Re: next-generation LTSP landing in unstable

[Wolfgang Schweer <w.schweer@gmx.de>]

On Fri, Dec 06, 2019 at 08:37:54PM +0100, Wolfgang Schweer wrote:
> I ran: './setup_debian_edu_ltsp amd64' on a Debian Edu Buster 
> workstation followed by './setup_debian_edu_ltsp i386 testing no'.

The script is now named 'debian_edu_ltsp' because it could be integrated 
into the 'debian-edu-ltsp' script which is shipped with the 
debian-edu-config package and because now the case of a combined server 
is covered as well.

A workaround has been added to deal with disk partitioning recipies 
besides 'atomic' (LTSP issue #43).

TBD: Integrating the x2gothinclient minidesktop (once available)

The script has been tested to work inside a virtual Debian Edu Buster 
environment; more tests, esp. on real hardware are appreciated. Please 
don't test on production systems.

Some more information is contained in the script (attached).
 
Wolfgang

#!/bin/bash
#
# Turn a Debian Edu workstation into an LTSP server for both diskless
# workstations and thin clients (using X2Go).
# The configuration below applies to a Debian Edu workstation in the internal
# backbone network with two NICs. This system needs to be registered w/ GOSa².
# Also, kerberized NFS is needed, see:
# https://www/debian-edu-doc/en/debian-edu-buster-manual.html#Administration--Kerberized_NFS
# The modified system provides a separate LTSP client network (192.168.67.0/24)
# attached to eth1.
# In case of a combined server, for the time being the tftpd-hpa package needs
# to be reconfigured like this:
# #/etc/default/tftpd-hpa
#
# TFTP_USERNAME="tftp"
# TFTP_DIRECTORY="/srv/tftp"
# TFTP_ADDRESS="0.0.0.0:69"
# TFTP_OPTIONS="-s"
#
#
# Wolfgang Schweer <wschweer@arcor.de>, November 2019
#
# Revision 2019-12-10:
# - Add workaround for diskless workstation image generation (ltsp issue #43).
# - Configure diskless workstation image and settings conditionally for both a
#   combined server (profiles 'Main-Server','Workstation) and a Workstation.
# - Sound and USB mass storage support for thin clients.
# - Improve inline documentation.


set -e

# usage
if [ -z "$1"  ] ; then
	echo "Use $0 -h or $0 --help for more information"
	exit 0
fi

if [ "$1" = "-h" ] || [ "$1" = "--help" ] ; then
	cat <<EOF

Usage information:

$0 <arch> <dist> <diskless_workstation>

Turn a Debian Edu workstation into an LTSP server for both diskless
workstations and thin clients (using X2Go):

$0 amd64 (64-bit)

Thin client support only:
$0 amd64 testing no (64-bit)

Additional support for very old thin client systems:
$0 i386 testing no (32-bit)

Applies to a system with two NICs inside the internal backbone network.

Parameters:
<arch> can be amd64 or i386.
<dist> can be testing or sid.
<diskless_workstation> can be yes or no; default is yes.

EOF
	exit 0
fi

if [ -r /etc/debian-edu/config ] ; then
    . /etc/debian-edu/config
fi

arch=$1
arch=${arch:-amd64}
kernel_arch=$1
# Param dist applies only to thin client chroot setup.
dist=$2
dist=${dist:-testing}
dns_server=${dns_server:-10.0.2.2}
diskless_workstation=$3
diskless_workstation=${diskless_workstation:-yes}

if [ "i386" == "$arch" ] ; then
	#kernel_arch="686-pae"
	# next one optimal for very old TC machines w/o PAE.
	kernel_arch="686"
fi

# Two cases: buster and bullseye.
if grep -q 10 /etc/debian_version ; then
	# First get ltsp 19.11 and install it manually (ltsp not available in Buster).
	# FIXME this will soon be ltsp_19.12-1_all.deb
	if [ ! -x /usr/share/ltsp/ltsp ] ; then
		if [ ! -f ltsp_19.11-1_all.deb ] ; then
			wget http://ftp.debian.org/debian/pool/main/l/ltsp/ltsp_19.11-1_all.deb
		fi
		apt install -qy ./ltsp_19.11-1_all.deb
		apt -yq install debootstrap dnsmasq x2goserver ipxe iptables net-tools nfs-kernel-server squashfs-tools
	fi
else
	if  [ ! -x /usr/share/ltsp/ltsp ] ; then
		apt -yq install ltsp debootstrap dnsmasq x2goserver ipxe iptables net-tools nfs-kernel-server squashfs-tools
	fi
fi

