This is an old revision of the document!
During the time of Debian Wheezy being Debian's stable release, we started developing a new ThinClientEdition (TCE) - one that is based on Debian-Live and thus does no longer rely on NFS. Instead, the entire image is loaded into the RAM of the ThinClient machine.
The disadvantage is that your ThinClient now needs at least 1 GB of RAM (see below).
However, the huge advantage is that there no longer is a need for any high-availibility setup concerning NFS. All you need is an HTTP (HTTPS optional for later stages) or FTP server with a dedicated IP, if you want to use netbooting. It is also possible to deploy the image to the ThinClient's local storage, if present, and have it update in the background. Besides, making changes/updating the NFS-based TCE was rather finicky - with the current TCE, you build and deploy a new image every time you make a change, and you can test it on a single client without interrupting your production environment. The “local storage” feature can also be used to create a portable version of both X2Go-TCE and X2goClient for Windows, sharing the same configuration, on CD/DVD/USB media.
We've also received reports that the old NFS-based TCE wouldn't work with Jessie, or at least it was very hard to get it to work. Our current TCE works just fine with Jessie, and we expect it to work in Stretch and hopefully in Buster (Stretch+1) as well. The one catch is that the live-build package in Debian/the Debian-Live project is currently looking for a new maintainer - so there is a slim chance that live-build might be removed from Debian Buster, especially if no new maintainer steps up and the live-build replacement that is currently in the works (called live-wrapper) contains all the required functionality of live-build by then.
sudo apt-get update
sudo apt-get install genisoimage git-core live-build live-config-doc live-manual-html live-boot-doc
# Select ONE of the following git reposities # this one loosely corresponds to "stable" export LBX2GO_CONFIG='git://code.x2go.org/live-build-x2go.git::feature/openbox' # this one loosely corresponds to "heuler" #export LBX2GO_CONFIG='https://github.com/LinuxHaus/live-build-x2go::feature/openbox' # Select ONE of the following LBX2GO_ARCH lines and comment out the others # (feel free to use long or short options) # for 64-Bit builds, use: # export LBX2GO_ARCH='-a amd64 -k amd64' # 32-Bit, larger memory footprint, but faster performance on i686 and newer # export LBX2GO_ARCH='-a i386 -k 686-pae' # 32-Bit, smallest memory footprint export LBX2GO_ARCH='--architectures i386 --linux-flavours 586' # These options are meant to reduce the image size. # Feel free to adapt them after consulting "man lb_config" export LBX2GO_SPACE='--apt-indices none --apt-recommends true --cache false --checksums none --firmware-binary false --memtest none --win32-loader false' # Note: you can safely set "--apt-recommends false" if # you are using the github.com/LinuxHaus/ repository # The official repository will follow soon. # These are default values that should not require tuning export LBX2GO_DEFAULTS='--backports true --firmware-chroot true --initsystem sysvinit --security true --updates true' export LBX2GO_ARCHIVE_AREAS="main contrib non-free" # Select ONE of the following LBX2GO_IMAGETYPE lines and comment out the others # to create an iso image: # export LBX2GO_IMAGETYPE='iso' # to create an iso image that can also be dd'ed to USB media: # export LBX2GO_IMAGETYPE='iso-hybrid' # to create a netboot-image: export LBX2GO_IMAGETYPE='netboot' # NOT RECOMMENDED: # to create an image that can be written to a hard disk (always results # in a "build failed" message, even though the build might have worked): # export LBX2GO_IMAGETYPE='hdd' # to create a tar file only (seems to be broken in live-build): # export LBX2GO_IMAGETYPE='tar'
Change to a directory where you want to save your builds, and run the following commands:
# Create Timestamp LBX2GO_TIMESTAMP=$(date +"%Y%m%d%H%M%S") # Set Directory name LBX2GO_TCEDIR=./live-build-x2go-$LBX2GO_TIMESTAMP if [ -z "$LBX2GO_ARCH" ] || [ -z "$LBX2GO_SPACE" ] || [ -z "$LBX2GO_CONFIG" ] || [ -z "$LBX2GO_DEFAULTS" ] || [ -z "$LBX2GO_IMAGETYPE" ] || [ -z "$LBX2GO_TIMESTAMP" ] || [ -z "$LBX2GO_ARCHIVE_AREAS" ]; then echo -e "One or more of the following variables is unset:" echo -e "LBX2GO_ARCH: '${LBX2GO_ARCH}'" echo -e "LBX2GO_SPACE: '${LBX2GO_SPACE}'" echo -e "LBX2GO_DEFAULTS: '${LBX2GO_DEFAULTS}'" echo -e "LBX2GO_CONFIG: '${LBX2GO_CONFIG}'" echo -e "LBX2GO_IMAGETYPE: '${LBX2GO_IMAGETYPE}'" echo -e "LBX2GO_TIMESTAMP: '${LBX2GO_TIMESTAMP}'" echo -e "LBX2GO_ARCHIVE_AREAS: '${LBX2GO_ARCHIVE_AREAS}'" echo -e "Please visit http://wiki.x2go.org/doku.php/doc:howto:tce" echo -e "and read up on the general prerequisites for X2Go-TCE" else # This will create a timestamped subdirectory for the build mkdir -p $LBX2GO_TCEDIR cd $LBX2GO_TCEDIR lb config $LBX2GO_ARCH $LBX2GO_SPACE $LBX2GO_DEFAULTS \ --config $LBX2GO_CONFIG --binary-images $LBX2GO_IMAGETYPE \ --archive-areas "$LBX2GO_ARCHIVE_AREAS" if lb build ; then echo -e "Build is done: '$LBX2GO_TCEDIR'" ln ./binary/live/filesystem.squashfs ./x2go-tce-filesystem.squashfs if [ "$LBX2GO_IMAGETYPE" = "netboot" ] ; then ln ./tftpboot/live/vmlinuz ./x2go-tce-vmlinuz ln ./tftpboot/live/initrd.img ./x2go-tce-initrd.img fi if [ "$LBX2GO_IMAGETYPE" = "iso" ] || [ "$LBX2GO_IMAGETYPE" = "iso-hybrid" ] ; then ln ./binary/live/vmlinuz ./x2go-tce-vmlinuz ln ./binary/live/initrd.img ./x2go-tce-initrd.img genisoimage -o ./x2go-tce-squashfs-only.iso -R -J -graft-points live/filesystem.squashfs=./binary/live/filesystem.squashfs ln ./live-image-i386.hybrid.iso ./original-x2go-tce-live-image-i386.hybrid.iso mv ./x2go-tce-filesystem.squashfs ./original-x2go-tce-filesystem.squashfs fi lb clean rm -rf ./cache else # note that imagetype hdd always ends here, # due to a harmless error that can be safely ignored, but which sets the error code to != 0 echo -e "Build failed: '$LBX2GO_TCEDIR'" fi cd .. fi
fetch=
command. This is untested.export LBX2GO_IMAGETYPE='netboot
' (this should be the default)This is assuming you already have an existing, working PXE/TFTP and HTTP (with optional HTTPS) or FTP server setup.
Once you see the message “Build is done:”, go to the directory mentioned there, and copy x2go-tce-vmlinuz and x2go-tce-initrd.img to a suitable subdirectory under your TFTP root.
We suggest using ./x2go-tce.
cd $(mktemp -d) atftp your-tftp-server-ip-here tftp> get pxelinux.cfg/default tftp> get x2go-tce/x2go-tce-vmlinuz tftp> get x2go-tce/x2go-tce-initrd.img tftp> quit
Next, copy x2go-tce-filesystem.squashfs from the directory mentioned after “Build is done:” to a suitable subdirectory under your HTTP, HTTPS, or FTP root.
We suggest using ./x2go-tce.
cd $(mktemp -d) wget -Y off http://your-http-server-ip-here/ wget -Y off http://your-http-server-ip-here/x2go-tce/x2go-tce-filesystem.squashfs
In case of an FTP URL, replace http with ftp in the example above. Same goes for https when trying to get that to work.
