IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 26 September 2019   (all times are UTC)

01:40adrianor1 has joined IRC (adrianor1!~adrianorg@179.177.213.26.dynamic.adsl.gvt.net.br)
01:44adrianorg has left IRC (adrianorg!~adrianorg@177.134.59.243, Ping timeout: 265 seconds)
03:57vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)
04:41adrianorg has joined IRC (adrianorg!~adrianorg@177.18.180.82)
04:44adrianor1 has left IRC (adrianor1!~adrianorg@179.177.213.26.dynamic.adsl.gvt.net.br, Ping timeout: 245 seconds)
04:44ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
04:49kjackal has left IRC (kjackal!~quassel@athedsl-4546118.home.otenet.gr, Ping timeout: 276 seconds)
05:01statler has joined IRC (statler!~Georg@p54897245.dip0.t-ipconnect.de)
06:10woernie has joined IRC (woernie!~werner@p50867A86.dip0.t-ipconnect.de)
06:23statler has left IRC (statler!~Georg@p54897245.dip0.t-ipconnect.de, Remote host closed the connection)
06:42kjackal has joined IRC (kjackal!~quassel@2a02:587:3107:2e00:244c:5e0a:8650:64f9)
07:22kjackal has left IRC (kjackal!~quassel@2a02:587:3107:2e00:244c:5e0a:8650:64f9, Ping timeout: 252 seconds)
07:23kjackal has joined IRC (kjackal!~quassel@athedsl-4546118.home.otenet.gr)
07:24matusiak has joined IRC (matusiak!~matusiak@nat00.zb.lnet.pl)
07:24
<meo>
alkisg: https://www.reddit.com/r/sysadmin/comments/d93h3q/psa_linux_terminal_server_project_is_no_longer/
07:25
<alkisg>
meo: great :)
07:25* alkisg never uses reddit, but understand that many do...
07:30
<alkisg>
Hmm many responses there in such a short time; maybe the new LTSP does need to focus on publicity for a while...
07:35
<meo>
I think that subreddit was just bored
07:36
but for me personally discovering the new ltsp was the biggest surprise, and it wasnt easy to figure out that it's a completely different beast from ltsp5
07:37
or that it existed at all, because no mention of it was anywhere, I essentially discovered it by googling the ltsp5 github repo and instead stepping on ltsp/ltsp
07:39
and probably a lot of distro-specific docs, and wikipedia would have to be updated..
07:48bcg has left IRC (bcg!~b@82-128-240-77.bb.dnainternet.fi, Read error: Connection reset by peer)
08:03woernie has left IRC (woernie!~werner@p50867A86.dip0.t-ipconnect.de, Remote host closed the connection)
08:05bcg has joined IRC (bcg!~b@dfx4btyyyyyyyyyyyyyyt-3.rev.dnainternet.fi)
08:36ltsp_user72 has joined IRC (ltsp_user72!6d31370f@a109-49-55-15.cpe.netcabo.pt)
08:37ltsp_user72 has left IRC (ltsp_user72!6d31370f@a109-49-55-15.cpe.netcabo.pt, Remote host closed the connection)
09:07statler has joined IRC (statler!~Georg@gwrz.lohn24.de)
09:50woernie has joined IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de)
11:20spaced0ut has joined IRC (spaced0ut!~spaced0ut@unaffiliated/spaced0ut)
11:58Faith has joined IRC (Faith!~Paty_@2001:12d0:2080::231:49)
11:58Faith has joined IRC (Faith!~Paty_@unaffiliated/faith)
11:59section1 has joined IRC (section1!~section1@178.33.109.106)
13:12gp has joined IRC (gp!~gp@96.71.93.13)
13:14
<gp>
I am having to replace a few clients that have gone bad. One in particular was an older intel nuc. I have replaced it with a newer model of the intel nuc. The new one seems to only support UEFI network boot. Is there anything I need to do specifically for UEFI booting?