# Can't get name resolution working w/o this.
apt -yq purge resolvconf

# Common Debian Edu specific configuration (dirs and HERE documents), only minor
# difference for thin and diskless (in ltsp.conf), see below.
if [ ! -d /etc/ltsp/client ] ; then
	mkdir -p /etc/ltsp/client/init
	# Debian Edu uses LDAP/NFS/Kerberos (krb5i) instead of sshfs for home dirs.
	touch  /etc/ltsp/client/init/54-pam.sh
	# Debian Edu wants a greeter w/o user list, i.e. don't modify existing config.
	touch  /etc/ltsp/client/init/55-display-manager.sh
	# make ipxe menu entries more user friendly.
	cat <<EOF > /etc/ltsp/ltsp.conf
# /bin/sh -n
# LTSP configuration file
# Documentation=man:ltsp.conf(5)

# Provide a full menu name for thin/i386.img
IPXE_I386_IMG="Thin Client (very old machines, 32-Bit)"

# Provide a full menu name for thin/amd64.img
IPXE_AMD64_IMG="Thin Client (64-Bit)"

# Provide a full menu name for x86_64.img
IPXE_X86_64_IMG="Diskless Workstation (64-Bit)"

# Debian Edu specific
DNS_SERVER=10.0.2.2
SEARCH_DOMAIN=intern

# In the special [clients] section, parameters for all clients can be defined.
# Most ltsp.conf parameters should be placed here.
[clients]
EOF
	# Debian Edu specific common additional image excludes; for diskless
	# workstations the /skole mountpoint (for autofs) needs to be clean.
	# This applies for both a combined server and 'a normal' LTSP server.
	# On a combined server the autofs service needs to be enabled (see below).
	if echo "$PROFILE" | egrep -q 'Workstation' ; then
		cat <<EOF > /etc/ltsp/image-local.excludes
skole/*
EOF
	fi
	# FIXME: On the main server even more additional excludes are possible.
	if echo "$PROFILE" | egrep -q 'Main-Server' ; then
		cat <<EOF >> /etc/ltsp/image-local.excludes
var/cache/apt
var/cache/debconf
var/cache/munin
var/cache/samba
var/spool/squid
EOF
	fi
	# Needed for thin client auto login user.
	mkdir -p /etc/ltsp/getty@tty1.service.d
	cat <<EOF > /etc/ltsp/getty@tty1.service.d/override.conf
[Service]
ExecStart=
ExecStart=-/usr/sbin/agetty -a thin --noclear %I $TERM
RestartSec=10
EOF
	# Needed for thin client autofs setup (USB mass storage support (rw mode).
	mkdir -p /etc/ltsp/autofs
	cat <<EOF > /etc/ltsp/autofs/extra.autofs
/- /etc/auto.usb0 --mode=0777 --timeout=3
EOF
	cat <<EOF > /etc/ltsp/autofs/auto.usb0
/usb0 -fstype=auto,rw,user,umask=000 :/dev/sda1
EOF
	# Needed for thin client auto login configuration (startx).
	mkdir -p /etc/ltsp/skel
	cat <<EOF > /etc/ltsp/skel/.profile
while true ; do
	startx
done
EOF
	# Needed for thin client auto login configuration (x2goclient start).
	cat <<EOF > /etc/ltsp/skel/.xinitrc
exec x2goclient --no-menu --add-to-known-hosts --no-session-edit --close-disconnect
EOF
	# Needed for thin client x2goclient configuration.
	mkdir -p /etc/ltsp/skel/.x2goclient
	cat <<EOF > /etc/ltsp/skel/.x2goclient/printing
[General]
pdfview=false
showdialog=true

[CUPS]
defaultprinter=

[print]
command=lpr
ps=false
startcmd=false
stdin=false

[view]
command=xpdf
open=true
EOF
	# Needed for thin client x2goclient configuration.
	cat <<EOF > /etc/ltsp/skel/.x2goclient/sessions
[default]
autologin=false
clipboard=both
command=XFCE
defsndport=true
directrdp=false
directrdpsettings=
directxdmcp=false
directxdmcpsettings=
display=1
dpi=96
export="/usb0:1;"
fstunnel=true
fullscreen=true
height=600
host=$(hostname -s)
icon=/usr/share/icons/hicolor/64x64/apps/x2goclient.png
iconvfrom=ISO8859-1
iconvto=UTF-8
krbdelegation=false
krblogin=false
maxdim=false
multidisp=false
name=Debian Edu Thin Client
pack=16m-jpeg
print=true
published=false
quality=9
rootless=false
setdpi=true
sndport=4713
sound=true
soundsystem=pulse
soundtunnel=true
speed=4
sshport=22
sshproxyautologin=false
startsoundsystem=true
type=auto
useiconv=false
usekbd=true
usesshproxy=false
width=800
xdmcpclient=Xnest
xdmcpserver=localhost
xinerama=false
EOF
	# Needed for thin client x2goclient configuration.
	cat <<EOF > /etc/ltsp/skel/.x2goclient/settings
[toolbar]
show=false
EOF
fi

