User Tools

Site Tools


wiki:advanced:x2gobroker:loadbalancing

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
wiki:advanced:x2gobroker:loadbalancing [2013/07/02 00:49]
sunweaver
wiki:advanced:x2gobroker:loadbalancing [2016/02/23 16:09] (current)
ionic Make the note a real note.
Line 1: Line 1:
 +
 +
 ====== Load Balancing with X2Go ====== ====== Load Balancing with X2Go ======
  
Line 23: Line 25:
  
 you should get all current active/suspended X2Go sessions listed. you should get all current active/suspended X2Go sessions listed.
 +
 +===== X2Go Session Broker Daemon / WSGI =====
 +
 +Install X2Go Session Broker [[doc:installation:x2gobroker|as described]]. Use a non-X2Go Server for this as installation host (e.g. the central LDAP server). Choosing the right machine on your network for providing X2Go session brokerage heavily depends on your site setup.
 +
 +You certainly want to make use of SSL (https protocol) if the session broker can be accessed from the internet or if you share your network with non-trusted machines. For large scale deployments the WSGI implementation of the broker is recommended (package: ''x2gobroker-wsgi''). For small companies the standalone daemon should probably be fine (package: ''x2gobroker-daemon'').
 +
 +After you have installed the session broker, additionally run the script ''x2gobroker-keygen'' as super-user root:
 +
 +<code bash>
 +$ sudo x2gobroker-keygen
 +</code>
 +
 +This script will (if the defaults are not touched) create an RSA public/private SSH key pair in ''~x2gobroker/.ssh/authorized_keys''.
 +
 +===== X2Go Session Broker Agent =====
 +
 +On every X2Go Server install the package ''x2gobroker-agent''. This agent has to be handled with much care, as it gets installed setuid root. Be aware of that and read its code before you deploy it. If you find any bugs or security issues with it, please [[wiki:bugs|contact the X2Go developers immediately (by sending a bug report)]] so that we can get things fixed for all as soon as possible.
 +
 +To give the session broker access to your X2Go Servers, you have to run (as root)
 +
 +<code bash>
 +$ sudo x2gobroker-pubkeyauthorizer --broker-url http(s)://<broker-server>:<port>/<basepath>/pubkeys/
 +</code>
 +
 +<note>''<basepath>'' typically is empty, unless the front- and backends were moved to a specific subdirectory as part of a WSGI deployment.</note>
 +
 +
 +===== X2Go Session Profile for Load Balanced Sites =====
 +
 +In the session profile configuration of the session broker (e.g. ''/etc/x2go/x2gobroker-sessionprofiles.conf'') you now simply have to list all your X2Go Servers in a comma separated list with the ''host='' option of that session profile.
 +
 +Example:
 +
 +<file>
 +[pool-C-XFCE]
 +user=
 +host=s-1.pool-e.local (10.0.2.11),s-2.pool-e.local (10.0.2.12),s-3.pool-e.local (10.0.2.13),s-4.pool-e.local (10.0.2.14),s-5.pool-e.local (10.0.2.15)
 +name=XFCE - pool-C
 +command=XFCE
 +broker-session-autologin=true
 +</file>
 +
 +It may happen that the broker contacts the X2Go servers under a different address compared to the address that the X2Go Clients have to use for connecting the X2Go Servers. For such cases, every hostname can be written in a special format (as seen in the examples above and below):
 +
 +<file>
 +host=s-1.works-with-broker.local (s-1.works-with-client.extern), s-2.works-with-broker.local (s-2.works-with-client.extern)
 +</file>
 +
 +The hostnames (no IP addresses allowed here) that work with the broker should identically match the hostnames of the X2Go Servers as found in ''/etc/hostname'' of each individual machine. The hostname also appear in the output of the ''x2golistsessions'' command. It is important that hostname patterns (FQDN, short hostnames) match here!!!
 +
 +The hostnames (or maybe IP addresses) that work with the clients must resolve via DNS. IP addresses are allowed here.
 +
wiki/advanced/x2gobroker/loadbalancing.1372726149.txt.gz ยท Last modified: 2013/07/02 00:49 by sunweaver