster and bullseye.
if grep -q 10 /etc/debian_version ; then
# First get ltsp 19.11 and install it manually (ltsp not available in Buster).
if [ ! -x /usr/share/ltsp/ltsp ] ; then
if [ ! -f ltsp_19.11-1_all.deb ] ; then
wget http://ftp.debian.org/debian/pool/main/l/ltsp/ltsp_19.11-1_all.deb
fi
apt install ./ltsp_19.11-1_all.deb
apt -yq install debootstrap dnsmasq x2goserver ipxe iptables net-tools nfs-kernel-server squashfs-tools
fi
else
if [ ! -x /usr/share/ltsp/ltsp ] ; then
apt -yq install ltsp debootstrap dnsmasq x2goserver ipxe iptables net-tools nfs-kernel-server squashfs-tools
fi
fi
# Can't get name resolution working w/o this.
apt -yq purge resolvconf
# Common Debian Edu specific configuration (dirs and HERE documents), only minor
# difference for thin and diskless (in ltsp.conf), see below.
if [ ! -d /etc/ltsp/client ] ; then
mkdir -p /etc/ltsp/client/init
# Debian Edu uses LDAP/NFS/Kerberos (krb5i) instead of sshfs for home dirs.
touch /etc/ltsp/client/init/54-pam.sh
# Debian Edu wants a greeter w/o user list, i.e. don't modify existing config.
touch /etc/ltsp/client/init/55-display-manager.sh
# make ipxe menu entries more user friendly.
cat <<EOF > /etc/ltsp/ltsp.conf
# /bin/sh -n
# LTSP configuration file
# Documentation=man:ltsp.conf(5)
# Provide a full menu name for thin/i386.img
IPXE_I386_IMG="Thin Client (very old machines, 32-Bit)"
# Provide a full menu name for thin/amd64.img
IPXE_AMD64_IMG="Thin Client (64-Bit)"
# Provide a full menu name for x86_64.img
IPXE_X86_64_IMG="Diskless Workstation (64-Bit)"
# Debian Edu specific
DNS_SERVER=10.0.2.2
SEARCH_DOMAIN=intern
# In the special [clients] section, parameters for all clients can be defined.
# Most ltsp.conf parameters should be placed here.
[clients]
EOF
# needed for thin client auto login user.
mkdir -p /etc/ltsp/getty@tty1.service.d
cat <<EOF > /etc/ltsp/getty@tty1.service.d/override.conf
[Service]
ExecStart=
ExecStart=-/usr/sbin/agetty -a thin --noclear %I $TERM
RestartSec=10
EOF
# needed for thin client autofs setup.
mkdir -p /etc/ltsp/autofs
cat <<EOF > /etc/ltsp/autofs/extra.autofs
/- /etc/auto.usb0 --mode=0777 --timeout=3
EOF
cat <<EOF > /etc/ltsp/autofs/auto.usb0
/usb0 -fstype=auto,rw,user,umask=000 :/dev/sda1
EOF
# needed for thin client auto login configuration (startx).
mkdir -p /etc/ltsp/skel
cat <<EOF > /etc/ltsp/skel/.profile
while true ; do
startx
done
EOF
# needed for thin client auto login configuration (x2goclient start).
cat <<EOF > /etc/ltsp/skel/.xinitrc
exec x2goclient --no-menu --add-to-known-hosts --no-session-edit --close-disconnect
EOF
# needed for thin client x2goclient configuration.
mkdir -p /etc/ltsp/skel/.x2goclient
cat <<EOF > /etc/ltsp/skel/.x2goclient/printing
[General]
pdfview=false
showdialog=true
[CUPS]
defaultprinter=
[print]
command=lpr
ps=false
startcmd=false
stdin=false
[view]
