User Tools

Site Tools


doc:howto:x2gobroker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:x2gobroker [2017/02/13 13:40]
stefanbaur [x2goclient1.x2go.example.com] URI fix
doc:howto:x2gobroker [2017/02/28 09:21] (current)
stefanbaur [pg1.x2go.example.com] - no nfs mounts on pg1
Line 1: Line 1:
 ====== X2Go Session Broker Demo Environment Setup ====== ====== X2Go Session Broker Demo Environment Setup ======
-<note important>Work in Progress - at present, session resuming doesn't work, even though it should.</note>+
 ===== Purpose of this document ===== ===== Purpose of this document =====
  
Line 231: Line 231:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 246: Line 246:
  echo "COMMENT: about maintainability - it is to get a small, simple, static LDAP setup up" ;\  echo "COMMENT: about maintainability - it is to get a small, simple, static LDAP setup up" ;\
  echo "COMMENT: and running so you don't have to bother with LDAP when all you want to do is" ;\  echo "COMMENT: and running so you don't have to bother with LDAP when all you want to do is" ;\
- echo "COMMENT: test-drive the broker setup." \;+ echo "COMMENT: test-drive the broker setup." ;\
  echo '(cd /usr/share/migrationtools && LDAP_BASEDN="dc=x2go,dc=example,dc=com" LDAPHOST="ldap1" LDAP_BINDDN="cn=admin,dc=x2go,dc=example,dc=com" LDAP_BINDCRED="start" LDAP_PROFILE="no" LDAPADD="/usr/bin/ldapadd -c" ETC_ALIASES=/dev/null ./migrate_all_online.sh || true)' >>/target/etc/rc.local ;\  echo '(cd /usr/share/migrationtools && LDAP_BASEDN="dc=x2go,dc=example,dc=com" LDAPHOST="ldap1" LDAP_BINDDN="cn=admin,dc=x2go,dc=example,dc=com" LDAP_BINDCRED="start" LDAP_PROFILE="no" LDAPADD="/usr/bin/ldapadd -c" ETC_ALIASES=/dev/null ./migrate_all_online.sh || true)' >>/target/etc/rc.local ;\
  echo "COMMENT: This is the cleanup job for the LDAP migration, so it doesn't run more than once." ;\  echo "COMMENT: This is the cleanup job for the LDAP migration, so it doesn't run more than once." ;\
Line 488: Line 488:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 704: Line 704:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
  echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\  echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
  sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\  sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
- echo "COMMENT: This is so /home gets mounted from nfs1" ;\ 
- echo -e 'nfs1:/export/home\t/home\tnfs\tsoft,intr,rsize=8192,wsize=8192\t0\t0' >>/target/etc/fstab ;\ 
  echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\  echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\
  sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\  sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\
Line 952: Line 950:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 965: Line 963:
  echo "COMMENT: This patches the x2gobroker configuration files the way we need them to be for our demo." ;\  echo "COMMENT: This patches the x2gobroker configuration files the way we need them to be for our demo." ;\
  sed -i -e '/^host=/chost=x2goserver1.x2go.example.com,x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\  sed -i -e '/^host=/chost=x2goserver1.x2go.example.com,x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 + sed -i -e '/^fullscreen=/cfullscreen=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
  sed -i -e '/^#default-agent-query-mode/adefault-agent-query-mode=SSH' /target/etc/x2go/x2gobroker.conf ;\  sed -i -e '/^#default-agent-query-mode/adefault-agent-query-mode=SSH' /target/etc/x2go/x2gobroker.conf ;\
  sed -i -e '/^#default-use-load-checker/adefault-use-load-checker=true' /target/etc/x2go/x2gobroker.conf ;\  sed -i -e '/^#default-use-load-checker/adefault-use-load-checker=true' /target/etc/x2go/x2gobroker.conf ;\
Line 993: Line 992:
  sed -i -e '/^command=SHADOW/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\  sed -i -e '/^command=SHADOW/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
  sed -i -e '/^command=SHADOW/aacl-groups-allow=group-shadow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\  sed -i -e '/^command=SHADOW/aacl-groups-allow=group-shadow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
 + echo "COMMENT: These patches fix bugs that are still present in the current stable release" ;\
 + sed -i -e 's/if pam.pam:/if hasattr(pam, "pam"):/' /target/usr/sbin/x2gobroker-authservice /target/usr/lib/python2.7/dist-packages/x2gobroker/authmechs/pam_authmech.py ;\
 + sed -i -e "s/'hostname'/'hostaddr'/" /target/usr/sbin/x2gobroker-testagent ;\
 + echo "COMMENT: This enables the HTTP Session Broker for SystemD and SysVinit systems" ;\
 + sed -i '/#DAEMON_BIND_ADDRESS=127.0.0.1:8080/aDAEMON_BIND_ADDRESS=*:8080' /target/etc/default/x2gobroker-daemon /target/etc/x2go/broker/defaults.conf ;\
  echo "COMMENT: This patches rc.local so the following set of commands is run" ;\  echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
