|00:55||teacher has joined IRC (teacher!a2f670de@gateway/web/freenode/ip.220.127.116.11)|
hey is there anyone here who can help me with epoptes?
i am running edubuntu and can't get the standalone clients to find the epoptes server
teacher: what have you tried so far?
basically when i go get certificates i get a timeout error
basically it can't find the server
i think i need config epoptes to find the server but not sure how
i went into config file and entered ip address
so it reads 192.168.1.xxx=server now
that needs to go the other way
you put that in the file located at /etc/default/epoptes-client right?
and i deleted the # in front of that line
and it is the other way in the file
can you ping that address from your client?
so in terminal i would do like ping <ipaddress>?
you should get something like "64 bytes back"...
PING 192.168.1.196 (192.168.1.196) 56(84) bytes of data. 64 bytes from 192.168.1.196: icmp_seq=1 ttl=64 time=0.511 ms 64 bytes from 192.168.1.196: icmp_seq=2 ttl=64 time=0.186 ms 64 bytes from 192.168.1.196: icmp_seq=3 ttl=64 time=0.205 ms 64 bytes from 192.168.1.196: icmp_seq=4 ttl=64 time=0.193 ms 64 bytes from 192.168.1.196: icmp_seq=5 ttl=64 time=0.209 ms 64 bytes from 192.168.1.196: icmp_seq=6 ttl=64 time=0.207 ms 64 bytes from
teacher@LINUX4:~$ sudo epoptes-client -c 140553966347936:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787: epoptes-client ERROR: Failed to fetch certificate from 192.168.1.196:789 teacher@LINUX4:~$
that is my error
hm, and the firewall on the server is configured to allow traffic from the client to connect?
unsure how to check that on ubuntu?
i know i downloaded a gui firewall manager but i don't remember the name
hm, if you didn't configure a firewall, you probably don't
i am starting to think it is server side though-- none of the clients will connect
in a terminal, you can run "sudo iptables -nvL"
that will tell you what the firewall state is, you are specificall concerned with "CHAIN INPUT"
on client or server?
unknown input "-nvL"
you entered that command as typed, without the quotes?
they all say policy accept
i ended up doing iptables -L
is that what i was looking for?
if they all say accept, it shouldn't be a firewall issue then
|01:12||Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)|
I'm not really sure what the issue would be then, my appologies I don't run epoptes on my network
|01:13||teacher2 has joined IRC (teacher2!a2f670de@gateway/web/freenode/ip.18.104.22.168)|
|01:13||Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas, Client Quit)|
teacher@LINUX7T:~$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination +
that is from the server
|01:13||Phantomas has joined IRC (Phantomas!~phantomas@ubuntu/member/phantomas)|
hm, not a firewall issue then
|01:16||ben_roose has left IRC (firstname.lastname@example.org, Remote host closed the connection)|
|01:20||teacher has left IRC (teacher!a2f670de@gateway/web/freenode/ip.22.214.171.124, Quit: Page closed)|
|01:28||teacher has joined IRC (teacher!a2f670de@gateway/web/freenode/ip.126.96.36.199)|
thanks for your help
sudo ufw allow out 443/tcp
I suspect that was meant for another terminal
i needed to edit the etc\host file-- now i am running
thanks for being there at least-- you are a diplomat i am proud to have for the linux community
why are you editing the /etc/hosts ?
always glad to help, some things are non-obvious
i had to redirect it to the ip addy as the server there also
ah, so your epoptes server isn't in DNC
i don't believe so
and i dont have a static ip address on the server...so every few days/ weeks we will have to reconfigure
ok, that makes sense, but is should have worked by IP
which sucks...maybe i can change the router to have the server as static
if you control the DHCP server its pretty easy to set a static address
alternatively you could install avahi on the server and clients and allow them to find each other on a *.local domain
i don't and out tech person is pretty non-tech...honestly.
so we will see?
maybe she will let
thats a good idea-- avahi
will look into that
|02:00||teacher has left IRC (teacher!a2f670de@gateway/web/freenode/ip.188.8.131.52, Ping timeout: 246 seconds)|
|02:01||teacher2 has left IRC (teacher2!a2f670de@gateway/web/freenode/ip.184.108.40.206, Quit: Page closed)|
|03:44||anthonym has joined IRC (anthonym!~anthonym@pdpc/supporter/professional/anthonym)|
Hey guys. I'm thinking of implementing LTSP in our organisation, to share terminal access to our ubuntu application server for multiple thinstations. I've got an implementation here for testing and so far it isn't too bad. My question though is this. I have multiple locations that are all linked together via vpn. How does LTSP hold up over WAN/vpn? And what would be recommended to ensure
this works optimally?
ltsp boots over the network, I'm not sure you can do that with a VPN, what is your end goal?
