Differences between revisions 93 and 94
Revision 93 as of 2018-06-04 15:10:28
Size: 12900
Editor: ?RichardKweskin
Comment:
Revision 94 as of 2019-03-20 16:43:51
Size: 8597
Editor: ?RichardKweskin
Comment: Updated to Buster
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
== Installating and configuring LTSP using the LTSP-PNP method == == Installating and configuring LTSP using the chrootless method ==
Line 10: Line 10:
At the time of writing these versions of LTSP packages in Debian Stretch are: This was once known as ltsp-pnp) method.
At the time of writing (February 11th 2019) the versions of LTSP and other relevant packages in Debian Buster are:
ltsp-info
server information:
No LSB modules are available.
Distributor ID:    Debian
Description:    Debian GNU/Linux buster/sid
Release:    testing
Codename:    buster
server packages:
ii ldm 2:2.18.06-1
ii ldm-server 2:2.18.06-1
ii ldm-themes 17.01.1
ii ltsp-client 5.18.12-1
ii ltsp-client-core 5.18.12-1
ii epoptes  1.0.1-2
ii dnsmasq  2.80-1
Line 12: Line 28:
server information:
Distributor ID: Debian
Description: Debian GNU/Linux 9.4 (stretch)
Release: 9.4
Codename: stretch
This particular model has less flexibilty since the clients must run the same version of distribution and platform as the server. The upside is that the model is easier to maintain. In the event that all clients can run the 64bit version this is recommended. This howto has been created using amd64. Otherwise a 32bit version (Buster i386 or Stretch i386) is suggested (just make certain that everywhere this howto writes "amd64" replace it with "i386".) There is no separate chroot, hence the name “Chrootless” and the boot method is by nbd rather than nfs. A squashfs image is provided by this device.
Line 18: Line 30:
server packages:
ii ldm 2:2.2.18-2
ii ldm-server 2:2.2.18-2
ii ldm-themes 17.01
ii ltsp-client 5.5.9-2
ii ltsp-client-core 5.5.9-2
ii ltsp-docs 1.2-1
ii ltsp-server 5.5.9-2
ii ltsp-server-standalone 5.5.9-2
un ltsp-utils <none>
ii ltspfs 1.4-2+b1
ii ltspfsd 1.4-2
ii ltspfsd-core 1.4-2+b1

This particular model has much less flexibilty since the clients must run the same version of distribution and platform as the server. The upside is that the model is easier to maintain. In the event that all clients can run the 64bit version this is recommended. This howto has been created using amd64. Otherwise a 32bit version (Stretch i386 or Jessie i386) is suggested (just make certain that everywhere this howto writes "amd64" replace it with "i386".) There is no separate chroot (sometimes referred to as ltsp-pnp) and the boot method is by nbd rather than nfs. A squashfs image is provided by this device.

The use of dnsmasq provides ease of configurability and maintenance. The default config file generated provides its use as the tftp server as well as handling dhcp-proxy or dhcp-server proper with the adjustment of commenting and/or uncommenting lines provided. It can also be edited to run a local DNS cache on the server.
The use of dnsmasq provides ease of configurability and maintenance. The default config file generated provides its use as the tftp server, the local dns cache and the handling of dhcp-proxy or dhcp-server proper.
Line 38: Line 34:
(i) Update the server, and check the files /etc/hostname and /etc/hosts are as desired. The steps:
Line 40: Line 36:
(ii)Install these 8 packages ltsp-server-standalone dnsmasq epoptes epoptes-client ltsp-client network-manager-gnome resolvconf rsync (and if you haven't already a desktop environment installed) a desktop environment of your choice. 1. Update the server, and check the files /etc/hostname and /etc/hosts are as desired.
2. Install these 8 packages ltsp-server-standalone dnsmasq epoptes epoptes-client ltsp-client network-manager-gnome resolvconf rsync (and if you haven't already a desktop environment installed) a desktop environment of your choice.
Line 42: Line 39:
At the time of writing epoptes is at version 0.5.10-2.

