Hi all, I have today released another development release of the generic X2Go Session Broker. Generic in this context means: highly configurable, highly flexible, but not always suitable for enterprise brokerage. The broker development is currently sponsored by http://fleten.net (and actually also by one of its customers). NOTE: The version 0.0.0.3 is able to provide load balancing for X2Go. Below I will give a raw outline on how to setup X2Go Session Broker with load balancing. I will presume that you either use Debian or Ubuntu. I will also presume that you know how to install packages, edit config files etc. (I am mailing this to x2go-dev ML, aren't I?) The proposed setup is: o 1 machine: broker.intern o n machines: ts01.intern, ts02.intern, ts02.intern, .., tsNN Please install all machines with a minimal system so we have clean machines to play with. Make sure you have a local DNS that is properly setup. All hostnames must be resolve through local DNS, and possibly also reverse resolvable. Setting up the X2Go Session Broker on broker.intern --------------------------------------------------- Installing the standalone X2Go Session Broker (x2gobroker-daemon) 1. add the X2Go package archive (Debian/Ubuntu) to your APT system 2. install the package x2gobroker-daemon 3. NOTE: read all the comments in the config file templates, they are very informative 4. in /etc/x2go/x2gobroker.conf, enable the inifile broker backend 5. edit /etc/x2go/x2gobroker-sessionprofiles.conf to your needs, look at the examples and be creative... 6. edit /etc/default/x2gobroker-daemon to let the broker bind to all interface addresses (bind_address is set to localhost:8080 by default). SSL support for x2gobroker-daemon 7. if in need of https support: create an SSL cert/key file pair, copy the files to /etc/x2go/broker/ssl/broker.{crt,key} 8. enable SSL support in /etc/default/x2gobroker-daemon Generate SSH pub/priv key files 9. Run the script as root: x2gobroker-keygen Restart x2gobroker-daemon 10. Run this command as root: invoke-rc.d x2gobroker-daemon restart WARNING: if you test this on Debian squeeze, please be aware of this bug in squeeze's python2.6 version: http://bugs.debian.org/701001. You have to manually apply the there-proposed patch to /usr/lib/python2.6/asyncore.py. -> If not: you will see the x2gobroker-authservice daemon consume 100% of the core it is running on... :-( Install PostgreSQL on the broker.intern machine 11. Install PostgreSQL server on this machine 12. Install the x2goserver package on this machine 13. Make sure this machine knows all users (libnss-***) and that all users can login to this machine (libpam-***). 14. Configure X2Go to use PostgreSQL as session DB backend: http://wiki.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-pgsql 15. Prevent your non-admin users from logging in via SSH to this machine. This can be done with pam_access.so and /etc/security/access.conf. Setting up the X2Go Servers ts01.intern, ts02.intern, ... --------------------------------------------------------- Installing the standalone X2Go Session Broker (x2gobroker-daemon) 1. Install your favourite desktop shell (e.g. XFCE) 2. Install X2Go Server (package: x2goserver-xsession) 3. Tune your X2Go Server as you would do with a standalone X2Go Server 4. All users in your network must be able to logon to all X2Go Servers 5. All users must have the same home directory on all servers. -> use LDAP and NFS for achieving this!!! Use the PostgreSQL DB on broker.intern as backend for X2Go session management 6. Hook up each X2Go server to the PostgreSQL DB on broker.intern 7. Test, if all configured users are able to login via SSH, then via X2Go (use X2Go Client in normal mode, configure a session profile for testing and then test the session startup) Get the X2Go Broker Agent up and running... 8. Install the package x2gobroker-agent on all X2Go terminal servers. 9. On each X2Go Server in the multi-server farm run this script as root: $ x2gobroker-pubkeyauthorizer --broker-url http://broker.intern:8080/pubkeys/ --> if you have SSL configured in the broker, use https://... instead. Test X2Go Broker Agent access... 10. Switch over to broker.intern and test passwordless SSH: $ root@broker.intern$ su - x2gobroker $ x2gobroker@broker.intern$ ssh ts01.intern -> accept the host key manually here! -> do this for all X2Go Servers Start X2Go Client in Broker Mode 11. on some client system launch X2Go Client like this: <user>@client$ x2goclient --broker-url=http://broker.intern:8080/plain/infile/ -> with SSL support use https://..., of course. -> I have not tested SSL thorougly, yet, so you might start playing without SSL. If all went well (and I have not forgotten anything...), you can now login as one of your (LDAP) users and you get provided with a session profile list via the X2Go Broker. The communication between X2Go Client and X2Go Session Broker uses http as communication protocol. For trouble shooting... TROUBLE SHOOTING: ----------------- o enable debugging in /etc/default/x2gobroker-daemon o restart x2gobroker-daemon (via invoke-rc.d) o in X2GOBROKER_DEBUG mode you can use your webbrowser to test the broker communication... o e.g. http://broker.intern:8080/plain/inifile/?user=<user>&password=<pw>&task=listsessions http://broker.intern:8080/plain/inifile/?user=<user>&password=<pw>&task=selectsession&sid=<session-profile-id> --> the session profile id is the name in the square brackets at the top of each session profile option set... Happy testing!!! Please give feedback on this ML!!! Question can also asked via IRC (my nick is ,,sunweaver''). light+love, Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...