IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 4 July 2015   (all times are UTC)

00:08dtcrshr has left IRC (dtcrshr!~datacrush@unaffiliated/datacrusher, Ping timeout: 252 seconds)
00:37
<maldridge>
I'm builing the pnp setup, but using an external router, do I still need the standalone package?
01:00andygraybeal has left IRC (andygraybeal!~andy@h104.60.88.75.dynamic.ip.windstream.net, Ping timeout: 256 seconds)
01:18andygraybeal has joined IRC (andygraybeal!~andy@h104.60.88.75.dynamic.ip.windstream.net)
02:14AlexPortable has left IRC (AlexPortable!uid7568@gateway/web/irccloud.com/x-xlfgdoumwbuhlrcj, Quit: Connection closed for inactivity)
03:07pppingme has left IRC (pppingme!~pppingme@unaffiliated/pppingme, Read error: Connection reset by peer)
03:13
<maldridge>
I saw mentioned here to move the /opt/ltsp directory before rebuilding the image, is that necessary to do each time or was that in response to a specific issue at that time?
03:59gaurav___ has joined IRC (gaurav___!7666ed92@gateway/web/freenode/ip.118.102.237.146)
04:00
<gaurav___>
hi sir
04:00
i wand to setup LTSP for 20 users pls suggest me hardware for server and clients
04:14FGXR6 has left IRC (FGXR6!~phantom@ppp121-44-36-166.lns20.syd4.internode.on.net, Remote host closed the connection)
04:30
<maldridge>
gaurav___: that's incredibly broad. Its pretty difficult to suggest things without any information
04:32* gehidore suggests alienware for everything
04:33
<gehidore>
seems fitting given the vague request
04:33pppingme has joined IRC (pppingme!~pppingme@cpe-24-166-185-43.kc.res.rr.com)
04:33pppingme has joined IRC (pppingme!~pppingme@unaffiliated/pppingme)
04:35
<maldridge>
is there a specific reason I shouldn't be logging in one user on multiple clients?
04:36
<gehidore>
I would think at worst you could have the same files being edited
04:36
<maldridge>
I was thinking about the MIT magic cookies, but I don't really care about security in the context for my current project
05:16ricotz has joined IRC (ricotz!~rico@ubuntu/member/ricotz)
05:37F-GT has joined IRC (F-GT!~phantom@ppp121-44-36-166.lns20.syd4.internode.on.net)
05:59ricotz has left IRC (ricotz!~rico@ubuntu/member/ricotz, Quit: Ex-Chat)
06:23gaurav___ has left IRC (gaurav___!7666ed92@gateway/web/freenode/ip.118.102.237.146, Ping timeout: 246 seconds)
07:13
<maldridge>
is there a way to do home on nbd with a tmpfs overlay?
07:22
<muppis>
Why you wanna do that?
07:23
<quinox>
maldridge: you can do it, but fe. Chrome and Firefox won't like it
07:23
<muppis>
Like if there no reason save anything from user, is there something static they need to have in home?
07:23
<maldridge>
I want to have a base home directory that is immutable, that users can modify so that programs don't die, but I don't have reason to keep the data around
07:23
<quinox>
unless you start them with separate profiles
07:24
<maldridge>
long story short, I'm trying to prevent steam from seeing itself so that it isn't downloading 100 copies of the same game given that I have 100 terminals logged in as the same user (using fatclients here)
07:25
so my "solution" would be to have a read only home folder, but with a writable layer that steam could make its changes to, and then when the user logs out the changes get dumped
07:25
<muppis>
So you have pre-downloaded Steam content which you want show every user, but you don't want save users content to homes?
07:26
<maldridge>
more specifically, I don't want steam setting its global lock files
07:26
<muppis>
Makes sense.
07:26
<maldridge>
as when it sets those it kicks everyone out of the games, thus defeating predownloading them
07:30
<muppis>
I think you get an idea when look around settings how root is published via nbd and get yourself familiar with squashfs and aufs.
07:31
<maldridge>
so you agree that this is possible with squashfs/aufs ?
07:31
<muppis>
Yes.
07:32
aufs is the key.
07:32
<maldridge>
cool, is there a good place for reading up on that, or should I just wade into the configuration of my running setup
07:35
<muppis>
If you don't already know how nbd, squashfs and aufs works, you can wade in.