All config files need to be edited using root pri
vileges. Now start with configurations:

1. Once epoptes is installed one must add the server's user (in the example "administrator") to the new epoptes group. This command will do it: {{{
sudo usermod
-G epoptes -a administrator
}}}

Note that this new membership will only be activated in the next login.

2.
Check the file /etc/network/interfaces for possible lines similar to

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

If they are not present or they are commented out as above then network-manager will be in control of the network interface which is assumed in this model so go on to step 3.

Otherwise these lines need to be commented out by adding the asterisk symbol as shown above and the config file is saved otherwise step 3 cannot be done. However, the server needs to be rebooted and will render the Internet temporarily unavailable until part (b) of step 3 is done.

So take care to copy down somewhere all of part (b) of step 3 and complete it so the Internet is restored.

3
. We must edit NetworkManager's configuration in two places.

   
(a) Check in /etc/NetworkManager/NetworkManager.conf for the dns= key and comment out the line

     
#dns=dnsmasq

    
(b) Launch nm-connection-editor from the command line. After launching:

   
Choose the Wired connection and click Edit.
   
Click on the IPv4 Settings tab.
   
Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'.
   
In the DNS servers field enter 127.0.0.1 first followed by one or two external DNS servers, separated by spaces (e.g. 127.0.0.1 208.67.222.222 8.8.8.8).
    Save these settings and close the window.

and then restart Network Manager with{{{
sudo
systemctl restart network-manager}}}

4. Create a default configuration file for dnsmasq with the command{{{
sudo ltsp-config dnsmasq}}}

Edit this file /etc/dnsmasq.d/ltsp-server-dnsmasq.conf so that local dns caching is activated. Comment out{{{

#port=0}}}

When working with a server with one nic (only one subnet with the server, all clients and the router) check to see if the line{{{
dhcp-range=x.y.z.0,proxy}}}
corresponds to this subnet. If this is correct comment out the other range line{{{
#dhcp-range=192.168.67.20,192.168.67.250,8h}}}

If on the other hand the server has two nics be sure to connect the gigabit capable device to the switch with the clients and give that device the static ip 192.168.67.1 and leave both lines active (without the # symbol.)  
Thus dnsmasq is the dhcp server for that subnet only.

Then restart dnsmasq with the command{{{
sudo systemctl restart dnsmasq}}}

5.
Edit the config file /etc/ltsp/update-kernels.conf to have the uncommented lines{{{
BO
OT_METHODS=NBD
IPAPPEND=3}}}

6. The version of the kernel running on the server can be determined with the command{{{
uname
-r}}}

Note that at the time of writing the kernel was 4.9.0-6-amd64 in 64bit Stretch thus the command is{{{
sudo dpkg-reconfigure linux-image-4.9.0-6-amd64}}}

This reports update-initramfs: Generating /boot/initrd.img-4.9.0-6-amd64 adding the changes above.

7. Inspect and edit as desired /etc/ltsp/ltsp-update-image.excludes as some software running on the server will not be appropriate for the clients.

