Translation(s): Português Brasileiro


Upstream documentation with official, detailed information about installing LTSP is at

Installating and configuring LTSP using the chrootless method

This was once known as ltsp-pnp) method. At the time of writing (February 11th 2019) the versions of LTSP and other relevant packages in Debian Buster are: ltsp-info server information: No LSB modules are available. Distributor ID:    Debian Description:    Debian GNU/Linux buster/sid Release:    testing Codename:    buster server packages: ii ldm 2:2.18.06-1 ii ldm-server 2:2.18.06-1 ii ldm-themes 17.01.1 ii ltsp-client 5.18.12-1 ii ltsp-client-core 5.18.12-1 ii epoptes  1.0.1-2 ii dnsmasq  2.80-1

This particular model has less flexibilty since the clients must run the same version of distribution and platform as the server. The upside is that the model is easier to maintain. In the event that all clients can run the 64bit version this is recommended. This howto has been created using amd64. Otherwise a 32bit version (Buster i386 or Stretch i386) is suggested (just make certain that everywhere this howto writes "amd64" replace it with "i386".) There is no separate chroot, hence the name “Chrootless” and the boot method is by nbd rather than nfs. A squashfs image is provided by this device.

The use of dnsmasq provides ease of configurability and maintenance. The default config file generated provides its use as the tftp server, the local dns cache and the handling of dhcp-proxy or dhcp-server proper.

Also in this model no static addresses will be used. NetworkManager will be configured to use the router's dhcp server.

The steps:

1. Update the server, and check the files /etc/hostname and /etc/hosts are as desired.

2. Install these 8 packages ltsp-server-standalone dnsmasq epoptes epoptes-client ltsp-client network-manager-gnome resolvconf rsync (and if you haven't already a desktop environment installed) a desktop environment of your choice.

All config files need to be edited using root privileges. In this documentation the sudo command is used but it is also possible to use su to become root if your system is so configured.

3. Once epoptes is installed one must add the server's user (in the example "administrator") to the new epoptes group. This command will do it: sudo usermod -G epoptes -a administrator Note that this new membership will only be activated in the next login.

4. Check the file /etc/network/interfaces for possible lines similar to # The primary network interface #allow-hotplug eth0 #iface eth0 inet dhcp If they are not present or they are commented out as above then network-manager will be in control of the network interface which is assumed in this model so go on to step 5. Otherwise these lines need to be commented out by adding the hash, or pound, symbol as shown above and the config file is saved otherwise step 5 cannot be done. However, the server needs to be rebooted and will render the Internet temporarily unavailable until part (b) of step 5 is done. So take care to copy down somewhere all of part (b) of step 5 and complete it so the Internet is restored.

5. We may need to edit NetworkManager's configuration in two places. In my new default configuration part (a) was not needed as there was no such line dns= so skip to part (b) if you want dnsmasq to also be a local dns cache. If not skip to step 6.

and then restart Network Manager with sudo systemctl restart network-manager.service

6. Create a default configuration file for dnsmasq with the command sudo ltsp-config dnsmasq

7. To activate dnsmasq to serve as the local dns cache, in addition to step 5 part (b) you must edit the file /etc/dnsmasq.d/ltsp-server-dnsmasq.conf and comment out the line: #port=0 Otherwise leaving this line as it is, dnsmasq will run perfectly fine but will not serve as the local dns cache.

8. The other part to edit here has to do with whether your server runs with one network interface and hence there is only one network for the clients and the router or there are two interfaces so that the clients run on a separate network from the router. When working with a server with one nic (only one subnet with the server, all clients and the router) check to see if the line dhcp-range=x.y.z.0,proxy corresponds to this subnet. If this is correct comment out the other range line #dhcp-range=,,8h If on the other hand the server has two nics be sure to connect the gigabit capable device to the switch with the clients and give that device the static ip and leave both lines active (without the # symbol.) Thus dnsmasq will be the dhcp server for the subnet with the clients. Then restart dnsmasq with the command sudo systemctl restart dnsmasq.service Note, steps 9 and 10 can be skipped because the default ltsp configuration is now IPAPPEND 3 for proxyDHCP. They are only necessary if this is NOT wanted, so skip to step 11.

9. If your server is going to run a DHCP server instead of the router then edit the config file /etc/ltsp/updateProcessing triggers for initramfs-tools (0.133)  and add the line IPAPPEND=2

10. After doing step 9 this change needs to be put in the initd. The version of the kernel running on the server can be determined with the command uname -r Note that at the time of writing the kernel was 4.19.0-2-amd64 in 64bit Buster thus the command is sudo dpkg-reconfigure linux-image-4.19.0-2-amd64 This reports update-initramfs: Generating /boot/initrd.img-4.19.0-2-amd64 adding the change from step 9.

11. Inspect and edit as desired /etc/ltsp/ltsp-update-image.excludes as some software running on the server will not be appropriate for the clients.

12. Once the server has been updated and any additional software has been installed a new client filesystem image must be created in order for the clients to also have these updates. This is the command sudo ltsp-update-image --cleanup /

This builds the latest squashfs image for nbd in /opt/ltsp/images and puts the latest kernel into /var/lib/tftboot/ltsp/amd64.) It triggers "ltsp-config nbd-server" to create (if needed) the files /etc/nbd-server/conf.d/swap.conf and /etc/nbd-server/conf.d/ltsp_amd64.conf. Check to see if both are there. It also creates /etc/nbd-client.

13. Then, create the default configuration file for the clients with the command sudo ltsp-config lts.conf

14. Lastly reboot the server so that all changes are active including the user's membership in the group epoptes.

Notes The lts.conf file should be studied and edited as appropriate. Note that all headings (written between square brackets) should have at least one entry each so don't leave any empty. This file plays a role similar to xorg.conf for xorg and there are many options for it to choose from. One is worth mentioning here: Under [Default] the option LDM_DIRECTX = True (the default is false) allows one to turn off the encrypted X tunnel via SSH, and instead run a less secure, but much faster unencrypted tunnel. If speed is important and security is less so then it is recommended. In this model note that lts.conf is in/var/lib/tftpboot/ltsp/amd64/ which among other things means that changes made to this file do NOT require a re-creation of the squashfs image. When ready to try ltsp don't forget to create users as appropriate for the clients. This also does NOT require a re-creation of the squashfs image. The following changes DO require a re-creation of the squashfs image: When the server is updated. Software is added to the server that is desirable for clients. This means one repeats the step: On the commandline run sudo ltsp-update-image --cleanup /