command=xpdf
open=true
EOF
# needed for thin client x2goclient configuration.
cat <<EOF > /etc/ltsp/skel/.x2goclient/sessions
[default]
autologin=false
clipboard=both
command=XFCE
defsndport=true
directrdp=false
directrdpsettings=
directxdmcp=false
directxdmcpsettings=
display=1
dpi=96
export="/usb0:1;"
fstunnel=true
fullscreen=true
height=600
host=$(hostname -s)
icon=/usr/share/icons/hicolor/64x64/apps/x2goclient.png
iconvfrom=ISO8859-1
iconvto=UTF-8
krbdelegation=false
krblogin=false
maxdim=false
multidisp=false
name=Debian Edu Thin Client
pack=16m-jpeg
print=true
published=false
quality=9
rootless=false
setdpi=true
sndport=4713
sound=true
soundsystem=pulse
soundtunnel=true
speed=4
sshport=22
sshproxyautologin=false
startsoundsystem=true
type=auto
useiconv=false
usekbd=true
usesshproxy=false
width=800
xdmcpclient=Xnest
xdmcpserver=localhost
xinerama=false
EOF
# needed for thin client x2goclient configuration.
cat <<EOF > /etc/ltsp/skel/.x2goclient/settings
[toolbar]
show=false
EOF
fi
# setup thin client chroot
if [ ! -d /opt/ltsp/thin/$arch/etc/ltsp ] ; then
mkdir -p /opt/ltsp/thin/$arch
debootstrap --arch=$arch --variant=minbase --include=locales,console-setup,linux-image-$kernel_arch,\
initramfs-tools,dbus-user-session,pulseaudio,xserver-xorg-core,xserver-xorg-input-all,xpdf,autofs,\
xserver-xorg-video-all,xinit,ltsp,x2goclient,openssh-server $dist /opt/ltsp/thin/$arch https://deb.debian.org/debian
cp /etc/locale.gen /opt/ltsp/thin/$arch/etc/
cp /etc/default/locale /opt/ltsp/thin/$arch/etc/default
chroot /opt/ltsp/thin/$arch/ locale-gen
cp /etc/default/keyboard /opt/ltsp/thin/$arch/etc/default
cp /etc/default/console-setup /opt/ltsp/thin/$arch/etc/default
chroot /opt/ltsp/thin/$arch/ setupcon -k
ltsp image /opt/ltsp/thin/$arch
# Create a runtime user for x2go login terminal.
cat <<EOF >> /etc/ltsp/ltsp.conf
POST_INIT_THIN_USER='useradd -G disk -m -d /run/home/thin -k /etc/ltsp/skel -r thin'
POST_INIT_SYSTEMD='mkdir /etc/systemd/system/getty@tty1.service.d && \
cp /etc/ltsp/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty1.service.d'
POST_INIT_AUTOFS='cp /etc/ltsp/autofs/extra.autofs /etc/auto.master.d && \
cp /etc/ltsp/autofs/auto.* /etc'
EOF
ltsp initrd
ltsp ipxe
mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/$arch/ltsp.img
sed -i '/POST_INIT/d' /etc/ltsp/ltsp.conf
fi
# generate image for diskless workstation
if [ "yes" == "$diskless_workstation" ] ; then
ltsp image /
ltsp initrd
ltsp ipxe
mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/$(uname -m)/ltsp.img
fi
# ipxe menue edit
sed -i 's#ltsp/ltsp.img#ltsp/${img}/ltsp.img#' /srv/tftp/ltsp/ltsp.ipxe
ltsp nfs
ltsp dnsmasq -d0 -p0 --dns-server="$dns_server"
# use legacy network interfaces names
if ! grep -q net.ifnames /etc/default/grub ; then
sed -i 's/quiet/net.ifnames=0 quiet/' /etc/default/grub
update-grub
fi
# tweak network interfaces file to match the use case
cat <<EOF > /etc/network/interfaces
auto eth0
iface eth0 inet dhcp
post-up /usr/sbin/update-hostname-from-ip
allow-hotplug eth1
iface eth1 inet static
address 192.168.67.1
EOF
Attachment:
signature.asc
Description: PGP signature