[X2Go-Commits] x2gobroker.git - statusflag (branch) updated: 0.0.0.2-4-gfd4ae72

X2Go dev team git-admin at x2go.org
Tue Jun 4 21:09:45 CEST 2013 

The branch, statusflag has been updated
       via  fd4ae726f53e4ee701e987e31c73079797670b71 (commit)
      from  18b8b460391374b141283e004a826d6ef51e61c0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 etc/broker/x2gobroker-sessionprofiles.conf |   66 ++++++++++++++++++----------
 1 file changed, 42 insertions(+), 24 deletions(-)

The diff of changes is:
diff --git a/etc/broker/x2gobroker-sessionprofiles.conf b/etc/broker/x2gobroker-sessionprofiles.conf
index d797697..f3b4e8b 100644
--- a/etc/broker/x2gobroker-sessionprofiles.conf
+++ b/etc/broker/x2gobroker-sessionprofiles.conf
@@ -1,11 +1,12 @@
 ### X2Go Broker Session Profiles - ADAPT TO YOUR NEEDS ###
 
-# This whole file reflects a set of examplary X2Go session profiles being provided
-# via the X2Go Session Broker (backend: iniconf).
+# This whole file reflects a set of examplary X2Go session profiles being
+# provided via the X2Go Session Broker (backend: iniconf).
 
-# This whole file could be the broker setup in some university institute that runs
-# three server pools (pool-A, pool-B and pool-C). Though most univerities have
-# real IPv4 internet addresses, we use private subnets in the examples below.
+# This whole file could be the broker setup in some university institute that
+# runs three server pools (pool-A, pool-B and pool-C). Though most univerities
+# have real IPv4 internet addresses, we use private subnets in the examples
+# below.
 
 # The X2Go Session Broker is served into the institutes local intranet, the
 # broker cannot be reached from the internet directly.
@@ -13,14 +14,18 @@
 # The first section [DEFAULTS] provides a set of default profile settings that
 # are common to all session profiles given in sections below.
 
-# The other section names can be freely chosen, however, each section name has to
-# be unique within this file.
+# The other section names can be freely chosen, however, each section name has
+# to be unique within this file.
 
-# IMPORTANT: in the session profiles below you will find some lines starting with
-# acl-... These lines do neither protect the X2Go Session Broker nor your X2Go Servers.
-# For protecting the broker use iptables and ip6tables. For protecting your X2Go Servers
-# use iptable+ip6tables and a tightened PAM configuration (e.g. pam_access.so). Securing
-# X2Go Servers means securing the SSH daemon that runs on the X2Go Server.
+# IMPORTANT: in the session profiles below you will find some lines starting
+# with acl-... These lines do neither protect the X2Go Session Broker nor
+# your X2Go Servers. They simply allow for selective session profile provision
+# based on client address, user name and group memberships.
+#
+# For protecting the broker use iptables and ip6tables. For protecting your
+# X2Go Servers use iptable+ip6tables and a tightened PAM configuration (e.g.
+# pam_access.so). Securing X2Go Servers means securing the SSH daemon that
+# runs on the X2Go Server.
 
 
 [DEFAULT]
@@ -55,19 +60,26 @@ sshport=22
 setdpi=0
 pack=16m-jpeg
 
+### EXAMPLES: Below you find some config examples. Adapt them to your needs or
+### simply write your own session profiles and remove the examples below.
+
 ##
-## pool-A (staff servers)
+## EXAMPLE: pool-A (staff servers)
 ##
 ## The pool-A contains three X2Go Servers (server-A, server-B and server-C).
 
-## The staff of our example institute falls into two groups of users: gnome-users and kde-users.
-## The gnome-users log into server-A or server-B, depending on their client subnet (IP configuration of the client).
-## The kde-users login to server-C (server-C can be reached from the whole intranet).
+## The staff of our example institute falls into two groups of users:
+## gnome-users and kde-users.
+## The gnome-users log into server-A or server-B, depending on their client
+## subnet (IP configuration of the client).
+## The kde-users login to server-C (server-C can be reached from the whole
+## intranet).
 ##
-## The split-up of the GNOME users allows some primitive load balancing.
+## The client IP based split-up of the GNOME users allows some primitive load
+## balancing.
 ##
-## If staff people are members of both groups (kde-users, gnome-users) both session profiles will be
-## shown in X2Go Client.
+## If staff people are members of both groups (kde-users, gnome-users) both
+## session profiles will be shown in X2Go Client.
 ##
 
 [pool-A-server-A]
@@ -102,7 +114,7 @@ acl-groups-deny=ALL
 acl-any-order=deny-allow
 
 ##
-## pool-B (e.g. webserver in the DMZ or on the internet)
+## EXAMPLE: pool-B (e.g. webserver in the DMZ or on the internet)
 ##
 ## The pool-B is a single X2Go Server (server-D) that is
 ## hosted externally. The server-D has an official internet IP.
@@ -127,7 +139,7 @@ acl-clients-allow=admin-machine1.domain.local, admin-machine2.domain.local, admi
 acl-any-order=deny-allow
 
 ##
-## pool-C
+## EXAMPLE: pool-C (REAL LOAD BALANCING!!!)
 ##
 ## The pool-C is a server pool for students. Our example institute
 ## knows 200-300 students and has to offer working places for
@@ -137,13 +149,19 @@ acl-any-order=deny-allow
 ## normally stay away from these machines, anyway. Only two test account
 ## get this session profile into their X2Go Clients.
 ##
-## The pool-C contains 6 X2Go Servers that serve all students users together as a load balance
-## server farm.
+## The pool-C contains 6 X2Go Servers that serve all students users together
+## as a load balance server farm.
+##
+## Make sure to install x2gobroker-agent on all these 6 X2Go Servers. Also make
+## sure to once run the script x2gobroker-keygen on the broker host and once
+## the script x2gobroker-pubkeyauthorizer per X2Go Server.
+##
+## All 6 X2Go Servers have to be configured to use the PostgreSQL X2Go session
+## DB backend.
 ##
 
 [pool-C-XFCE]
 user=
-# no load balancing support, yet
 host=s-E1.pool-c.domain.local,s-E2.pool-c.domain.local,s-E3.pool-c.domain.local,s-E4.pool-c.domain.local,s-E5.pool-c.domain.local,s-E6.pool-c.domain.local
 name=XFCE - pool-C
 command=XFCE


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).

More information about the x2go-commits mailing list