Differences between revisions 86 and 105 (spanning 19 versions)
Revision 86 as of 2017-09-30 19:05:54
Size: 12044
Editor: ?RichardKweskin
Comment:
Revision 105 as of 2021-08-30 23:41:44
Size: 14150
Editor: ThiagoPezzo
Comment: add category
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: [[pt_BR/LTSP/Howto|Português Brasileiro]]-~ ~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[pt_BR/LTSP/Howto|Português (Brasil)]]-~
Line 4: Line 4:
= LTSP How To = = LTSP5 How To =
Line 8: Line 8:
== Installating and configuring LTSP using the LTSP-PNP method ==

At the time of writing these versions of LTSP packages in Debian Stretch are:
== Installating and configuring LTSP5 using the chrootless method ==

== Introduction ==

As the linux terminal server project (ltsp) has matured there are a number of options in its configuration to consider: chrootless or a separate chroot, all one subnet or a separate subnet for the clients, a local dns cache using dnsmasq or not, network block device (nbd) or network file system (nfs) or some of one with the other, 32 bit (i386) or 64 bit (amd64). In this howto the chrootless method is layed out in steps using the commandline and some steps are particular for one of the other options so that they could be skipped. The version of ltsp is labeled ltsp5 to distinguish it from the latest version ltsp19 which is in alpha at the time of writing.

The chrootless model (once known as ltsp-pnp) is less flexible than having a separate chroot since the clients must run the same version of distribution and platform as the server. The upside is that the model is easier to maintain. In the event that all clients can run the 64bit version this is recommended. This howto has been created using amd64. Otherwise a 32bit version is suggested (just make certain that everywhere this howto writes "amd64" replace it with "i386".) After creating a server that uses the nbd boot method there are a few additional steps at the end so that the squashfs image is served to the clients by nfs giving greater stability and speed.

The use of dnsmasq provides an easy way of providing useful features. It will act as the tftp server, the local dns cache and the handling of dhcp-proxy or dhcp-server proper.

Also in this model no static addresses will be used. NetworkManager will be configured to use the router's dhcp server and other options.

At the time of writing (August 19, 2019) the versions of LTSP and other relevant packages in Debian Buster are:

{{{ltsp-info }}}

{{{
Line 13: Line 26:
No LSB modules are available.
Line 14: Line 28:
Description: Debian GNU/Linux 9.1 (stretch)
Release: 9.1
Codename: stretch
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Line 19: Line 33:
ii ldm 2:2.2.18-2
ii ldm-server 2:2.2.18-2
ii ldm-themes 17.01
ii ltsp-client 5.5.9-2
ii ltsp-client-core 5.5.9-2
ii ltsp-docs 1.2-1
ii ltsp-server 5.5.9-2
ii ltsp-server-standalone 5.5.9-2
ii ldm 2:2.18.06-1
ii ldm-server 2:2.18.06-1
ii ldm-themes 18.02.1
ii ltsp-client 5.18.12-3
ii ltsp-client-core 5.18.12-3
un ltsp-docs <none>
ii ltsp-server 5.18.12-3
ii ltsp-server-standalone 5.18.12-3
Line 28: Line 42:
ii ltspfs 1.4-2+b1
ii ltspfsd 1.4-2
ii ltspfsd-core 1.4-2+b1

This particular model has much less flexibilty since the clients must run the same version of distribution and platform as the server. The upside is that the model is easier to maintain. In the event that all clients can run the 64bit version this is recommended. Otherwise a 32bit version (Stretch i386 or Jessie i386) is suggested. There is no separate chroot (sometimes referred to as ltsp-pnp) and nbd (rather than nfs) is used to provide a squashfs image.

The use of dnsmasq provides ease of configurability and maintenance. The default config file generated provides its use as the tftp server as well as handling dhcp-proxy or dhcp-server proper with the adjustment of commenting and/or uncommenting lines provided. It can also be edited to run a local DNS cache on the server.

Also in this model no static addresses will be used. NetworkManager will be configured to use the router's dhcp server.

(i) Update the server, and check the files /etc/hostname and /etc/hosts are as desired.

(ii)Install these 6 packages ltsp-server-standalone dnsmasq epoptes epoptes-client ltsp-client resolvconf (and if you haven't already a desktop environment installed) a desktop environment of your choice.

At the time of writing epoptes is at version 0.5.10-2.