I need my external business locations to be able to logon to the terminal server in this office
do they have site to site VPN?
just like a windows terminal server..
the remote offices I guess will be treated as 'remote users'
if I'm not mistaken, windows terminal server needs the remote machines to already have an OS on them
ltsp was designed ot bootstrap up from bare metal into a workable system
Yeah I understand that. so I guess ltsp will only be useful for the computers here in the office.
and for the remote offices I'd need to use something like NX server?
This part here:
The client then loads Linux from the NFS mounted root filesystem (or NBD filesystem image) and starts the X Window system. At this XDMCP login manager on the LTSP server. In case of the newer MueKow (LTSP v5.x) setup, the client first builds an SSH tunnel to the LTSP server's X environment, through which it will start the LDM (LTSP Display Manager) login manager locally. From this point forward,
all programs are started on the LTSP server, but displayed and operated from the client.
thats from here: https://en.wikipedia.org/wiki/Linux_Terminal_Server_Project
so is it possible to have the remote networks boot into an LTSP environment and tunnel into the terminal server here?
one moment please
dealing with a sev1
if you were running a network topology far more complex than can be discussed here, you could do that
|04:49||eemeli has joined IRC (eemeli!3e94cd0c@gateway/web/freenode/ip.220.127.116.11)|
|04:52||ricotz has joined IRC (ricotz!~rico@p5B2A993B.dip0.t-ipconnect.de)|
|04:52||ricotz has joined IRC (ricotz!~rico@ubuntu/member/ricotz)|
|05:13||eemeli has left IRC (eemeli!3e94cd0c@gateway/web/freenode/ip.18.104.22.168, Quit: Page closed)|
|05:13||Phantomas has left IRC (Phantomas!~phantomas@ubuntu/member/phantomas, Quit: Leaving.)|
|05:15||Phantomas has joined IRC (Phantomas!~phantomas@ubuntu/member/phantomas)|
|05:16||Phantomas has left IRC (Phantomas!~phantomas@ubuntu/member/phantomas, Read error: Connection reset by peer)|
|06:10||mikkel has joined IRC (email@example.com)|
|07:06||telex has left IRC (firstname.lastname@example.org, Remote host closed the connection)|
|07:08||telex has joined IRC (email@example.com)|
|07:11||vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)|
|07:28||vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Ping timeout: 252 seconds)|
|07:49||work_alkisg has joined IRC (firstname.lastname@example.org)|
anthonym: what is your VPN bandwidth?
|09:06||ltsp has joined IRC (email@example.com)|
|09:10||ltsp has joined IRC (firstname.lastname@example.org)|
|10:10||NeonLicht has joined IRC (NeonLicht!~NeonLicht@darwin.ugr.es)|
|10:45||cyberorg has left IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg, *.net *.split)|
|10:45||elias_a has left IRC (email@example.com, *.net *.split)|
|10:45||_longines has left IRC (firstname.lastname@example.org, *.net *.split)|
|10:45||spectra_ has left IRC (email@example.com, *.net *.split)|
|10:49||cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)|
|10:51||elias_a has joined IRC (firstname.lastname@example.org)|
|10:51||_longines has joined IRC (email@example.com)|
|10:51||spectra_ has joined IRC (firstname.lastname@example.org)|
|10:53||ricotz has joined IRC (ricotz!~rico@ubuntu/member/ricotz)|
|11:04||alkisg is now known as work_alkisg|
|11:05||NeonLicht has left IRC (NeonLicht!~NeonLicht@darwin.ugr.es, Ping timeout: 246 seconds)|
|11:19||danau11 has joined IRC (email@example.com)|
|11:20||danau11 has left IRC (firstname.lastname@example.org)|
|11:28||Faith has joined IRC (Faith!~paty@unaffiliated/faith)|
|12:18||adrianorg has left IRC (email@example.com, Ping timeout: 246 seconds)|
|12:20||adrianorg has joined IRC (firstname.lastname@example.org)|
Hyperbyte: nope, not nfs
Hyperbyte: all clients are dropped into initramfs now
|12:57||mikkel has left IRC (email@example.com, Quit: Leaving)|
|13:33||uXus has left IRC (uXus!~uXus@22.214.171.124, Quit: ail bi bek)|
|13:36||uXus has joined IRC (uXus!~uXus@126.96.36.199)|
|13:44||uXus has left IRC (uXus!~uXus@188.8.131.52, Quit: ail bi bek)|
|13:47||ben_roose has joined IRC (firstname.lastname@example.org)|
|13:56||cyberorg has left IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg, Ping timeout: 255 seconds)|
|13:57||cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)|
|14:56||anthonym has left IRC (anthonym!~anthonym@pdpc/supporter/professional/anthonym, Remote host closed the connection)|
|14:57||ben_roose has left IRC (email@example.com, Remote host closed the connection)|
|14:58||telex has left IRC (firstname.lastname@example.org, Remote host closed the connection)|
|14:59||ben_roose has joined IRC (email@example.com)|
|14:59||anthonym has joined IRC (firstname.lastname@example.org)|
|15:00||telex has joined IRC (email@example.com)|
|15:04||anthonym has left IRC (firstname.lastname@example.org, Remote host closed the connection)|
|15:04||anthonym has joined IRC (email@example.com)|
zamba, any progress?
