IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 23 October 2018   (all times are UTC)

00:04GodFather has left IRC (GodFather!~rcc@2600:1009:b029:237a:e156:e8e4:188c:661b, Ping timeout: 264 seconds)
00:08lucascastro has left IRC (lucascastro!~lucascast@177-185-139-186.isotelco.net.br, Remote host closed the connection)
00:41adrianor1 has joined IRC (adrianor1!~adrianorg@187.113.246.204)
00:45adrianorg has left IRC (adrianorg!~adrianorg@177.18.50.89, Ping timeout: 264 seconds)
03:02GodFather has joined IRC (GodFather!~rcc@174-081-217-069.dhcp.chtrptr.net)
05:40kjackal has joined IRC (kjackal!~quassel@2a02:587:3101:400:25fc:2b81:5716:a939)
06:00alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 252 seconds)
06:01ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
06:02alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
06:11alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 264 seconds)
06:24alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
06:35kjackal has left IRC (kjackal!~quassel@2a02:587:3101:400:25fc:2b81:5716:a939, Ping timeout: 252 seconds)
07:29alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Read error: No route to host)
07:30alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
07:47jgee has left IRC (jgee!~jgee@190.159.118.121, Ping timeout: 252 seconds)
07:55alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Read error: Connection reset by peer)
07:56alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
09:08kjackal has joined IRC (kjackal!~quassel@2a02:587:3101:400:8c1b:8441:9019:ed7a)
09:22Da-Geek has joined IRC (Da-Geek!~Da-Geek@135.196.42.4)
09:34Da-Geek has left IRC (Da-Geek!~Da-Geek@135.196.42.4, Quit: Leaving)
10:17adrianorg has joined IRC (adrianorg!~adrianorg@186.213.153.215)
10:20adrianor1 has left IRC (adrianor1!~adrianorg@187.113.246.204, Ping timeout: 252 seconds)
10:23
<enaut[m]>
vagrantc: would you be willing to look over the things I did to ltsp-manager? Any "do's" I missed any "don'ts" I did?
10:24
See this branch: https://code.launchpad.net/~franz-die/ltsp-manager/+git/ltsp-manager/+ref/testing-meson
10:27
alkisg, vagrantc: I'm thinking about moving ltsp-manager forward to the account manager state. I looked around on how to better implement the root tasks of adding and removing users/groups
10:28
I found that the dbus interface org.freedesktop.Accounts offers account creation and deletion but not group management.
10:29
It might be planned to do all this with the sssd service but thos plans are not yet in code.
10:31
So I think it would be best to write an own dbus service (that also implements the file-sharing) and uses the existing dbus interfaces where possible.
10:32
That said this new account-manager will need a new name :) - do you have any suggestions for this?
10:37
Oh and if any improvements to my suggestions could be made I'll be happy to consider them.
11:23
<alkisg>
enaut[m]: yeah I think we've looked into accountsservice in the past, and found it was inadequate then too, that's why we resorted to adduser/deluser etc
11:23
Writing your own dbus service just for your own app... i'm not sure if that has any benefits
11:38spaced0ut has left IRC (spaced0ut!~spaced0ut@unaffiliated/spaced0ut, Ping timeout: 252 seconds)
11:42lucascastro has joined IRC (lucascastro!~lucascast@177-185-139-186.isotelco.net.br)
12:01
<enaut[m]>
Well that dbus service would run as root while the app can be run as normal user... requiring a password when needed. - or did I missunderstand something there?
