IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 27 August 2019   (all times are UTC)

00:06pppingme has joined IRC (pppingme!~pppingme@unaffiliated/pppingme)
02:15mmarconm has joined IRC (mmarconm!~mmarconm@unaffiliated/mmarconm)
02:15
<mmarconm>
Hi all
02:15
ltsp its stable enough to run om company, like production ?
02:15
using 24/7 ?
03:46pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
03:51pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Ping timeout: 272 seconds)
03:53
<alkisg>
mmarconm: sure, I know of companies that run on ltsp 24/7
03:55
<mmarconm>
i tried to install ltsp again after 2 years, and nothing, did't work, i follow the wiki, tomorrow i wll try again
03:55
<alkisg>
"didn't work" doesn't work as a troubleshooting step, more details are needed ;)
03:55
<mmarconm>
i feel sad, ltsp its a amazing project, why governament and other companies dont giver more atention
03:56
<alkisg>
mmarconm: this summer I rewrote ltsp from scratch; the new ltsp will need some time to mature, but it's based on a very updated codebase now
03:57
It should be much more easily maintainable and up to date
03:57
<mmarconm>
Good
03:57
ltsp its written in C ?
03:57
<alkisg>
Shell and a bit of python
03:57
No C at all now
03:57
<mmarconm>
Python <3
03:57
i would like to help
03:57
github link ?
03:58
<alkisg>
!ltsp-source
03:58
<ltsp>
ltsp-source: at https://code.launchpad.net/ltsp
03:58
<alkisg>
No
03:58
!forget ltsp-source
03:58
<ltsp>
The operation succeeded.
03:58
<mmarconm>
how many maintainers ?
03:58
<alkisg>
!learn ltsp5-source as https://code.launchpad.net/ltsp
03:58
<ltsp>
The operation succeeded.
03:58
<alkisg>
!learn ltsp-source as https://github.com/ltsp/ltsp/
03:58
<ltsp>
The operation succeeded.
03:59
<alkisg>
Currently I'm the only one working on the new ltsp
03:59
Hopefully vagrantc will take care of the debian uploading + review
03:59
<mmarconm>
this link git clone https://git.launchpad.net/ltsp its the new one ?
03:59
<alkisg>
No, see the github one above for the new one
03:59
https://github.com/ltsp/ltsp/
03:59
<mmarconm>
Ok
04:00
i will see, and try to help
04:00
<alkisg>
mmarconm: if you're going to use the new one on production, it will only be stable if you disable updates, as updates are very frequent now
04:00
And then test updates before pushing them to the production server
04:00
<mmarconm>
Ok
04:00
i will test on Lubuntu tomorrow
04:01
the older one, worked on college with 30 pcs and a server 5 years old ddr3, i3 4 gen
04:01
fat clint, with lubuntu
04:01
<alkisg>
The requirements for fat clients are always the same as if it was a local installation
04:01
<mmarconm>
Yes
04:02
i was trying to implement on docker too
04:02
but no success
04:02* mmarconm ashamed
04:03
<mmarconm>
you and vagrant its from greece ?
04:03
<alkisg>
I'm Greek, vagrant is from portland california
04:04* mmarconm Brazilian : )
04:12
<mmarconm>
alkisg: i have to specify the ethernet name that will be used by ltsp ?
04:12
<alkisg>
No
04:12
<mmarconm>
dnsmasq range i specify the address range
04:12
<alkisg>
!ltsp-dnsmasq
04:12
<ltsp>
ltsp-dnsmasq: Configure dnsmasq for LTSP: https://github.com/ltsp/ltsp/blob/master/docs/ltsp-dnsmasq.8.md
04:12
<mmarconm>
aOk
04:12
<alkisg>
It automatically does it
04:13
<mmarconm>
with 3 ethernet card, one specificly to ltsp ? can i set it ?
04:17
<alkisg>
You can use one dedicated NIC for ltsp, yes; set its ip to 192.168.67.1
04:18
Then it'll automatically work
04:18
<mmarconm>
Ahhh ok
04:23mmarconm has left IRC (mmarconm!~mmarconm@unaffiliated/mmarconm, Read error: Connection reset by peer)
05:06
<uumas>
> i feel sad, ltsp its a amazing project, why governament and other companies dont giver more atention
05:06
Government and other companies mostly use windows and those who don't mostly use rhel.