Note that you MUST use an IP address. X2Go-TCE WILL NOT WORK with a DNS name, even though this test here will accept IPs and DNS names alike. The only exception is when a template actually spells out that you should input a DNS name.
Again, this is assuming you already have an existing, working PXE/TFTP server setup.
hostname=localhost
as shown above.
If you remove hostname=localhost
entirely, all thin clients will share the hostname debian
, which is the Debian-Live default host name. Similarly, if you set hostname=someothervalue
, all thin clients booting this configuration will share the hostname someothervalue
.
DEFAULT x2go-tce PROMPT 0 MENU TITLE Linux Boot Menu MENU COLOR TITLE 1 #ffffff #000000 std MENU COLOR SEL 0 #ffffff #444444 std MENU COLOR TABMSG 0 #999933 #000000 std MENU COLOR UNSEL 0 #aaaaaa LABEL x2go-tce TIMEOUT 50 MENU LABEL X2Go-TCE KERNEL x2go-tce/vmlinuz APPEND initrd=x2go-tce/initrd.img boot=live components noswap aufs rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rd.driver.pre=loop rd.noverifyssl rd.skipfsck rd.live.overlay.check rd.live.overlay.reset rd.live.ram log_buf_len=1M quickreboot consoleblank=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rootwait=120 silent quiet splash lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 hostname=localhost noroot nouser fetch=http://your-http-server-ip-here/x2go-tce/x2go-tce-filesystem.squashfs FURTHER-OPTIONS-GO-HERE
noroot
- do not allow the local user account on the ThinClient (named “user”) to become root, e.g. using sudo Always set this unless you are debugging an image and need to log in locally!nouser
- do not allow the local user account on the ThinClient (named “user”) to log in at the console or remotely (using password “live”) Always set this unless you are debugging an image and need to log in locally!These two are mutually exclusive, i.e. never put both of them in the same config:
sessionsurl=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce.sessions
- use this to specify a sessions file. You need this unless you are using a session broker. See below for how to add this file to your HTTP, HTTPS, or FTP server. Note that whoever manages to spoof the server name can inject rogue session config files into your ThinClients. To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.broker-url=ssh://your-broker-address-here
- this allows you to specify an X2Go Session Broker instead of a sessions file (not limited to an ssh-based broker, works with an http-based broker as well)These are entirely optional:
xorg-resolution=HRESxVRES
- will force the horizontal resolution to HRES and the vertical resolution to VRES, e.g. xorg-resolution=1280×1024
, useful if autodetection for the correct screen size fails, but you do get as far as seeing the X2Go GUIxorgconfurl=tftp|http|https|ftp://your-http-server-ip-here/x2go-tce/x2go-tce.xorg.conf
- when a client outright refuses to boot into the graphical X2Go login screen, but gets stuck at the console or a black screen instead, yet you can get the GUI to work using a regular Linux on the same hardware, you can disable the X Server's autodetection and force it to use the xorg.conf specified here. Note that you should use a more descriptive name for the file, as described below. Also note that whoever manages to spoof the server name can inject rogue xorg config files into your ThinClients. To mitigate this risk, use HTTPS, where the attacker would have to spoof both server name and matching certificate.pubkey=tftp|http|https|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce.authorized_keys
- Allows you to add an ssh public key file to the ThinClient, so your administrators can log in remotely using SSH. Note that this file needs to be chmodded 644, not 600, on the web server. Attention: Whoever manages to spoof this server name will have root access to your ThinClients. Using HTTPS will mitigate this - an attacker would not only have to spoof the server name, but also the matching certificate.xinerama=left-of|right-of|above|below|same-as
- Allows you to specify how multiple screens are handled (same-as clones the primary screen to all secondary screens, the other commands will cascade and thus expand the screen). Note that the current implementation will enforce “same-as” if it detects a touch screen driver (wacom) and no other pointing device. This is so you won't get stuck being unable to log off, for example, due to your touch device being limited to one screen.ldap=ldap.example.com:389:cn=cngoeshere,dc=example,dc=com
