A page in your DokuWiki was added or changed. Here are the details: Date : 2017/02/10 16:49 Browser : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 IP-Address : 78.43.90.159 Hostname : HSI-KBW-078-043-090-159.hsi4.kabel-badenwuerttemberg.de Old Revision: http://wiki.x2go.org/doku.php/doc:howto:x2gobroker?rev=1486745293 New Revision: http://wiki.x2go.org/doku.php/doc:howto:x2gobroker Edit Summary: added x2goserver1.xgo.example.com User : stefanbaur @@ -1030,5 +1030,286 @@ x2gobroker-ssh x2gobroker-ssh/create-group boolean true x2gobroker-ssh x2gobroker-ssh/manual-setup-required boolean false x2gobroker-ssh x2gobroker-ssh/del-last-group-x2gobroker-users boolean false x2gobroker-ssh x2gobroker-ssh/last-group-x2gobroker-users string x2gobroker-users + </file> + + ==== x2goserver1.xgo.example.com ==== + <file - preseed_x2goserver1> + # There are two sets of parameters you can use as the append line: + # The minimum required is: + # hostname=x2goserver1 domain=x2go.example.com + # url=http://192.168.0.224/preseed_x2goserver1 + # (all in one line, and without the leading "#" marks) + # If you only use these, you will have to answer a few questions + # - mainly regarding country, keyboard and locale - interactively. + # For a fully automated installation, add these parameters + # *in addition to the ones listed above* + # (again, all in one line, and without the leading "#" marks): + # priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 + # debian-installer/locale=de_DE keymap=de-latin1 + # debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5 + + # We prefer to stay anonymous ;-) + popularity-contest popularity-contest/participate boolean false + + # Load non-free firmware, if possible + d-i hw-detect/load_firmware boolean true + + # Repository + # CHANGE THIS to your nearest mirror + d-i mirror/http/hostname string ftp.de.debian.org + d-i mirror/http/directory string /debian/ + d-i mirror/suite string jessie + + # Post install APT setup + d-i apt-setup/uri_type select d-i + # CHANGE THIS to your nearest mirror + d-i apt-setup/hostname string ftp.de.debian.org + d-i apt-setup/directory string /debian/ + d-i apt-setup/another boolean false + d-i apt-setup/security-updates boolean true + d-i finish-install/reboot_in_progress note + d-i prebaseconfig/reboot_in_progress note + + d-i apt-setup/non-free boolean true + d-i apt-setup/contrib boolean true + + # Network-related settings + # Every hostname and domain name assigned via DHCP + # takes priority over these values + # however, if they are left empty, the installer will query them interactively + d-i netcfg/get_hostname string x2goserver1 + d-i netcfg/get_domain string x2go.example.com + d-i netcfg/disable_dhcp boolean false + d-i mirror/http/proxy string + d-i netcfg/choose_interface select eth0 + d-i netcfg/wireless_wep string + + # Partitioning and Bootloader settings + d-i partman-auto/disk string /dev/sda + d-i partman-auto/method string regular + + # Do not use UUIDs in fstab (and not in bootloader config, either) + d-i partman/mount_style string traditional + + # This silences an interactive "are you sure?" query + d-i partman/confirm boolean true + d-i partman-partitioning/confirm_write_new_label boolean true + d-i partman/choose_partition select finish + d-i partman/confirm_nooverwrite boolean true + d-i partman-lvm/device_remove_lvm boolean true + d-i partman-lvm/confirm boolean true + d-i partman-md/device_remove_md boolean true + d-i partman-md/confirm boolean true + + d-i partman-auto/choose_recipe select atomic + #d-i partman-auto/choose_recipe select home + #d-i partman-auto/choose_recipe select multi + + d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal + + d-i grub-installer/only_debian boolean true + d-i grub-installer/with_other_os boolean true + d-i grub-installer/bootdev string /dev/sda + + # Country, keyboard, locale settings - CHANGE THIS + d-i debian-installer/locale string de_DE + d-i debian-installer/keymap select de-latin1 + d-i debian-installer/keymap string de-latin1 + + d-i languagechooser/language-name-fb select German + d-i countrychooser/country-name select Germany + d-i console-setup/layoutcode string de_DE + d-i debian-installer/locale select de_DE.UTF-8 + + # Time zone settings - CHANGE THIS + d-i tzconfig/gmt boolean false + d-i tzconfig/choose_country_zone/Europe select Berlin + d-i tzconfig/choose_country_zone_single boolean true + d-i time/zone select Europe/Berlin + d-i clock-setup/utc boolean true + d-i mirror/country string manual + d-i clock-setup/ntp boolean false + + # Root Account + # this says "start" in MD5 - CHANGE THIS + d-i passwd/root-password-crypted passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN. + + # Do