12:02Faith has joined IRC (Faith!~Paty_@unaffiliated/faith)
12:09
<alkisg>
enaut[m]: ah sure, if you're talking policykit and running gui apps without root etc etc, you're right
12:10
A dbus service can also function as a semaphore between multiple guis, i.e. that they wouldn't be able to add the same user at the same time
12:12
<enaut[m]>
yep thats exactly the thing... I doubt that I get it to the general gnome user service though
12:13
<alkisg>
As for name... how about gum, a gtk user manager :P And it's easy to find an icon for that :P
12:17
<enaut[m]>
sounds better than everything I have come up with
12:35GodFather has left IRC (GodFather!~rcc@174-081-217-069.dhcp.chtrptr.net, Ping timeout: 252 seconds)
14:05spaced0ut has joined IRC (spaced0ut!~spaced0ut@unaffiliated/spaced0ut)
15:31vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
16:07GodFather has joined IRC (GodFather!~rcc@2600:1007:b02a:abdd:e156:e8e4:188c:661b)
16:20spaced0ut has left IRC (spaced0ut!~spaced0ut@unaffiliated/spaced0ut, Ping timeout: 264 seconds)
16:20spaced0ut has joined IRC (spaced0ut!~spaced0ut@unaffiliated/spaced0ut)
16:28GodFather has left IRC (GodFather!~rcc@2600:1007:b02a:abdd:e156:e8e4:188c:661b, Ping timeout: 250 seconds)
16:43bwicksall has left IRC (bwicksall!~bwicksall@fw.pls-net.org, Ping timeout: 252 seconds)
16:46GodFather has joined IRC (GodFather!~rcc@2600:1007:b02a:abdd:e156:e8e4:188c:661b)
16:51GodFather has left IRC (GodFather!~rcc@2600:1007:b02a:abdd:e156:e8e4:188c:661b, Ping timeout: 264 seconds)
16:57
<mwalters>
yaum
17:03lucascastro has left IRC (lucascastro!~lucascast@177-185-139-186.isotelco.net.br, Remote host closed the connection)
17:03GodFather has joined IRC (GodFather!~rcc@198.111.167.146)
17:27adrianor1 has joined IRC (adrianor1!~adrianorg@177.134.56.11)
17:30adrianorg has left IRC (adrianorg!~adrianorg@186.213.153.215, Ping timeout: 244 seconds)
17:32lucascastro has joined IRC (lucascastro!~lucascast@170.78.53.20)
17:45adrianor1 has left IRC (adrianor1!~adrianorg@177.134.56.11, Ping timeout: 240 seconds)
17:46
<spaced0ut>
when im done with this project i'm going to contribute to current documentation if you guys want. an examples section would be incredibly useful. i cant imagine more than a few paths someone would want to start out on
17:47
<alkisg>
You'll be surprised how many say that and when they're finished we don't hear back from them :D
17:47
<spaced0ut>
probably cause they never figure out how to finish
17:47* mwalters whistles
17:48
<mwalters>
Not sure if anyone cares, but ltsp seems to play nice freeipa
17:48
and vice versa
17:48
I was able to log in with a freeipa user on a fatclient
17:48
screen locking worked
17:49
it's definitely a bit of a bear to set up (at least on ubuntu...)
17:49
<spaced0ut>
that sounds very useful for some use cases. i'm still trying to figure out the most simple one. a single autologged in user where the home directory is set in the chroot but changes made by clients are not saved.
17:50
i can't find any examples on COW and the nbd-server man page is flat out broken
17:51
<mwalters>
You jsut want the desktop reset everytime?
17:51
<spaced0ut>
yes
17:51
<mwalters>
do you want temporary storage in the home dir?
17:51
<spaced0ut>
i dont care. as long as its not permanent storage
17:51
<mwalters>
so they don't need to be able to save stuff
17:51
<spaced0ut>
nope
17:51
<mwalters>
make the home dir read only?
17:51
<spaced0ut>
in the permissions on the server?
17:51
<mwalters>
yup
17:52
<spaced0ut>
causes issues with chrome and caja
17:52
<mwalters>
oic
17:52
<spaced0ut>
does that make sense?