06:13statler has joined IRC (statler!~Georg@p5489731F.dip0.t-ipconnect.de)
06:18alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Quit: Leaving.)
06:19alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
06:20alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Client Quit)
06:21woernie has joined IRC (woernie!~werner@p5B296964.dip0.t-ipconnect.de)
06:22alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
06:23pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
06:23pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Client Quit)
06:24alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Client Quit)
06:27ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
06:30
<quinox>
because most companies just want to get shit done, and a Windows network with a Domain Controller is pretty great for this
06:31
also it's much easier to find sysadmins for it
06:32alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
06:37pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
06:52woernie has left IRC (woernie!~werner@p5B296964.dip0.t-ipconnect.de, Remote host closed the connection)
07:07statler has left IRC (statler!~Georg@p5489731F.dip0.t-ipconnect.de, Remote host closed the connection)
07:52woernie has joined IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de)
08:26statler has joined IRC (statler!~Georg@gwrz3.lohn24.de)
11:28pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Remote host closed the connection)
11:35pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
11:57Faith has joined IRC (Faith!~Paty_@unaffiliated/faith)
12:04pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Remote host closed the connection)
12:14GodFather has joined IRC (GodFather!~rcc@d53-64-7-141.nap.wideopenwest.com)
12:16GodFather__ has joined IRC (GodFather__!~rcc@d53-64-7-141.nap.wideopenwest.com)
12:39GodFather has left IRC (GodFather!~rcc@d53-64-7-141.nap.wideopenwest.com, Remote host closed the connection)
12:39GodFather__ has left IRC (GodFather__!~rcc@d53-64-7-141.nap.wideopenwest.com, Remote host closed the connection)
12:42GodFather has joined IRC (GodFather!~rcc@d53-64-7-141.nap.wideopenwest.com)
12:42pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
12:44mmarconm has joined IRC (mmarconm!~mmarconm@unaffiliated/mmarconm)
12:47section1 has joined IRC (section1!~section1@178.33.109.106)
12:55
<mmarconm>
isc-dhcp-server vs dnsmasq on ltsp, wich i should use ?
12:55
should i use *** ?
12:57pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Remote host closed the connection)
12:58pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
12:59pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Remote host closed the connection)
13:07pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
13:20
<mmarconm>
https://snipboard.io/NGmMjA.jpg alkisg i got this error
13:27pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Remote host closed the connection)
13:34
<alkisg>
mmarconm: you're using the old ltsp, right?
13:34
!install
13:34
<ltsp>
install: To install LTSP19+: https://github.com/ltsp/ltsp/wiki/installation. To install LTSP5: http://wiki.ltsp.org/wiki/Installation/Ubuntu for Ubuntu, or http://wiki.ltsp.org/wiki/Installation for other distributions
13:34
<alkisg>
See the installation page for LTSP5 above
13:38vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
13:39pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
13:42
<mmarconm>
alkisg: yes, old one
13:42
<alkisg>
mmarconm: ok, follow https://github.com/ltsp/ltsp/wiki/installation as closely as possible
13:43
If you follow it to the letter, it works out of the box
13:43
Sorry
13:43
The other one: LTSP5: http://wiki.ltsp.org/wiki/Installation/Ubuntu for Ubuntu
13:43
<mmarconm>
i follow this wiki
13:43
Ubuntu installation
13:44
https://imgur.com/a/dUGEyLR
13:44
now its booting but ....
13:53
on github wiki installation apt install ltsp dnsmasq nfs-kernel-server openssh-server squashfs-tools unable to find ltsp package
13:53
i think will be ltsp-server-standalone ?? nope ?
13:55
<alkisg>
mmarconm: not github
13:55
(04:43:24 PM) alkisg: The other one: LTSP5: http://wiki.ltsp.org/wiki/Installation/Ubuntu for Ubuntu
14:00
<mmarconm>
ahhhh, i followed this already
14:04
<alkisg>
mmarconm: ok, you did some steps wrong then, where did you diverge from that page?
14:04
so that we more easily see why your nbd-server misbehaves
14:05
<mmarconm>
Nope
14:05
i followed all the steps
14:06
<alkisg>
mmarconm: can I see?
