UbuntuHelp:UbuntuLTSP/LTSPFatClients

文章出处:

https://help.ubuntu.com/community/UbuntuLTSP/LTSPFatClients

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

If you find this information applicable to additional versions/releases, please edit this page and modify this header to reflect that. Please also include any necessary modifications for this information to apply to the additional versions.

Preamble

This is where you can learn how to create a customised chroot environment for use in LTSP. This 'fat' chroot will then allow for cpu usage and ram usage to happen on the terminal itself, instead of on the server. It has been tested on 7.10, 8.04, and 8.10. For later versions, please read UbuntuHelp:UbuntuLTSP/FatClients instead.

Requirements

System requirements are quite variable, but as a ground rule, you need at least 256MB Ram on the client and a 400mhz+ processor. If you are going to be doing heavy work like 3D animation, Sound production, or Video/Graphics manipulation, make sure you have 512MB ram and 1ghz+ processor.

Ways to create Fat Clients

There are at least 3 ways to create Fat Clients. Using the plugins is easier but less tailored. First two plugins are described. After that, the document explains how to do it all from scratch. It is suggested one start with the workstation plugin mentioned and then customise the chroot further as well as installing NFS and LDAP for authentication and sharing of /home from the server.

Fat Client Plugin

This plugin doesnt require LDAP nor any extra installation. It gets user data from server /home/. It just requires downloading the fat client plugin from here and following the instructions on that page: http://www.nubae.com/ltsp-linux-terminal-server-project-netbooted-fat-client-for-ubuntu-hardy-and-intrepid Before you run the script you must make sure you have NFS installed and the /home folder shared (on the server) so fatclients can use it:

 
sudo apt-get install portmap nfs-kernel-server nfs-common
cat "/home 192.168.0.0/24(rw,no_root_squash,async)" >> /etc/exports
sudo exportfs -a 

Workstation Plugin

The workstation plugin for this can be found here: http://wwwuser.gwdg.de/~mrickma/edubuntu/030-workstation.gz Put it in /usr/share/ltsp/plugins/ltsp-build-client/Ubuntu, and use the switch --workstation followed by Ubuntu or Kubuntu. If you use the plugin above, you do not need to do a lot of the below mentioned stuff... the plugin takes care of doing that for you... The plugin does not do any nfs mounting of /home or creation of local LDAP for authentication... you'll need to chroot into your low fat client and do that manually. If you don't need LDAP, or don't want to debug your chroot, it is advised to follow the link above and install the fat client plugin instead. The plugin was created by: Michael Rickmann

Disclaimer

This should work for you, but the documentation assumes that you have already installed Open LDAP server properly on your server. There are plenty of howtos to do this so its out of the scope of this help document. A good one which deals with booting up from different sources - http://wiki.koeln.ccc.de/index.php/Ubuntu_PXE_Install A good LDAP server how to is located here: https://help.ubuntu.com/community/OpenLDAPServer?highlight=(ldap) It has been tested with 7.10 and 8.04, but not 8.10. 8.10 has only been tested with the fat client plugin mentioned above.

Introduction

Although generally thin clients are great for older hardware, in a real world setup you are likely going to see a wide variety of machines, both new and old. It is a waste to be running LTSP on Intel Core 2 Duos, and if your case is similar to mine, the bandwidth limits (even with gigabit switches) don't allow for a usable environment for video, audio or even 3D graphics. The way LTSP works, the thin clients actually use the Server's RAM and CPU time, as well as its bandwidth, meaning its great when the terminals are old or actual thin clients (ie. run at 333mhz or 400 mhz) but if you have newer computers also, and you want to take advantage of their power (ie. laptops) but still want to administer everything from one location, then making some of your thin clients fat is for you.

