Hi All:
We're trying to get printing to work using X2go and Vserver. Per Mike's suggestion, we've shifted to trying the Postgres approach (http://www.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-pgsql and http://www.x2gorg/doku.php/wiki:advanced:multi-node:x2goserver-printing) but are still stuck. This is long, but are hoping will help...
Some "suspects" are DNS, permissions (thanks John Sullivan for his suggestion), and ssh between the x2go server on the vserver and the cups server on the host (see below...Set up SSH Keys)
Right now, when we try to print, superficially things seem to go as they should (e.g., entries for successful printing get entered in the cups logs) but nothing happens either in terms of popping a pdf and getting "Show this diaglog before starting printing" on the client or getting a page to print. FYI - the symptoms are pretty much the same as when we were stuck with single node x2go printing.
TERMS: We think of things in the following terms, and hope this is useful for clarity: Host - computer that runs Vserver platform and Cups server. It is on this that we have set up the virtual x2go printer, shared it, and generated the ssh key for printing from x2go servers Guest - Vserver instances where x2goserver and the PostgreSQL backend are located and x2goserver-printing is installed, to which a client connects Client - netbook from which we connect to x2go on the Vserver Guest.
SETUP
- On Vserver Guest (x2go server):
- Installed and set up PostgreSQL; added the "user" to postgres (user1) to be used when connecting from the x2go client to the x2go server and PostgreSQL database (x2godgadmin --adduser user1).
- Installed x2go-server-printing
NOTE: we got the following messages when setting up PostgreSQL and because we can connect (and sqlpass gets generated in user's .x2go on the x2go server) assume they don't matter, but have included them:
root@vserver1:/usr/lib# x2godbadmin --createdb NOTICE: database "x2go_sessions" does not exist, skipping NOTICE: role "x2godbuser" does not exist, skipping NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "sessions_pkey" for table "sessions" NOTICE: CREATE TABLE / UNIQUE will create implicit index "sessions_display_key" for table "sessions" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "messages_pkey" for table "messages" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "used_ports_pkey" for table "used_ports" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "mounts_pkey" for table "mounts" root@vserver12:/usr/lib# x2godbadmin --adduser user1 NOTICE: role "x2gouser_user1" does not exist, skipping create DB user "x2gouser_user1"
- On Vserver Host (Cups Server):
- Installed cups-x2go
- Used "http://localhost:631" and added the virtual x2go printer and shared it (we couldn't see it on the client unless we shared it)
- Used Visudo to add "x2goprint ALL=(ALL) NOPASSWD: /usr/bin/x2goprint
- Set up SSH Keys using http://www.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-printing
NOTE: we had trouble getting the keys to copy over (ssh-copy-id /usr/bin/ssh-copy-id: ERROR: No identities found). We cannot ping the Guest from the Host by server name (e.g., vserver1.mydomain.com), but can by ip address. We ended up creating /home/x2goprint/.ssh/authorized_keys and adding the contents of id_dsa-x2goprint.pub by hand. We then issued ssh -i /root/.ssh/id_dsa-x2goprint x2goprint@x192.168.1.112 and got:
The authenticity of host '192.168.1.112 (192.168.1.112)' can't be established. RSA key fingerprint is dd:04:0f:56:5f:23:a8:71:e6:d8:aa:64:4c:91:16:0d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.112' (RSA) to the list of known hosts. Permission denied (publickey).
Is this "Permission denied (publickey)." the cause of our problems? It appears to have added an RSA key where we think the keys created where DSA...
Tested the x2go connection from the client. We could connect. Then tried to print: we can see the virtual x2go printer but cannot get any of the desired outcomes to occur (printing, get pdf to open using evince parameter).
Observations On the Vserver host (cups server) a) the print job files show up in /var/spool/cups b) in http://localhost:631 the print jobs show as completed c) there are no errors in /var/log/cups/error_log and the page_log and access_log seem to restister the successful print job and access to the cups
When things are working: d) When things are working (straight connection from an x2go client to an x2go server - no vserver), on the server in home/user1/.x2go there is a healthly "spool" link to /tmp/.x2go-userx/spool/user1-50-1348322588_stDGNOME_dp24. When we print, some files get generated from there we think in the /tmp/.x2go...directory and the x2goprint code grabs them and uses them.
But...on the guest e) On the setup we are trying to get working (client to Vserver Guest/X2goServer/PostgreSQL on a Vserver host), the spool link is shown as broken and the "on the fly" print files don't get created.
- Help Q: is this some sort of DNS issue - we can't ping "vserver1.mydomain.com" but assume this is a protocol/firewall issue and not the problem in terms of printing.
