Full Circle Magazine FR

Last month, our refurbishing not-for-profit was approached by a small not-for-profit community looking for a donation of used computers. The organization had recently been given some space in which to meet (they’d been meeting in member’s houses before this), and now needed a few computers so members could learn basic computer skills. In my original discussion with the executive, they mentioned that the organization had no funding for computers. After a short discussion about licensing and what the organization was looking for, it dawned on me that a Linux Terminal Server Project (http://ltsp.org/) might work for them. I pulled out a thin client we’d just received as a donation and asked the executive if they were interested in a client/server setup. The executive seemed excited at the prospect of getting thin clients (having worked with them before), but their timeline was very short—less than 1 week. Having never even set up a PXE network boot server before, I needed clear instructions: I found them at Bobby Allen’s Blog: http://blog.bobbyallen.me/2015/07/19/setup-a-ubuntu-14-04-lts-mate-terminal-server-with-ltsp/

Le mois dernier, une communauté à but non lucratif qui cherchait des dons d'ordinateurs d'occasion a contacté notre projet non-lucratif de réutilisation d'ordinateurs. On avait récemment fournit à l'organisation un endroit où se réunir (avant cela, les réunions se tenaient chez ses membres) et maintenant, elle avait besoin de quelques ordinateurs pour que les membres puisse acquérir des compétences informatiques de base. Lorsque j'avais parlé pour la première fois avec le directoire, on m'avait indiqué que l'organisation n'avait pas d'argent pour des ordinateurs. Après une courte discussion sur les licences et ce que cherchait l'organisation, j'ai réalisé qu'un Linux Terminal Server Project (http://ltsp.org/) pourrait leur convenir. J'ai sorti un client léger que nous venions de recevoir comme don et j'ai demandé au directoire si une configuration client/serveur leur intéresserait. [Ndt : voir https://fr.wikipedia.org/wiki/Client_l%C3%A9ger]. Ayant déjà travaillé avec des clients légers, le cadre semblait excité à l'idée d'en récupérer, mais il leur manquait du temps - moins d'une semaine.

N'ayant jamais configurer un serveur de démarrage PXE avant, j'avais besoin d'instructions explicites : je les ai trouvées sur Bobby Allen's Blog :

http://blog.bobbyallen.me/2015/07/19/setup-a-ubuntu-14-04-lts-mate-terminal-server-with-ltsp/

For the server, I used a retired desktop machine that our project once used as a SAMBA file server. The server had an Intel Core 2 Quad Q9400 (2666MHz processor) in it, and 2GB of DDR2 667MHz RAM. The drives we’d pulled and wiped a long time ago, so I installed a pair of matched 80GB hard drives. Initially I created a hardware-based RAID mirror (using the motherboard RAID controller), but I reconsidered the idea and decided just to ditch the hardware RAID and clone the installation drive once I was happy with the LTSP server setup. (In my experience people sometimes have “friends” with good intentions who install less than legitimate software on their computer, cloning the drive would at least give me some sort of backup should this happen). I also pulled the 2 x 1GB of RAM and inserted a matched pair of 2GB sticks for 4GB 800MHz DDR2 RAM. Initially I understood that the organization had an existing Internet connection so I figured the best thing to do was to set up the server for DHCP and when I got to the facility get their system administrator to set a DHCP reservation for the server, then update the SSH keys and the image that gets built.

Pour le serveur, j'ai choisi un ordinateur de bureau retraité que notre projet avait autrefois utilisé comme serveur de fichiers SAMBA. Le serveur contenait un Intel Core 2 Quad (un processeur à 2,666 MHz ) et 2 Go de RAM DDR2 à 667 MHz. Il y a longtemps, nous avions enlevé et effacé les disques et j'y ai donc installé une paire de disques durs à 80 Go assortis. Au départ, j'ai créé un miroir RAID basé sur le matériel (en me servant du contrôleur RAID sur la carte mère), mais j'ai changé d'avis en décidant d'abandonner le RAID matériel et de cloner le disque d'installation une fois que la configuration du serveur LTSP me conviendrait. (D'après mon expérience, les gens ont parfois des “amis” bien intentionnés qui installent des logiciels illégitimes sur leur ordinateur et le clonage du disque me donnerait au moins une sorte de sauvegarde le cas échéant). J'ai également enlevé la RAM de 2 x 1 Go et l'ai remplacé par une paire de barrettes de 2 Go pour avoir 4 Go de DDR2 RAM à 800 MHz.

Au départ, j'avais compris que l'organisation avait déjà une connexion à Internet et je pensais donc que la meilleure chose à faire était de paramétrer le serveur pour DHCP et, lorsque j'arriverai chez eux, de demander à leur administrateur système de configurer une réservation DHCP pour le serveur, puis de mettre à jour les clés SSH et l'image qui est alors construite.