not create a regular user account when installing a server + d-i passwd/make-user boolean false + #d-i passwd/user-fullname string Local User + #d-i passwd/username string localuser + #d-i passwd/user-password-crypted passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN. + + + # Additional repositories, local[0-9] available + # this is where we add the X2Go repo + d-i apt-setup/local0/repository string \ + http://packages.x2go.org/debian jessie main + d-i apt-setup/local0/comment string X2Go Repository + + # URL to the public key of the local repository; you must provide a key or + # apt will complain about the unauthenticated repository and so the + # sources.list line will be left commented out + + # CHANGE THIS - you need to download this keyfile onto your web server + # run these gpg commands to download it: + # gpg --keyserver keys.gnupg.net --recv-keys E1F958385BFE2B6E + # gpg -a --export E1F958385BFE2B6E > x2go.key.gpg + d-i apt-setup/local0/key string http://192.168.0.224/x2go.key.gpg + + # Task and Package Selection + tasksel tasksel/first multiselect standard, xfce-desktop, mate-desktop, lxde-desktop + d-i pkgsel/include string ssh \ + console-setup \ + cups-client \ + cups-x2go \ + debconf-i18n \ + gimp \ + ldap-utils \ + libnss-ldapd \ + libpam-ldapd \ + libreoffice \ + mc \ + nslcd \ + ntp \ + pidgin \ + postgresql-client-9.4 \ + postgresql-client-common \ + rsync \ + screen \ + sysvinit-core \ + sysvinit-utils \ + unattended-upgrades \ + vim \ + x2go-keyring \ + x2gobroker-agent \ + x2goserver \ + x2goserver-extensions \ + x2goserver-printing \ + x2goserver-xsession + + # Commands to be executed after package installation + # Note: The only way to insert comments below is to add an "echo COMMENT" + d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\ + echo "COMMENT: Configure SSH" ;\ + mkdir -p /target/root/.ssh ; \ + chmod 700 /target/root/.ssh ;\ + touch /target/root/.ssh/authorized_keys ; \ + chmod 600 /target/root/.ssh/authorized_keys ;\ + sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\ + echo "COMMENT: Insert your own SSH public key here" ;\ + echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\ + echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\ + echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\ + echo "COMMENT: Fixing shortcomings of netcfg here..." ;\ + sed -i "s/$(cat /etc/hostname)/x2goserver1/" /target/etc/hosts ;\ + echo "x2goserver1" >/target/etc/hostname ;\ + echo "COMMENT: Fix ends here." ;\ + echo "COMMENT: This is said to be required for LDAP UID/GID sync." ;\ + sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\ + echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\ + echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\ + echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\ + echo "COMMENT: This is for homedir autocreation." ;\ + echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\ + echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ + echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\ + echo "common-auth;*;*;A10000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\ + echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\ + sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\ + echo "COMMENT: This is so /home gets mounted from nfs1" ;\ + echo -e 'nfs1:/export/home\t/home\tnfs\tsoft,intr,rsize=8192,wsize=8192\t0\t0' >>/target/etc/fstab ;\ + echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\ + sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i /target/etc/dhcp/dhclient.conf ;\ + echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\ + sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\ + echo "COMMENT: This tells X2GoServer to use the postgres backend on pg1" ;\ + sed -i -e '/^host/chost=pg1.x2go.example.com' -e '/^backend/cbackend=postgres' /target/etc/x2go/x2gosql/sql ;\ + echo "COMMENT: This tells x2godbadmin which password to use for db/user creation" ;\ + echo 'start' > /target/etc/x2go/x2gosql/passwords/pgadmin ;\ + echo "COMMENT: This disables the graphical login - we don't need it on a server." ;\ + cat /dev/null > /target/etc/X11/default-display-manager ;\ + echo "COMMENT: This patches rc.local so the following set of commands is run" ;\ + echo "COMMENT: exactly *once* - at the first boot after installation." ;\ + echo "COMMENT: First, remove the 'exit 0'" ;\ + sed -i '/^exit 0/d' /target/etc/rc.local ;\ + echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\ + echo "COMMENT: As the standard shell of our LDAP users is set to /bin/sh." ;\ + echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\ + echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\ + echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\ + echo "COMMENT: This loop waits until the LDAP connection has been established." ;\ + echo 'while ! getent passwd user1 | grep -q user1 ; do # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\ + echo -e "\techo 'Waiting for LDAP connection ...' # homedir creation for x2godbadmin command" >>/target/etc/rc.local ;\ + echo -e "\tsleep 1 # homedir creation for x2godbadmin command" >>/target/etc/rc.local ;\ + echo 'done # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\ + echo "COMMENT: Now we're creating home directories for our users." ;\ + echo "COMMENT: if we wouldn't have waited, this would fail." ;\ + echo "COMMENT: We're doing this on x2goserver1 and not ldap1 because" ;\ + echo "COMMENT: ldap1 doesn't mount /home via NFS, plus it might be" ;\ + echo "COMMENT: up and running before nfs1 has finished booting." ;\ + echo 'su user1 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\ + echo 'su user2 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\ + echo 'su user3 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\ + echo 'su user4 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\ + echo 'su user5 -s /bin/true # homedir creation for x2godbadmin command' >>/target/etc/rc.local ;\ + echo "COMMENT: Now let's create the database on pg1." ;\ + echo 'x2godbadmin --createdb' >>/target/etc/rc.local ;\ + echo "COMMENT: --addgroup seems to suggest that all users in this group" ;\ + echo "COMMENT: would be auto-added. Sadly, this doesn't work, at least" ;\ + echo "COMMENT: there is no trace of any user in the database on pg1 afterwards." ;\ + echo '# x2godbadmin --addgroup users # fixme - does not seem to work' >>/target/etc/rc.local ;\ + echo "COMMENT: So let's add the users one by one:" ;\ + echo 'x2godbadmin --adduser user1' >>/target/etc/rc.local ;\ + echo 'x2godbadmin --adduser user2' >>/target/etc/rc.local ;\ + echo 'x2godbadmin --adduser user3' >>/target/etc/rc.local ;\ + echo 'x2godbadmin --adduser user4' >>/target/etc/rc.local ;\ + echo 'x2godbadmin --adduser user5' >>/target/etc/rc.local ;\ + echo "COMMENT: This is the cleanup job for the x2godbadmin stuff, so it doesn't run more than once." ;\ + echo 'sed -i -e "/x2godbadmin/d" /etc/rc.local' >>/target/etc/rc.local ;\ + echo "COMMENT: This is the routine that 'fakes' what x2go-pubkeyauthorizer does" ;\ + echo "COMMENT: by copying the authorized_keys file created on x2gobroker to its destination." ;\ + echo 'if [ -s /home/root/x2gobroker/.ssh/authorized_keys ] ; then' >>/target/etc/rc.local ;\ + echo -e "\t"'cp -a /home/root/x2gobroker/.ssh /var/lib/x2gobroker/' >>/target/etc/rc.local ;\ + echo "COMMENT: This is the cleanup job for the x2gobroker stuff, so it doesn't run more than once." ;\ + echo "COMMENT: Note that it will only run if the authorized_keys file has been found." ;\ + echo -e "\t"'sed -i -e "/x2gobroker/d" /etc/rc.local' >>/target/etc/rc.local ;\ + echo 'fi #x2gobroker' >>/target/etc/rc.local ;\ + echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\ + echo 'exit 0' >>/target/etc/rc.local ;\ + echo "COMMENT: Finally, take out the trash - sadly, systemd must stay because of MATE and LXDE." ;\ + in-target apt-get autoremove --purge -y ;\ + in-target apt-get clean ;\ + echo "End Post-Install Setup/Config" + + # Shut down and power off after installation + d-i debian-installer/exit/poweroff boolean true + + # preseed key-value pairs for the packages we intend to install + dash dash/sh boolean false + exim4-config exim4/no_config boolean true + libnss-ldapd libnss-ldapd/nsswitch multiselect passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netgroup + libnss-ldapd libnss-ldapd/clean_nsswitch boolean false + libpam-runtime libpam-runtime/profiles multiselect unix, ldap + mdadm mdadm/autostart boolean false + mdadm mdadm/mail_to string root + mdadm mdadm/initrdstart string all + mdadm mdadm/initrdstart_notinconf boolean true + mdadm mdadm/autocheck boolean true + mdadm mdadm/start_daemon boolean true + nslcd nslcd/ldap-bindpw password + nslcd nslcd/ldap-sasl-secprops string + nslcd nslcd/ldap-sasl-krb5-ccname string /var/run/nslcd/nslcd.tkt + nslcd nslcd/ldap-sasl-authcid string + nslcd nslcd/ldap-binddn string + nslcd nslcd/ldap-cacertfile string /etc/ssl/certs/ca-certificates.crt + nslcd nslcd/ldap-sasl-authzid string + nslcd nslcd/ldap-uris string ldap://ldap1.x2go.example.com/ + nslcd nslcd/ldap-sasl-mech select + nslcd nslcd/ldap-auth-type select none + nslcd nslcd/ldap-base string dc=x2go,dc=example,dc=com + nslcd nslcd/ldap-sasl-realm string + nslcd nslcd/ldap-reqcert select + nslcd nslcd/ldap-starttls boolean false </file> -- This mail was generated by DokuWiki at http://wiki.x2go.org/