# Setup thin client chroot.
if [ ! -d /opt/ltsp/thin/$arch/etc/ltsp ] ; then
	mkdir -p /opt/ltsp/thin/$arch
debootstrap --arch=$arch --variant=minbase --include=locales,console-setup,linux-image-$kernel_arch,\
initramfs-tools,dbus-user-session,pulseaudio,xserver-xorg-core,xserver-xorg-input-all,xpdf,autofs,\
xserver-xorg-video-all,xinit,ltsp,x2goclient,openssh-server $dist /opt/ltsp/thin/$arch https://deb.debian.org/debian
	cp /etc/locale.gen /opt/ltsp/thin/$arch/etc/
	cp /etc/default/locale /opt/ltsp/thin/$arch/etc/default
	chroot /opt/ltsp/thin/$arch/ locale-gen
	cp /etc/default/keyboard /opt/ltsp/thin/$arch/etc/default
	cp /etc/default/console-setup /opt/ltsp/thin/$arch/etc/default
	chroot /opt/ltsp/thin/$arch/ setupcon -k
	ltsp image /opt/ltsp/thin/$arch
	# Create a runtime user for x2go login terminal; configure autofs (USB storage support).
	cat <<EOF >> /etc/ltsp/ltsp.conf
POST_INIT_THIN_USER='useradd -G disk -m -d /run/home/thin -k /etc/ltsp/skel -r thin'

POST_INIT_SYSTEMD='mkdir /etc/systemd/system/getty@tty1.service.d && \
cp /etc/ltsp/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty1.service.d'

POST_INIT_AUTOFS='cp /etc/ltsp/autofs/extra.autofs /etc/auto.master.d && \
cp /etc/ltsp/autofs/auto.* /etc'
EOF
	ltsp initrd
	ltsp ipxe
	mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/$arch/ltsp.img
	sed -i '/POST_INIT/d' /etc/ltsp/ltsp.conf
fi

# Generate image for diskless workstation.
if [ "yes" == "$diskless_workstation"  ] ; then
	if echo "$PROFILE" | egrep -q 'Main-Server' ; then
	cat <<EOF >> /etc/ltsp/ltsp.conf
# The image is copy of the main server's fs w/ autofs disabled, but needed for diskless ws.
PRE_INIT_MAIN_SERVER="systemctl enable autofs"
# Disable main server specific services.
MASK_SYSTEM_SERVICES="apache2 bind9 cups dovecot etckeeper exim4 squid tftpd-hpa \
icinga nmbd smbd systemd-journald"
EOF
	fi
	# ltsp image /

	# begin workaround for 'ltsp image /' (which only works for 'atomic' partitioning).
	# see: https://github.com/ltsp/ltsp/issues/105 and
	# https://github.com/ltsp/ltsp/issues/43
	cp /usr/share/ltsp/server/image/image.excludes /tmp/excludes
	if [ -f /etc/ltsp/image-local.excludes ] ; then
		cat /etc/ltsp/image-local.excludes >> /tmp/excludes
	fi
	mksquashfs / /srv/ltsp/images/$(uname -m).img -noappend -wildcards -ef /tmp/excludes
	rm /tmp/excludes
	ltsp kernel
	# end workaround.

	ltsp initrd
	ltsp ipxe
	mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/$(uname -m)/ltsp.img
fi

# ipxe menue edit
sed -i 's#ltsp/ltsp.img#ltsp/${img}/ltsp.img#' /srv/tftp/ltsp/ltsp.ipxe

# Get rid of additional excludes just in case they exist (main server).
rm -rf /etc/ltsp/image-local.excludes

# Use legacy network interfaces names.
if ! grep -q net.ifnames /etc/default/grub ; then
    sed -i 's/quiet/net.ifnames=0 quiet/' /etc/default/grub
    update-grub
fi

# Tweak network interfaces file to match the use case.
if echo "$PROFILE" | egrep -q 'Main-Server' ; then
	cat <<EOF > /etc/network/interfaces
auto eth0
iface eth0 inet static
	address 10.0.2.2
	gateway 10.0.0.1

allow-hotplug eth1
iface eth1 inet static
	address 192.168.67.1
EOF
	else
	cat <<EOF > /etc/network/interfaces
auto eth0
iface eth0 inet dhcp
	post-up /usr/sbin/update-hostname-from-ip

allow-hotplug eth1
iface eth1 inet static
	address 192.168.67.1
EOF
fi

# FIXME (use always tftpd-hpa?) Configure NFS and dnsmasq conditionally.
ltsp nfs

if echo "$PROFILE" | egrep -q 'Main-Server' ; then
	ltsp dnsmasq -d0 -p0 -t0 --dns-server="$dns_server"
else
	ltsp dnsmasq -d0 -p0 --dns-server="$dns_server"
fi

Attachment: signature.asc
Description: PGP signature