All config files need to be edited using root privileges. Now start with configurations:

1. It may no longer be needed to add the server's user (example shows administrator) to the newly formed group epoptes but at the time of writing a bug has made it necessary. This command will do it: {{{
sudo usermod -G epoptes -a administrator
ii ltspfs 1.5-2
ii ltspfsd 1.5-2
ii ltspfsd-core 1.5-2

found image: /opt/ltsp/images/amd64.img

Other relevant tools:
ii kernel 4.19.0-5-amd64
ii epoptes 1.0.1-2
ii dnsmasq 2.80-1
ii network-manager 1.14.6-2
ii network-manager-gnome 1.8.20-1.1
ii nfs-kernel-server 1:1.3.4-2.5
ii nbd-server 1:3.19-3
Line 50: Line 58:
All config files need to be edited using root privileges. In this documentation the sudo command is used but it is also possible to use su to become root if your system is so configured.

== Basic first steps for all scenarios ==

1. Update the server, and check the files /etc/hostname and /etc/hosts are as desired.

2. Install these 8 packages ltsp-server-standalone dnsmasq epoptes epoptes-client ltsp-client network-manager-gnome dnsutils rsync (and if you haven't already a desktop environment installed) a desktop environment of your choice.

3. Once epoptes is installed one must add the server's user (in the example "administrator") to the new epoptes group. This command will do it:

{{{sudo usermod -G epoptes -a administrator}}}
Line 52: Line 72:
2. We must edit NetworkManager's configuration in two places.

    (a) Check in /etc/NetworkManager/NetworkManager.conf for the dns= key and comment out the line

     #dns=dnsmasq

    (b) Launch nm-connection-editor from the command line. After launching:

    Choose the Wired connection and click Edit.
    Click on the IPv4 Settings tab.
    Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'.
    In the DNS servers field enter 127.0.0.1 first followed by one or two external DNS servers, separated by spaces (e.g. 127.0.0.1 208.67.222.222 8.8.8.8).
    Save these settings and close the window.

and then restart Network Manager with{{{
sudo systemctl restart network-manager}}}

3. Create a default configuration file for dnsmasq with the command{{{
ltsp-config dnsmasq}}}

Edit this file etc/dnsmasq.d/ltsp-server-dnsmasq.conf so that local dns caching is activated. Comment out{{{
#port=0}}}

When working with a server with one nic (only one subnet with the server, all clients and the router) check to see if the line{{{
dhcp-range=x.y.z.0,proxy}}}
corresponds to this subnet. If this is correct comment out the other range line{{{
#dhcp-range=192.168.67.20,192.168.67.250,8h}}}

If on the other hand the server has two nics be sure to connect the gigabit capable device to the switch with the clients and give that device the static ip 192.168.67.1 and leave both lines active (without the # symbol.)

Thus dnsmasq is the dhcp server for that subnet only.

Then restart dnsmasq with the command{{{
sudo systemctl restart dnsmasq}}}

4. Edit the config file /etc/ltsp/update-kernels.conf to have the uncommented lines{{{
BOOT_METHODS=NBD
IPAPPEND=3}}}

5. The version of the kernel running on the server can be determined with the command{{{
uname -r}}}

Note that at the time of writing the kernel was 4.9.0-3-686-pae in 32bit Stretch thus the command is{{{
sudo dpkg-reconfigure linux-image-4.9.0-3-686-pae}}}

This reports update-initramfs: Generating /boot/initrd.img-4.9.0-3-686-pae adding the changes above.

6. Inspect and edit as desired /etc/ltsp/ltsp-update-image.excludes as some software running on the server will not be appropriate for the clients.

7. Once the server has been updated and any additional software has been installed a new client filesystem image must be created in order for the clients to also have these updates. This is the command{{{
sudo ltsp-update-image --cleanup /}}}

This builds the latest squashfs image for nbd in /opt/ltsp/images and puts the latest kernel into /var/lib/tftpboot/ltsp/i386/.) It triggers "ltsp-config nbd-server" to create (if needed) the files /etc/nbd-server/conf.d/swap.conf and /etc/nbd-server/conf.d/ltsp_i386.conf. Check to see if both are there. It also creates /etc/nbd-client.