8. Once the server has been updated and any additional software has been installed a new client filesystem image must be created in order for the clients to also have these updates. This is the command{{{
sudo ltsp-update-image
--cleanup /}}}
All config files need to be edited using root privileges. In this documentation the sudo command is used but it is also possible to use su to become root if your system is so configured.
3. Once epoptes is installed one must add the server's user (in the example "administrator") to the new epoptes group. This command will do it:
sudo usermod -G epoptes -a administrator
Note that this new membership will only be activated in the next login.
4. Check the file /etc/network/interfaces for possible lines similar to
# The primary network interface #allow-hotplug eth0 #iface eth0 inet dhcp
If they are not present or they are commented out as above then network-manager will be in control of the network interface which is assumed in this model so go on to step 5.
Otherwise these lines need to be commented out by adding the asterisk symbol as shown above and the config file is saved otherwise step 5 cannot be done. However, the server needs to be rebooted and will render the Internet temporarily unavailable until part (b) of step 5 is done.
So take care to copy down somewhere all of part (b) of step 5 and complete it so the Internet is restored.
5. We may need to edit NetworkManager's configuration in two places. In my new default configuration part (a) was not needed as there was no such line dns= so skip to part (b) if you want dnsmasq to also be a local dns cache. If not skip to step 6.
    • (a) Check in /etc/NetworkManager/NetworkManager.conf for the dns= key and comment out the line
        ◦ #dns=dnsmasq
      (b) Launch nm-connection-editor from the command line. After launching: Choose the Wired connection and click Edit. Click on the IPv4 Settings tab. Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'. In the DNS servers field enter 127.0.0.1 first followed by one or two external DNS servers, separated by spaces (e.g. 127.0.0.1 208.67.222.222 8.8.8.8). Save these settings and close the window.
and then restart Network Manager with
sudo systemctl restart network-manager.service
6. Create a default configuration file for dnsmasq with the command
sudo ltsp-config dnsmasq
7. To activate dnsmasq to serve as the local dns cache, in addition to step 5 part (b) you must edit the file /etc/dnsmasq.d/ltsp-server-dnsmasq.conf and comment out the line:
#port=0
Otherwise leaving this line as it is, dnsmasq will run perfectly fine but will not serve as the local dns cache.
8. The other part to edit here has to do with whether your server runs with one network interface and hence there is only one network for the clients and the router or there are two interfaces so that the clients run on a separate network from the router.

When working with a server with one nic (only one subnet with the server, all clients and the router) check to see if the line
dhcp-range=x.y.z.0,proxy
corresponds to this subnet. If this is correct comment out the other range line
#dhcp-range=192.168.67.20,192.168.67.250,8h
If on the other hand the server has two nics be sure to connect the gigabit capable device to the switch with the clients and give that device the static ip 192.168.67.1 and leave both lines active (without the # symbol.)
Thus dnsmasq will be the dhcp server for the subnet with the clients.
Then restart dnsmasq with the command
sudo systemctl restart dnsmasq.service
Note, steps 9 and 10 can be skipped because the default ltsp configuration is now IPAPPEND 3 for proxyDHCP. They are only necessary if this is NOT wanted, so skip to step 11.
9. If your server is going to run a D
HCP server instead of the router then edit the config file /etc/ltsp/updateProcessing triggers for initramfs-tools (0.133)  and add the line
IPAPPEND=2
10. After doing step 9 this change needs to be put in the initd. The version of the kernel running on the server can be determined with the command
uname -r
Note that at the time of writing the kernel was 4.19.0-2-amd64 in 64bit Buster thus the command is
sudo dpkg-reconfigure linux-image-4.19.0-2-amd64
This reports update-initramfs: Generating /boot/initrd.img-4.19.0-2-amd64 adding the change from step 9.
11. Inspect and edit as desired /etc/ltsp/ltsp-update-image.excludes as some software running on the ser
ver will not be appropriate for the clients.
12. Once the server has been updated and any additional software has been installed a new client filesystem image must be created in order for the clients to also have these updates. This is the command
sudo ltsp-update-image --cleanup /
Line 117: Line 80:

9. Then, create the default configuration file for the clients with the command{{{
sudo
ltsp-config lts.conf}}}

10. Lastly reboot the server so that all changes are active including the user's membership in the group epoptes.
13. Then, create the default configuration file for the clients with the command
sudo ltsp-config lts.conf
14. Lastly reboot the server so that all changes are active including the user's membership in the group epoptes.
Line 124: Line 85:
Line 126: Line 86:
Line 128: Line 87:
Line 130: Line 88:
Line 132: Line 89:
Line 134: Line 90:

The following changes DO require a re-creation of the squashfs image:

When the server is updated.

Software is added to the server that is desirable for clients.

This means one repeats the step:

On the commandline run as root{{{
ltsp-update-image --cleanup /}}}

== Installating and configuring LTSP using a separate chroot ==

This section documents a standard Debian LTSP installation on recent versions of Debian (wheezy and jessie), which uses NFS for a root filesystem, and ISC DHCPD.

 1. If you want a complete LTSP server with all the bells and
 whistles: {{{
apt-get install ltsp-server-standalone
}}}

 If you want more fine-grained control, splitting some services off to separate servers, you can install DebianPkg:ltsp-server instead, and manually install each of the other services.