- this allows you to specify an LDAP server to authenticate againstldap1=ldap-backupserver-1.example.com:389
- this allows you to specify the first of up to two LDAP backup servers when using LDAP authenticationldap2=ldap-backupserver-2.example.com:389
- this allows you to specify the second of up to two LDAP backup servers when using LDAP authentication These are not yet implemented, but planned for a future release:
blank=n|n:n:n
- Will disable (blank=0
) or set screensaver timeout. Use blank=n:n:n
to set DPMS Standby/Suspend/Off values. Standby value equals screensaver timeout value. All values are given in seconds.nodpms
- Will not touch DPMS settings at all (by default, blank=0
does both xset s off
and xset -dpms
). Use this along with blank=n
if you do want to blank the screen, but your screen is confused by DPMS settings.tcpprint
- Will allow you to use local LPT/USB printers like “dumb” network printers (listening to port 9100 and above). Requires MAC→IP mapping in DHCP server (and optionally, DNS→IP mapping), or static IPs - else your print jobs will end up on random devices. This setup is preferred over the X2GoClient's built-in printing for locally attached printers if X2GoServer and ThinClients are on the same network. It is not recommended when your X2Go connection goes across the internet or when the ThinClient is actually a laptop roaming between different networks. Attention: When used without tcpprintonlyfrom
(see below), this means anyone that can reach your thin client via e.g. ping can also send print jobs to it! tcpprintonlyfrom=x.x.x.x
- Will allow you to specify which IP address may connect to Port 9100 and above for printing to a locally attached LPT/USB printer. This should be the IP of your CUPS server or whatever print server system you use. Understands the same syntax as xinetd's only_from
. These are not yet implemented, but planned for a future release, and only intended to be used with TCE images stored on local media:
updateurl=rsync|https|http|ftp://your-http-server-ip-or-dns-here/path-to-update-files
- Will allow you to update an image in the background when using local storage instead of PXE. Download task will start at a randomized interval to avoid unintentional dDOSing of the update server/network infrastructure. The updater will even work when using NTFS for local storage, but only if the toram boot option is used. Regardless of NTFS or not, the updater requires three directories: /boot/live1, /boot/live2, /boot/live-download
Attention: Whoever manages to spoof the server name can deploy rogue images to your ThinClients. Even though it is slower, using an HTTPS web server is the safer way of doing this. Be sure that your web server delivers a last-modified header for all files. updatesleep=nnnnn
- Will allow you to specify the upper limit (in seconds) of the update timer's randomizer. Allowed range for upper limit: 240-32767. Will default to 900 if unset or set to an out-of-range value. Lower limit is fixed at 120 seconds.bwlimit=nnn
- Will allow you to specify a bandwidth limit (valid values: 1-100) in percent for the backgrounded update task.ntfs-uuid=
- Will be required for updating images stored on NTFS filesystems. Full UUID as shown under /dev/disk/by-uuid/ is preferred, but can work with the volume serial number shown in the output of “vol c:” as well.Again, this is assuming you already have an existing, working HTTP or FTP server setup.
Again, this is assuming you already have an existing, working HTTP or FTP server setup.
Again, this is assuming you already have an existing, working HTTP or FTP server setup.
Again, this is assuming you already have an existing, working PXE/TFTP server setup in place.
AA-BB-CC-DD-EE-FF
.01-AA-BB-CC-DD-EE-FF
(note the extra “01-” at the beginning) pointing to x2go-tce.ls -lah default
default-before-x2go-tce
default
that points to x2go-tce
AA-BB-CC-DD-EE-FF
.01-AA-BB-CC-DD-EE-FF
(note the extra “01-” at the beginning) pointing to x2go-tce-whatever-name-you-chose.This page is missing a section/subpage that explains how to use the content of the tar file located in the build directory if no PXE/TFTP/HTTP server is present yet.
Basically, debian-live/live/filesystem.squashfs becomes (webroot)/x2go-tce/x2go-tce-filesystem.squashfs and everything from tftpboot/ goes into the TFTP root directory. After that, one should proceed as described above regarding creation of files and symlinks.
