As promised I tell you about my experience with loadbalancing x2go.
I had first tried to use the default loadbalancing setup of x2go
broker. It was working fine except that the Windows client was not
connecting to the https broker (due to a bug in the client). It has
been fixed quickly and I thank the development team for their
reactivity.
In the meanwhile, I had looked up alternative solutions and here is
what I set up :
The broker is a simple HAProxy
loadbalancer configured for ssh connections balancing. For us it
listens on port 10000 and dispatches ssh/tcp connections over 2 x2go
servers on ports 22 (the default ssh port !). The balancing
algorithm is based upon source ip hashing : It gives returning users
a chance to be sent to the same x2go server next time and have the
possibility to resume a suspended session (better than round-robin).
Advantages of that solution :
- x2go servers are not exposed to the outside world and there is no
need to open ports on the firewall for each x2go server : You only
need to open ports for the loadbalancer, which you can put in your
dmz.
- HAProxy cares to dispatch connections only to x2go servers that
are up (timeout configuration).
- Authentication is only made once on x2go servers (they are
configured with ldap_pam).
- No need to install a session broker agent on x2go servers.
Drawbacks :
- When a user connects with a different public ip, he wont probably
be sent to the same x2go server where he could have a suspended
session.
- Authentication is not made by the loadbalancer so there aren't acl
management as with the regular x2go broker.
- Every connections transit through the loadbalancer so there might
be a little overhead. HAProxy is pretty optimized though and it is
not noticeable.
I join hereby the HAProxy configuration file I am using.
It really works fine for us. I hope it will be useful to others.