 1. Build the LTSP client environment, downloading packages from the internet: {{{
ltsp-build-client
}}}

 If your clients do not support 64-bit extensions (amd64), and your server is 64-bit, you may want to build your chroot specifying the i386 architecture: {{{
ltsp-build-client --arch i386
}}}

 1. Configure DHCP.

 Edit /etc/ltsp/dhcpd.conf to adapt to your network.

 Include the LTSP dhcpd.conf at the bottom of /etc/dhcp/dhcpd.conf: {{{
include "/etc/ltsp/dhcpd.conf";
}}}

 Restart isc-dhcp-server: {{{
service isc-dhcp-server restart
}}}

 1. Configure /etc/exports: {{{
/opt/ltsp *(ro,no_root_squash,async,no_subtree_check)
}}}

 Restart nfs-kernel-server: {{{
service nfs-kernel-server restart
}}}

 1. Boot a PXE capable machine and enjoy.

== Installing LTSP with older versions ==

At the time of writing the version of LTSP in Debian Jessie is 5.5.2-1, while in Debian Wheezy 5.4.2-6+deb7u1. This particular model has much less flexibilty since the clients must run the same version of distribution and platform as the server. The upside is that the model is easier to maintain. Thus a 32bit version (Jessie i386 or Wheezy i386) is suggested. There is no separate chroot (sometimes referred to as ltsp-pnp) and nbd (rather than nfs) is used to provide a squashfs image.

The use of dnsmasq provides ease of configurability and maintenance. The default config file generated provides its use as the tftp server as well as handling dhcp-proxy or dhcp-server proper with the adjustment of commenting and/or uncommenting lines provided.

 1. Update the server, ensure the ip(s) is/are as desired (static is recommended) and /etc/hosts is as desired.

 1. Install ltsp-server-standalone, ltsp-client (since there is to be no separate chroot) dnsmasq (an easy to configure tool) other desired software and the desktop environment of your choice.

 1. On the commandline run as root {{{
ltsp-config dnsmasq
}}}

 This reports: Created /etc/dnsmasq.d/ltsp-server-dnsmasq.conf [ ok ]
 Restarting DNS forwarder and DHCP server: dnsmasq.

 1. If the server will run one subnet containing the Internet connection and the clients it need have only one network interface card. In this case dnsmasq can be configured to run a dhcp-proxy if there already is another dhcp server active. In this case edit the above file to comment out the dhcp range line and ensure there is a line (uncommented) stating dhcp-proxy.

 1. If the server will also run a dhcp-server then comment out the dhcp-proxy line and leave the dhcp-range line uncommented, ensuring the subnet entries are correct. Restart dnsmasq with{{{
service dnsmasq restart}}}
 1. Edit the config file /etc/ltsp/update-kernels.conf to have the uncommented lines: {{{
BOOT_METHODS=NBD
IPAPPEND=3
}}}

 1. The version of the kernel running on the server can be determined by: {{{
uname -r
}}}

 1. Note that at the time of writing the wheezy kernel was 3.2.0-4-486. {{{
dpkg-reconfigure linux-image-3.2.0-4-486
}}}

 This reports update-initramfs: Generating /boot/initrd.img-3.2.0-4-486 adding the changes above and triggers the call to /usr/share/ltsp/update-kernels.


 1. Inspect and edit as desired /etc/ltsp/ltsp-update-image.excludes as some software running on the server will not be appropriate for the clients.

 1. On the commandline run as root:{{{
ltsp-update-image --cleanup /
}}}

 This reports updating /var/lib/tftpboot directories for chroot: i386 (i.e. putting pxelinux.0 and pxelinux.cfg and the latest kernel into /var/lib/tftpboot/ltsp/i386/) and triggers ltsp-config nbd-server reporting created /etc/nbd-server/conf.d/swap.conf and created /etc/nbd-server/conf.d/ltsp_i386.conf and nbd-server. It also creates /etc/nbd-client but did not report it as well as putting the latest squashfs image for nbd into /opt/ltsp/images.