13:31
<mwalters>
I regret clicking that link... a bunch of people getting super toxic over the sematics of the "T" in LTSP ;)
13:31
semantics*
13:32
reddit: not sure what I expected
13:32
<alkisg>
gp: the new LTSP supports UEFI, the old one doesn't
13:32
!install
13:32
<ltsp>
install: To install LTSP19+: https://github.com/ltsp/ltsp/wiki/installation. To install LTSP5: http://wiki.ltsp.org/wiki/Installation/Ubuntu for Ubuntu, or http://wiki.ltsp.org/wiki/Installation for other distributions
13:32
<alkisg>
mwalters: eh, the older terminals weren't remote anyway, they were local :P
13:33
There's no "thin" in LTSP :)
13:33
<mwalters>
lol
13:33
ITT: a bunch of people who do nothing poopooing someone who actually does something
13:34
thanks for all your hardwork, alkisg :)
13:34
<alkisg>
If I were signed up in reddit, I'd answer some comments there, but ... I don't feel like it
13:34
Thank you to mwalters :)
13:34
*too
13:34
<mwalters>
lol, I'm not sure it'd do any good ;)
13:35ltsp_user23 has joined IRC (ltsp_user23!b114982f@177.20.152.47)
13:38
<gp>
alkisg: thanks. 19+ is uefi + legacy out of the box? or I need to check my current version (probably a few years old as of now)
13:39
<alkisg>
gp, yes it supports both uefi and legacy, but NOT thin clients
13:39
Only fat clients
13:39
<gp>
alkisg: Ah that might be my problem. This client is set as thin. I will try fat
13:40
<alkisg>
Booting is the same for both thin and fat
13:40
I.e. ltsp5 doesn't support uefi thin nor uefi fat
13:41
<meo>
gp: ltsp5 and this ltsp are _very_ different
13:41
alkisg: I've been reading up on wayland and x2go, I wanna try and put together a thin client implementation eventually
13:41
multimedia prolly wont work
13:43
<gp>
Ah, so I was using ltsp-pnp version for clients. Looks like this is now called chrootless. I will try the newer version
13:44
alkisg: I read - In case you end up choosing Ubuntu MATE 18.04, @alkisg recommends running the following commands after installation, to avoid some problematic packages
13:44
is ubuntu 18.04 still a good choice?
13:44
or due to this should I use something else
13:45
i use ubuntu mate 16.04 now
13:48
perhaps I should just snapshot my current ltsp and try the parallel install.
13:53
<mwalters>
gp: you can get UEFI working on ltsp5, but I'm not certain anyone has the brain cycles to spare in explaining it ;)
13:53woernie has left IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de, Remote host closed the connection)
13:54
<mwalters>
in short: you need a signed grubnet elf, configure it, and then reconfigure DHCP to serve that to uefi clients
13:55
the tutorials explaining how to get a live CD to netboot should get you like 80% of the way there, I think... picking out what is relevant, or what you're missing is some of the hard part
13:55
<alkisg>
gp: ubuntu 18.04 mate with the new ltsp is a great choice
13:56* alkisg has done uefi booting in ltsp5, secure boot/kernel isn't a requirement, but yeah... no brain cycles to spare to document all this :)
13:57
<mwalters>
I'm not 100% certain you can disable secure boot on those intel nucs
13:57
(that's the same box that prompted me to open that can of worms)
13:58
<alkisg>
ipxe isn't signed either, so ltsp19+ doesn't support secureboot, unless you get a special ipxe build that is signed from microsoft; this exists, but it's not widely available
13:58
And while grubefi is signed, it's a bit of pain currently
13:58
<mwalters>
oh I forgot you're using ipxe and not grub
13:59
<alkisg>
The ipxe devs have been trying for 2 years now to get MS to sign it :)
13:59
<mwalters>
sounds about right
14:01
<gp>
mwalters: I found an option to disable secure boot. I haven't confirmed it actually works other than the UI displays an empty check box
14:02
<mwalters>
0959 mwalters | sounds about right
14:02
;)
14:05
<gp>
mwalters: that sounds like trouble. Did you get the nucs to work?