Q: John Sullivan wondered if this is a permissions issue (i.e., does the cups server have write access to the client spool directory): if this is the issue, we're not sure how to test or fix it. We looked at the permissions on the "working" vs. "not working" set ups on the spool directory and couldn't see any differences, but may be missing the point.
Q: Vserver uses an fstab configu outside of the vserver itself where /tmp is listed as "none /tmp tmpfs size=128m,mode=1777 0 0" (and the /etc/fstab inside the Vserver only has "# UNCONFIGURED FSTAB FOR BASE SYSTEM"). Does the Vserver fstab set up get in the way of the spool link writing to the /tmp/.x2go....folder on the client? If so, this sound like it might be along the lines of John Sullivan's suggestion.
Q: did the errors we got when generated the ssh keys matter "(Permission denied (publickey)."? The content of the Vserver/Cups Server host known hosts has:
- a prefix of "|1|Ha2q5mBmGyrl4CYri92TPRb6NNU=|3gihEfRTYU8UHwI4FrQcSq29Exg="
- then the contents of the authorized_keys on the Vserver Guest/x2go server /home/user1/.ssh/authorized_keys file up to but excluding the "root@vserver1.mydomain.com"
Or did we create DSA keys but somehow when trying to add them got crossed up with RSA keys (e.g., Warning: Permanently added '192.168.1.112' (RSA) to the list of known hosts.").
We know this is tough to troubleshoot remotely, but any help very much appreciated.
Best,
Ted
Hi Ted,
I am not sure (and do not have the time to x-check) if the wiki page
contains what I provide as info in this mail. If there is a mismatch
between wiki and my info could you please update the wiki page? Thanks
in advance.
On Sa 22 Sep 2012 17:17:04 CEST wrote:
SETUP
- On Vserver Guest (x2go server):
- Installed and set up PostgreSQL; added the "user" to postgres
(user1) to be used when connecting from the x2go client to the x2go
server and PostgreSQL database (x2godgadmin --adduser user1).- Installed x2go-server-printing
If you can login via X2Go and you use PostgreSQL as db backend then
your PostgreSQL setup is correct.
- On Vserver Host (Cups Server):
- Installed cups-x2go
- Used "http://localhost:631" and added the virtual x2go printer and
shared it (we couldn't see it on the client unless we shared it)- Used Visudo to add "x2goprint ALL=(ALL) NOPASSWD: /usr/bin/x2goprint
- Set up SSH Keys using
http://www.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-printing
Issue 1)
The sudo line for x2goprint user has to be placed on every X2Go server
(Vserver guest in your case).
Issue 2) As root@cups-server (Vserver host) you have to be able to run this command:
$ ssh -lx2goprint -i /root/.ssh/id_dsa-x2goprint <x2goserver>
The default key algorithm in Debian is RSA, we recommend DSA, but it
does not matter. Just make sure that you have the private key on the
cups-server under the above name and the corresponding public key in
~x2goprint/.ssh/autorized_keys
Make sure that ~x2goprint/.ssh has restrictive permissions (0700).
Same for files in that folder.
NOTE: we had trouble getting the keys to copy over (ssh-copy-id
/usr/bin/ssh-copy-id: ERROR: No identities found). We cannot ping
the Guest from the Host by server name (e.g.,
vserver1.mydomain.com), but can by ip address. We ended up creating
/home/x2goprint/.ssh/authorized_keys and adding the contents of
Why /home/x2goprint??? The default installation procedure creates a
home for x2goprint: /var/spool/x2goprint, so the public key has to be
placed in
/var/spool/x2goprint/.ssh/authorized_keys
id_dsa-x2goprint.pub by hand. We then issued ssh -i
/root/.ssh/id_dsa-x2goprint x2goprint@x192.168.1.112 and got: Is this "Permission denied (publickey)." the cause of our problems?
You have to make sure that DNS works properly. For a quick test, use
/etc/hosts to place hostnames and IPs in. X2Go uses the hostnames to
connect between different machines. Check the output of
x2golistsessions (4th field).
It appears to have added an RSA key where we think the keys created
where DSA...
See above. The key algorithm does not matter. The ssh login (see
above) has to work.
- Observations On the Vserver host (cups server) a) the print job files show up in /var/spool/cups b) in http://localhost:631 the print jobs show as completed c) there are no errors in /var/log/cups/error_log and the page_log
and access_log seem to restister the successful print job and access
to the cups
The next step to check: on the X2Go server (vserver guest) in
/var/spool/x2goprint/
If files do not appear there, check the SSH key login and check that
DNS works.
Then the cups-x2go backend on the cups server (Vserver host) executes
the x2goprint command (on the vserver guest) via SSH. This only works if
(a) the SSH login from root@cups-server to x2goprint@x2goserver works (b) the x2goprint user is allowed to execute the x2goprint with sudo
- Help Q: is this some sort of DNS issue - we can't ping
"vserver1.mydomain.com" but assume this is a protocol/firewall issue
and not the problem in terms of printing.