07:36
Those quite simple tools to use, so they manual pages are good starting point.
07:39
<maldridge>
ok, are there any gotchas I should be aware of adding those into the glue that is already provided by ltsp?
07:40ricotz has joined IRC (ricotz!~rico@ubuntu/member/ricotz)
07:41work_alkisg is now known as alkisg
07:41
<muppis>
Not really. Just make backups from any configuration file you touch, so you can feel safe.
07:42
And of course use seperate conf file when ever possible.
07:42
Pointing to nbd to be exact.
07:43ricotz has left IRC (ricotz!~rico@ubuntu/member/ricotz, Client Quit)
07:43
<alkisg>
maldridge: if you don't want any user changes saved, you can use the cow feature of nbd
07:43
It's like nbd+overlayfs all in one
07:43ricotz has joined IRC (ricotz!~rico@p5B2A8ECF.dip0.t-ipconnect.de)
07:43ricotz has joined IRC (ricotz!~rico@ubuntu/member/ricotz)
07:44
<alkisg>
I.e. you create a user on the server, let's call him "user"
07:44
Then you dd a file as his home folder, let's say 5 GB
07:44
then you loop mount it in /home/user, login as that user, install steam, do things
07:44
When you're done, you publish the loopback file with nbd in cow mode
07:45
Done, each client sees a different copy and changes are not saved
07:45
copyonwrite=true is the relevant directive of nbd-server
07:47
<maldridge>
very cool
07:47
so nbd is looking at litteral disk images, i.e. a *.img
07:47
correct?
07:48
<alkisg>
Yes nbd serves block devices
07:48
Not file systems
07:48
I.e. you can't do that with a directory /home/user/, you can only do it with a file /home/user.loopbackimage
07:49
<maldridge>
so I should create a disk image that is large enough to hold steam's files, then make the base home folder in that? My appologies for asking very similar questions, nbd is a different angle of serving things than I'm used to
07:51
<alkisg>
dd if=/dev/zero of=/home/user.img bs=1G count=5
07:52
mkfs.ext4 /home/user.img
07:52
mount -o loop /home/user.img /home/user/
07:52
Login as user etc etc
07:53
<maldridge>
cool
07:53
<alkisg>
Remember that it shouldn't be in use (i.e. it should be unmounted) when nbd is serving it
07:53
The nbd cow mode is better than the +aufs or +overlayfs mode, because it's a "native" file system, not an overlay, and thing don't break as often as in overlays (wrt locks etc)
07:54
The down side is that if you don't use encryption, then the data travels unencrypted through the network
07:55
<maldridge>
meh, the network this will run on is air gapped from the rest of the facility, I'm not that concerned about security here
07:55
<alkisg>
You could also probably use Ubuntu's "encrypted home folder" technology, afaik it uses block devices, but I haven't looked into it
07:56
If you're not concerned about security, plain cow nbd is just fine
07:58
<maldridge>
ok, so now for the last gap in my understanding, how do I get ltsp to attach this volume as the user's home folder
07:58
<alkisg>
Do you want to do that on boot or on login?
07:58
I.e. a user logs out and then in again, do you want him to see the previous changes?
07:58
<maldridge>
probably on login, logging out should nuke the state of the terminal
07:59
<alkisg>
Then you need a script, ltsp doesn't yet have the ability to do that via lts.conf
07:59
A script in ldm/rc.d
07:59
That would call nbd-client and then mount
07:59
<maldridge>
so I register this script to be run on a login? or is it just always running
08:00
my understanding of ldm/rc.d is that you just get to run things in parallel there
08:00
<alkisg>
You can do it conditionally with a new lts.conf variable
08:00
Check /usr/share/ldm/rc.d/I01-nbd-checkupdate
08:00
It's vaguely related to what you want
08:00
I.e. it uses nbd-client
08:01
You would need a X00-mount-nbd-home
08:02
<maldridge>
for comparison, if I wanted to do this at boot, that would be with the FSTAB entries in lts.conf right?
08:02
<alkisg>
You would need INIT_COMMAND_01="nbd-client mount..."
08:02
and INIT_COMMAND_02="mkdir /home/user"
08:03
and FSTAB_1="/dev/nbd1 /home/user ..."