There are a few ways to build LTSP images, but building an image off an existing installation seemed like the simplest way to go and Bobby’s instructions for updating an image are really clear. Some LTSP installations need 2 network interface cards, but Bobby’s method uses only one card and the LTSP server acts as a proxy for the clients. The server acting like a proxy tripped me up when I first got LTSP running because I couldn’t understand why the clients showed the server address when I ran the command: /sbin/ifconfig. After rebooting the client, I noticed a unique (non-server) IP address in the bottom right of the login screen. It’s only on logging in that the client uses the server’s IP as a proxy. Because all the clients would likely be 32-bit, and it wasn’t likely that the organization would have more than 3 or 4 computers, I chose to install the 32-bit version of Ubuntu MATE 14.04 on the server. As with any desktop or server installation, it’s always a good idea to update before installing any new software: sudo apt-get update

Il y a plusieurs façons de construire des images LTSP, mais il me semblait que la plus simple était d'utiliser une installation existante pour la construire et les instructions de Bobby pour la mise à jour d'une image sont vraiment très claires. Certaines installations LTSP ont besoin de deux cartes d'interface réseau, mais la méthode de Bobby n'en utilise qu'une et le serveur LTSP agit comme proxy pour les clients. Que le serveur agit comme un proxy m'a rendu perplexe la première fois que j'exécutais LTSP, parce que je ne comprenais pas les clients affichaient l'adresse du serveur quand j'ai lancé la commande : /sbin/ifconfig. Après avoir redémarré le client, j'ai remarqué une adresse IP unique (non-serveur) en bas à droite de l'écran d'accueil. Ce n'est qu'après sa connexion que le client utilise l'adresse IP du serveur comme proxy.

Puisque tous les clients seraient sans doute des 32-bit, et ce n'était pas vraisemblable que l'organisation ait plus de 3 ou 4 ordinateurs, j'ai choisi d'installer la version 32-bit d'Ubuntu MATE 14.04 sur le serveur.

Tout comme avec n'importe quelle ordinateur de bureau ou serveur, c'est toujours une bonne idée de faire une mise à jour avant d'installer de nouveaux logiciels :

sudo apt-get update

Some LTSP server setups use the paradigm of letting the server act as a DHCP server for clients. Because I didn’t know the organization’s network setup, it seemed a better idea to allow their router to do DHCP, but the server would act as a proxy for the router - dnsmasq provides this functionality. Dnsmasq can be set up as a DHCP server, but, in this case, I used it to forward DNS to the clients. The LTSP image had to be deployed to the clients some way. Bobby mentions in his blog that dnsmasq can also act as a tftp server, but that the functionality is broken in Ubuntu 14.04. Ubuntu actually has a few tftp server packages in the repositories, but the one that he used, and that kept coming up on all the LTSP-related sites, was tftpd-hpa. Lastly, the ltsp-server package is needed so the LTSP client environment can be built. sudo apt-get install dnsmasq tftpd-hpa ltsp-server The next step is to build the LTSP image that will be served to the clients. Because the build process has to download packages, this step can take quite a bit of time, especially on a slow Internet connection, so be patient. In my case, I was building a 32-bit version of Ubuntu MATE because the thin clients I picked (I actually ended up using some old HP DC7100 Pentium 4 based desktops with no hard drives instead, but more on this later) were 32-bit, and because I’d installed a 32-bit version of Ubuntu MATE on the server. Build a 32-bit client using the following command: sudo ltsp-build-client –arch i386

Certaines configurations utilisent un modèle où le serveur LTSP agit comme serveur DHCP pour les clients. Puisque je ne connaissais pas la configuration du réseau de l'organisation, il me semblait plus judicieux de laisser leur routeur faire le DHCP, avec le serveur agissant comme proxy pour le routeur - dnsmasq fournit cette fonctionnalité. On peut configurer Dnsmasq comme serveur DHCP, mais, dans ce cas précis, je l'ai utilisé pour transféré le DNS aux clients.

If you’re building for 64-bit clients, just remove the –arch i386. You’ll also need to replace the i386 in several other places with amd64 including the next step, enabling the DHCP proxy support. For 32-bit images, run: sudo sed -i 's/ipappend 2/ipappend 3/g' /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default Again, if you’re building for 64-bit, replace the tftpboot/ltsp/i386 with tftpboot/ltsp/amd64. Bobby also mentions that if you update your image, something I did several times, you’ll have to rerun the above command. (Once I tested my image on the clients, I decided to add several graphics and educational software packages to the server, rebuilding built them into the client image) DNSmasq needs to be set up so it can act as a proxy for the clients. At this point, I was stuck because I had no information about the organization’s existing Internet connection. On further discussion with the executive (and to my horror), I found out that the Internet connection they had was a wireless connection that someone was letting them use. Clearly, this wasn’t going to work, even with only 3 clients, they’d choke on a 54g wireless connection. We had a discussion about getting a wired connection, and I set up the rest of the LTSP configuration based on a wired router we had sitting around the shop. I also grabbed a 5-port gigabit switch. Although the router has 4 ports (in addition to the Internet port), all the ports were 10/100, so I connected the router and all the clients to the 5-port gigabit switch. I set the router to hand out DHCP in the 192.168.80.x address range. My /etc/dnsmasq.d/ltsp.conf file looked like that shown right.