14:06
mwalters: here is a photo of the bios screen: https://photos.app.goo.gl/UJgj7SniKtbxqjap9
14:06
<mwalters>
I only have one. I did get it to work using grubnet
14:09
<gp>
Gonna see what happens with LTSP19 in a VM. If that boots the new nuc probably good to upgrade the system anyways
14:10
otherwise ill be scratching my head for awhile geting grubnet working lol
14:10
thanks all
14:36AzuresNation has joined IRC (AzuresNation!05665de9@5.102.93.233)
14:37matusiak has left IRC (matusiak!~matusiak@nat00.zb.lnet.pl, Quit: Leaving)
14:37
<AzuresNation>
Okay, complete noob alert with me. How does LTSP compare to Thistation
14:46AzuresNation has left IRC (AzuresNation!05665de9@5.102.93.233, Remote host closed the connection)
14:49
<gp>
not familiar with thistation but ive had a very positive experience with LTSP
14:54shored has left IRC (shored!~shored@87-92-122-167.bb.dnainternet.fi, Read error: Connection reset by peer)
14:54shored has joined IRC (shored!~shored@87-92-122-167.bb.dnainternet.fi)
15:03
<gp>
alkisg: I've been reading about the new work you've done. Wow!
15:03
<||cw>
thinstation is just a thin client OS, ltsp is a linux focused thin/diskless management system, with the very useful option of running the OS instance on the client which increases performance greatly linux diskless desktops
15:06
you can do a generic thin client with ltsp, it's actually how I use it, but it's not really what it's for.
15:10
<gp>
||cw: I noticed he left a few minutes after asking his question =( so he didn't get the info
15:11nethfel has joined IRC (nethfel!d13c84aa@209.60.132.170)
15:19woernie has joined IRC (woernie!~werner@p57A0EE73.dip0.t-ipconnect.de)
15:23
<nethfel>
Hi all, I'm experimenting with LTSP in a VB environment - working fairly well so far, but I'm curious - aside from configuring the master image to use some remote authentication, is there a way to add users without rebuilding the image?
15:25
<gp>
You shouldn't have to rebuild the image to add a user? Auth is server side
15:27
<nethfel>
Well, I added a user on the server box and the image was claiming user unknown
15:28
let me try it again, make sure I didn't fat finger anything
15:30
<gp>
Well, I am upgrading from LTSP5 for the first time so it could have changed. But the clients ssh into the server for auth in my setup. And users are authed on the server via ldap. But perhaps this has changed in newer versions. Probably not though
15:32
<nethfel>
I don't know - it's authenticating passwords against the server (I changed a password of a user and that worked) but a new user (johndoe) it's throwing a user unknown at me
15:35
yeah, I just created another user (testuser) that isn't in the image, and its throwing a "User testuser doesn't exist"
15:37
I haven't messed with the original LTSP in years and wanted to try it out again for a potential lab scenario. I thought all users on the master server would be authenticated, but doesn't seem so. Unless I missed a step somewhere in the install/setup
15:39
<gp>
nethfel: Sorry I can't be more helpful yet. I would hang around until someone with more experience chimes in
15:39
nethfel: I am guessing it is a configuration problem
15:41
<ogra>
nethfel, LTSP operates completely through ssh ... so if a user can ssh in it will also be able to log in on the client
15:42
(via the graphical login)
15:42
there is no need (and it is actualy discouraged) to create users in the image ... thats a security hole you really dont want to open
15:47
<alkisg>
nethfel: are you trying the old or the new ltsp?
15:47
!install
15:47
<ltsp>
install: To install LTSP19+: https://github.com/ltsp/ltsp/wiki/installation. To install LTSP5: http://wiki.ltsp.org/wiki/Installation/Ubuntu for Ubuntu, or http://wiki.ltsp.org/wiki/Installation for other distributions
15:47
<alkisg>
Which of those?