08:03
<maldridge>
ok
08:46
so I have built my disk image, and now I'm trying to just mount it on localhost but running into a Connection refused error, is there a good way to find out why it was refused
08:46
<alkisg>
Don't run both nbd-server and nbd-client on the same host, it's prone to deadlocks
08:46
Check your nbd-server configuration and syslog
08:47
<maldridge>
oh, how should I get root on the client then, as I can't test from my laptop
08:52
<alkisg>
!screen_02
08:52
<ltsp>
screen_02: To get a root shell on an Ubuntu thin client: https://help.ubuntu.com/community/UbuntuLTSP/ClientTroubleshooting#Using_a_shell_SCREEN
08:52
<alkisg>
!kvm
08:52
<ltsp>
kvm: Virtual thin client: kvm -vga-vmware -ctrl-grab -no-shutdown -net nic,model=virtio -net user,tftp=/var/lib/tftpboot,bootfile=/ltsp/i386/pxelinux.0
08:55
<maldridge>
oh, while I'm thinking about it, in your ubuntu pnp page, you have dnsmasq in the installs list twice, and a few of those pacakges aren't listed, jsyk
08:55
<alkisg>
!ltsp-pnp
08:55
<ltsp>
ltsp-pnp: ltsp-pnp is an alternative (upstream) method to maintain LTSP installations for thin and fat clients that doesn't involve chroots: https://help.ubuntu.com/community/UbuntuLTSP/ltsp-pnp
08:55
<alkisg>
maldridge: where exactly?
08:56
apt-get --yes --install-recommends install dnsmasq ltsp-server-standalone ltsp-client ldm-ubuntu-theme
08:56
No duplicate dnsmasq there
08:56
And which package isn't listed?
08:56
<maldridge>
https://help.ubuntu.com/community/UbuntuLTSP/ltsp-pnp 4th line in the inset installation block
08:56
and its ltsp-config
08:57
<alkisg>
maldridge: that's a separate command
08:57
The command is `ltsp-config dnsmasq`
08:57
It doesn't install packages
08:57
It runs an ltsp command called "ltsp-config"
08:57* maldridge applies a desk liberally to his head
08:57
<alkisg>
:)
08:58
<maldridge>
I must have spent at least a half hour trying to figure out if I'd messed up the PPA trying to find ltsp-config in a repo...
09:06
somewhere I've missed something, how to I specify the mount on the client side?
09:08
<alkisg>
With the custom script
09:09
mount /dev/nbd1 /home/user
09:10
<maldridge>
that part makes sense, I'm a bit before that though, I can't figure out how to create /dev/nbd1
09:10
<alkisg>
!nbd-client
09:10
<ltsp>
nbd-client: To try mounting the NBD image from the client initramfs: nbd-client 192.168.67.1 -N /opt/ltsp/i386 /dev/nbd0
09:10
<maldridge>
all the guides seem to specify by port number
09:12
oh, it tries to create the map file and then gets a permission denied
09:13
<alkisg>
check nbdswapd
09:13
create a symlink like that elsewhere where the nbd user has permissions
09:25
<maldridge>
huh, I can manually mount it, but it won't mount during boot
09:25
its quite early though, I don't think I shall try to continue troubleshooting this tonight
10:05telex has left IRC (telex!teletype@freeshell.de, Remote host closed the connection)
10:06telex has joined IRC (telex!teletype@freeshell.de)
10:13alkisg is now known as work_alkisg
10:58cyberorg has left IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg, Ping timeout: 246 seconds)
11:06cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)
12:42gbaman has joined IRC (gbaman!~gbaman@2.29.16.44)
12:59gbaman has left IRC (gbaman!~gbaman@2.29.16.44, Remote host closed the connection)
14:25gbaman has joined IRC (gbaman!~gbaman@2.29.16.44)
15:07gbaman has left IRC (gbaman!~gbaman@2.29.16.44, Remote host closed the connection)
15:47gbaman has joined IRC (gbaman!~gbaman@2.29.16.44)
16:11gbaman has left IRC (gbaman!~gbaman@2.29.16.44, Remote host closed the connection)
16:47gbaman has joined IRC (gbaman!~gbaman@2.29.16.44)
17:31nahoskins has joined IRC (nahoskins!~nahoskins@64.147.84.76)
17:34gbaman has left IRC (gbaman!~gbaman@2.29.16.44, Remote host closed the connection)
19:46gbaman has joined IRC (gbaman!~gbaman@2.29.16.44)
20:03telex has left IRC (telex!teletype@freeshell.de, Remote host closed the connection)
20:04telex has joined IRC (telex!~telex@freeshell.de)