8. Then, create the default configuration file for the clients with the command{{{
sudo ltsp-config lts.conf}}}

9. Lastly reboot the server so that all changes are active including the user's membership in the group epoptes.

Notes
4. Often there is no such line but check in /etc/NetworkManager/NetworkManager.conf for a line with the dns= key. If it is there comment out the line.
        ◦ #dns=dnsmasq

In case step 5 is confusing, here is an explanation. Often Debian configurations are setup so that the following file deals with the network device. Most of the time the active use of this file means that network manager will not deal with the network device. In this howto network-manager will be used. Step 5 allows the configuration to be changed if necessary.

5. Check the file /etc/network/interfaces for possible lines similar to

# The primary network interface
allow-hotplug <the network device>
iface <the network device> inet <method>

“method” here is often “dhcp” or “static” but there are others.

If such lines are not present (or they are commented out with the symbol #) then network-manager will be in control so go on to step 6.
Otherwise these lines need to be commented out by adding the hash symbol # in front of each line. Then save this edited config file. However, the system must be rebooted before control can be passed on to network-manager otherwise step 6 cannot be done. Be careful, once the server is rebooted the Internet may be temporarily unavailable until step 6 is done. So take care to copy down somewhere all of step 6 and complete it so the Internet is restored.

If the server is to use two network interfaces jump down to step 6(dual)

=== Steps for the one network interface scenario ===

6(single). To edit NetworkManager's configuration launch nm-connection-editor from the command line. After launching: Choose the Wired connection and double click it. This opens it for editing. Click on the IPv4 Settings tab. Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'. In the DNS servers field enter 127.0.0.1 first to allow dnsmasq to cache (otherwise leave it out) followed by one or two external DNS servers, separated by spaces (e.g. 127.0.0.1 208.67.222.222 8.8.8.8). Now click on the General tab and make sure that both lines are enabled: "Connect automatically with priority" and "All users may connect to this network" then save these settings and close the window.

Restart Network Manager with

{{{sudo systemctl restart network-manager.service}}}

If the Internet was not available this should restore it.

7(single). Create a default configuration file for dnsmasq with the command

{{{sudo ltsp-config dnsmasq}}}

8(single). To activate dnsmasq to serve as the local dns cache, in addition to step 5 part (b) you must edit the file /etc/dnsmasq.d/ltsp-server-dnsmasq.conf and comment out the line:
#port=0
Otherwise commenting this line out, dnsmasq will run perfectly fine but will not serve as the local dns cache.

9(single). The other part to edit has to do with whether the server is going to use the router as its dhcp server (as is usually the case) so that dnsmasq is configured with dhcp proxy. To do this see if the line
dhcp-range=x.y.z.0,proxy
corresponds to this subnet. If this is correct comment out the other range line
#dhcp-range=192.168.67.20,192.168.67.250,8h and save the file. If instead you want the server to use dnsmasq as the dhcp server then comment out the proxy line and set the
dhcp-range=x.y.z.20,x.y.z.250,8h as appropriate.

Then restart dnsmasq with the command

{{{sudo systemctl restart dnsmasq.service}}}

Skip down to step 10

=== Steps for the two network interfaces scenario ===

Note that the local area network (lan) device should be a gigabit (or faster) device and connected to a gigabit switch (or a gigabit port) with a category 6 (or faster) cable. The wide area network (wan) device may even be wireless.

6(dual). To edit NetworkManager's configuration launch nm-connection-editor from the command line. After launching you should see two wired connections, one for the wide area network (wan) that faces the router and the other for the local area network (lan) that faces the ltsp clients. Edit the wan connection as described above. Edit the lan connection as follows:

Click on the IPv4 Settings tab. Choose the method 'Shared to other computers’ and in the ‘Address (optional) section add the address 192.168.67.1 and netmask 24 but leave the gateway blank. Now click on the General tab and make sure that both lines are enabled: "Connect automatically with priority" and "All users may connect to this network" Save these settings and close the window. Network manager will now provide ip-forwarding and iptable nat rules on the lan interface without needing you to do anything else, once the server has been rebooted.

Restart Network Manager with

{{{sudo systemctl restart network-manager.service}}}

Note To verify that iptable nat rules are in force run the command

{{{sudo iptables -L}}}

which should produce some rules that mention 192.168.67.1

7(dual). Create a default configuration file for dnsmasq with the command

{{{sudo ltsp-config dnsmasq}}}

8(dual). To activate dnsmasq to serve as the local dns cache, in addition to step 5 part (b) you must edit the file /etc/dnsmasq.d/ltsp-server-dnsmasq.conf and comment out the line:
#port=0

Otherwise leaving this line as it is, dnsmasq will run perfectly fine but will not serve as the local dns cache.