DNS has to work!!!
Q: John Sullivan wondered if this is a permissions issue (i.e.,
does the cups server have write access to the client spool
directory): if this is the issue, we're not sure how to test or fix
it. We looked at the permissions on the "working" vs. "not working"
set ups on the spool directory and couldn't see any differences, but
may be missing the point.
cups -> cups spool dir -> cups-x2go
cups-x2go -> copy print job to x2goprint@x2goserver:~x2goprint cups-x2go -> executes via SSH on x2goserver: ,,sudo x2goprint <options>''
,,sudo x2goprint <options>'' script (on x2goserver) copies the spool
file into /tmp/.x2go-<uid>/spool/<session>/. Under this spool dir the
sshfs client-side spool directory is mounted. So now, the print job
files are on the X2Go Client.
Q: Vserver uses an fstab configu outside of the vserver itself
where /tmp is listed as "none /tmp tmpfs size=128m,mode=1777 0 0"
(and the /etc/fstab inside the Vserver only has "# UNCONFIGURED
FSTAB FOR BASE SYSTEM"). Does the Vserver fstab set up get in the
way of the spool link writing to the /tmp/.x2go....folder on the
client? If so, this sound like it might be along the lines of John
Sullivan's suggestion.
This should not be an issue.
Q: did the errors we got when generated the ssh keys matter
"(Permission denied (publickey)."? The content of the Vserver/Cups
Server host known hosts has:
- a prefix of "|1|Ha2q5mBmGyrl4CYri92TPRb6NNU=|3gihEfRTYU8UHwI4FrQcSq29Exg="
- then the contents of the authorized_keys on the Vserver Guest/x2go
server /home/user1/.ssh/authorized_keys file up to but excluding the
"root@vserver1.mydomain.com"
Ahhh... this is another issue. You have to generate a known_hosts file
for root@cups-server that allows the login to x2goprint@x2goserver
(with SSH key /root/.ssh/id_dsa-x2goprint.
For this, just to be sure, do several manual ssh logins from
cups-server to x2goserver:
ssh -lx2goprint <ip> ssh -lx2goprint <hostname> ssh -lx2goprint <hostname>.<fqdn>
Or did we create DSA keys but somehow when trying to add them got
crossed up with RSA keys (e.g., Warning: Permanently added
'192.168.1.112' (RSA) to the list of known hosts.").
Again, DSA or RSA doesn't really matter. Only thing important: you
have to be able to log in from root@cups-server to
x2goprint@x2goserver without password. Consult other SSH docs on the
web, if that is nothing you set up regularly.
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
On Sat, 2012-09-22 at 11:17 -0400, senrabdet@aol.com wrote:
Hi All:
We're trying to get printing to work using X2go and Vserver. Per Mike's suggestion, we've shifted to trying the Postgres approach (http://www.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-pgsql and http://www.x2gorg/doku.php/wiki:advanced:multi-node:x2goserver-printing) but are still stuck. This is long, but are hoping will help...
Some "suspects" are DNS, permissions (thanks John Sullivan for his suggestion), and ssh between the x2go server on the vserver and the cups server on the host (see below...Set up SSH Keys)
Right now, when we try to print, superficially things seem to go as they should (e.g., entries for successful printing get entered in the cups logs) but nothing happens either in terms of popping a pdf and getting "Show this diaglog before starting printing" on the client or getting a page to print. FYI - the symptoms are pretty much the same as when we were stuck with single node x2go printing.
TERMS: We think of things in the following terms, and hope this is useful for clarity: Host - computer that runs Vserver platform and Cups server. It is on this that we have set up the virtual x2go printer, shared it, and generated the ssh key for printing from x2go servers Guest - Vserver instances where x2goserver and the PostgreSQL backend are located and x2goserver-printing is installed, to which a client connects Client - netbook from which we connect to x2go on the Vserver Guest.
SETUP
- On Vserver Guest (x2go server):
- Installed and set up PostgreSQL; added the "user" to postgres (user1) to be used when connecting from the x2go client to the x2go server and PostgreSQL database (x2godgadmin --adduser user1).