Sample contents of live-image-i386.netboot.tar:
drwxr-xr-x root/root 0 2016-12-15 23:46 debian-live/ drwxr-xr-x root/root 0 2016-12-15 23:54 debian-live/live/ -rw-r--r-- root/root 271536128 2016-12-15 23:50 debian-live/live/filesystem.squashfs -rw-r--r-- root/root 11579 2016-12-15 23:52 debian-live/live/filesystem.packages -rw-r--r-- root/root 74 2016-12-15 23:52 debian-live/live/filesystem.packages-remove drwxr-xr-x root/root 0 2016-12-15 23:54 tftpboot/ drwxr-xr-x root/root 0 2016-12-15 23:54 tftpboot/live/ -rw-r--r-- root/root 31942749 2016-12-15 23:52 tftpboot/live/initrd.img -rw-r--r-- root/root 2831760 2016-12-15 23:52 tftpboot/live/vmlinuz drwxr-xr-x root/root 0 2015-04-28 14:01 tftpboot/pxelinux.cfg/ -rw-r--r-- root/root 57 2014-10-25 14:21 tftpboot/pxelinux.cfg/default -rw-r--r-- root/root 351 2016-12-15 23:54 tftpboot/live.cfg -rw-r--r-- root/root 116624 2015-08-19 15:17 tftpboot/ldlinux.c32 -rw-r--r-- root/root 270 2016-12-15 23:54 tftpboot/menu.cfg -rw-r--r-- root/root 26188 2015-08-19 15:17 tftpboot/vesamenu.c32 -rw-r--r-- root/root 268 2016-12-15 23:54 tftpboot/install.cfg -rw-r--r-- root/root 508 2016-12-15 23:54 tftpboot/stdmenu.cfg -rw-r--r-- root/root 34739 2016-12-15 23:54 tftpboot/splash.png -rw-r--r-- root/root 23480 2015-08-19 15:17 tftpboot/libutil.c32 -rw-r--r-- root/root 153 2016-12-15 23:54 tftpboot/advanced.cfg -rw-r--r-- root/root 182552 2015-08-19 15:17 tftpboot/libcom32.c32 -rw-r--r-- root/root 42988 2015-08-19 15:17 tftpboot/pxelinux.0 -rw-r--r-- root/root 164096 2015-08-19 15:17 tftpboot/hdt.c32
This page is missing a section/subpage that explains how to speed up the netboot process using iPXE.
Basically:
apt-get install ipxe cd /your-tftp-root mkdir -p {bios,uefi} ln -s /usr/lib/ipxe/undionly.kpxe ./bios/ ln -s /boot/ipxe.efi ./uefi/ FQDN=DNS-name-of-your-server-here IP_OF_FQDN=`dig $FQDN +short` cat <<EOF>x2go-tce-ipxe #!ipxe dhcp kernel http://$FQDN/x2go-tce-vmlinuz EVERYTHING-FROM-THE-LINE-STARTING-WITH-APPEND-IN-THE-X2GO-TCE-SAMPLE-FILE-ABOVE initrd http://$FQDN/x2go-tce-initrd.img boot EOF
After that, create a symlink/symlinks that point(s) from “default” or a part of the MAC or the entire MAC, or the UUID, or the hex-encoded IP to x2go-tce-ipxe.
Then add this to your dhcpd.conf
if substring ( option vendor-class-identifier , 19,1 ) = "0" { filename "bios/undionly.kpxe"; } else if substring ( option vendor-class-identifier , 19,1 ) = "7" { filename "uefi/ipxe.efi"; } else { log (info, concat ( "Unhandled vendor class Arch: ", substring ( option vendor-class-identifier , 19,1 ))); } if exists user-class and option user-class = "iPXE" { set hwmac = concat ( suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2) ); filename = concat( "http://DNS-name-of-your-server-here/", hwmac ); }
This page is missing a section/subpage that explains how to retrieve an xorg.conf from a different system.
Things to try: KNOPPIX Live Linux, other Distribution's Live Images (a recent Fedora or Arch, maybe?)