9(dual). Check to see if the line
dhcp-range=x.y.z.0,proxy
corresponds to the wan subnet and the other range line
dhcp-range=192.168.67.20,192.168.67.250,8h
corresponds to the lan subnet. Leave both lines active (without the # symbol.)

Thus dnsmasq will be the dhcp server for the lan, i.e. subnet with the clients.

=== Final basic steps for any scenario ===

Note, as mentioned above, steps 10 and 11 are only necessary if dhcp proxy is NOT wanted. So they can be skipped because the ltsp configuration defaults to IPAPPEND 3 for proxyDHCP so skip to step 12.

10. If the router is NOT going to be a DHCP server for the ltsp server then edit the config file /etc/ltsp/update-kernels.conf and add the line
IPAPPEND=2

11. After doing step 10 this change needs to be put in the initd. The version of the kernel running on the server can be determined with the command
{{{uname -r}}}
Note that at the time of writing the kernel was 4.19.0-5-amd64 thus the command is

{{{sudo dpkg-reconfigure linux-image-4.19.0-5-amd64}}}

This reports update-initramfs: Generating /boot/initrd.img-4.19.0-5-amd64 adding the change from step 10.

12. Inspect and edit as desired /etc/ltsp/ltsp-update-image.excludes as some software running on the server will not be appropriate for the clients.

13. Once the server has been updated and any additional software has been installed a new client filesystem image must be created in order for the clients to also have these updates. This is the command

{{{sudo ltsp-update-image --cleanup /}}}

Note: if instead of an image being created the system reports:
"Your system seems to be using NFS to serve LTSP chroots.
If you're absolutely certain you want to switch to NBD, run:
    /usr/sbin/ltsp-update-image --config-nbd /"

run the command

{{{apt purge nfs-kernel-server}}}

and then repeat step 13. The package nfs-kernel-server must be installed only later in step 16.

This builds the latest squashfs image for nbd in /opt/ltsp/images and puts the latest kernel into /var/lib/tftboot/ltsp/amd64.) It triggers "ltsp-config nbd-server" to create (if needed) the files /etc/nbd-server/conf.d/swap.conf and /etc/nbd-server/conf.d/ltsp_amd64.conf. Check to see if both are there. It also creates /etc/nbd-client.

14. Then, create the default configuration file for the clients with the command

{{{sudo ltsp-config lts.conf}}}

15. At this point the ltsp server is ready to serve the clients the squashfile image with NBD. If this is desired then skip to the last step 19.

16. Install some additional packages with

{{{sudo apt install nfs-kernel-server}}}

17. Set up nfs with its export file

{{{sudo ltsp-config nfs}}}

18. Remove the symbolic link /var/lib/tftpboot/ltsp/amd64/pxelinux.cfg/default

{{{sudo rm -iv /var/lib/tftpboot/ltsp/amd64/pxelinux.cfg/default}}}

19. Create a file (not a symbolic link)

/var/lib/tftpboot/ltsp/amd64/pxelinux.cfg/default

with these 8 lines (note the append line is long:)

default ltsp-NFS

ontimeout ltsp-NFS

label ltsp-NFS

menu label LTSP, using NFS

kernel vmlinuz-amd64

append ro initrd=initrd.img-amd64 init=/sbin/init-ltsp forcepae root=/dev/nfs nfsroot=/opt/ltsp/images ltsploop=amd64.img

ipappend 3

20. Lastly reboot the server so that all changes are active including the user's membership in the group epoptes.

== Final notes ==
Line 114: Line 232:
Line 116: Line 233:
Line 118: Line 234:

In this model note that lts.conf is in/var/lib/tftpboot/ltsp/i386/ which among other things means that changes made to this file do NOT require a re-creation of the squashfs image.
In this model note that lts.conf is in/var/lib/tftpboot/ltsp/amd64/ which among other things means that changes made to this file do NOT require a re-creation of the squashfs image.
Line 124: Line 238:
Line 126: Line 239:
Line 131: Line 243:
On the commandline run as root{{{
ltsp-update-image --cleanup /}}}

== Installating and configuring LTSP using a separate chroot ==

This section documents a standard Debian LTSP installation on recent versions of Debian (wheezy and jessie), which uses NFS for a root filesystem, and ISC DHCPD.