Again, if you’re building a 64-bit image, replace i386 with amd64 in the line: pxe-service=x86PC, “Boot from network”, /ltsp/amd64/pxelinux With dnsmasq set up, it was only a matter of restarting the dnsmasq service and booting the thin clients (or so I thought). Restart dnsmasq by running: sudo service dnsmasq restart I turned on the thin clients, they started to network boot and download the Ubuntu MATE image and I ended up staring at a black screen… After a bit of research, I discovered the thin clients actually had a bit of storage on them, so I installed Ubuntu MATE directly on the storage and booted them to the same result – it seemed that these particular clients didn’t like to work with Xorg without further configuration. At this point, it was the last chance I’d get to work on the system before having to deliver the news to the executive. I pulled out an old (but reliable) HP DC7100 Pentium 4-based computer we used to use as public computers, and set it up to boot (the first picture in this article shows the computer with the top of the case off) from network and voila, it successfully booted to the LTSP login screen.

Now I was left wondering “what’s the default login username and password?” Google might be your friend, but it wasn’t mine that night until it dawned on me just to use the credentials I used to set up the server - and it worked! The next problem I ran into was that when I ran /sbin/ifconfig on the client computer it displayed the I.P. address of the server. This didn’t make sense at first because I thought it should display the an address unique to the client. I thought I’d done something wrong when in fact things were working exactly as they should be. Once the client logs in to the server it actually is using the resources of the server and the proxy we set up was working as it should be. The clue that things were working correctly happened when I rebooted and noticed that each client does indeed get a unique I.P. address that’s displayed in the bottom right of the LTSP login screen. The last problem I ran into was the fact I was using the LTSP server administrator credentials to log in to the server. When I went to shut down the client, and typed in the server admin credentials, I also shut down the server. To fix the problem I added a non-administrative account to the server. Clients would use this non-administrative account to log in. But as hinted at earlier, when you make changes you want incorporated into your image you have to rebuild: sudo ltsp-update-image sudo sed -i 's/ipappend 2/ipappend 3/g' /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default

These commands need to be run every time you want to rebuild the client image based on a change on your server. Remember to replace the i386 with amd64 for 64-bit images. I found myself updating the image several times before I got it to a point where I thought I had the right mix of software for the community centre. After work one evening, I headed to the community centre with one of the executives to install the server. The centre had already taken 3 clients. The centre still didn’t have a wired Internet connection, but we set up the network and ran through some of the installed programs so they could get their members started learning keyboard skills (klavaro, I found tuxtyping to be too slow on the clients). When the centre gets a wired connection, I’ll be revisiting them to reconfigure their server for whatever router is giving them DHCP (I’ll add a DHCP reservation for the server on the router). At that point, it will also be necessary to update the ltsp ssh keys, and update the image: sudo ltsp-update-sshkeys sudo ltsp-update-image sudo sed -i 's/ipappend 2/ipappend 3/g' /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default

It’s exactly the same process for updating the image with the exception of updating the ltsp ssh keys first. I’ve asked the community centre executive to keep me in the loop to help members, and a person of their choosing with training to administer the server. The centre hasn’t officially opened at the time of this article, so I expect I’ll have a lot more to write about in a future article. It’s worth noting that I didn’t have a problem playing sound on clients, but ran into issues with USB devices. Initially I couldn’t get USB devices recognized on the clients. With some searching, I managed to fix the problem, but then ran into the problem of not being able to get the drives to unmount without administrative privileges. I also tried a system with a Core i5 processor as a client, and was surprised to find that it wasn’t that much faster – slightly faster to boot, but not much of a discernable difference running software (because the server is handling almost all of the load). LTSP resources: LTSP home page: http://www.ltsp.org/ Ubuntu LTSP community help: https://help.ubuntu.com/community/UbuntuLTSP Bobby Allen’s blog: http://blog.bobbyallen.me/2015/07/19/setup-a-ubuntu-14-04-lts-mate-terminal-server-with-ltsp/ Enabling USB and other local devices: https://wiki.ubuntu.com/EnableLTSP5LocalDevices