Obsah
LTSP (Terminal Server)
LTSP stands for Linux Terminal Server Project.
General reccomendations
- Do not use amd64 client images!
- Go for i386 instead. Amd64 are buggy and i386 client images will serve you much better even if your LTSP server is amd64…
- Client and server architectures does not have to match.
- When building client image using ltsp-build-client you can choose architecture using --arch parameter…
- Uninstall or disable local X server (or display manager) on LTSP server when you don't need to use desktop localy. As well as any other eye-candy junk…
- It will save you little bit of resources and possibly some crashes related to GPU drivers.
- Server's are meant to be lightweight as possible
- It's better to have dedicated machine for LTSP server (preferably in rack without keyboard and display, so nobody will mess with it…)
- Even when Debian is generaly preferred distro for servers, Ubuntu seems to be preferred for LTSP servers as it seems to have better LTSP integration and is more optimized for desktop use. It's still good idea even if you prefer different distributions on classical desktop, because not every distribuion is well prepared for use with LTSP.
Tricks in lts.conf
Now it's recommended to put configuration in /var/lib/tftpboot/ltsp/i386/lts.conf as it doesn't require to do ltsp-update-image after each change…
You can put following tweaks in [Default] section or wherewer you want
Service shells
- lts.conf
SCREEN_02=ssh SCREEN_03=ssh SCREEN_04=ssh SCREEN_05=shell SCREEN_06=shell SCREEN_07=ldm SSH_HOST=your.ltsp.server.example.com
- This will put
- SSH to LTSP server on VCs 2-4 (in case LDM is broken, you can still use shell)
- Paswordless shell on VCs 5-6 (in case someone needs to do something locally, no security concerns needed as everything runs from readonly netboot and RAM)
- Do not use VCs bigger than 7 (where LDM sits) it will screw LDM somehow…
Share scanners and printers
Note this may need some messing in ltsp client image. (installing drivers, etc…)
- lts.conf
SCANNER = True PRINTER_0_DEVICE=/dev/lp0 PRINTER_0_WRITE_ONLY=True PRINTER_1_DEVICE=/dev/usblp0 PRINTER_1_WRITE_ONLY=True
Make thin client's disk drives accessible in LTSP
- lts.conf
LOCALDEV = True LOCAL_STORAGE = True LOCALSTORAGE = True LOCALDEV_DENY_INTERNAL_DISKS = False
Make LTSP available through VNC
If you want to support access to your LTSP server using VNC for users that are outside the network with working netboot setup (thin clients). You can use Xvnc server for this (vnc4server package at Debian/Ubuntu, also you'll need xserver-common and xfonts-base if you have uninstalled xserver completely).
We will also use lightdm display manager with lightdm-gtk-greeter as LTSP's internal display manager (LDM) is not suitable for this use. Which means that login screen at VNC will look bit different from one on LTSP's thin clients. You'll have to configure lightdm to listen for XDMCP connections, so Xvnc can connect to it. Eg. like this:
- /etc/lightdm/lightdm.conf
[LightDM] start-default-seat=false [XDMCPServer] enabled=true port=177 [SeatDefaults] greeter-session=lightdm-gtk-greeter user-session=xfce greeter-hide-users=true allow-guest=false
Also we'll have to setup Xvnc to listen using superserver. We can't use xinetd as LTSP already uses inetd, so we'll have to set Xvnc in inetd.conf. As you see, it's good idea to setup different servers for different screen resolutions, so users can choose the most convenient one:
- /etc/inetd.conf
#:OTHER: Other services 9571 stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/ldminfod 5901 stream tcp nowait nobody /usr/bin/Xvnc :1 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 800x600 -depth 24 5902 stream tcp nowait nobody /usr/bin/Xvnc :2 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 1280x800 -depth 24 5903 stream tcp nowait nobody /usr/bin/Xvnc :3 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 1024x600 -depth 24 5910 stream tcp nowait nobody /usr/bin/Xvnc :10 -inetd -once -query 127.0.0.1 -SecurityTypes=none -geometry 480x320 -depth 16
And that's it. Now restart lightdm and then inetd and you should be ready to roll…
If you are using guest account at LTSP and you are concerned about security, you should also disable guest login from lightdm. There few ways to do this. Protect guest with secret password, use lightdm's configuration or use pam_access.so in /etc/pam.d/lightdm.
Desktop Autolinking
This script will maintain symlinks to all files in /etc/autolinks at desktops of all users. This is usefull when you want to make sure that all users have some desktop icons accessible all the time and they cannot delete them. Run it from cron and login scripts…
- /usr/local/bin/autolinks
#!/bin/bash AUTODIR=/etc/autolinks LINK_PREFIX="LTSP-VOLATILE" rm -f /home/*/Desktop/"$LINK_PREFIX"-* for home in /home/*; do ls -1 "$AUTODIR" | while read link; do [ -e "$home"/Desktop ] && ln -s "$AUTODIR"/"$link" "$home"/Desktop/"$LINK_PREFIX"-"$link" #|| ln -s Plocha "$home"/Desktop done done
Disable XFCE dialog at first login
ln -s /etc/xdg/xfce4/panel/default.xml /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
EdgeRouter EdgeOs DHCP
bootfile-server: 192.168.223.2 subnet-parameters: option root-path "/opt/ltsp/i386"; filename "/ltsp/i386/pxelinux.0";