 1. If you want a complete LTSP server with all the bells and
 whistles: {{{
apt-get install ltsp-server-standalone
}}}

 If you want more fine-grained control, splitting some services off to separate servers, you can install DebianPkg:ltsp-server instead, and manually install each of the other services.

 1. Build the LTSP client environment, downloading packages from the internet: {{{
ltsp-build-client
}}}

 If your clients do not support 64-bit extensions (amd64), and your server is 64-bit, you may want to build your chroot specifying the i386 architecture: {{{
ltsp-build-client --arch i386
}}}

 1. Configure DHCP.

 Edit /etc/ltsp/dhcpd.conf to adapt to your network.

 Include the LTSP dhcpd.conf at the bottom of /etc/dhcp/dhcpd.conf: {{{
include "/etc/ltsp/dhcpd.conf";
}}}

 Restart isc-dhcp-server: {{{
service isc-dhcp-server restart
}}}

 1. Configure /etc/exports: {{{
/opt/ltsp *(ro,no_root_squash,async,no_subtree_check)
}}}

 Restart nfs-kernel-server: {{{
service nfs-kernel-server restart
}}}

 1. Boot a PXE capable machine and enjoy.

== Installing LTSP with older versions ==

At the time of writing the version of LTSP in Debian Jessie is 5.5.2-1, while in Debian Wheezy 5.4.2-6+deb7u1. This particular model has much less flexibilty since the clients must run the same version of distribution and platform as the server. The upside is that the model is easier to maintain. Thus a 32bit version (Jessie i386 or Wheezy i386) is suggested. There is no separate chroot (sometimes referred to as ltsp-pnp) and nbd (rather than nfs) is used to provide a squashfs image.

The use of dnsmasq provides ease of configurability and maintenance. The default config file generated provides its use as the tftp server as well as handling dhcp-proxy or dhcp-server proper with the adjustment of commenting and/or uncommenting lines provided.

 1. Update the server, ensure the ip(s) is/are as desired (static is recommended) and /etc/hosts is as desired.

 1. Install ltsp-server-standalone, ltsp-client (since there is to be no separate chroot) dnsmasq (an easy to configure tool) other desired software and the desktop environment of your choice.

 1. On the commandline run as root {{{
ltsp-config dnsmasq
}}}

 This reports: Created /etc/dnsmasq.d/ltsp-server-dnsmasq.conf [ ok ]
 Restarting DNS forwarder and DHCP server: dnsmasq.

 1. If the server will run one subnet containing the Internet connection and the clients it need have only one network interface card. In this case dnsmasq can be configured to run a dhcp-proxy if there already is another dhcp server active. In this case edit the above file to comment out the dhcp range line and ensure there is a line (uncommented) stating dhcp-proxy.

 1. If the server will also run a dhcp-server then comment out the dhcp-proxy line and leave the dhcp-range line uncommented, ensuring the subnet entries are correct. Restart dnsmasq with{{{
service dnsmasq restart}}}
 1. Edit the config file /etc/ltsp/update-kernels.conf to have the uncommented lines: {{{
BOOT_METHODS=NBD
IPAPPEND=3
}}}

 1. The version of the kernel running on the server can be determined by: {{{
uname -r
}}}

 1. Note that at the time of writing the wheezy kernel was 3.2.0-4-486. {{{
dpkg-reconfigure linux-image-3.2.0-4-486
}}}

 This reports update-initramfs: Generating /boot/initrd.img-3.2.0-4-486 adding the changes above and triggers the call to /usr/share/ltsp/update-kernels.


 1. Inspect and edit as desired /etc/ltsp/ltsp-update-image.excludes as some software running on the server will not be appropriate for the clients.

 1. On the commandline run as root:{{{
ltsp-update-image --cleanup /
}}}

 This reports updating /var/lib/tftpboot directories for chroot: i386 (i.e. putting pxelinux.0 and pxelinux.cfg and the latest kernel into /var/lib/tftpboot/ltsp/i386/) and triggers ltsp-config nbd-server reporting created /etc/nbd-server/conf.d/swap.conf and created /etc/nbd-server/conf.d/ltsp_i386.conf and nbd-server. It also creates /etc/nbd-client but did not report it as well as putting the latest squashfs image for nbd into /opt/ltsp/images.

 1. On the commandline run as root:{{{
ltsp-config nbd-server
}}}

 This creates 3 files: /etc/nbd-server/conf.d/swap.conf /etc/nbd-client and /etc/nbd-server/conf.d/ltsp_i386.conf.