Basically, in the running Linux where you have a working X Server on that particular hardware:
Xorg :$(($(ps -C Xorg -o args= | awk ' $2 ~ /^:[0-9]/ { print $2 }' | tr -d ':' | sort -n)+1)) -configure
Xorg -configure
This page is missing a section/subpage that explains how to create images for USB/CD.
Basically, proceed as shown for netboot above, but set LBX2GO_IMAGETYPE to iso or iso-hybrid (recommended).
if you actually intend to write the image to CD/DVD or USB media, the only file you need is located at ./original-x2go-tce-live-image-i386.hybrid.iso after using the above script.
When using iso-hybrid, this file can be dd'ed straight to USB media, no need to unpack, format, fiddle with a boot loader, etc.
Also, when using iso-hybrid and USB media, there are a few “cheats” to reclaim unused space on the USB media, and to turn it into a solution that allows you to run X2GoClient in portable mode on Windows, and boot it as X2Go-TCE, with a shared configuration file.
Document how to add second partition to USB media after dd'ing the iso-hybrid image, and how to add X2GoClient-Portable to it.
x2goclient.exe –portable –session-conf=sessions
).This page is missing a section/subpage that explains how to create images for local storage.
Basically, proceed as shown for netboot above, but set LBX2GO_IMAGETYPE to iso or iso-hybrid (recommended). Do not select hdd or tar - even though it is supposed to becoma a local storage installation.
/boot/X2Go-live1
, /boot/X2Go-live2
, /boot/X2Go-live-download
./boot/X2Go-live1
, but you will be unable to use the autoupdater then../x2go-tce-vmlinuz
, ./x2go-tce-initrd.img
, and ./x2go-tce-squashfs-only.iso
to /boot/X2Go-live1
(and to /boot/X2Go-live2
, if present)./boot/grub
and install grub-legacy into it (assuming an ext* file system) OR # sample grub-legacy menu.lst for booting X2Go-TCE from local media # Depending on your setup, this goes either into C:\menu.lst or C:\boot\grub\menu.lst (/boot/grub/menu.lst). # C:\menu.lst is recommended for NTFS, /boot/grub/menu.lst for ext*. # Make sure you do not have menu.lst files at both locations. default 0 timeout 5 color cyan/blue white/blue # This says "password" in md5 password --md5 $1$v4.0xYdG$32uzkKsup9c1RsHZlzfQs1 title X2Go-live1 find /boot/X2Go-live1/x2go-tce-vmlinuz root kernel /boot/X2Go-live1/x2go-tce-vmlinuz boot=live components noswap aufs rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rd.driver.pre=loop rd.noverifyssl rd.skipfsck rd.live.overlay.check rd.live.overlay.reset rd.live.ram log_buf_len=1M quickreboot consoleblank=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rootwait=120 silent quiet splash lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 hostname=localhost noroot nouser quiet splash findiso=/boot/X2Go-live1/x2go-tce-squashfs-only.iso FURTHER-OPTIONS-GO-HERE initrd /boot/X2Go-live1/x2go-tce-initrd.img title X2Go-live2 find /boot/X2Go-live2/x2go-tce-vmlinuz root kernel /boot/X2Go-live2/x2go-tce-vmlinuz boot=live components noswap aufs rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rd.driver.pre=loop rd.noverifyssl rd.skipfsck rd.live.overlay.check rd.live.overlay.reset rd.live.ram log_buf_len=1M quickreboot consoleblank=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rootwait=120 silent quiet splash lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 hostname=localhost noroot nouser quiet splash findiso=/boot/X2Go-live2/x2go-tce-squashfs-only.iso FURTHER-OPTIONS-GO-HERE initrd /boot/X2Go-live2/x2go-tce-initrd.img
menu title X2Go-TCE # This says "password" in md5 menu master passwd $1$v4.0xYdG$32uzkKsup9c1RsHZlzfQs1 UI menu.c32 default live2-486 prompt 0 timeout 50 include X2Go-live1.cfg include X2Go-live2.cfg