14:06
!vnc-dide
14:06
<ltsp>
vnc-dide: To share your screen with me, run this: sudo apt-get --yes install x11vnc; x11vnc -connect srv1-dide.ioa.sch.gr - this is a reverse connection, it doesn't need port forwarding etc.
14:06
<mmarconm>
i will created a cacher server for deb packages
14:06
network is not good =(
14:06
<alkisg>
Are you using a chroot?
14:06
<mmarconm>
fat-client yes
14:06
<alkisg>
With or without chroot?
14:07
What's the output of: sudo ltsp-info
14:07
<mmarconm>
ltsp-build-client --fat-client --fat-client-desktop lubuntu-desktop --purge-chroot --mount-package-cache
14:07
<alkisg>
OK yeah this is completely unrelated to the page
14:07
You didn't follow the installation page then
14:07
In that page, I never mention --fat-client etc
14:08
<mmarconm>
this is the old one, that i installed on lab, 2 years ago
14:08
<alkisg>
Because there are known issues; and, you missed the ppa in the chroot, with all the fixes
14:08
Which one are you having errors with?
14:08
<mmarconm>
i will from scratch again
14:08
<alkisg>
OK, follow that page as closely as possible
14:08
<mmarconm>
i will install from scratch again
14:08
<alkisg>
ok
14:08
<mmarconm>
Ok
14:09
after the install ltsp-chroot; apt install lubuntu-desktop ?
14:10woernie has left IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de, Remote host closed the connection)
14:11
<alkisg>
mmarconm: see the line where I mention ltsp-chroot in that wiki page
14:11
You're missing the -m parameter
14:11
But ltsp chrootless is much faster and easier
14:11
And requires no package cache
14:11
And of course supports both thin and fat clients
14:17
<mmarconm>
Yeap, i know, but i prefer chroot, chrootless used the server install {template}, i dont like that
14:17adrianor1 has joined IRC (adrianor1!~adrianorg@177.18.183.64)
14:17
<mmarconm>
but thanks for advise
14:18mmarconm is now known as H3ruS
14:20adrianorg has left IRC (adrianorg!~adrianorg@186.213.153.68, Ping timeout: 245 seconds)
14:52pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Remote host closed the connection)
15:10
<H3ruS>
alkisg: worked :)
15:11
<alkisg>
Great
15:12
<H3ruS>
https://termbin.com/i2u0
15:12
Lubuntu desktop 18.04 chroot fat-client
15:12
now ... next step, configure ldap
15:14
<alkisg>
H3ruS (or anyone else using ldap): for the new ltsp, we want the user list in a file, not in ldap. How easy would it be to have two files like /etc/passwd and /etc/group generated from whatever ldap entries you need in ltsp?
15:15* mwalters sidesteps question
15:15
<mwalters>
I thought we were using pamssh or something?
15:15
I'm not sure it's easy at all
15:15
<alkisg>
I imagine something like: export-ldap <params> /path/to/dir, that would match ldap users based on params, and exports them to /path/to/dir
15:16
mwalters: at this point, we want the user names and groups for pamssh to work
15:16
<mwalters>
for the client system?
15:17
<alkisg>
The passwd/group files go to the ltsp.img initrd, and are transferred to the clients when they boot
15:17
<mwalters>
oh, so you're talking about building it into the "init" process for the client, to grab a full list of users and groups from ldap?
15:17
<alkisg>
Either that ^, or manually from the server, as a hook to `ltsp initrd`
15:17
But
15:18
<mwalters>
freeipa is... a little convoluted
15:18
<alkisg>
If someone has configured ldap on the client/chroot, then he doesn't need pamssh
15:18
<mwalters>
that sounds like a bad idea ;)
15:18
<alkisg>
What I was mentioning above was for the case where he doesn't have ldap on the client
15:18
<mwalters>
yeah, I don't think we want ldap on the client, specifically because of the computer objects
15:18
<alkisg>
Then that ldap-export tool will be required
15:19
<mwalters>
it'd go all haywire I think... but my mind is still stuck in AD, so maybe d365/freeipa/openldap is different
15:19
but AD would go bonkers ;)
15:20
this is because we're not using ldm anymore, right?
15:20
wouldn't pamssh just auth against the server?
15:20
or am I assuming incorrectly about how it works?