|15:39||Phantomas has joined IRC (Phantomas!~phantomas@ubuntu/member/phantomas)|
|15:54||work_alkisg is now known as alkisg|
|16:00||vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)|
Hyperbyte: not really, no
I'm home nwo.
Need help still?
vagrantc: I hope you didn't get a chance to pull r2648, I pushed --overwrite to 's/_/ /' in a comment :)
vagrantc: also, please test it with aufs when you have a chance, I removed your code in order to use the same code path as in overlayfs
oh, that'd be nice if it works
It will suffer from the same "submounts are RO" issue, but at least the code will be common
alkisg: i'm not in any position to do much testing at the moment
alkisg: boo! :P
np, just keep it in mind for the future :D
actually, we need /boot to be writeable for the tftp menu generaiton, no?
Hrm. I tested with some /home and /mnt submounts, I didn't actually test with /boot.
alkisg: the pre-conference wifi is laggy and only available for like 30 minutes a day :(
vagrantc: I don't think we're doing anything to /boot in the cleanup phase
alkisg: so overlayfs doesn't allow you to mount directories within the filesystem, is that the problem/
We want write access when ltsp-update-kernels runs, right?
I.e. in kernel-postinst, not in `ltsp-update-image -c /`...
So we should be OK if the /boot submount is RO in ltsp-update-image...
There are multiple problems with overlayfs, but yes that's the major one
if update-kernels hasn't been run, the server may not have the menus in /boot
ltsp-update-image won't solve that though in the cleanup phase
it used to
update-kernels is ran outside of the COW image
that doesn't match my experience
It ran update-kernels inside the COW view, and the boot/pxelinux.cfg subdir was removed after the COW view was discarded
Note, I'm talking about the cow view that cleanup sets up, not outside of it
so, how does it write such that the image generated has the files, but the server's /boot remains untouched, without doing it in the cow phase?
I don't see any calls to update-kernels
And in my experience, it didn't call update-kernels
I don't know why you remember that it did
merely by observation of a recent install
I even have the command listed as a manual one
For the sysadmin to execute it
well, i definitely never ran it in my recent build out, and it behaves as described
Let me check the debian ltsp-pnp wiki...
dpkg-reconfigure linux-image-3.2.0-4-486 This reports update-initramfs: Generating /boot/initrd.img-3.2.0-4-486 adding the changes above and triggers the call to /usr/share/ltsp/update-kernels.
If one runs dpkg-reconfigure, then that is what calls update-kernels...
Ah, found it, cleanup.d/50-update-kernels
i never ran that
yeah, it ran as part of cleanup.d
It's automatically ran by ltsp-update-mage -c
So yup this will fail on certain conditions
I.e. if the user has a separate /boot, and he's never ran update-kernels...
Please put update-kernels in ltsp-client-core.postinst :)
alkisg: i guess i'd rather keep aufs working
and come up with a better fix for overlayfs
OK, sorry for reverting the aufs part
I'd be glad to see a better fix for overlayfs, but I don't think that ltsp-update-image --cleanup should be the one calling update-kernels inside the COW
it's fine, that's why we have revision control! :)
I only put it there as a hack until you fixed it in packaging...
We keep pxelinux.cfg automatically updated in each kernel upgrade, I think it's sane that we initialize it to the existing kernel when ltsp-client-core is installed
It's not like we have a tool for the sysadmin to run... we modify the system automatically anyway
|16:30||vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Ping timeout: 264 seconds)|
End of 30' internet time :D
|16:33||vagrantc has joined IRC (firstname.lastname@example.org)|
|16:33||vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)|
(07:30:39 μμ) alkisg: End of 30' internet time :D
(07:29:26 μμ) alkisg: We keep pxelinux.cfg automatically updated in each kernel upgrade, I think it's sane that we initialize it to the existing kernel when ltsp-client-core is installed
Another example... if I run debootstrap and install ltsp-client (not using ltsp-build-client), I won't get pxelinux.cfg either. I think I should get it, from ltsp-client postinst
alkisg: i think it makes more sense to run at image creation time ... it's more guaranteed to be correct.
|16:41||uXus has joined IRC (uXus!~uXus@184.108.40.206)|
(no cleanup involved there)
vagrantc: then should we remove the update-kernels kernel hook as well?
it's too hot to really think this out, though
I install a VM in vbox, then install ltsp-client. I'd like my .vdi image to be directly exportable...