17:52
<mwalters>
it does
17:52
I bet chrome yells about the profile being locked or some silliness
17:52
<spaced0ut>
i'm sure there would be more issues than that. those were just two things screaming in my face as soon as i booted
17:52
<mwalters>
sure
17:53
that was more a random thought, than a firm recommendation ;)
17:54
<spaced0ut>
so i modified the file that checks for LOCAL_APPS and if its in the lts.conf it uses sshfs to mount the home directory on the server. i accidentally messed it up the one time and found that an invalid command there gives me almost what im looking for haha
17:55
<alkisg>
(08:47:28 μμ) spaced0ut: probably cause they never figure out how to finish ==> no no i'm talking about persons that get help and finish properly
17:55
Over the years I think there were more than 100 of them...
17:55
<mwalters>
The only thing I have to contribute is bad advice and maybe an occasional meme
17:56
but I'll chill in the channel at least ;)
17:57
In any case, I think we've decided on ditching our business office windows desktops. Gonna set up our windows server as an RDP server and replace the windows desktops with LTSP boxes with remmina
17:57adrianorg has joined IRC (adrianorg!~adrianorg@179.179.74.252)
17:58
<mwalters>
I just can't see an argument for maintaining these 4 windows boxes. Even with WSUS, updates are a nightmare. Previous IT manager didn't update them since Jan 2017... The moment I tried to get them up to date, they started update looping. I'm done with you, MS!
17:59
That'll bring our ltsp client count up to 30 at this office
17:59spaced0ut_ has joined IRC (spaced0ut_!~spaced0ut@unaffiliated/spaced0ut)
18:00
<mwalters>
48 total across all offices I think
18:00
<spaced0ut_>
but after taking a step back and looking at what i need... i might just need to pxe boot an image. ltsp makes getting most of the way there extremely easy
18:01spaced0ut has left IRC (spaced0ut!~spaced0ut@unaffiliated/spaced0ut, Ping timeout: 268 seconds)
18:01spaced0ut_ is now known as spaced0ut
18:02kjackal has left IRC (kjackal!~quassel@2a02:587:3101:400:8c1b:8441:9019:ed7a, Ping timeout: 260 seconds)
18:04
<mwalters>
oh, freeipa also solves password resets... has a web interface that regular users can log into to reset their own password
18:04
:%s/reset/change
18:05
hell, I think you can plug in your ssh keys and junk too
18:05
That's p cool
18:06
...I think they can also delete themselves, out of the box... D:
18:06
...no, it just lets you click it... lol
18:13
<alkisg>
(08:48:36 μμ) mwalters: I was able to log in with a freeipa user on a fatclient (08:48:42 μμ) mwalters: screen locking worked ==> that's because of ldm/ssh, not of freeipa
18:13
The client authenticates via ssh to the server, and the server uses freeipa
18:13GodFather has left IRC (GodFather!~rcc@198.111.167.146, Ping timeout: 240 seconds)
18:14
<mwalters>
yeah, I wasn't sure of how that all worked, given the copy of the shadow file or whatever for fat clients
18:14
In any case... so far this seems like a good solution for auth across multiple servers
18:15
It's probably easier to set up if you use fedora or centos as the original devs did ;)
18:15
<alkisg>
mwalters: dont you have a master server there? One of the four?
18:15
<mwalters>
They're all separated by wan
18:15
they're all independent right now
18:15
<alkisg>
So when you add a user to one server, how do the other servers get the user?
18:15
<mwalters>
and we just sync the home folders
18:16
I ssh to those ones and add it :D
18:16
<alkisg>
Haha, why do you need freeipa then?