15:20
<alkisg>
Almost :)
15:20
<mwalters>
or solving a different issue
15:20
<alkisg>
Previously, we were ssh'ing into the server, and THEN getting the user list
15:21
And then generating the user account, and then using su - to log him in
15:21
This caused all kinds of issues, from us having to maintain a DM, to having to check all recent DESKTOP_x variables that DMs need to set etc
15:22
And it was impossible to list users in the DM, impossible for accountsservice to work correctly, etc
15:22
<mwalters>
freeipa: ipa user-find --all | <some commands to massage the output into something usable>
15:22
ah I see
15:23
<alkisg>
So now while we do authenticate via ssh to the server, using a pam_exec hook, pam needs the user account before triggering that hook
15:23
E.g. some DMs don't even allow you to type a username, they just show a user list
15:23
And while `ltsp init` tries to configure DMs to show a manual login, the user geometry is still needed
15:23
<mwalters>
ah ok, so this is in effort to support as many DMs as possible
15:23
<alkisg>
It might be possible to avoid the user geometry, but... it would require a lot of thought
15:23
<mwalters>
pre-login
15:24
<alkisg>
The main point is not to implement our own DM
15:24
<mwalters>
gymnastics is probably a better word for it ;)
15:24
at least when refer to the actions being performed, and not the structure being created
15:25
<alkisg>
Btw, I thought that some people had already implemented ldap in chroots... I didn't think it would be such a blocker
15:25
I.e. for the very advanced cases, one could just use ldap + nfs4 and avoid pamltsp completely
15:25
<mwalters>
freeipa abstracts away some of the computer object stuff, but I still think it's in the underlying directory
15:25
basically, in order to auth against the directory, the computer needs to have an "account" also
15:26
<alkisg>
It shouldn't be too hard to keep the "account files" in /etc/ltsp and symlink them appropriately, per client
15:26
<mwalters>
at least that's how it worked with AD/Novell
15:26
Freeipa calls them "hosts"
15:26
I think the hostname changing would cause issues? It was a "process" on windows/AD
15:27
<alkisg>
The hostname can be set in dhcp or ltsp.conf
15:27
So it would be static per client
15:27
<mwalters>
sure, but that would suck for 70 clients ;)
15:27
to do it manually, I mean
15:27
<alkisg>
I mean of course the "join domain" would need to be done 70 times, yeah
15:28
<mwalters>
One of the biggest advantages for ltsp (for me) is that the clients are 100% ephemeral... if it'll netboot, it works ;)
15:28
<alkisg>
That's one of the reasons I don't like "computer objects" in ldap etc ;)
15:29
<uumas>
It's definitely possible to auth without having a computer account / host defined. I'm currently doing AD auth without any admin access or computer account using libpam-ldapd.
15:29
<mwalters>
yeah... We've adjusted our policies somewhat... so if I can centralize passwd/shadow/group, I don't even *really* need it anymore
15:29
hmmm, yeah, you can auth the user...
15:29
<alkisg>
You can use pamltsp in non-ltsp clients too (ssh auth instead of ldap)
15:30
So anyway, these are the current options; if they're not enough, I'd need to look into allowing logins without the user geometry; but that's not a priority currently...
15:30
<mwalters>
to be honest, I'd be thrilled to get rid of freeipa/ldap entirely... maintaining 4 extra centos servers *sucks*
15:31
<uumas>
For freeipa I'm thinking I'll have the clients use a single host account (and keytab), because I'd like to have kerberos working for sso
15:31
<mwalters>
my understanding is that it's only needed for DMs that only present a userlist?
15:31
(the user geometry)
15:31
<H3ruS>
i am back
15:32
<alkisg>
mwalters: no, the current design relies too much in the user geometry, I even put the passwordlesslogin/autologin information in the appropriate /etc/shadow entries in init
15:32
<mwalters>
ah I see
15:32
<alkisg>
I check if the user is allowed to login using the geometry and the "pamltsp" secret password that I put there while merging the users etc etc
15:33
Most of the related code is at: https://github.com/ltsp/ltsp/blob/master/ltsp/client/login
15:33
<mwalters>
can I specify a server to offload to/grab passwd/shadow/group from?