label X2Go-live1 menu label X2Go-Live^1 menu default linux /boot/X2Go-live1/x2go-tce-vmlinuz initrd /boot/X2Go-live1/x2go-tce-initrd.img append boot=live components noswap aufs rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rd.driver.pre=loop rd.noverifyssl rd.skipfsck rd.live.overlay.check rd.live.overlay.reset rd.live.ram log_buf_len=1M quickreboot consoleblank=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rootwait=120 silent quiet splash lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 hostname=localhost noroot nouser quiet splash findiso=/boot/X2Go-live1/x2go-tce-squashfs-only.iso FURTHER-OPTIONS-GO-HERE
label X2Go-live2 menu label X2Go-Live^2 menu default linux /boot/X2Go-live2/x2go-tce-vmlinuz initrd /boot/X2Go-live2/x2go-tce-initrd.img append boot=live components noswap aufs rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rd.driver.pre=loop rd.noverifyssl rd.skipfsck rd.live.overlay.check rd.live.overlay.reset rd.live.ram log_buf_len=1M quickreboot consoleblank=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rootwait=120 silent quiet splash lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 hostname=localhost noroot nouser quiet splash findiso=/boot/X2Go-live2/x2go-tce-squashfs-only.iso FURTHER-OPTIONS-GO-HERE
This page is missing a section/subpage that explains how to install GRLDR/GRLDR.mbr from GRUB4DOS on Windows, so you don't have to overwrite the Windows MBR.
This is done by chainloading GRUB4DOS from the native Microsoft Windows Bootloader
C:\boot.ini
attrib -r -h -s C:\boot.ini
C:\boot.ini
and add an entry C:\grldr=“Start ThinClient”
somewhere below the section [operating systems]
[boot loader]
, change the line starting with default
to default=C:\grldr
attrib +r +h +s C:\boot.ini
@echo off setlocal set BCDEDIT=%SYSTEM%\bcdedit.exe if not exist %BCDEDIT% exit 1 for /f "tokens=3" %%A in ('%BCDEDIT% /create /d "PXE boot" /application bootsector') do set guid=%%A %BCDEDIT% /set %guid% device partition=%SystemDrive% %BCDEDIT% /set %guid% path \grldr.mbr REM you can use /addfirst instead, if you want %BCDEDIT% /displayorder %guid% /addlast REM this sets a 5 second timeout until the default entry is booted REM feel free to adjust to your needs, but NEVER set it to 0 or 1 REM in combination with using /default below unless you don't ever REM intend to boot back into Windows again. %BCDEDIT% /timeout 5 REM "bootsequence" means only the single, next reboot will default to this %BCDEDIT% /bootsequence %guid% /addfirst REM alternatively, you can uncomment this and make the ThinClient REM boot option the default boot option REM %BCDEDIT% /default %guid% endlocal
This page is missing a section/subpage that explains how the autoupdate process works with NTFS-formatted local storage (requires using findiso=/path/to/iso/name.iso
and, for the actual autoupdating, toram
, updateurl
, and ntfs-uuid
)
# sample grub-legacy menu.lst for booting X2Go-TCE from NTFS-formatted local media # Depending on your setup, this goes either into C:\menu.lst or C:\boot\grub\menu.lst. # C:\menu.lst is recommended. # Make sure you do not have menu.lst files at both locations. default 0 timeout 5 color cyan/blue white/blue # This says "password" in md5 password --md5 $1$v4.0xYdG$32uzkKsup9c1RsHZlzfQs1 title X2Go-live1 find /boot/X2Go-live1/x2go-tce-vmlinuz root kernel /boot/X2Go-live1/x2go-tce-vmlinuz boot=live components noswap aufs rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rd.driver.pre=loop rd.noverifyssl rd.skipfsck rd.live.overlay.check rd.live.overlay.reset rd.live.ram log_buf_len=1M quickreboot consoleblank=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rootwait=120 silent quiet splash lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 hostname=localhost noroot nouser quiet splash findiso=/boot/X2Go-live1/x2go-tce-squashfs-only.iso toram ntfs-uuid=xxxxxxxxxxxxx FURTHER-OPTIONS-GO-HERE initrd /boot/X2Go-live1/x2go-tce-initrd.img title X2Go-live2 find /boot/X2Go-live2/x2go-tce-vmlinuz root kernel /boot/X2Go-live2/x2go-tce-vmlinuz boot=live components