20:18ricotz has left IRC (ricotz!~rico@ubuntu/member/ricotz, Quit: Ex-Chat)
20:41AlexPortable has joined IRC (AlexPortable!uid7568@gateway/web/irccloud.com/x-emwaqmyogwnokblj)
21:54gbaman has left IRC (gbaman!~gbaman@2.29.16.44, Remote host closed the connection)
22:03gbaman has joined IRC (gbaman!~gbaman@2.29.16.44)
22:07vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
22:56TheProf has joined IRC (TheProf!~TheProf@TOROON47-1176243489.sdsl.bell.ca)
23:04gbaman has left IRC (gbaman!~gbaman@2.29.16.44, Remote host closed the connection)
23:06
<TheProf>
Hello! I hope you're all well. I'm running Edubuntu in our school and it's working perfectly. I'm about to launch a new computer lab and adding 30 more computers is too much for our server, so I'd like to have the computer lab machines be fat clients while the others remain thin clients. I thought that LTSP-pnp is the way to do it but I'm seeing different instructions online for how to go about it so I'm confused. Could you help clarify
23:15
<maldridge>
TheProf: you've read this guide?
23:15
!ltsp-pnp
23:15
<ltsp>
ltsp-pnp: ltsp-pnp is an alternative (upstream) method to maintain LTSP installations for thin and fat clients that doesn't involve chroots: https://help.ubuntu.com/community/UbuntuLTSP/ltsp-pnp
23:16
<maldridge>
and all your clients are of the same architecture?
23:18TheProf has left IRC (TheProf!~TheProf@TOROON47-1176243489.sdsl.bell.ca, Ping timeout: 256 seconds)
23:21
<maldridge>
well, ok
23:26TheProf has joined IRC (TheProf!~chatzilla@TOROON47-1176243489.sdsl.bell.ca)
23:27
<TheProf>
maldridge: sorry my irc client seemed to have crashed on me. Switched to another one.
23:27
All my clients are identical hardware yes.
23:28
maldridge: Thank you for the link. I saw that link and I guess I was confused as it contains instructions for how to install LTSP and LTSP-pnp. But I already have LTSP running, so I wasn't sure which steps to complete and which steps to skip. As I didn't want to mess up my existing installation.
23:29
<maldridge>
my understanding is that they differ pretty much only in image creation steps
23:29
you'd want to modify the lts.conf file so that clients become fat clients after some point
23:30
<vagrantc>
you should be able to get rid of your classic ltsp chroot and image built from that and just use the image generated from your server for both thin and fat clients.
23:30
<TheProf>
Right. There's a TRUE/FALSE setting or a RAM threshold setting in lts.conf
23:31
<vagrantc>
unless you have i386 clients
23:31
then you'd probably want to keep both, which is doable.
23:31
<TheProf>
vagrantc: OK thank you. Is the getting rid of the classic ltsp chroot part of those instructions that maldridge shared?
23:33
The hesitation I had with the fat clients was in the non-ltsp-pnp method the thin clients get Internet access directly. Is this true with the pnp method? Because we have had many times in the school in the past people disconnecting the thin clients and plugging their laptops right into the network port.
23:33
In the past nothing would happen, which was wonderful. With the ltsp-pnp setup would they suddenly have access?
23:35
<vagrantc>
you'd need to provide routing to the fat clients
23:35
so you've got a server with two NICs ?
23:36
you could configure it to only allow the fat clients to route to the network
23:36
alternately, they would need to use a proxy, if all they need is network access
23:37
<TheProf>
vagrantc: Yes my server has two NICs. Could that configuration be done by specifying MAC addresses in lts.conf for the fat clients?
23:37
<vagrantc>
er, all they need is web access
23:37
<TheProf>
Right, web access.
23:38
<vagrantc>
you would need to set up firewalling or http proxy access above and beyond configuration in lts.conf
23:38
<maldridge>
yeah, but that's a nice one liner in iptables
23:38
alternatively, you could just not assign dhcp to anything you don't already know about
23:38
<vagrantc>
maldridge: a one-liner that allows the fat clients through but not random people's laptops?