18:16
<mwalters>
because I want that to not be how it works
18:16
<alkisg>
OK, I was asking about the desired result
18:17
I.e. that one of them will need to be the "domain controller" or however else it's called
18:17
<mwalters>
Ideally, I just want to manage users in one location. We have some pretty strict termination procedures... doing things 4 times over is just asking to screw it up
18:17
<alkisg>
And the others would autosync with that, and use caching
18:17
<mwalters>
oh, right now I'm planning on just using a single DC/Domain primary... whatever FreeIPA's terminology is
18:17
<alkisg>
Because if you omit the sync/caching, you already can tell ltsp to authenticate against any server you want, even remote ones
18:17
<mwalters>
orly
18:18
WAN failure here is pretty uncommon, so the credential caching isn't a huge thing for us
18:18
<alkisg>
Sure, e.g. you can have "local" nfs home dirs, and authenticate against the master server
18:18
The authentication is a few kb only
18:18
So it's not a matter of speed or bandwidth
18:18
It's just an ssh
18:18
<mwalters>
yeah, we have big fat pipes... 100/100 here, 1gb/1gb at two other remotes... and like 250/10 at the other
18:19
a couple kb is nothing ;)
18:19
<alkisg>
Eh, then you don't need freeipa, just plain ltsp
18:19
<mwalters>
this is just pam over ssh or something?
18:19
<vagrantc>
spaced0ut: i think you could probably just create a hook that creates the autologin homedir before the localapps stuff runs
18:19
<alkisg>
!nfs
18:19
<ltsp>
nfs: to enable NFS home directories for localapps and fat clients, install nfs-kernel-server on your server, nfs-common on your client (don't forget ltsp-update-image), and put this in lts.conf: FSTAB_1="server:/home /home nfs defaults,nolock 0 0"
18:19
<vagrantc>
spaced0ut: then it wouldn't mount the homedir and just use the ram on the client
18:19
<alkisg>
This gives you "local" nfs homes
18:19
<vagrantc>
spaced0ut: and if you wanted it to be clean between sessions, it could delete it first
18:19
<alkisg>
LDM_SERVER=master-server
18:20
This gives you centralized authentication. Done.
18:20
<mwalters>
interesting
18:20
and they'd have the same UIDs on the secondary servers?
18:20
(that's another annoyance of the current set up)
18:20
<alkisg>
The secondary servers won't care about uuids
18:20
It's just NFS, you can use it without name mapping
18:20
The ltsp clients get their uids from the server, so it's fine
18:21
<vagrantc>
as long as all the servers get the same uid/gid ...
18:21
<mwalters>
interesting
18:21
yeah, this would be great... freeIPA is a total beast... that we don't *really* need, but managing auth across 4 servers makes me dizzy
18:22
<alkisg>
Password setting can be done with remoteapps and gnome-about-me or mate-about-me etc
18:22
<mwalters>
So /home still exists across all 4 servers, but is mounted via NFS vs however it's mounted out of the box... and the LDM_SERVER handles authentiacation and rights to the home dirs?
18:23
<vagrantc>
is alkisg really suggesting mounting homedirs over the internet over NFS?
18:23
<alkisg>
No, they would be local to the locations
18:23
4 locations, 4 nfs servers
18:23
<vagrantc>
got it
18:23
and the 4 servers are kept in sync some other way?
18:23
<mwalters>
yes
18:24
think we're using ldsync right now
18:24* alkisg has helped several people with similar setups...
18:24
<mwalters>
which runs way faster than I can run adduser on 4 servers... which causes weird permissions results ;)
18:25
<vagrantc>
yeah, keeping accounts synced across machines needs real tools
18:25kjackal has joined IRC (kjackal!~quassel@2a02:587:3101:400:8c1b:8441:9019:ed7a)
18:25
<alkisg>
Well if the servers are mirrors (starting from the same cloned installation), you could even use cp passwd, as shadow wouldn't matter, only the master server shadow would be used
18:26
(i.e. if you want to be able to match uid/names even locally)
18:26
<mwalters>
They're not, as they exist right now... but yeah, I'm cloning a VM for the 18.04 update
18:27
so it'll be a "from scratch" set up
18:27
<alkisg>
But the idea would be that the users wouldn't ever login to the secondary servers; no user accounts would be needed there; just home dirs
18:27
<vagrantc>
LDM always logs into the same server, but the homedir may be on another server?