noswap aufs rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rd.driver.pre=loop rd.noverifyssl rd.skipfsck rd.live.overlay.check rd.live.overlay.reset rd.live.ram log_buf_len=1M quickreboot consoleblank=0 kernel.sysrq=1 keep_bootcon sysrq_always_enabled rootwait=120 silent quiet splash lang=de vconsole.keymap=de keyboard-layouts=de locales=de_DE.UTF-8 hostname=localhost noroot nouser quiet splash findiso=/boot/X2Go-live2/x2go-tce-squashfs-only.iso toram ntfs-uuid=xxxxxxxxxxxxx FURTHER-OPTIONS-GO-HERE initrd /boot/X2Go-live2/x2go-tce-initrd.img
Document that using updateurl
along with an rsync://FQDN/x2go-tce
URL is the most efficient way to deploy updates. Note that the syntax is rsync://FQDN/x2go-tce
, NOT rsync://FQDN::x2go-tce
.
RSYNC_ENABLE=true
in /etc/default/rsync
as well as an additional configuration file:lock file = /var/run/rsync.lock log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid [x2go-tce] path = /var/www/x2go-tce # change this to the path where you intend to keep the images comment = X2Go TCE files uid = root gid = root read only = yes list = yes hosts allow = 192.168.0.0/255.255.0.0 # change this to your local subnet(s)
service rsync start
Some of the optional steps above could be moved to a separate subpage to reduce clutter.
The steps for the build process could probably streamlined into an x2go-tcebuilder.deb Debian package
Ideas:
To avoid re-generating SSH Server keys on each ThinClient on every boot, they could be stored
To be checked: Does the live-config “builtin” command live-config.nottyautologin
do the same as our nouser
command? If yes, nouser
could be removed. Note that live-config.nottyautologin
might mean “there's a login prompt, but you just need to enter username user
and password live
to login” - this is not what we want. We need a solution to entirely block user logons.
It would be cool if there was some kind of autodetection for SSH private keys, on local storage media and/or on USB media. For USB media, this may require adding an automounter.
User Support: Remote Access to the ThinClient's local display (before any connection is made) X2Go-TCE comes with x11vnc installed. If you want to see what's on the ThinClient's X11 screen, before a server connection has been established, proceed as follows:
xvncviewer -listen
ssh -R 5500:localhost:5500 root@thinclient 'x11vnc -display :0 -rfbport 0 -coe localhost
'vncclient.exe -listen 5500
x11vnc -display :0 -rfbport 0 -coe localhost
in the PuTTY window
To see what a user is doing once a connection has been established, connect to the X2GoServer yourself and use X2Go's built-in session shadowing (Install package x2godesktopsharing
on the server, if you haven't done so already) - this will deliver way better performance.
User Support: Determining the ThinClient's IP and/or MAC via phone
When you are unable to connect to the ThinClient, you might want to ascertain its MAC and/or IP address(es), to make sure you and the user you are trying to support are talking about the same machine. Tell the user to press [Ctrl]+[Alt]+[F1] and to read out
To return to the login screen, have the user press [Ctrl]+[Alt]+[F7] ([Alt]+[F7] should work, too), or, once you've successfully logged in over the network, issue the chvt 7
command.
User Support: Checking the ThinClient's local printer setup (when using the tcpprint
boot parameter)
There are several ways to check whether a ThinClient has detected any local printers:
ls -lah /etc/xinetd.d/jetdirect*
and examine the files listed there.cat /dev/vcs9
(you might have to pipe it through less
to see the entire screen).chvt 7
command.User Support: Checking the ThinClient's update status (when using local storage) There are several ways to check a ThinClient's update status:
cat /dev/vcs10
(you might have to pipe it through less
to see the entire screen) when connected remotelychvt 7
command.