This is an old revision of the document!
:: This whole process could probably streamlined into an x2go-tce.deb
Ideas:
During the time of Debian Wheezy being Debian's stable release, we started developing a new ThinClientEdition (TCE) - one that is based on Debian-Live and thus does no longer rely on NFS. Instead, the entire image is loaded into the RAM of the ThinClient machine.
The disadvantage is that your ThinClient now needs at least 1 GB of RAM (see below).
However, the huge advantage is that there no longer is a need for any high-availibility setup concerning NFS. All you need is an HTTP or FTP server with a dedicated IP, if you want to use netbooting. It is also possible to deploy the image to the ThinClient's local storage, if present, and have it update in the background. Also, making changes/updating the NFS-based TCE was rather finicky - with the current TCE, you build and deploy a new image every time you make a change, and you can test it on a single client without interrupting your production environment.
We've also received reports that the old NFS-based TCE wouldn't work with Jessie, or at least it was very hard to get it to work. Our current TCE works just fine with Jessie, and we expect it to work in Stretch and hopefully in Buster (Stretch+1) as well. The one catch is that the live-build package in Debian/the Debian-Live project is currently looking for a new maintainer - so there is a slim chance that live-build might be removed from Debian Buster, especially if no new maintainer steps up and the live-build replacement that is currently in the works contains all the required functionality of live-build by then.
sudo apt-get update
sudo apt-get install git-core lzma live-build live-config-doc live-manual-html live-boot-doc
# Point this to the git repository you wish to use export LBX2GO_CONFIG='http://git-server-and-project::branch' # Select ONE of the following LBX2GO_ARCH lines and comment out the others # (feel free to use long or short options) # for 64-Bit builds, use: # export LBX2GO_ARCH='-a amd64 -k amd64' # 32-Bit, larger memory footprint, but faster performance on i686 and newer # export LBX2GO_ARCH='-a i386 -k 686-pae' # 32-Bit, smallest memory footprint export LBX2GO_ARCH='--architectures i386 --linux-flavours 586' # These options are meant to reduce the image size. # Feel free to adapt them after consulting "man lb_config" export LBX2GO_SPACE='--checksums none --apt-indices none --cache false --win32-loader false --memtest none --firmware-binary false --initramfs-compression lzma' # These are default values that should not require tuning export LBX2GO_DEFAULTS='--initsystem sysvinit --security true --updates true --apt-recommends false --firmware-chroot true --backports true' export LBX2GO_ARCHIVE_AREAS="main contrib non-free"
Change to a directory where you want to save your builds, and run the following commands:
# Set everything up for netboot-image creation LBX2GO_IMAGETYPE='netboot' # Create Timestamp LBX2GO_TIMESTAMP=$(date +"%Y%m%d%H%M%S") # Set Directory name LBX2GO_TCEDIR=./live-build-x2go-$LBX2GO_TIMESTAMP if [ -z "$LBX2GO_ARCH" ] || [ -z "$LBX2GO_SPACE" ] || [ -z "$LBX2GO_CONFIG" ] || [ -z "$LBX2GO_DEFAULTS" ] || [ -z "$LBX2GO_IMAGETYPE" ] || [ -z "$LBX2GO_TIMESTAMP" ] || [ -z "$LBX2GO_ARCHIVE_AREAS" ]; then echo -e "One or more of the following variables is unset:" echo -e "LBX2GO_ARCH: '${LBX2GO_ARCH}'" echo -e "LBX2GO_SPACE: '${LBX2GO_SPACE}'" echo -e "LBX2GO_DEFAULTS: '${LBX2GO_DEFAULTS}'" echo -e "LBX2GO_CONFIG: '${LBX2GO_CONFIG}'" echo -e "LBX2GO_IMAGETYPE: '${LBX2GO_IMAGETYPE}'" echo -e "LBX2GO_TIMESTAMP: '${LBX2GO_TIMESTAMP}'" echo -e "LBX2GO_ARCHIVE_AREAS: '${LBX2GO_ARCHIVE_AREAS}'" echo -e "Please visit http://wiki.x2go.org/doku.php/doc:howto:tce" echo -e "and read up on the general prerequisites for X2Go-TCE" else # This will create a timestamped subdirectory for the build mkdir -p $LBX2GO_TCEDIR cd $LBX2GO_TCEDIR lb config $LBX2GO_ARCH $LBX2GO_SPACE $LBX2GO_DEFAULTS \ --config $LBX2GO_CONFIG --binary-images $LBX2GO_IMAGETYPE \ --archive-areas "$LBX2GO_ARCHIVE_AREAS" if lb build ; then echo -e "Build is done: '$LBX2GO_TCEDIR'" ln ./tftpboot/live/vmlinuz ./x2go-tce-vmlinuz ln ./tftpboot/live/initrd.img ./x2go-tce-initrd.img ln ./binary/live/filesystem.squashfs ./x2go-tce-filesystem.squashfs lb clean rm -rf ./cache else echo -e "Build failed: '$LBX2GO_TCEDIR'" fi cd .. fi
This is assuming you already have an existing, working PXE/TFTP and HTTP or FTP server setup.