23:39
<maldridge>
no, to grant web access only
23:39
a dedicated student is going to get through regardless of what you do unles you are doing packet inspection and breaking ssl at the edge, which is questionbly legal in many regions
23:39
<vagrantc>
if laptops got web access, i don't think it would solve the concern...
23:40
<TheProf>
This is an elementary school so it is unlikely to be any advanced hacking happening. It is more to provide a reasonable hurdle for those doing things like this.
23:40
<maldridge>
yeah, but short of locking ethernet connectors (do those exist?) you can't protect against someone taking the identity of a thin client
23:41
<vagrantc>
TheProf: the reasonable hurdle wold be to only hand out DHCP addresses to known machines
23:41
<maldridge>
TheProf: oh, in that case you could just do static DHCP and be fine, the odds of a primary school kid being able to poison arp are probably pretty slim
23:42
<TheProf>
maldridge: and to answer your question, ethernet port locks exist :) http://www.padjack.com/padjack-versions/padjack-sve-rj45-lock/
23:43
OK so that's the solution -- static dhcp to known machines.
23:43
<vagrantc>
it doesn't even have to be static DHCP, you could still use dynamic dhcp to specific machines
23:43
one less bit of configuration
23:44
<TheProf>
vagrantc: sorry I may be using the wrong terminology. OK
23:45
Will this utilization of DHCP affect the setup for ltsp-pnp?
23:45
<maldridge>
vagrantc: cool, but not quite what I was thinking
23:45
TheProf: no
23:45
<TheProf>
maldridge: Great.
23:45
<maldridge>
you're basically just telling the dhcp server to not talk to any machine it doesn't recognize
23:49
<TheProf>
maldridge: Makes sense. I'll start with that -- if all the thin clients boot up correctly after the changes to DHCP then I'll move to the ltsp-pnp so I don't have too many variables changing.
23:49
<maldridge>
good plan
23:49
<TheProf>
So on this page https://help.ubuntu.com/community/UbuntuLTSP/ltsp-pnp I believe I'm going to skip the section called 'installation' and start at the 'generating the client image'
23:49
<maldridge>
you should probably add the ppa and update, it includes lots of nice patches that havent' made it into ubuntu's build yet
23:50
<TheProf>
But do I need to run the IPAPPEND=3 step?
23:50
<maldridge>
only if you are using a proxymode dhcp server
23:50
if you are in control of the master dhcp server for this segment, you can ommit that line
23:51
<TheProf>
maldridge: OK. Hmm.. with respect to your recommendation to add the ppa and update -- will it break the existing installation? Or will it 'notice' the existing items in edubuntu and then update as needed?
23:51
<maldridge>
it shouldn't break anything
23:51
didn't on my setup at least
23:52
<TheProf>
Good news.
23:52
<maldridge>
I'm not really aware though of what edubuntu puts into ltsp though, so I can't speak authoritatively on that
23:52
<TheProf>
Fair enough.
23:54
<maldridge>
I don't think it should, looking at it edubuntu looks like 4 packages that just get installed on top of regular ubuntu
23:54
*4 metapackages
23:54
<TheProf>
It all looks fairly straightforward -- the only daunting part is the "to tell dnsmasq to function as a DNS server as well"
23:54
<maldridge>
eh, this may be the point where you should migrate off of dnsmasq depending on how far you are planning to scale out
23:56
<vagrantc>
TheProf: you'll still need to install the ltsp-client package
23:56
for 60 clients, dnsmasq should be fine
23:57
<TheProf>
I didn't realize there was a limit of sorts. Our entire building won't have more than 80 computers at the end.
23:57
<maldridge>
TheProf: the limit is more in how you can configure things
23:57
<TheProf>
Or in total I mean.
23:58
<maldridge>
example: I have each lab on its own subnet, but these are all being served out by one dhcp server, depending on the lab it boots a different image, or has different network access allowances
23:58
<TheProf>
maldridge: OK I have seen examples of that before.
23:59
<vagrantc>
TheProf: there is a bug with dnsmasq's DHCP implementation that has issues with hundreds of clients booting simultaneously
23:59
TheProf: but if there's even half a second between each boot, it's fine