 If there is an error message "FATAL: Module overlayfs not found" it is a non-issue since aufs is used instead of overlayfs.

 1. On the commandline run as root:{{{
service nbd-server restart
}}}

 1. On the commandline run as root:{{{
ltsp-config lts.conf
}}}

At the time of writing Debian Jessie's version of xserver-xorg is 1.16. This may not run well on some older graphic cards. Debian Wheezy, on the other hand, has the 1.12 version and will work on many of those older graphic cards.

## If this page belongs to an existing Category, add it below.
## CategorySomething | CategoryAnother
On the commandline run

{{{sudo ltsp-update-image --cleanup /}}}

Once running the server with clients the command

{{{sudo showmount -a}}}

will verify that the clients are connected by nfs.

To test whether local dns caching is enabled, run the following command:
 
{{{nslookup google.com}}}

If it reports:
Server: 127.0.0.1
Address: 127.0.0.1#53

then the local dns cache is enabled.

----
CategoryNetwork

Translation(s): English - Português (Brasil)


LTSP5 How To

Upstream documentation with official, detailed information about installing LTSP is at http://wiki.ltsp.org/wiki/LTSPedia.

Installating and configuring LTSP5 using the chrootless method

Introduction

As the linux terminal server project (ltsp) has matured there are a number of options in its configuration to consider: chrootless or a separate chroot, all one subnet or a separate subnet for the clients, a local dns cache using dnsmasq or not, network block device (nbd) or network file system (nfs) or some of one with the other, 32 bit (i386) or 64 bit (amd64). In this howto the chrootless method is layed out in steps using the commandline and some steps are particular for one of the other options so that they could be skipped. The version of ltsp is labeled ltsp5 to distinguish it from the latest version ltsp19 which is in alpha at the time of writing.

The chrootless model (once known as ltsp-pnp) is less flexible than having a separate chroot since the clients must run the same version of distribution and platform as the server. The upside is that the model is easier to maintain. In the event that all clients can run the 64bit version this is recommended. This howto has been created using amd64. Otherwise a 32bit version is suggested (just make certain that everywhere this howto writes "amd64" replace it with "i386".) After creating a server that uses the nbd boot method there are a few additional steps at the end so that the squashfs image is served to the clients by nfs giving greater stability and speed.

The use of dnsmasq provides an easy way of providing useful features. It will act as the tftp server, the local dns cache and the handling of dhcp-proxy or dhcp-server proper.

Also in this model no static addresses will be used. NetworkManager will be configured to use the router's dhcp server and other options.

At the time of writing (August 19, 2019) the versions of LTSP and other relevant packages in Debian Buster are:

ltsp-info 

server information:
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 10 (buster)
Release:        10
Codename:       buster

server packages:
ii ldm 2:2.18.06-1
ii ldm-server 2:2.18.06-1
ii ldm-themes 18.02.1
ii ltsp-client 5.18.12-3
ii ltsp-client-core 5.18.12-3
un ltsp-docs <none>
ii ltsp-server 5.18.12-3
ii ltsp-server-standalone 5.18.12-3
un ltsp-utils <none>
ii ltspfs 1.5-2
ii ltspfsd 1.5-2
ii ltspfsd-core 1.5-2

found image: /opt/ltsp/images/amd64.img

Other relevant tools:
ii  kernel                    4.19.0-5-amd64
ii  epoptes                   1.0.1-2
ii  dnsmasq                   2.80-1
ii  network-manager           1.14.6-2
ii  network-manager-gnome     1.8.20-1.1
ii  nfs-kernel-server         1:1.3.4-2.5
ii  nbd-server                1:3.19-3

All config files need to be edited using root privileges. In this documentation the sudo command is used but it is also possible to use su to become root if your system is so configured.

Basic first steps for all scenarios

1. Update the server, and check the files /etc/hostname and /etc/hosts are as desired.

2. Install these 8 packages ltsp-server-standalone dnsmasq epoptes epoptes-client ltsp-client network-manager-gnome dnsutils rsync (and if you haven't already a desktop environment installed) a desktop environment of your choice.

3. Once epoptes is installed one must add the server's user (in the example "administrator") to the new epoptes group. This command will do it:

sudo usermod -G epoptes -a administrator

Note that this new membership will only be activated in the next login.

4. Often there is no such line but check in /etc/NetworkManager/NetworkManager.conf for a line with the dns= key. If it is there comment out the line.