- Installed x2go-server-printing
NOTE: we got the following messages when setting up PostgreSQL and because we can connect (and sqlpass gets generated in user's .x2go on the x2go server) assume they don't matter, but have included them:
root@vserver1:/usr/lib# x2godbadmin --createdb NOTICE: database "x2go_sessions" does not exist, skipping NOTICE: role "x2godbuser" does not exist, skipping NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "sessions_pkey" for table "sessions" NOTICE: CREATE TABLE / UNIQUE will create implicit index "sessions_display_key" for table "sessions" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "messages_pkey" for table "messages" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "used_ports_pkey" for table "used_ports" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "mounts_pkey" for table "mounts" root@vserver12:/usr/lib# x2godbadmin --adduser user1 NOTICE: role "x2gouser_user1" does not exist, skipping create DB user "x2gouser_user1"
- On Vserver Host (Cups Server):
- Installed cups-x2go
- Used "http://localhost:631" and added the virtual x2go printer and shared it (we couldn't see it on the client unless we shared it)
- Used Visudo to add "x2goprint ALL=(ALL) NOPASSWD: /usr/bin/x2goprint
- Set up SSH Keys using http://www.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-printing
NOTE: we had trouble getting the keys to copy over (ssh-copy-id /usr/bin/ssh-copy-id: ERROR: No identities found). We cannot ping the Guest from the Host by server name (e.g., vserver1.mydomain.com), but can by ip address. We ended up creating /home/x2goprint/.ssh/authorized_keys and adding the contents of id_dsa-x2goprint.pub by hand. We then issued ssh -i /root/.ssh/id_dsa-x2goprint x2goprint@x192.168.1.112 and got:
Oops! This email landed in my SPAM folder so I didn't see it before my previous reply. This definitely looks like a problem in that the CUPS server is not going to be able to scp the file to the x2goserver like this. If you can't manually scp a file from the print server to the X2Go server, the print server won't be able to do it either - at least so I would think.
The authenticity of host '192.168.1.112 (192.168.1.112)' can't be established. RSA key fingerprint is dd:04:0f:56:5f:23:a8:71:e6:d8:aa:64:4c:91:16:0d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.112' (RSA) to the list of known hosts. Permission denied (publickey).
Is this "Permission denied (publickey)." the cause of our problems? It appears to have added an RSA key where we think the keys created where DSA...
Tested the x2go connection from the client. We could connect. Then tried to print: we can see the virtual x2go printer but cannot get any of the desired outcomes to occur (printing, get pdf to open using evince parameter).
Observations On the Vserver host (cups server) a) the print job files show up in /var/spool/cups b) in http://localhost:631 the print jobs show as completed c) there are no errors in /var/log/cups/error_log and the page_log and access_log seem to restister the successful print job and access to the cups
When things are working: d) When things are working (straight connection from an x2go client to an x2go server - no vserver), on the server in home/user1/.x2go there is a healthly "spool" link to /tmp/.x2go-userx/spool/user1-50-1348322588_stDGNOME_dp24. When we print, some files get generated from there we think in the /tmp/.x2go...directory and the x2goprint code grabs them and uses them.
But...on the guest e) On the setup we are trying to get working (client to Vserver Guest/X2goServer/PostgreSQL on a Vserver host), the spool link is shown as broken and the "on the fly" print files don't get created.
- Help Q: is this some sort of DNS issue - we can't ping "vserver1.mydomain.com" but assume this is a protocol/firewall issue and not the problem in terms of printing.
Q: John Sullivan wondered if this is a permissions issue (i.e., does the cups server have write access to the client spool directory): if this is the issue, we're not sure how to test or fix it. We looked at the permissions on the "working" vs. "not working" set ups on the spool directory and couldn't see any differences, but may be missing the point.
Sorry - I didn't mean file system permissions - I meant the ability to scp the file.
Q: Vserver uses an fstab configu outside of the vserver itself where /tmp is listed as "none /tmp tmpfs size=128m,mode=1777 0 0" (and the /etc/fstab inside the Vserver only has "# UNCONFIGURED FSTAB FOR BASE SYSTEM"). Does the Vserver fstab set up get in the way of the spool link writing to the /tmp/.x2go....folder on the client? If so, this sound like it might be along the lines of John Sullivan's suggestion.
Q: did the errors we got when generated the ssh keys matter "(Permission denied (publickey)."? The content of the Vserver/Cups Server host known hosts has:
- a prefix of "|1|Ha2q5mBmGyrl4CYri92TPRb6NNU=| 3gihEfRTYU8UHwI4FrQcSq29Exg="
- then the contents of the authorized_keys on the Vserver Guest/x2go server /home/user1/.ssh/authorized_keys file up to but excluding the "root@vserver1.mydomain.com"
Or did we create DSA keys but somehow when trying to add them got crossed up with RSA keys (e.g., Warning: Permanently added '192.168.1.112' (RSA) to the list of known hosts.").
We know this is tough to troubleshoot remotely, but any help very much appreciated.
Best,
Ted
X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
-
John A. Sullivan III -
Mike Gabriel -
senrabdet@aol.com