18:27
<mwalters>
and there's no possibility of those users having access to another user's homedir?
18:27
<alkisg>
Yes, if /home/username is already mounted, it's not remounted via ldm
18:28
No, uuids still prohibit them
18:28
<mwalters>
xlnt
18:28
<alkisg>
*uids
18:28
<mwalters>
Nice.
18:28
<alkisg>
Meh why do i keep typing uuids :D Too much disk partitioning lately :D
18:28
<vagrantc>
simply having the homedir present can prevent the mount, or does it need to be a distinct mountpoint?
18:28
<mwalters>
This is a huge help. I really wasn't looking forward to using freeipa ;)
18:29
<alkisg>
If the homedir is not in the NBD cow, it's considered to be already mounted, and thus skipped
18:29
stat /home/username vs stat /
18:29
I specifically put the test there for nfs home, local home etc (i.e. even local disks on the clients themselves)
18:31
<vagrantc>
ah, that's why in a kiosk you would need to mount something there?
18:32
just having the directory present won't work
18:32
guess you could just mount a straight tmpfs
18:33
i definitely remember setting up a kiosk-like thing at some point, but i didn't use LDM at all
18:33
just lightdm and autologin and created the homedir on boot
18:33
<alkisg>
Right, I've done it with a tmpfs in the past using an INIT_COMMAND in lts.conf
18:34
But I prefer a second nbd cow partition as it allows preinitialized content and caches on the server
18:34
(well, unless security is much of an issue)
18:37
<vagrantc>
right
18:37
for whatever pre-initialized content you have...
18:37
<spaced0ut>
you have an example config of a second nbd cow partition?
18:37
<vagrantc>
with no pre-initialized content, may as well use tmpfs
18:38
<alkisg>
spaced0ut: you need to use mksquashfs to create one out of the template /home/username
18:39
<vagrantc>
could also use a cow mount from another directory in the LTSP image ... but much slower to make updates to the homedir portion
18:39
<alkisg>
server-side caching also helps if temp users write a lot to /home/username, e.g. an nbd cow can cache gigabytes, while an nbd swap not
18:39
<spaced0ut>
the nbd-server man pages dont even work. there's an examples section that every command responds telling you thats a legacy command and it doesnt work
18:40
so i'm looking for "an example config"
18:40
<alkisg>
It's the same as the ones in /etc/nbd-server/conf.d
18:40
except for the cow line
18:40
<spaced0ut>
so exportname=/home/user
18:40
<alkisg>
Ah, the swap conf there would be extremely similar
18:40
<spaced0ut>
how do the clients know to mount that and where?
18:40
<alkisg>
With an nbd-client command that you'd put to ldm/rc.d
18:41
So that it's remounted on each login
18:41
(i.e. cleared, caches dropped etc)
18:42
<spaced0ut>
update an existing one and add that or create a totally new config there?
18:42
<alkisg>
new config
18:43
<spaced0ut>
im trying to grep through to see the existing one and cant find it
18:43
this would be something that would go great in the docs. i hardly have a clue how that works and there's little other reason to even know about thsi dir
18:44
<alkisg>
We don't have control over the nbd docs...
18:46
<spaced0ut>
of course not i understand that but youre tied in so tightly that an example would be insanely helpful
18:46
you have to dig so deep to even find that this directory is where the mounts are configured
18:47
maybe this is over my head and this is common knowledge to others...
18:48
<alkisg>
man nbd-server => /etc/nbd-server/config; cat /etc/nbd-server/config => /etc/nbd-server/conf.d
18:48
It indeed needs two steps to get there...