 1. On the commandline run as root:{{{
ltsp-config nbd-server
}}}

 This creates 3 files: /etc/nbd-server/conf.d/swap.conf /etc/nbd-client and /etc/nbd-server/conf.d/ltsp_i386.conf.

 If there is an error message "FATAL: Module overlayfs not found" it is a non-issue since aufs is used instead of overlayfs.

 1. On the commandline run as root:{{{
service nbd-server restart
}}}

 1. On the commandline run as root:{{{
ltsp-config lts.conf
}}}

At the time of writing Debian Jessie's version of xserver-xorg is 1.16. This may not run well on some older graphic cards. Debian Wheezy, on the other hand, has the 1.12 version and will work on many of those older graphic cards.

## If this page belongs to an existing Category, add it below.
## CategorySomething | CategoryAnother
The following changes DO require a re-creation of the squashfs image:
When the server is updated.
Software is added to the server that is desirable for clients.
This means one repeats the step:
On the commandline run
sudo ltsp-update-image --cleanup /

Translation(s): Português Brasileiro


LTSP How To

Upstream documentation with official, detailed information about installing LTSP is at http://wiki.ltsp.org/wiki/LTSPedia.

Installating and configuring LTSP using the chrootless method

This was once known as ltsp-pnp) method. At the time of writing (February 11th 2019) the versions of LTSP and other relevant packages in Debian Buster are: ltsp-info server information: No LSB modules are available. Distributor ID:    Debian Description:    Debian GNU/Linux buster/sid Release:    testing Codename:    buster server packages: ii ldm 2:2.18.06-1 ii ldm-server 2:2.18.06-1 ii ldm-themes 17.01.1 ii ltsp-client 5.18.12-1 ii ltsp-client-core 5.18.12-1 ii epoptes  1.0.1-2 ii dnsmasq  2.80-1

This particular model has less flexibilty since the clients must run the same version of distribution and platform as the server. The upside is that the model is easier to maintain. In the event that all clients can run the 64bit version this is recommended. This howto has been created using amd64. Otherwise a 32bit version (Buster i386 or Stretch i386) is suggested (just make certain that everywhere this howto writes "amd64" replace it with "i386".) There is no separate chroot, hence the name “Chrootless” and the boot method is by nbd rather than nfs. A squashfs image is provided by this device.

The use of dnsmasq provides ease of configurability and maintenance. The default config file generated provides its use as the tftp server, the local dns cache and the handling of dhcp-proxy or dhcp-server proper.

Also in this model no static addresses will be used. NetworkManager will be configured to use the router's dhcp server.

The steps:

1. Update the server, and check the files /etc/hostname and /etc/hosts are as desired. 2. Install these 8 packages ltsp-server-standalone dnsmasq epoptes epoptes-client ltsp-client network-manager-gnome resolvconf rsync (and if you haven't already a desktop environment installed) a desktop environment of your choice.

All config files need to be edited using root privileges. In this documentation the sudo command is used but it is also possible to use su to become root if your system is so configured. 3. Once epoptes is installed one must add the server's user (in the example "administrator") to the new epoptes group. This command will do it: sudo usermod -G epoptes -a administrator Note that this new membership will only be activated in the next login. 4. Check the file /etc/network/interfaces for possible lines similar to # The primary network interface #allow-hotplug eth0 #iface eth0 inet dhcp If they are not present or they are commented out as above then network-manager will be in control of the network interface which is assumed in this model so go on to step 5. Otherwise these lines need to be commented out by adding the asterisk symbol as shown above and the config file is saved otherwise step 5 cannot be done. However, the server needs to be rebooted and will render the Internet temporarily unavailable until part (b) of step 5 is done. So take care to copy down somewhere all of part (b) of step 5 and complete it so the Internet is restored. 5. We may need to edit NetworkManager's configuration in two places. In my new default configuration part (a) was not needed as there was no such line dns= so skip to part (b) if you want dnsmasq to also be a local dns cache. If not skip to step 6.

