[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.0.2-4-gfd4ae72

X2Go dev team git-admin at x2go.org
Sun May 19 13:04:50 CEST 2013 

The branch, build-main has been updated
       via  fd4ae726f53e4ee701e987e31c73079797670b71 (commit)
      from  18b8b460391374b141283e004a826d6ef51e61c0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 etc/broker/x2gobroker-sessionprofiles.conf |   66 ++++++++++++++++++----------
 1 file changed, 42 insertions(+), 24 deletions(-)

The diff of changes is:
diff --git a/etc/broker/x2gobroker-sessionprofiles.conf b/etc/broker/x2gobroker-sessionprofiles.conf
index d797697..f3b4e8b 100644
--- a/etc/broker/x2gobroker-sessionprofiles.conf
+++ b/etc/broker/x2gobroker-sessionprofiles.conf
@@ -1,11 +1,12 @@
 ### X2Go Broker Session Profiles - ADAPT TO YOUR NEEDS ###
 
-# This whole file reflects a set of examplary X2Go session profiles being provided
-# via the X2Go Session Broker (backend: iniconf).
+# This whole file reflects a set of examplary X2Go session profiles being
+# provided via the X2Go Session Broker (backend: iniconf).
 
-# This whole file could be the broker setup in some university institute that runs
-# three server pools (pool-A, pool-B and pool-C). Though most univerities have
-# real IPv4 internet addresses, we use private subnets in the examples below.
+# This whole file could be the broker setup in some university institute that
+# runs three server pools (pool-A, pool-B and pool-C). Though most univerities
+# have real IPv4 internet addresses, we use private subnets in the examples
+# below.
 
 # The X2Go Session Broker is served into the institutes local intranet, the
 # broker cannot be reached from the internet directly.
@@ -13,14 +14,18 @@
 # The first section [DEFAULTS] provides a set of default profile settings that
 # are common to all session profiles given in sections below.
 
-# The other section names can be freely chosen, however, each section name has to
-# be unique within this file.
+# The other section names can be freely chosen, however, each section name has
+# to be unique within this file.
 
-# IMPORTANT: in the session profiles below you will find some lines starting with
-# acl-... These lines do neither protect the X2Go Session Broker nor your X2Go Servers.
-# For protecting the broker use iptables and ip6tables. For protecting your X2Go Servers
-# use iptable+ip6tables and a tightened PAM configuration (e.g. pam_access.so). Securing
-# X2Go Servers means securing the SSH daemon that runs on the X2Go Server.
+# IMPORTANT: in the session profiles below you will find some lines starting
+# with acl-... These lines do neither protect the X2Go Session Broker nor
+# your X2Go Servers. They simply allow for selective session profile provision
+# based on client address, user name and group memberships.
+#
+# For protecting the broker use iptables and ip6tables. For protecting your
+# X2Go Servers use iptable+ip6tables and a tightened PAM configuration (e.g.
+# pam_access.so). Securing X2Go Servers means securing the SSH daemon that
+# runs on the X2Go Server.
 
 
 [DEFAULT]
@@ -55,19 +60,26 @@ sshport=22
 setdpi=0
 pack=16m-jpeg
 
+### EXAMPLES: Below you find some config examples. Adapt them to your needs or
+### simply write your own session profiles and remove the examples below.
+
 ##
-## pool-A (staff servers)
+## EXAMPLE: pool-A (staff servers)
 ##
 ## The pool-A contains three X2Go Servers (server-A, server-B and server-C).
 
-## The staff of our example institute falls into two groups of users: gnome-users and kde-users.
-## The gnome-users log into server-A or server-B, depending on their client subnet (IP configuration of the client).
-## The kde-users login to server-C (server-C can be reached from the whole intranet).
+## The staff of our example institute falls into two groups of users:
+## gnome-users and kde-users.
+## The gnome-users log into server-A or server-B, depending on their client
+## subnet (IP configuration of the client).
+## The kde-users login to server-C (server-C can be reached from the whole
+## intranet).
 ##
-## The split-up of the GNOME users allows some primitive load balancing.
+## The client IP based split-up of the GNOME users allows some primitive load
+## balancing.
 ##
-## If staff people are members of both groups (kde-users, gnome-users) both session profiles will be
-## shown in X2Go Client.
+## If staff people are members of both groups (kde-users, gnome-users) both
+## session profiles will be shown in X2Go Client.
 ##
 
 [pool-A-server-A]
@@ -102,7 +114,7 @@ acl-groups-deny=ALL
 acl-any-order=deny-allow
 
 ##
-## pool-B (e.g. webserver in the DMZ or on the internet)
+## EXAMPLE: pool-B (e.g. webserver in the DMZ or on the internet)
 ##
 ## The pool-B is a single X2Go Server (server-D) that is
 ## hosted externally. The server-D has an official internet IP.
@@ -127,7 +139,7 @@ acl-clients-allow=admin-machine1.domain.local, admin-machine2.domain.local, admi
 acl-any-order=deny-allow
 
 ##
-## pool-C
+## EXAMPLE: pool-C (REAL LOAD BALANCING!!!)
 ##
 ## The pool-C is a server pool for students. Our example institute
 ## knows 200-300 students and has to offer working places for
@@ -137,13 +149,19 @@ acl-any-order=deny-allow
 ## normally stay away from these machines, anyway. Only two test account
 ## get this session profile into their X2Go Clients.
 ##
-## The pool-C contains 6 X2Go Servers that serve all students users together as a load balance
-## server farm.
+## The pool-C contains 6 X2Go Servers that serve all students users together
+## as a load balance server farm.
+##
+## Make sure to install x2gobroker-agent on all these 6 X2Go Servers. Also make
+## sure to once run the script x2gobroker-keygen on the broker host and once
+## the script x2gobroker-pubkeyauthorizer per X2Go Server.
+##
+## All 6 X2Go Servers have to be configured to use the PostgreSQL X2Go session
+## DB backend.
 ##
 
 [pool-C-XFCE]
 user=
-# no load balancing support, yet
 host=s-E1.pool-c.domain.local,s-E2.pool-c.domain.local,s-E3.pool-c.domain.local,s-E4.pool-c.domain.local,s-E5.pool-c.domain.local,s-E6.pool-c.domain.local
 name=XFCE - pool-C
 command=XFCE


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).

More information about the x2go-commits mailing list