  echo "COMMENT: exactly *once* - at the first boot after installation." ;\  echo "COMMENT: exactly *once* - at the first boot after installation." ;\
Line 1002: Line 1006:
  echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\  echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
  echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\  echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
- echo "COMMENT: We're cheating here:" \n + echo "COMMENT: We're cheating here:" ;
- echo "COMMENT: We're calling the pubkeyauthorizer on x2gobroker, rather than from each x2goserver." \+ echo "COMMENT: We're calling the pubkeyauthorizer on x2gobroker, rather than from each x2goserver." ;\ 
- echo "COMMENT: That way, we don't have to open :8080 for anything more than localhost." \;+ echo "COMMENT: That way, we don't have to open :8080 for anything more than localhost." ;\
  echo 'x2gobroker-pubkeyauthorizer --broker-url http://localhost:8080/pubkeys/' >>/target/etc/rc.local ;\  echo 'x2gobroker-pubkeyauthorizer --broker-url http://localhost:8080/pubkeys/' >>/target/etc/rc.local ;\
  echo "COMMENT: Now we create a directory (watch permissions/ownership!) on the NFS share, and dump the generated key file there." ;\  echo "COMMENT: Now we create a directory (watch permissions/ownership!) on the NFS share, and dump the generated key file there." ;\
Line 1243: Line 1247:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 1526: Line 1530:
  echo "COMMENT: This is for homedir autocreation." ;\  echo "COMMENT: This is for homedir autocreation." ;\
  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\  echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
- echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\  echo "*;*;*;Al0000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
Line 1782: Line 1786:
  in-target apt-get clean ;\  in-target apt-get clean ;\
  echo "COMMENT: This last step creates an X2GoClient-in-Broker-Mode desktop entry" ;\  echo "COMMENT: This last step creates an X2GoClient-in-Broker-Mode desktop entry" ;\
- mkdir /target/home/localuser/Desktop ;\ + mkdir /target/home/localuser/Desktop ;\ echo '[Desktop Entry]' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo '[Desktop Entry]' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'Version=1.0' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'Version=1.0' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'Terminal=false' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'Terminal=false' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'Icon=x2goclient' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'Icon=x2goclient' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'Type=Application' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'Type=Application' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'Categories=Internet' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'Categories=Internet' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'Exec=x2goclient --broker-url=ssh://x2gobroker1.x2go.example.com:/usr/bin/x2gobroker-ssh --add-to-known-hosts' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'Exec=x2goclient --broker-url=ssh://x2gobroker1.x2go.example.com:/usr/bin/x2gobroker-ssh --add-to-known-hosts' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'Name=X2GoClient in SSH Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'Name=X2GoClient in Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'GenericName=X2GoClient in SSH Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'GenericName=X2GoClient in Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'Comment=Starts X2GoClient in SSH Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'Comment=Starts X2GoClient in Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\ + echo 'StartupNotify=true' >>/target/home/localuser/Desktop/x2goclient-broker-ssh.desktop ;\ 
- echo 'StartupNotify=true' >>/target/home/localuser/Desktop/x2goclient-broker.desktop ;\+ echo '[Desktop Entry]' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'Version=1.0' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'Terminal=false' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'Icon=x2goclient' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'Type=Application' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'Categories=Internet' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'Exec=x2goclient --broker-url=http://x2gobroker1.x2go.example.com:8080/plain/inifile --add-to-known-hosts' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'Name=X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'GenericName=X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'Comment=Starts X2GoClient in HTTP Broker Mode' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
 + echo 'StartupNotify=true' >>/target/home/localuser/Desktop/x2goclient-broker-http.desktop ;\ 
  echo "End Post-Install Setup/Config"  echo "End Post-Install Setup/Config"
  
doc/howto/x2gobroker.1486993246.txt.gz · Last modified: 2017/02/13 13:40 by stefanbaur