  • • (a) Check in /etc/NetworkManager/NetworkManager.conf for the dns= key and comment out the line
    • ◦ #dns=dnsmasq
    • (b) Launch nm-connection-editor from the command line. After launching: Choose the Wired connection and click Edit. Click on the IPv4 Settings tab. Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'. In the DNS servers field enter 127.0.0.1 first followed by one or two external DNS servers, separated by spaces (e.g. 127.0.0.1 208.67.222.222 8.8.8.8). Save these settings and close the window.

and then restart Network Manager with sudo systemctl restart network-manager.service 6. Create a default configuration file for dnsmasq with the command sudo ltsp-config dnsmasq 7. To activate dnsmasq to serve as the local dns cache, in addition to step 5 part (b) you must edit the file /etc/dnsmasq.d/ltsp-server-dnsmasq.conf and comment out the line: #port=0 Otherwise leaving this line as it is, dnsmasq will run perfectly fine but will not serve as the local dns cache. 8. The other part to edit here has to do with whether your server runs with one network interface and hence there is only one network for the clients and the router or there are two interfaces so that the clients run on a separate network from the router. When working with a server with one nic (only one subnet with the server, all clients and the router) check to see if the line dhcp-range=x.y.z.0,proxy corresponds to this subnet. If this is correct comment out the other range line #dhcp-range=192.168.67.20,192.168.67.250,8h If on the other hand the server has two nics be sure to connect the gigabit capable device to the switch with the clients and give that device the static ip 192.168.67.1 and leave both lines active (without the # symbol.) Thus dnsmasq will be the dhcp server for the subnet with the clients. Then restart dnsmasq with the command sudo systemctl restart dnsmasq.service Note, steps 9 and 10 can be skipped because the default ltsp configuration is now IPAPPEND 3 for proxyDHCP. They are only necessary if this is NOT wanted, so skip to step 11. 9. If your server is going to run a DHCP server instead of the router then edit the config file /etc/ltsp/updateProcessing triggers for initramfs-tools (0.133)  and add the line IPAPPEND=2 10. After doing step 9 this change needs to be put in the initd. The version of the kernel running on the server can be determined with the command uname -r Note that at the time of writing the kernel was 4.19.0-2-amd64 in 64bit Buster thus the command is sudo dpkg-reconfigure linux-image-4.19.0-2-amd64 This reports update-initramfs: Generating /boot/initrd.img-4.19.0-2-amd64 adding the change from step 9. 11. Inspect and edit as desired /etc/ltsp/ltsp-update-image.excludes as some software running on the server will not be appropriate for the clients. 12. Once the server has been updated and any additional software has been installed a new client filesystem image must be created in order for the clients to also have these updates. This is the command sudo ltsp-update-image --cleanup / This builds the latest squashfs image for nbd in /opt/ltsp/images and puts the latest kernel into /var/lib/tftboot/ltsp/amd64.) It triggers "ltsp-config nbd-server" to create (if needed) the files /etc/nbd-server/conf.d/swap.conf and /etc/nbd-server/conf.d/ltsp_amd64.conf. Check to see if both are there. It also creates /etc/nbd-client. 13. Then, create the default configuration file for the clients with the command sudo ltsp-config lts.conf 14. Lastly reboot the server so that all changes are active including the user's membership in the group epoptes.

Notes The lts.conf file should be studied and edited as appropriate. Note that all headings (written between square brackets) should have at least one entry each so don't leave any empty. This file plays a role similar to xorg.conf for xorg and there are many options for it to choose from. One is worth mentioning here: Under [Default] the option LDM_DIRECTX = True (the default is false) allows one to turn off the encrypted X tunnel via SSH, and instead run a less secure, but much faster unencrypted tunnel. If speed is important and security is less so then it is recommended. In this model note that lts.conf is in/var/lib/tftpboot/ltsp/amd64/ which among other things means that changes made to this file do NOT require a re-creation of the squashfs image. When ready to try ltsp don't forget to create users as appropriate for the clients. This also does NOT require a re-creation of the squashfs image. The following changes DO require a re-creation of the squashfs image: When the server is updated. Software is added to the server that is desirable for clients. This means one repeats the step: On the commandline run sudo ltsp-update-image --cleanup /