No image generation there at all
we'll need to use dpkg triggers with the kernel hook or something
in fact, we might want to drop the kernel hook and just use dpkg triggers
they've been available at least since wheezy, and would allow us to run various hooks at more appropriate times
just haven't wrapped my head around exactly how to test it yet
I don't understand... the update-initramfs trigger would just call our kernel postinst, won't it?
I.e. we'd still need the kernel postinst hook...
well, i'm not sure kernel postinst is the right place anymore ... because update-initramfs may get triggered and regenerate the initramfs, but that wouldn't re-run our code (though it arguably should)
dpkg-reconfigure update-initramfs calls the trigger which calls our hook, doesn't it?
triggers are not for usual execution, like a plain `update-initramfs` call, they exist for package installation/configuration etc, right>
*dpkg-reconfigure linux-image, sorry
basically, we may need to add our hooks to multiple places
Triggers are the to prevent multiple executions etc, right?
Do we expect multiple runs of ltsp-client-core.postinst?
|16:55||* alkisg reads up on dpkg triggers...|
we'll still need ways to run it manually
but i think if we hook into a few more triggers that'd be good.
|17:00||vagrantc_ has joined IRC (vagrantc_!~vagrant@unaffiliated/vagrantc)|
|17:01||vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Disconnected by services)|
To restore a package in state `triggered' to `installed', dpkg will run the postinst script: postinst triggered " ..."
|17:01||vagrantc_ is now known as vagrantc|
So the idea is to drop the kernel hook and put the code in postinst, if "triggered" is passed...
that document is also quite old ... not sure what the state of the art is
But we won't get the kernel version being installed that way
there are two ends to triggers to .. the listeners and the providers (not sure on the terms)
man deb-triggers => interest / activate
>> A package with pending triggers is not considered properly installed until efforts to notify it of the trigger event have been successful. The new state of having pending triggers is a dpkg package status of `triggered', which lies somewhere between `config-failed' and `installed'.
That does sound appropriate :)
now i remember why i have waited so long to investigate triggers properly...
It seems straightforward; we need ltsp-client-core.postinst with "activate update-initramfs\ninterest update-initramfs", and to handle "triggered" in ltsp-client-core.postinst
*we need ltsp-client-core.triggers with ...
|17:33||vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Ping timeout: 250 seconds)|
|17:36||alkisg is now known as work_alkisg|
|17:45||vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)|
|18:10||vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)|
|19:47||ricotz has left IRC (ricotz!~rico@ubuntu/member/ricotz, Quit: Ex-Chat)|
|19:48||ben_roose has left IRC (email@example.com, Remote host closed the connection)|
did that LDM HASH password fix ever make it in to ubuntu 14.04 repo?
|19:49||* championofcyrodi is looking|
last time i looked at it, the builds were failing.
|20:05||cyberorg has left IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg, Ping timeout: 264 seconds)|
|20:06||cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)|
hmmm yea... the ltsp-docs from ubuntu are still out of sync with the ltsp main...
|21:14||Faith has left IRC (Faith!~paty@unaffiliated/faith, Quit: Saindo)|
|21:38||anthonym has left IRC (firstname.lastname@example.org, Remote host closed the connection)|
|21:39||anthonym has joined IRC (email@example.com)|
|22:05||telex has left IRC (firstname.lastname@example.org, Remote host closed the connection)|
|22:06||telex has joined IRC (email@example.com)|
|22:49||gdi2k has left IRC (firstname.lastname@example.org, *.net *.split)|
|22:49||work_alkisg has left IRC (email@example.com, *.net *.split)|
|22:49||mgariepy has left IRC (mgariepy!~mgariepy@ubuntu/member/mgariepy, *.net *.split)|
|22:52||mgariepy has joined IRC (mgariepy!~mgariepy@ubuntu/member/mgariepy)|
|22:58||gdi2k has joined IRC (firstname.lastname@example.org)|
|23:00||work_alkisg has joined IRC (email@example.com)|
|23:21||work_alkisg1 has joined IRC (firstname.lastname@example.org)|
|23:22||work_alkisg has left IRC (email@example.com, *.net *.split)|
|23:44||Ark74 has joined IRC (Ark74!~Ark74@220.127.116.11.cable.dyn.cableonline.com.mx)|