User Tools

Site Tools


doc:howto:x2gobroker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
doc:howto:x2gobroker [2017/02/13 15:30]
stefanbaur [x2goclient1.x2go.example.com] Latest commits to enable both SSH and HTTP broker modes and functioning session resuming
doc:howto:x2gobroker [2017/02/13 21:09]
stefanbaur [x2gobroker1.x2go.example.com] defaults to fullscreen now
Line 1: Line 1:
 ====== X2Go Session Broker Demo Environment Setup ====== ====== X2Go Session Broker Demo Environment Setup ======
-<note important>Work in Progress - at present, session resuming doesn't work, even though it should.</note>+
 ===== Purpose of this document ===== ===== Purpose of this document =====
  
Line 231: Line 231:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 246: Line 246:
  echo "COMMENT: about maintainability - it is to get a small, simple, static LDAP setup up" ;\  echo "COMMENT: about maintainability - it is to get a small, simple, static LDAP setup up" ;\
  echo "COMMENT: and running so you don't have to bother with LDAP when all you want to do is" ;\  echo "COMMENT: and running so you don't have to bother with LDAP when all you want to do is" ;\
- echo "COMMENT: test-drive the broker setup." \;+ echo "COMMENT: test-drive the broker setup." ;\
  echo '(cd /usr/share/migrationtools && LDAP_BASEDN="dc=x2go,dc=example,dc=com" LDAPHOST="ldap1" LDAP_BINDDN="cn=admin,dc=x2go,dc=example,dc=com" LDAP_BINDCRED="start" LDAP_PROFILE="no" LDAPADD="/usr/bin/ldapadd -c" ETC_ALIASES=/dev/null ./migrate_all_online.sh || true)' >>/target/etc/rc.local ;\  echo '(cd /usr/share/migrationtools && LDAP_BASEDN="dc=x2go,dc=example,dc=com" LDAPHOST="ldap1" LDAP_BINDDN="cn=admin,dc=x2go,dc=example,dc=com" LDAP_BINDCRED="start" LDAP_PROFILE="no" LDAPADD="/usr/bin/ldapadd -c" ETC_ALIASES=/dev/null ./migrate_all_online.sh || true)' >>/target/etc/rc.local ;\
  echo "COMMENT: This is the cleanup job for the LDAP migration, so it doesn't run more than once." ;\  echo "COMMENT: This is the cleanup job for the LDAP migration, so it doesn't run more than once." ;\
Line 488: Line 488:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 704: Line 704:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 952: Line 952:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 965: Line 965:
  echo "COMMENT: This patches the x2gobroker configuration files the way we need them to be for our demo." ;\  echo "COMMENT: This patches the x2gobroker configuration files the way we need them to be for our demo." ;\
  sed -i -e '/^host=/chost=x2goserver1.x2go.example.com,x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\  sed -i -e '/^host=/chost=x2goserver1.x2go.example.com,x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 + sed -i -e '/^fullscreen=/cfullscreen=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
  sed -i -e '/^#default-agent-query-mode/adefault-agent-query-mode=SSH' /target/etc/x2go/x2gobroker.conf ;\  sed -i -e '/^#default-agent-query-mode/adefault-agent-query-mode=SSH' /target/etc/x2go/x2gobroker.conf ;\
  sed -i -e '/^#default-use-load-checker/adefault-use-load-checker=true' /target/etc/x2go/x2gobroker.conf ;\  sed -i -e '/^#default-use-load-checker/adefault-use-load-checker=true' /target/etc/x2go/x2gobroker.conf ;\
Line 1007: Line 1008:
  echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\  echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
  echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\  echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
- echo "COMMENT: We're cheating here:" \n + echo "COMMENT: We're cheating here:" ;
- echo "COMMENT: We're calling the pubkeyauthorizer on x2gobroker, rather than from each x2goserver." \+ echo "COMMENT: We're calling the pubkeyauthorizer on x2gobroker, rather than from each x2goserver." ;\ 
- echo "COMMENT: That way, we don't have to open :8080 for anything more than localhost." \;+ echo "COMMENT: That way, we don't have to open :8080 for anything more than localhost." ;\
  echo 'x2gobroker-pubkeyauthorizer --broker-url http://localhost:8080/pubkeys/' >>/target/etc/rc.local ;\  echo 'x2gobroker-pubkeyauthorizer --broker-url http://localhost:8080/pubkeys/' >>/target/etc/rc.local ;\
  echo "COMMENT: Now we create a directory (watch permissions/ownership!) on the NFS share, and dump the generated key file there." ;\  echo "COMMENT: Now we create a directory (watch permissions/ownership!) on the NFS share, and dump the generated key file there." ;\
Line 1248: Line 1249:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 1531: Line 1532:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 1804: Line 1805:
  echo 'Type=Application' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\  echo 'Type=Application' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
  echo 'Categories=Internet' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\  echo 'Categories=Internet' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
- echo 'Exec=x2goclient --broker-url=ssh://x2gobroker1.x2go.example.com:8080/plain/inifile --add-to-known-hosts' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\+ echo 'Exec=x2goclient --broker-url=http://x2gobroker1.x2go.example.com:8080/plain/inifile --add-to-known-hosts' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
  echo 'Name=X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\  echo 'Name=X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
  echo 'GenericName=X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\  echo 'GenericName=X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\
doc/howto/x2gobroker.txt · Last modified: 2017/02/28 09:21 by stefanbaur