15:34
<alkisg>
You can create a tiny `ltsp initrd` hook that will wget passwd/group and put them in /etc/ltsp on the server
15:34
<mwalters>
that might work
15:34
<alkisg>
As long as /etc/ltsp/{passwd,group} exist on the ltsp server when `ltsp initrd` runs, the client will get the geometry
15:35
<mwalters>
gotcha
15:38pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
15:42pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Ping timeout: 245 seconds)
15:44pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
15:44
<H3ruS>
Ahhh done
15:44
workds perfect
15:44
ltsp + ldap integrated
15:47
<uumas>
alkisg: If you just need passwd and group from ldap to clients, I'd use the package libpam-ldapd and something like this: https://pastebin.com/zmAdQtCH
15:48
<alkisg>
uumas, not sure what that does, does it fetch the passwd/group?
15:48
I've never used ldap (well except for a couple of queries)
15:49
<H3ruS>
i use ldap to manager resources to, like printer permisson, shared folders, permission access
15:50
<uumas>
alkisg: It basically just adds ldap as a passwd and group source in /etc/nsswitch.conf
15:50
<H3ruS>
In linux its a pain in the ass to install and configure ldap client @.@
15:50
<uumas>
So that you can do getent passwd to get user info.
15:51
<H3ruS>
Yep
15:51
<uumas>
H3ruS: Look at the config I just posted. It's a sanitized version of what I was using for openldap. It worked based on just a few questions it automatically asked during installation.
15:52
<H3ruS>
uumas: do u use openldap ?
15:52
i am using samba 4 + ldap
15:52
<uumas>
I did. Now that I'm using freeipa I just use ipa-client-install and it autoconfigures everything
15:52
<alkisg>
uumas, great, although... while I do use getent, I also generate a shadow, and I don't think that would work with the current code
15:52
I think that we'll need to cooperate with someone using ldap at some point, to find a nice way to integrate this
15:53
<H3ruS>
alkisg: if u need some help with that
15:53
<uumas>
alkisg: So would you need to get the password hashes or?
15:54
Because that ain't going to be feasible
15:54
<alkisg>
No hashes needed
15:54
Just passwd/group, not shadow/gshadow
15:55
<uumas>
What do you mean with 'I also generate a shadow'?
15:55
<alkisg>
From the given passwd, I generated an appropriate shadow for pam to work
15:56
There I mark the "remote users", I put the base64 encoded passwords (this replaces LDM_PASSWORD, it's not hashes) etc
15:56
I don't have ldap and I don't want have the time to install/test it currently; but if someone wants to try ltsp19 with ldap, then I could try to help
15:56
<H3ruS>
Ok
15:57
i will install ldap + samba here and test the new ltsp
15:57
<uumas>
I'll try it once I have time. Might be a while though.
15:58
There's probably no way to transfer secret files to clients, right?
16:00
<alkisg>
uumas, not really, unless you generate the same private key on each boot based on the client hardware
16:01
...and you use that for decoding some private info, that you encoded with the public key of the client, which is the same on each boot again due to the same hardware
16:01
dmidecode | md5sum or something can be used as a start for a "static private key based on hardware"
16:02
<H3ruS>
alkisg: what was the most big installation that you did or saw using ltsp ?
16:02
how many clients
16:02
<alkisg>
H3ruS: I *heard* about ltsp-cluster installations of 4000 workstations,
16:02
<H3ruS>
o.O
16:03
<alkisg>
but personally I've maintained up to 70 computers, 500 users or so
16:03
<H3ruS>
how many servers ?
16:03
<alkisg>
I don't know details about ltsp cluster
16:03
I wasn't involved, I just heard about it
16:03* H3ruS feeling great managing 31 machines
16:05
<uumas>
Okay wow. I've seen/used opinsys/puavo ltsp setup of maybe 150 computers and ~700 users, but no idea how that is different or anything about the setup really.
16:08
<vagrantc>
had many times wanted to look at puavo stuff
16:09
<H3ruS>
ltsp-cluster i heard about, but i never dit
16:09
dit*
16:09
did*
16:29pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Remote host closed the connection)
16:32statler has left IRC (statler!~Georg@gwrz3.lohn24.de, Remote host closed the connection)
17:10woernie has joined IRC (woernie!~werner@x4db664b1.dyn.telefonica.de)
18:12
<quinox>
I'm pretty sure my LDAP server allows any connected user to list all usernames
18:16
it does, including uids and gids
18:17
<alkisg>
quinox: how easy would it be to write a script to convert the listed users to passwd/group format?