Once you see the message “Build is done:”, go to the directory mentioned there, and copy x2go-tce-vmlinuz and x2go-tce-initrd.img to a suitable subdirectory under your TFTP root.
We suggest using ./x2go-tce.
cd $(mktemp -d) atftp your-tftp-server-ip-here tftp> get pxelinux.cfg/default tftp> get x2go-tce/x2go-tce-vmlinuz tftp> get x2go-tce/x2go-tce-initrd.img tftp> quit
Next, copy x2go-tce-filesystem.squashfs from the directory mentioned after “Build is done:” to a suitable subdirectory under your HTTP or FTP root.
We suggest using ./x2go-tce.
cd $(mktemp -d) wget -Y off http://your-http-server-ip-here/ wget -Y off http://your-http-server-ip-here/x2go-tce/x2go-tce-filesystem.squashfs
In case of an FTP URL, replace http with ftp in the example above.
Note that you MUST use an IP address. X2Go-TCE WILL NOT WORK with a DNS name, even though this test here will accept IPs and DNS names alike.
Again, this is assuming you already have an existing, working PXE/TFTP server setup.
DEFAULT x2go-tce PROMPT 0 MENU TITLE Linux Boot Menu MENU COLOR TITLE 1 #ffffff #000000 std MENU COLOR SEL 0 #ffffff #444444 std MENU COLOR TABMSG 0 #999933 #000000 std MENU COLOR UNSEL 0 #aaaaaa LABEL x2go-tce TIMEOUT 50 MENU LABEL X2Go-TCE KERNEL x2go-tce/vmlinuz APPEND initrd=x2go-tce/initrd.img boot=live components noswap aufs rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 vconsole.keymap=de kernel.sysrq=1 keep_bootcon sysrq_always_enabled rd.driver.pre=loop rd.noverifyssl rd.skipfsck rd.live.overlay.check rd.live.overlay.reset rd.live.ram log_buf_len=1M quickreboot lang=de locales=de_DE.UTF-8 keyboard-layouts=de consoleblank=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rootwait=120 silent quiet splash fetch=http://your-http-server-ip-here/x2go-tce/filesystem.squashfs FURTHER-OPTIONS-GO-HERE
These are always required for security reasons, unless you are working on a debug image:
noroot
- do not allow the local user account on the ThinClient (named “user”) to become root, e.g. using sudo always set this unless you are debugging an image and need to log in locallynouser
- do not allow the local user account on the ThinClient (named “user”) to log in at the console or remotely (using password “live”) always set this unless you are debugging an image and need to log in locallyThese two are mutually exclusive, i.e. never put both of them in the same config:
sessionsurl=http://your-http-server-ip-here/x2go-demo/x2go-tce.sessions
- use this to specify a sessions file. You need this unless you are using a session broker. See below how to add this file to your HTTP or FTP server.broker-url=ssh://your-broker-address-here
- this allows you to specify an X2Go Session Broker instead of a sessions file (not limited to an ssh-based broker, works with an http-based broker as well)These are entirely optional:
pubkey=http://your-http-server-ip-here/x2go-tce/x2go-tce.authorized_keys
- this allows you to add an ssh public key file to the ThinClient, so your administrators can log in remotely using SSHxorgconfurl=http://your-http-server-ip-here/x2go-tce/x2go-tce.xorg.conf
- when a client outright refuses to boot into the graphical X2Go login screen, but gets stuck at the console or a black screen instead, yet you can get the GUI to work using a regular Linux on the same hardware, you can disable the X Server's autodetection and force it to use the xorg.conf specified here. Note that you should use a more descriptive name for the file, as described below.xorg-resolution=HRESxVRES
- will force the horizontal resolution to HRES and the vertical resolution to VRES, e.g. xorg-resolution=1280×1024
, useful if autodetection for the correct screen size fails, but you do get as far as seeing the X2Go GUIldap=ldap.example.com:389:cn=cngoeshere,dc=example,dc=com
- this allows you to specify an LDAP server to authenticate againstldap1=ldap-backupserver-1.example.com:389
- this allows you to specify the first of up to two LDAP backup servers when using LDAP authenticationldap2=ldap-backupserver-2.example.com:389
- this allows you to specify the second of up to two LDAP backup servers when using LDAP authentication Again, this is assuming you already have an existing, working HTTP or FTP server setup.
Again, this is assuming you already have an existing, working HTTP or FTP server setup.
Again, this is assuming you already have an existing, working HTTP or FTP server setup.
Again, this is assuming you already have an existing, working PXE/TFTP server setup in place.
AA-BB-CC-DD-EE-FF
.01-AA-BB-CC-DD-EE-FF
(note the extra “01-” at the beginning) pointing to x2go-tce.ls -lah default
default-before-x2go-tce
default
that points to x2go-tce
AA-BB-CC-DD-EE-FF
.01-AA-BB-CC-DD-EE-FF
(note the extra “01-” at the beginning) pointing to x2go-tce-whatever-name-you-chose.