Building the Chroot

1. The first step is to create the new chroot environment which will be modified into a fat client. You can name your fat chroot anything you like with the --chroot attribute, and that will be located in: /opt/ltsp/name-of-chroot. In this document I assume it is called fati386

sudo ltsp-build-client --base /opt/ltsp/ --chroot fati386 --prompt-rootpass For x64 users use the following command instead: sudo ltsp-build-client --arch i386 --base /opt/ltsp/ --chroot fati386 --prompt-rootpass You'll be prompted for a root password which you must have for debugging. Once you've done this, simplify the next bunch of steps by chrooting yourself. Keep in mind these next commands will not affect your system but rather the environment you build above: sudo chroot /opt/ltsp/fati386 2. When you've done that you can start expanding your thin chroot. The first thing to do is mount proc in and sys (might not be needed, but just in case) the chroot:

mount /proc -t proc /proc mount /sys -t sysfs /sys When you've done that you are ready to expand the whole chroot. There are several ways to do this, depending on how big you want your chroot to be. For a minimal install you can just do: apt-get install edubuntu-addon-light gdm network-manager gnome-mount ubufox openoffice.org nfs-common ubuntu-artwork For a complete edubuntu desktop do: apt-get install edubuntu-desktop You could also try, depending on your desktop preferences: apt-get install kubuntu-desktop or apt-get install ubuntu-desktop or apt-get install kubuntu-kde4-desktop If you choose this option, it will take quite some time to download all the necessary packages and you may need to do apt-get install -f and sudo chroot /opt/ltsp/fati386 dpkg --configure -a a bunch of times. I had to do this several times for broken packages and dependencies. When everything has been downloaded, make sure that gdm is installed to by doing: apt-get install gdm

LDAP and NFS inside chroot

3. You'll need to install ldap on the client for authentication, otherwise you're users will not be able to login. We will also mount the /home folders via nfs on the fat clients. To begin with do the following commands to install the ldap client in the chroot:

See https://help.ubuntu.com/community/LDAPClientAuthentication for more info on this section. apt-get install auth-client-config libpam-ldap libnss-ldap nano nfs-common ldap-utils Then, also from within the chroot do: nano /etc/ldap.conf this should be editted according to your ldap settings so change host 127.0.0.1 to host LDAP_SERVER_IP and change base = padl..... to base = dc=yourdomain,dc=local You also need to edit /etc/ldap/ldap.conf (this was not required in 8.10) and make sure all the settings are changed to your ldap server's settings. When you've done this you need to make sure authentication happens via ldap first, like this: nano /etc/auth-client-config/profile.d/open_ldap and paste the following into it:

[open_ldap]
nss_passwd=passwd: files ldap
nss_group=group: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: files ldap
pam_auth=auth       required     pam_env.so
        auth       sufficient   pam_unix.so likeauth nullok
#the following line (containing pam_group.so) must be placed before pam_ldap.so 
#for ldap users to be placed in local groups such as fuse, plugdev, scanner, etc ...
        auth       required     pam_group.so use_first_pass
        auth       sufficient   pam_ldap.so use_first_pass
        auth       required     pam_deny.so
pam_account=account    sufficient   pam_unix.so
        account    sufficient   pam_ldap.so
        account    required     pam_deny.so
pam_password=password   sufficient   pam_unix.so nullok md5 shadow
        password   sufficient   pam_ldap.so use_first_pass
        password   required     pam_deny.so
pam_session=session    required     pam_limits.so
        session    required     pam_mkhomedir.so skel=/etc/skel/
        session    required     pam_unix.so
        session    optional     pam_ldap.so

Now to activate that pam profile do the following: auth-client-config -a -p open_ldap You also have to edit /etc/pam.d/login and /etc/pam.d/gdm and add the following line to the top of both files (note: this was not necessary on an 8.10 system): auth optional pam_group.so The following is necessary for domain (ldap) users to become members of local groups: add the following to /etc/security/group.conf

 
login;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip
kdm;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip,video
gdm;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip,video

To mount /home via nfs on the thin client you have to create a little script to do it since fstab is overwritten by the ltsp-setup. Make a script as follows and place it anywhere in the chroot. The location of the script just needs to match the "RCFILE_NN=" line in lts.conf. It is recommended to place the script in the /etc directory: nano /etc/nfsmounts.sh and paste the following into it:

#!/bin/bash

# Start portmap in case it gets started further on down the line (as is the case in ltsp startup)
# if the ping command returns a "0 received" then we assume server down
# we then do nothing, because there inst a way to mount that NFS
# if we don't get the "0" in received then we assume it already up and then run the Mount

sudo /etc/init.d/portmap restart

if [ "$(ping -c 3 192.168.0.254 | grep '0 received')" ]
then
        : ; exit 1
else
        # check to see if your NFS is mounted
        # : means if your NFS is there then doing nothing
        # if its not then mount your NFS

        if df | grep -q '192.168.0.254:/home'
        then :
        else
                mount -t nfs 192.168.0.254:/home /home
        fi
fi

Then make the script executable: chmod o+x /etc/nfsmounts.sh Add another rc script for starting gdm, in case it doesn't start properly. Create the file /etc/startgdm.sh (in chroot) containing the following:

/etc/init.d/gdm restart
/usr/sbin/gdm

Make sure that /etc/startgdm.sh is executable or it won't work: chmod o+x /etc/startgdm.sh Then you must unmount proc and sys by doing the following (unmounting proc before sys removes mtab and creates an error): umount /sys umount /proc Also make sure you unmount the full /proc path if /proc doesn't unmount because it says its busy. Do: mount umount /proc/<full-path-to-proc-mounts> Try: mount | grep proc - If you get something like this: "binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec)" then do: umount /proc/sys/fs/binfmt_misc after that you may unmount /proc by: umount /proc You can also try: umount -l /proc (in chroot of course). The -l flag is a lazy unmount, basically waiting until the filesystem is not busy before cleaning up references Now you are done modifying the chroot! You can exit it by typing: exit

Updating NBD Image

4. Finally we update the image so that you can start up your new thin 'fat' client:

sudo ltsp-update-image -a fati386 -b /opt/ltsp -p 2001

Adding fat client details to DHCP

5. Remember to add the following to /etc/ltsp/dhcpd.conf, replacing your ethernet mac address and ip address for your own:

 
# Fat clients with ldap
      group {
       deny unknown-clients;
       if substring( option vendor-class-identifier , 0 , 9 ) = "PXEClient" {
               filename "/ltsp/fati386/pxelinux.0";
               }
       else {
               filename "/ltsp/fati386/nbi.img";
               }
       option root-path "/opt/ltsp/fati386/";
       host fattest {
                hardware ethernet  00:1A:92:28:B7:3A;
                fixed-address 192.168.0.2;
                }
       }

6. Also make sure you have the following line in /var/lib/tftpboot/ltsp/fati386/lts.conf:

RCFILE_NN=/etc/nfsmounts.sh where NN is a number like 01 or 02, etc (through 10). 7. Finally, use this terrible hack to get gdm to startup properly, if it doesn't startup with all the above mentioned items. Add the following line to /var/lib/tftpboot/ltsp/fati386/lts.conf:

RCFILE_01=/etc/startgdm.sh

Extra Notes

POST-NOTE: The minimal install has been fully tested and works in a XFCE environment and Gnome. Although you are advised to install everything necessary in the chroot that is extra, such as applications, file systems, plugins, etc. (ie, java, mplayer, flash, clipart-svg, etc.) NOTE about TFTP Timeout errors: If you encountered them, visit https://help.ubuntu.com/community/Installation/Netboot NOTE about FLASH in low fat clients: To get flash working install libflashsupport from the hardy repos (even if you are on gutsy) and install flash from source - from the adobe website (the flash-nonfree in the gutsy repos does not work!) NOTE about printers in low fat clients, connecting to print server: I finally managed to get this working properly. The main issue here seemed to be that cupsys was not starting automatically, and that by default the /etc/hosts file is overwritten. It created a /etc/hosts file with an entry for 192.168.0.254 pointing to server, not the actual name of my server?!? That means that cups can't find the print server, as was shown from the log files. Also, /etc/cups/cupsd.conf in the low fat client chroot must be modified to listen to port 631 of the server or just port 631 in general. It must also be set to allow the client to show printers shared by other systems. This is most simply done by modifying the chroot like this: echo "ServerName 192.168.0.254" > /opt/ltsp/$CHROOT/etc/cups/client.conf Remember to rebuild the image.