18:18
And, how many users would be needed? I don't know if passwd can hold as many users as big ldap directories... anyone has a very big ldap?
18:18
Btw about the script, if one tells me the parts for "fetching from ldap", I can easily fill the "convert to passwd" parts
18:18
<quinox>
super easy
18:19
ldapsearch -Z -H ldap://ldap.ytec.nl:389 -D "cn=ldap_bind_account,ou=nonpeople,dc=ytec,dc=nl" -w "$BIND_PASSWORD" -o ldif-wrap=999 -b dc=ytec,dc=nl uid,uidNumber,gidNumber
18:19
<alkisg>
Great; then we can drop this as an `ltsp initrd` snippet and have it done automatically
18:21
<quinox>
I can give you an account on my server if you want to play with it
18:21
the user needs to configure pretty much everything himself though alas
18:21
LDAP is too flexible
18:21
but an LDAP user knows what to do, so that's fine
18:21
<alkisg>
Thank you, yes I think this will help a lot, but later on, when I've finished the more frequently used parts
18:22
<H3ruS>
quinox: ldapseach need root permission ? i dont remenber
18:22
<quinox>
it does not
18:22
<H3ruS>
Ahhhh thats good
18:23
<alkisg>
Current issues are: https://github.com/ltsp/ltsp/issues ==> I think ldap comes after swap, printing and isc-dhcp
18:23
<H3ruS>
alkisg:i almost finished to configure a ldap server local for tests purpose, tonight i will try to install ltsp new install
18:24* H3ruS feels that will not
18:24
<H3ruS>
feels that wont be able to install ltsp
18:24
<alkisg>
H3ruS: ah, if someone tries the new ltsp with ldap, and doesn't mind sharing his screen for a while, we could make it a priority
18:24
<H3ruS>
Ok
18:25
no problema, i am install on a vm ? any problem ?
18:25
<alkisg>
No problem at all
18:30pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
18:34pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Ping timeout: 245 seconds)
18:38
<mwalters>
so... just out of curiousity... from a super high level... what would be involved to get ltsp19 working on fedora/centos?
18:38
straight up... networkd off the top of my head
18:38
no ppa
18:41
<quinox>
you don't want an Ubuntu server for LTSP?
18:41
<alkisg>
mwalters: the pam integration is a bit different (different pam.d config lines than in debian), and either implement dracut initramfs-bottom, or completely avoid it, I have support for that too
18:47
<mwalters>
Mostly a curiosity
18:48
An arch based system would be nice, though ;)
18:48
...from a user point of view... not a maintainer, I think
18:49
<alkisg>
fiesh is using gentoo afaik
18:49
<mwalters>
oh cool... can't remember the last time I set up a gentoo system... probably around the last time I set up a suse system ;)
18:49
<alkisg>
Supporting fedora and arch etc now should be doable within a week
18:49
And it should be much more easily maintainable
18:49
<mwalters>
Interesting
19:05
<H3ruS>
alkisg: where i can find material about pam ?
19:05
how it works
19:05
<alkisg>
H3ruS: you mean pamltsp, or generally about pam?
19:05
Ah... I had to google and read man pages
19:05
<H3ruS>
both
19:05
ahhhhh
19:05
Ok
19:06
<alkisg>
H3ruS: pamltsp is there: https://github.com/ltsp/ltsp/tree/master/ltsp/client/login
19:06
<H3ruS>
thanks
19:06
<alkisg>
I have lots of documentation in the source code, but you need to read about pam a bit first
19:08
<H3ruS>
i ll search about it
19:08
just finish this dam csv parser
19:08
in python
19:08* H3ruS Angry
19:30H3ruS has left IRC (H3ruS!~mmarconm@unaffiliated/mmarconm, Read error: Connection reset by peer)
19:36woernie has left IRC (woernie!~werner@x4db664b1.dyn.telefonica.de, Remote host closed the connection)
19:37
<alkisg>
OK now the ltsp19 menu supports nice titles like this one: https://raw.githubusercontent.com/wiki/ltsp/ltsp/images/ltsp-ipxe.png
19:53
I also filed https://github.com/ltsp/ltsp/issues/16 to discuss the "server-side-only ldap" implementation,
19:53
so I think now all the things that the new ltsp lacks, are listed in https://github.com/ltsp/ltsp/issues, tell me if you see anything else missing or file it there
19:54GodFather has left IRC (GodFather!~rcc@d53-64-7-141.nap.wideopenwest.com, Ping timeout: 268 seconds)
19:54section1 has left IRC (section1!~section1@178.33.109.106, Quit: Leaving)
20:00
<uumas>
alkisg: Server-side only ldap will of course require excluding ldap configs from the client image (when not using a chroot or something)
20:00
Does that work the same as ltsp5? (I think ltsp-update-image.excludes or something)
20:01
<alkisg>
uumas, yes, but if they're in standard locations, we can push them upstream so that sysadmins don't need to care about that
20:02
<uumas>
Hmm, yeah sure. It should not be the default to exclude them though for people who want ldap client-side too.
