User Tools

Site Tools


doc:installation:x2gobroker

This is an old revision of the document!


Installing X2Go Session Broker

The X2Go Session Broker falls into two components.

  • X2Go Session Broker Daemon/WSGI
  • X2Go Session Broker Authentication Service
  • X2Go Session Broker Agent

X2Go Session Broker can either be installed as a standalone Daemon, or it can be integrated into Apache2 (or other httpd) using 'mod_wsgi'.

X2Go Session Broker Daemon

Package name: 'x2gobroker-daemon'

On Debian based systems:

$ sudo apt-get install x2gobroker-daemon

The standalone daemon setup works out of the box, but can only bind to IP ports greater than 1024. However, for security, the X2Go Session Broker standalone daemon only binds to the IPv4 localhost device.

Check /etc/defaults/x2gobroker-daemon for modifying the daemon's bind address.

X2Go Session Broker WSGI

Package name: 'x2gobroker-wsgi'

On Debian based systems:

$ sudo apt-get install x2gobroker-wsgi

For production deployments, the WSGI based setup is probably preferrable. With Apache2+WSGI you can provide VirtualHost setups with many different broker configurations on the same machine. You can also use the Apache2-way of setting up SSL support.

With the Apache2+WSGI setup you can integrate the X2Go Session Broker functionality into a complex X2Go Broker site (e.g. with a session configuration WebUI).

In the source code of X2Go Session Broker we provide two example configurations for Apache2+X2GoBroker:

X2Go Session Broker: Backends and Frontends

The concept of X2Go Session Broker as provided in X2Go Git is highly modular. The X2Go Session Broker Daemon can be easily extended with broker backends and WebUI frontends.

Currently available broker backends

  • ZeroConf backend (name: zeroconf), set up by default, allows one to test the broker and see that client ↔ broker configuration basically works
  • INI File backend (name: inifile), text file (INI format) based configuration of the X2Go Session Broker backend

Other broker backends (written in Python) can be added easily if needed. Contact the X2Go developers for further information on custom broker backend development.

Currently available WebUI frontends

  • The 'plain' WebUI frontend: usable with X2Go Client
  • The 'uccs' WebUI frontend: usable with Unity Greeter (experimental)

X2Go Session Broker Authentication Service

Package name: 'x2gobroker-authservice'

On Debian based systems:

$ sudo apt-get install x2gobroker-authservice

The X2Go Session Broker Authentication Service normally gets installed on the machine that also has x2gobroker-daemon or x2gobroker-wsgi installed. The broker code itself runs as system user x2gobroker whereas the authentication service has to run as root. By security design, the functionality of the broker that requires root privileges has been separated from the rest of the broker.

The X2Go Session Broker Authentication Service requires root privileges for a few PAM based authentication backends. The default installation authenticates against PAM, on default Linux systems, PAM authentication (pam_unix.so) requires root privileges by the authentication process.

With other PAM setups (e.g. pam_ldap.so) root privileges are not required and it is ok to not install x2gobroker-authservice.

Furthermore, X2Go Session Broker can extended by other (non-PAM) authentication methods. The currently available authentication mechanisms in X2Go Session Broker are listed here.

Setting up Config Files

X2Go Session Broker Config

For a basic configuration with the INI file backend you only need to touch

  • /etc/x2go/x2gobroker.conf
  • /etc/x2go/broker/x2gobroker-sessionprofiles.conf

The X2Go Session Broker uses several more configuration files. Below is a complete list (for version 0.0.2.x, if not applicable to later versions anymore, please update the below lists):

X2Go Session Broker's Core: /etc/default/python-x2gobroker (enviroment variables, used to set defaults in Python X2Go Session Broker with impact on the daemon and the authentication service), /etc/x2go/x2gobroker.conf (main configuration file), /etc/x2go/broker/x2gobroker-sessionprofiles.conf (configuration file for the INI file backend), /etc/pam.d/x2gobroker (PAM configuration for X2Go Session Broker Authservice), /etc/x2go/broker/x2gobroker-loggers.conf (don't touch!)

X2Go Session Broker Daemon: /etc/default/x2gobroker-daemon (enviroment variables, used to set defaults in Python X2Go Session Broker with impact on the daemon only), /etc/logrotate.d/x2gobroker-daemon (rotate broker logfiles)

X2Go Session Broker WSGI: /etc/x2go/x2gobroker-wsgi.apache.conf (global implementation, enabled by default) /etc/x2go/x2gobroker-wsgi.apache.vhost (VirtualHost example for the WSGI implementation of X2Go Session Broker) /etc/logrotate.d/x2gobroker-wsgi (rotate WSGI logfile)

X2Go Session Broker Authentication Service: /etc/default/x2gobroker-authservice (enviroment variables, used to set defaults in Python X2Go Session Broker with impact on the authentication service only), /etc/x2go/broker/x2gobroker-authservice-logger.conf (don't touch) /etc/logrotate.d/x2gobroker-authservice (rotate the authentication service's logfile)

Testing Your X2Go Session Broker Setup

Enabling Debug Mode

If you want to check the broker funtionality with your web browser, please make sure you have enabled the debug mode of the broker. Make sure that before launching the 'x2gobroker' executable the environment variable X2GOBROKER_DEBUG is set to 1.

On Debian based systems, this can be done in /etc/defaults/x2gobroker-daemon or the Apache2-WSGI configuration of X2Go Session Broker in /etc/x2go/x2gobroker-wsgi.apache.*. Make sure to restart the corresponding service (x2gobroker-daemon resp. apache2) after you have changed either of those config files:

For x2gobroker-daemon

$ invoke-rc.d x2gobroker-daemon restart

For Apache2/WSGI/X2Go Session Broker setup…

$ invoke-rc.d apache2 restart

Testing X2Go Session Broker with a Browser

The different backends and frontends can be accessed with this URL pattern:

http(s)://<broker-base-url>/<frontend>/<backend>

Where…

Example: http://localhost:8080/plain/zeroconf

doc/installation/x2gobroker.1368367879.txt.gz · Last modified: 2013/05/12 14:11 by sunweaver