  • ◦ #dns=dnsmasq

In case step 5 is confusing, here is an explanation. Often Debian configurations are setup so that the following file deals with the network device. Most of the time the active use of this file means that network manager will not deal with the network device. In this howto network-manager will be used. Step 5 allows the configuration to be changed if necessary.

5. Check the file /etc/network/interfaces for possible lines similar to

# The primary network interface allow-hotplug <the network device> iface <the network device> inet <method>

“method” here is often “dhcp” or “static” but there are others.

If such lines are not present (or they are commented out with the symbol #) then network-manager will be in control so go on to step 6. Otherwise these lines need to be commented out by adding the hash symbol # in front of each line. Then save this edited config file. However, the system must be rebooted before control can be passed on to network-manager otherwise step 6 cannot be done. Be careful, once the server is rebooted the Internet may be temporarily unavailable until step 6 is done. So take care to copy down somewhere all of step 6 and complete it so the Internet is restored.

If the server is to use two network interfaces jump down to step 6(dual)

Steps for the one network interface scenario

6(single). To edit NetworkManager's configuration launch nm-connection-editor from the command line. After launching: Choose the Wired connection and double click it. This opens it for editing. Click on the IPv4 Settings tab. Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'. In the DNS servers field enter 127.0.0.1 first to allow dnsmasq to cache (otherwise leave it out) followed by one or two external DNS servers, separated by spaces (e.g. 127.0.0.1 208.67.222.222 8.8.8.8). Now click on the General tab and make sure that both lines are enabled: "Connect automatically with priority" and "All users may connect to this network" then save these settings and close the window.

Restart Network Manager with

sudo systemctl restart network-manager.service

If the Internet was not available this should restore it.

7(single). Create a default configuration file for dnsmasq with the command

sudo ltsp-config dnsmasq

8(single). To activate dnsmasq to serve as the local dns cache, in addition to step 5 part (b) you must edit the file /etc/dnsmasq.d/ltsp-server-dnsmasq.conf and comment out the line: #port=0 Otherwise commenting this line out, dnsmasq will run perfectly fine but will not serve as the local dns cache.

9(single). The other part to edit has to do with whether the server is going to use the router as its dhcp server (as is usually the case) so that dnsmasq is configured with dhcp proxy. To do this see if the line dhcp-range=x.y.z.0,proxy corresponds to this subnet. If this is correct comment out the other range line #dhcp-range=192.168.67.20,192.168.67.250,8h and save the file. If instead you want the server to use dnsmasq as the dhcp server then comment out the proxy line and set the dhcp-range=x.y.z.20,x.y.z.250,8h as appropriate.

Then restart dnsmasq with the command

sudo systemctl restart dnsmasq.service

Skip down to step 10

Steps for the two network interfaces scenario

Note that the local area network (lan) device should be a gigabit (or faster) device and connected to a gigabit switch (or a gigabit port) with a category 6 (or faster) cable. The wide area network (wan) device may even be wireless.

6(dual). To edit NetworkManager's configuration launch nm-connection-editor from the command line. After launching you should see two wired connections, one for the wide area network (wan) that faces the router and the other for the local area network (lan) that faces the ltsp clients. Edit the wan connection as described above. Edit the lan connection as follows:

Click on the IPv4 Settings tab. Choose the method 'Shared to other computers’ and in the ‘Address (optional) section add the address 192.168.67.1 and netmask 24 but leave the gateway blank. Now click on the General tab and make sure that both lines are enabled: "Connect automatically with priority" and "All users may connect to this network" Save these settings and close the window. Network manager will now provide ip-forwarding and iptable nat rules on the lan interface without needing you to do anything else, once the server has been rebooted.

Restart Network Manager with

sudo systemctl restart network-manager.service

Note To verify that iptable nat rules are in force run the command

sudo iptables -L

which should produce some rules that mention 192.168.67.1

7(dual). Create a default configuration file for dnsmasq with the command

sudo ltsp-config dnsmasq

8(dual). To activate dnsmasq to serve as the local dns cache, in addition to step 5 part (b) you must edit the file /etc/dnsmasq.d/ltsp-server-dnsmasq.conf and comment out the line: #port=0

Otherwise leaving this line as it is, dnsmasq will run perfectly fine but will not serve as the local dns cache.

9(dual). Check to see if the line dhcp-range=x.y.z.0,proxy corresponds to the wan subnet and the other range line dhcp-range=192.168.67.20,192.168.67.250,8h corresponds to the lan subnet. Leave both lines active (without the # symbol.)