20:03
<alkisg>
Maybe they can be excluded in the chrootless case only then
20:03
From the code, not from ltsp-image.excludes
20:04
<uumas>
Well, I'm currently using chrootless ldap on clients too (ltsp5)
20:07
<alkisg>
same config works?
20:07GodFather has joined IRC (GodFather!~rcc@d53-64-7-141.nap.wideopenwest.com)
20:08
<uumas>
Yes
20:08
<alkisg>
....btw, how? with lightdm, not ldm?
20:10
<uumas>
Nah, a bit of a messy setup. Ldm login (over ssh), but I left client-side ldap there because it did no harm, makes tty logins possible and makes unlocking work without the ltsp config option.
20:11
So originally accidental, but it works well enough.
20:15
With ltsp19 is it possible to inject some additional files for a specific group of clients? I'm thinking of setting up freeipa a bit more correctly, so I'd like to have a different /etc/krb5.keytab for some clients than others. This would let me handle access control through freeipa (a few computers restricted to admins only).
20:20
<alkisg>
All files in /etc/ltsp are transferred to all clients. Then you can symlink them wherever you want with POST_INIT_xx commands, or delete the ones you dont need
20:20
The POST_INIT commands are per client
20:21spaced0ut has left IRC (spaced0ut!~spaced0ut@unaffiliated/spaced0ut, Quit: Leaving)
20:21
<uumas>
Are the POST_INIT commands run before the client boot process starts?
20:22
ie. before services get started
20:23
<alkisg>
uumas, yes, there are many of those
20:23
PRE_INITRD_BOTTOM => initramfs
20:23
PRE_INIT => before even init (pid 1) starts
20:23
PRE_SERVICES => when services are started, like rclocal
20:24
And there will be PRE/POST_LOGIN to allow clearing up home directories for guests etc
20:24
I.e. for all boot phases, there are PRE and POST parameters supported
20:25
<uumas>
Ok, I guess PRE_INIT is a good place for making the symlinks (or I guess might as well move the file)
20:25
<alkisg>
The usual place is POST_INIT_x, which is similar to the old INIT_COMMAND_x
20:25
PRE_INIT is before the ltsp init command runs
20:26
<uumas>
Ok
20:27GodFather has left IRC (GodFather!~rcc@d53-64-7-141.nap.wideopenwest.com, Ping timeout: 244 seconds)
20:29pavars has joined IRC (pavars!~pavars@balticom-198-107.balticom.lv)
20:30pavars_ has joined IRC (pavars_!~pavars@balticom-198-107.balticom.lv)
20:30pavars has left IRC (pavars!~pavars@balticom-198-107.balticom.lv, Read error: Connection reset by peer)
20:30Faith has left IRC (Faith!~Paty_@unaffiliated/faith, Quit: Leaving)
20:31GodFather has joined IRC (GodFather!~rcc@d53-64-7-141.nap.wideopenwest.com)
21:03GodFather has left IRC (GodFather!~rcc@d53-64-7-141.nap.wideopenwest.com, Ping timeout: 248 seconds)
21:18pavars_ has left IRC (pavars_!~pavars@balticom-198-107.balticom.lv, Remote host closed the connection)
21:29GodFather has joined IRC (GodFather!~rcc@d53-64-7-141.nap.wideopenwest.com)
22:14ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
22:20vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Ping timeout: 276 seconds)
23:07vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
23:33vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)