15:47
The new ltsp currently requires to run `ltsp initrd` after adding new users or updating ltsp.conf
15:48
(this only needs half a sec to run)
15:53
<nethfel>
LTSP19+, first one.
15:53
Ok, so that's where my problem is :)
15:54
well, hopefully - will the ltsp initrd command push the update to already running systems?
15:59
didn't seem to, had to reboot the client machine to get the update; I'm guessing an ldap server would work better in this scenario
16:16
<alkisg>
nethfel: we might develop a way to push ltsp.conf and passwd/group to running clients later on
16:17
But currently it's not a priority
16:17
It's just a couple of lines in a script if you put these to the nfs share
16:22statler has left IRC (statler!~Georg@gwrz.lohn24.de, Remote host closed the connection)
16:31
<nethfel>
Well, honestly, right now I'm just testing with a few VMs (one server, two client) - I really think that in a regular environment I'd probably implement an LDAP config and use that in the client image for authentication - I assume it wouldn't need to rebuild an initrd on new users added to an ldap server when using ldap for authentication?
16:37
<uumas>
nethfel: No. It's needed only for updating the local passwd file.
16:38vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
16:39
<nethfel>
That's what I assumed as that's how I remembered the old LTSP to work, but I figured I'd better ask incase something else changed too :) . I will say I really am enjoying how this new version seems VERY simple to implement and have a working environment really quick
16:39ltsp_user65 has joined IRC (ltsp_user65!69470895@dynggrab-149-8-71-105.inwitelecom.net)
16:41ltsp_user65 has left IRC (ltsp_user65!69470895@dynggrab-149-8-71-105.inwitelecom.net, Remote host closed the connection)
18:03ltsp_user23 has left IRC (ltsp_user23!b114982f@177.20.152.47, Remote host closed the connection)
19:15gp has left IRC (gp!~gp@96.71.93.13, Ping timeout: 240 seconds)
19:22statler has joined IRC (statler!~Georg@p54897245.dip0.t-ipconnect.de)
19:28uumas_ has left IRC (uumas_!uumas@kapsi.fi, Remote host closed the connection)
19:28uumas_ has joined IRC (uumas_!uumas@kapsi.fi)
19:54
<alkisg>
LTSP5 used the SSH connection to the server to get the user info; this isn't safe, it's easily exploitable. If the "add users without client reboot" functionality appears to be needed frequently, another form of retrieving the updated user list will be necessary
19:55
Long term goal could be to rewrite epoptes as an https server, and use that to control the clients too
19:55
<vagrantc>
especially using the user's own connection to determine user info
19:55
<alkisg>
Yeah, which is what ltsp5 does
19:55
<vagrantc>
i'm forgetting if ltsp19 improved on that angle?
19:55
issue
19:56
<alkisg>
LTSP 19 runs `ssh server exit`, it doesn't read any output
19:56
As long as the connection is successful, the user is authenticated
19:56
Of course, if the user has control over the tftp server or injects things etc, he can manipulate ltsp.img; but that's a different attack vector
19:57
<vagrantc>
sure
19:57
<alkisg>
(passwd is inside ltsp.img now, retrieved once at boot)
19:58
<vagrantc>
cool.
19:58
that sounds "better" :)
19:58nethfel has left IRC (nethfel!d13c84aa@209.60.132.170, Remote host closed the connection)
19:59
<vagrantc>
i need to actually try this new thing ... i've discussed and talked about it plenty, but not actually tried it :)
19:59
<alkisg>
And maybe push it to experimental and do the ltsp5 migration dance...