18:49
You can file bug reports against the nbd package
18:51
<spaced0ut>
i dont mean to be rude here but those steps you provided dont even come close to explaining how the ltsp image uses the /usr/share/ldm/rc.d/configs to mount the exported nbd-server directories
18:53
<alkisg>
There's no configuration in the dir you said; just code
18:53
<spaced0ut>
especially when your home directory is already mounted via sshfs from the configs in X01-localapps
18:53
<alkisg>
If you mean "documentation on the ltsp code", yeah that's rare :)
18:54
X01-localapps has code that avoids the sshfs mount when the home dir is already there
18:55
<spaced0ut>
i see
18:56
<vagrantc>
would be pretty simple to implement an option that that doesn't attempt to mount anything...
18:56
<spaced0ut>
do you have an example of something in /usr/share/ldm/rc.d/ that mounts another exported directory besides the built image? ive heard it mentioned in here a few times over the last 3 days and cant find a single example when looking it up
18:57
<vagrantc>
just write a simple script
18:57
#!/bin/sh
18:57
mount -t tmpfs tmpfs /home
18:57
#end of file
18:58
<spaced0ut>
hmm that easy huh
18:58
<vagrantc>
for a quick and dirty example ...
18:58
there are lots of corner-cases that doesn't addres, but that's a starting point
19:00jgee has joined IRC (jgee!~jgee@190.159.118.121)
19:00
<spaced0ut>
so if in my /etc/nbd-server/conf.d/config i have export /home/staticltspuser
19:00
i just would mount -t tmpfs tmpfs /home/staticltspuser
19:01
<alkisg>
It's tmpfs OR nbd, not both
19:01
<spaced0ut>
i'd expect mounting an nbd-export to look like mount ip:port:exportname
19:02
<alkisg>
2 different methods, unrelated between them
19:02
<spaced0ut>
wait i see what vagrant is saying
19:02
gonna try that
19:06
<vagrantc>
i was talking about something you could drop into /usr/share/ldm/rc.d/X00-mount-home or soemthing
19:07
or do it with FSTAB_MOUNT_HOME or INIT_COMMAND_MOUNT_HOME or soemthing like that
19:07
<spaced0ut>
yep thats exactly what im doing
19:07
<vagrantc>
doing it in ldm/rc.d/ would allow you to do things like reset it at each login
19:08
doing it in lts.conf wouldn't require updating the image
19:08
<spaced0ut>
copied the servers /home/ltspuser directory to /tmp and am mount -t tmpfs /tmp/ltspuser /home
19:09
<vagrantc>
you're getting too creative
19:10
i also may not be understanding the full context ... tmpfs would only be a good option if you can use an empty homedir
19:10
if you need it pre-populated with content, it might not be the way to go
19:12
<spaced0ut>
gotcha gotcha
19:16
<vagrantc>
i haven't experimented with alkisg's idea of using an NBD cow export, but of course it has many merits :)
19:42jgee has left IRC (jgee!~jgee@190.159.118.121, Quit: The Lounge - https://thelounge.github.io)
19:50lucas_ has joined IRC (lucas_!~lucascast@200.141.207.18)
19:50lucascastro has left IRC (lucascastro!~lucascast@170.78.53.20, Remote host closed the connection)
19:50lucas_ has joined IRC (lucas_!~lucascast@200.141.207.18)
20:28lucas_ has left IRC (lucas_!~lucascast@200.141.207.18, Remote host closed the connection)
20:42Faith has left IRC (Faith!~Paty_@unaffiliated/faith, Quit: Leaving)
21:10jgee has joined IRC (jgee!~jgee@190.159.118.121)
21:41ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
22:23kjackal_v2 has joined IRC (kjackal_v2!~quassel@ppp-2-86-54-15.home.otenet.gr)
22:23kjackal has left IRC (kjackal!~quassel@2a02:587:3101:400:8c1b:8441:9019:ed7a, Ping timeout: 264 seconds)
22:48kjackal_v2 has left IRC (kjackal_v2!~quassel@ppp-2-86-54-15.home.otenet.gr, Ping timeout: 252 seconds)