Package: x2gobroker Version: 0.0.2.2
I am setting up a loadbalanced cluster of x2go servers with a broker in front. There are thinclients on the LAN accessing the broker/cluster and there will be users logging on from outside. Users on the LAN are served term1.example.lan and term2.example.lan, whereas users from outside get term1.example.com and term2.example.com. So far everything has worked fine, but now I have started testing outside access, which does not work. x2gobroker (with autologin) tells x2goclient to access term1 or term2 - it leaves out the rest of the domain name. This works fine on the LAN, because the machines there have example.lan set as their searchdomain, but machines from outside can't resolve "term1" to "term1.example.com" and need to be given the FQDN. Please note that the FQDNs is specified in the sessionprofiles, but x2goclient still tries to resolve the short version of the name.
-- Anders Bruun Olsen It-ansvarlig Det Danske Sprog- og Litteraturselskab (Society for Danish Language and Literature)
tag #218 confirmed thanks
Hi Anders,
On Mi 22 Mai 2013 15:30:29 CEST Anders Bruun Olsen wrote:
Package: x2gobroker Version: 0.0.2.2
I am setting up a loadbalanced cluster of x2go servers with a broker in front. There are thinclients on the LAN accessing the broker/cluster and there will be users logging on from outside. Users on the LAN are served term1.example.lan and term2.example.lan, whereas users from outside get term1.example.com and term2.example.com. So far everything has worked fine, but now I have started testing outside access, which does not work. x2gobroker (with autologin) tells x2goclient to access term1 or term2 - it leaves out the rest of the domain name. This works fine on the LAN, because the machines there have example.lan set as their searchdomain, but machines from outside can't resolve "term1" to "term1.example.com" and need to be given the FQDN. Please note that the FQDNs is specified in the sessionprofiles, but x2goclient still tries to resolve the short version of the name.
A fix for this is not so trivial, as it seems. The ,,wrong'' hostname
is produced by x2golistsession on the server that the x2gobroker-agent
gets executed on.
Obviously, your external clients call the X2Go Session Broker. The
session broker knows a list of possible hosts for sending the
select_session query to. The server that gets asked responds with a
hostname from the X2Go session DB, that is not necessarily what you
configured in X2Go Session Broker's x2gobroker-sessionprofiles.conf.
So, what is needed is a backwards mapping between the result that gets
returned by x2gobroker-agent (i.e. the returned server name /
hostname) back to the FQDN hostnames configured in X2Go Session
Broker. The mapping is not bijective here, it is more about guessing
and shooting blindfolded.
/me scratches his head on the best approach for this...
Mike
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
Processing commands for control@bugs.x2go.org:
tag #218 confirmed Bug #218 [x2gobroker] x2gobroker: Hostname is used instead of FQDN Added tag(s) confirmed. thanks Stopping processing here.
Please contact me if you need assistance.
218: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=218 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems
I obviously don't know the algorithm used to figure out which server is selected, but in my ignorance, I would think the way to do it should be something like this:
- Ask all servers if they have a running session for the user trying to log in.
- If any servers answer possitively, send the configured hostname to the client.
- Ask all servers for the needed information.
- Do the math on the broker, to figure out which server to select.
- Send the selected server to the client.
Every time the broker talks to a server, it would keep the information about which server it is talking to, in memory and just associate the returned information with that server. I really don't see why it is neccesary for the servers to reply back with who they think they are, nor who their counterparts in the cluster are.
The fact that the algorithm relies on the servers to identify themselves also seems to me to be a potential security hole. What if a local user achieved enough administrative rights to change the hostname. Couldn't he then get the broker to send users to a server that he controls?
2013/5/22 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
tag #218 confirmed thanks
Hi Anders,
On Mi 22 Mai 2013 15:30:29 CEST Anders Bruun Olsen wrote:
Package: x2gobroker
Version: 0.0.2.2
I am setting up a loadbalanced cluster of x2go servers with a broker in front. There are thinclients on the LAN accessing the broker/cluster and there will be users logging on from outside. Users on the LAN are served term1.example.lan and term2.example.lan, whereas users from outside get term1.example.com and term2.example.com. So far everything has worked fine, but now I have started testing outside access, which does not work. x2gobroker (with autologin) tells x2goclient to access term1 or term2 - it leaves out the rest of the domain name. This works fine on the LAN, because the machines there have example.lan set as their searchdomain, but machines from outside can't resolve "term1" to "term1.example.com" and need to be given the FQDN. Please note that the FQDNs is specified in the sessionprofiles, but x2goclient still tries to resolve the short version of the name.
A fix for this is not so trivial, as it seems. The ,,wrong'' hostname is produced by x2golistsession on the server that the x2gobroker-agent gets executed on.
Obviously, your external clients call the X2Go Session Broker. The session broker knows a list of possible hosts for sending the select_session query to. The server that gets asked responds with a hostname from the X2Go session DB, that is not necessarily what you configured in X2Go Session Broker's x2gobroker-sessionprofiles.**conf.
So, what is needed is a backwards mapping between the result that gets returned by x2gobroker-agent (i.e. the returned server name / hostname) back to the FQDN hostnames configured in X2Go Session Broker. The mapping is not bijective here, it is more about guessing and shooting blindfolded.
/me scratches his head on the best approach for this...
Mike
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.**de<mike.gabriel@das-netzwerkteam.de>, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.**de/freebusy/m.gabriel%40das-** netzwerkteam.de.xfb<https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb>
X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
-- Anders Bruun Olsen It-ansvarlig Det Danske Sprog- og Litteraturselskab (Society for Danish Language and Literature)
-
Anders Bruun Olsen -
Mike Gabriel -
owner@bugs.x2go.org