19:59
But... no hurry :D
19:59section1 has left IRC (section1!~section1@178.33.109.106, Quit: Leaving)
20:00
<vagrantc>
need to sort out some last issues with ltsp5 too first
20:00
<alkisg>
A school reported that booting 10 clients over 100 mbps needed 5 mins with nbd (I don't know how they lived with that), then they tried nfs + ltsploop and it needed 15 minutes, and finally nfs + the new readahead fix, and went down to 1.5 minute
20:01
<vagrantc>
yay for progress!
20:02
<alkisg>
The new LTSP feels a lot more stable, even if it's still not very mature and gets frequent updates / changes
20:03
Today I did the last thing that schools here wanted, i.e. user list customization (to only show guest01, a-01 and b-01 in pc01); so I guess things will settle down a bit
20:06woernie has left IRC (woernie!~werner@p57A0EE73.dip0.t-ipconnect.de, Remote host closed the connection)
20:10
<alkisg>
vagrantc: `ltsp initrd` puts the ltsp code plus ltsp.conf to /srv/tftp/ltsp/ltsp.img. I want to call that from our ltsp.postinst, if I detect that the target file is there (i.e. it was ran in the past); that's a bit similar to update-initramfs. Do you see anything bad in doing so?
20:13
Hmm actually it's getting late, 'night all :)
20:16
<vagrantc>
alkisg: you may want to use dpkg triggers for that
20:40kjackal has left IRC (kjackal!~quassel@athedsl-4546118.home.otenet.gr, Ping timeout: 265 seconds)
20:44gp_alt has joined IRC (gp_alt!~gp@96.71.93.13)
20:44
<gp_alt>
I am not having luck with ltsp ipxe
20:44
https://pastebin.com/21Cmrcky
20:44
LTSP command failed: wget -q https://github.com/ltsp/binaries/releases/latest/download/memtest.0 -O /srv/tftp/ltsp/memtest.0
20:45Faith has left IRC (Faith!~Paty_@unaffiliated/faith, Quit: Leaving)
20:48
<gp_alt>
Seemed like it was downloading the file. Not sure what the error was. I kept running until there were no more files to download. Here is the output:
20:48
https://pastebin.com/SLZd1Gmt
20:49
<quinox>
what about: wget https://github.com/ltsp/binaries/releases/latest/download/memtest.0
20:49
<gp_alt>
quinox: ?
20:49
<quinox>
I see 'section_list: not found', something more than just wget is wrong
20:50
<gp_alt>
quinox: oh i pasted. it is the result of ltsp ipxe
20:50
<quinox>
does /srv/tftp/ltsp exist?
20:51
<gp_alt>
That is in the paste output. Yes. After running 5 times it seems to download one file and exit. Last run indicated all files existed and it exited successfully
20:51
quinox: whoops. sorry. it is in the second paste
20:52
https://pastebin.com/21Cmrcky && https://pastebin.com/SLZd1Gmt my mistake
20:52
pastebin thought I was spam. Had to do a captcha
21:06
Hrm not getting a working boot though
21:12
quinox: ah I see that now too. bummer. I've tried root to rerun but no luck
21:12
ltsp -o ipxe -b --> https://pastebin.com/ECacHRP4
21:15
Just trying to get a hello world going at this point. So I think I'll toy with it tomorrow with fresh eyes. Thanks for the help today everyone
21:16vsuojane1 has left IRC (vsuojane1!~vsuojanen@cable-hml-585686-205.dhcp.inet.fi, Ping timeout: 268 seconds)
21:18vsuojanen has joined IRC (vsuojanen!~vsuojanen@cable-hml-585686-205.dhcp.inet.fi)
21:19gp_alt has left IRC (gp_alt!~gp@96.71.93.13, Quit: Leaving)
22:02
<meo>
section_list: not found is normal
22:04
https://github.com/ltsp/binaries/releases/latest/download/memtest.0 definitely exists so you should run wget explicitly and see what happens
22:04
aw he gooon
22:09ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
22:50vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)
23:33statler has left IRC (statler!~Georg@p54897245.dip0.t-ipconnect.de, Read error: Connection reset by peer)