Thus dnsmasq will be the dhcp server for the lan, i.e. subnet with the clients.

Final basic steps for any scenario

Note, as mentioned above, steps 10 and 11 are only necessary if dhcp proxy is NOT wanted. So they can be skipped because the ltsp configuration defaults to IPAPPEND 3 for proxyDHCP so skip to step 12.

10. If the router is NOT going to be a DHCP server for the ltsp server then edit the config file /etc/ltsp/update-kernels.conf and add the line IPAPPEND=2

11. After doing step 10 this change needs to be put in the initd. The version of the kernel running on the server can be determined with the command uname -r Note that at the time of writing the kernel was 4.19.0-5-amd64 thus the command is

sudo dpkg-reconfigure linux-image-4.19.0-5-amd64

This reports update-initramfs: Generating /boot/initrd.img-4.19.0-5-amd64 adding the change from step 10.

12. Inspect and edit as desired /etc/ltsp/ltsp-update-image.excludes as some software running on the server will not be appropriate for the clients.

13. Once the server has been updated and any additional software has been installed a new client filesystem image must be created in order for the clients to also have these updates. This is the command

sudo ltsp-update-image --cleanup /

Note: if instead of an image being created the system reports: "Your system seems to be using NFS to serve LTSP chroots. If you're absolutely certain you want to switch to NBD, run:

  • /usr/sbin/ltsp-update-image --config-nbd /"

run the command

apt purge nfs-kernel-server

and then repeat step 13. The package nfs-kernel-server must be installed only later in step 16.

This builds the latest squashfs image for nbd in /opt/ltsp/images and puts the latest kernel into /var/lib/tftboot/ltsp/amd64.) It triggers "ltsp-config nbd-server" to create (if needed) the files /etc/nbd-server/conf.d/swap.conf and /etc/nbd-server/conf.d/ltsp_amd64.conf. Check to see if both are there. It also creates /etc/nbd-client.

14. Then, create the default configuration file for the clients with the command

sudo ltsp-config lts.conf

15. At this point the ltsp server is ready to serve the clients the squashfile image with NBD. If this is desired then skip to the last step 19.

16. Install some additional packages with

sudo apt install nfs-kernel-server

17. Set up nfs with its export file

sudo ltsp-config nfs

18. Remove the symbolic link /var/lib/tftpboot/ltsp/amd64/pxelinux.cfg/default

sudo rm -iv /var/lib/tftpboot/ltsp/amd64/pxelinux.cfg/default

19. Create a file (not a symbolic link)

/var/lib/tftpboot/ltsp/amd64/pxelinux.cfg/default

with these 8 lines (note the append line is long:)

default ltsp-NFS

ontimeout ltsp-NFS

label ltsp-NFS

menu label LTSP, using NFS

kernel vmlinuz-amd64

append ro initrd=initrd.img-amd64 init=/sbin/init-ltsp forcepae root=/dev/nfs nfsroot=/opt/ltsp/images ltsploop=amd64.img

ipappend 3

20. Lastly reboot the server so that all changes are active including the user's membership in the group epoptes.

Final notes

The lts.conf file should be studied and edited as appropriate. Note that all headings (written between square brackets) should have at least one entry each so don't leave any empty. This file plays a role similar to xorg.conf for xorg and there are many options for it to choose from. One is worth mentioning here: Under [Default] the option LDM_DIRECTX = True (the default is false) allows one to turn off the encrypted X tunnel via SSH, and instead run a less secure, but much faster unencrypted tunnel. If speed is important and security is less so then it is recommended. In this model note that lts.conf is in/var/lib/tftpboot/ltsp/amd64/ which among other things means that changes made to this file do NOT require a re-creation of the squashfs image. When ready to try ltsp don't forget to create users as appropriate for the clients. This also does NOT require a re-creation of the squashfs image.

The following changes DO require a re-creation of the squashfs image: When the server is updated. Software is added to the server that is desirable for clients.

This means one repeats the step:

On the commandline run

sudo ltsp-update-image --cleanup /

Once running the server with clients the command

sudo showmount -a

will verify that the clients are connected by nfs.

To test whether local dns caching is enabled, run the following command:

nslookup google.com

If it reports: Server: 127.0.0.1 Address: 127.0.0.1#53

then the local dns cache is enabled.


CategoryNetwork