[X2go-Commits] x2gobroker.git - master (branch) updated: 0.0.0.2-4-gfd4ae72
X2Go dev team
git-admin at x2go.org
Thu Feb 21 21:41:07 CET 2013
The branch, master has been updated
via fd4ae726f53e4ee701e987e31c73079797670b71 (commit)
via 18b8b460391374b141283e004a826d6ef51e61c0 (commit)
from 8cec21a5f2e9dde24155f47aa6b7450e56b770c4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fd4ae726f53e4ee701e987e31c73079797670b71
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Thu Feb 21 21:44:07 2013 +0100
word wrap x2gobroker-sessionprofiles.conf, shorten lines to 80 chars
commit 18b8b460391374b141283e004a826d6ef51e61c0
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Thu Feb 21 21:33:33 2013 +0100
word wrap x2gobroker.conf, shorten lines to 80 chars
-----------------------------------------------------------------------
Summary of changes:
etc/broker/x2gobroker-sessionprofiles.conf | 66 +++++++++++------
etc/x2gobroker.conf | 111 +++++++++++++++-------------
2 files changed, 101 insertions(+), 76 deletions(-)
The diff of changes is:
diff --git a/etc/broker/x2gobroker-sessionprofiles.conf b/etc/broker/x2gobroker-sessionprofiles.conf
index d797697..f3b4e8b 100644
--- a/etc/broker/x2gobroker-sessionprofiles.conf
+++ b/etc/broker/x2gobroker-sessionprofiles.conf
@@ -1,11 +1,12 @@
### X2Go Broker Session Profiles - ADAPT TO YOUR NEEDS ###
-# This whole file reflects a set of examplary X2Go session profiles being provided
-# via the X2Go Session Broker (backend: iniconf).
+# This whole file reflects a set of examplary X2Go session profiles being
+# provided via the X2Go Session Broker (backend: iniconf).
-# This whole file could be the broker setup in some university institute that runs
-# three server pools (pool-A, pool-B and pool-C). Though most univerities have
-# real IPv4 internet addresses, we use private subnets in the examples below.
+# This whole file could be the broker setup in some university institute that
+# runs three server pools (pool-A, pool-B and pool-C). Though most univerities
+# have real IPv4 internet addresses, we use private subnets in the examples
+# below.
# The X2Go Session Broker is served into the institutes local intranet, the
# broker cannot be reached from the internet directly.
@@ -13,14 +14,18 @@
# The first section [DEFAULTS] provides a set of default profile settings that
# are common to all session profiles given in sections below.
-# The other section names can be freely chosen, however, each section name has to
-# be unique within this file.
+# The other section names can be freely chosen, however, each section name has
+# to be unique within this file.
-# IMPORTANT: in the session profiles below you will find some lines starting with
-# acl-... These lines do neither protect the X2Go Session Broker nor your X2Go Servers.
-# For protecting the broker use iptables and ip6tables. For protecting your X2Go Servers
-# use iptable+ip6tables and a tightened PAM configuration (e.g. pam_access.so). Securing
-# X2Go Servers means securing the SSH daemon that runs on the X2Go Server.
+# IMPORTANT: in the session profiles below you will find some lines starting
+# with acl-... These lines do neither protect the X2Go Session Broker nor
+# your X2Go Servers. They simply allow for selective session profile provision
+# based on client address, user name and group memberships.
+#
+# For protecting the broker use iptables and ip6tables. For protecting your
+# X2Go Servers use iptable+ip6tables and a tightened PAM configuration (e.g.
+# pam_access.so). Securing X2Go Servers means securing the SSH daemon that
+# runs on the X2Go Server.
[DEFAULT]
@@ -55,19 +60,26 @@ sshport=22
setdpi=0
pack=16m-jpeg
+### EXAMPLES: Below you find some config examples. Adapt them to your needs or
+### simply write your own session profiles and remove the examples below.
+
##
-## pool-A (staff servers)
+## EXAMPLE: pool-A (staff servers)
##
## The pool-A contains three X2Go Servers (server-A, server-B and server-C).
-## The staff of our example institute falls into two groups of users: gnome-users and kde-users.
-## The gnome-users log into server-A or server-B, depending on their client subnet (IP configuration of the client).
-## The kde-users login to server-C (server-C can be reached from the whole intranet).
+## The staff of our example institute falls into two groups of users:
+## gnome-users and kde-users.
+## The gnome-users log into server-A or server-B, depending on their client
+## subnet (IP configuration of the client).
+## The kde-users login to server-C (server-C can be reached from the whole
+## intranet).
##
-## The split-up of the GNOME users allows some primitive load balancing.
+## The client IP based split-up of the GNOME users allows some primitive load
+## balancing.
##
-## If staff people are members of both groups (kde-users, gnome-users) both session profiles will be
-## shown in X2Go Client.
+## If staff people are members of both groups (kde-users, gnome-users) both
+## session profiles will be shown in X2Go Client.
##
[pool-A-server-A]
@@ -102,7 +114,7 @@ acl-groups-deny=ALL
acl-any-order=deny-allow
##
-## pool-B (e.g. webserver in the DMZ or on the internet)
+## EXAMPLE: pool-B (e.g. webserver in the DMZ or on the internet)
##
## The pool-B is a single X2Go Server (server-D) that is
## hosted externally. The server-D has an official internet IP.
@@ -127,7 +139,7 @@ acl-clients-allow=admin-machine1.domain.local, admin-machine2.domain.local, admi
acl-any-order=deny-allow
##
-## pool-C
+## EXAMPLE: pool-C (REAL LOAD BALANCING!!!)
##
## The pool-C is a server pool for students. Our example institute
## knows 200-300 students and has to offer working places for
@@ -137,13 +149,19 @@ acl-any-order=deny-allow
## normally stay away from these machines, anyway. Only two test account
## get this session profile into their X2Go Clients.
##
-## The pool-C contains 6 X2Go Servers that serve all students users together as a load balance
-## server farm.
+## The pool-C contains 6 X2Go Servers that serve all students users together
+## as a load balance server farm.
+##
+## Make sure to install x2gobroker-agent on all these 6 X2Go Servers. Also make
+## sure to once run the script x2gobroker-keygen on the broker host and once
+## the script x2gobroker-pubkeyauthorizer per X2Go Server.
+##
+## All 6 X2Go Servers have to be configured to use the PostgreSQL X2Go session
+## DB backend.
##
[pool-C-XFCE]
user=
-# no load balancing support, yet
host=s-E1.pool-c.domain.local,s-E2.pool-c.domain.local,s-E3.pool-c.domain.local,s-E4.pool-c.domain.local,s-E5.pool-c.domain.local,s-E6.pool-c.domain.local
name=XFCE - pool-C
command=XFCE
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index b512cf4..a1fc81a 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -1,7 +1,7 @@
# This file is part of the X2Go Project - http://www.x2go.org
-# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de>
-# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing at obviously-nice.de>
-# Copyright (C) 2012 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+# Copyright (C) 2011-2013 by Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de>
+# Copyright (C) 2011-2013 by Heinz-Markus Graesing <heinz-m.graesing at obviously-nice.de>
+# Copyright (C) 2012-2013 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
#
# X2Go Session Broker is free software; you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@@ -28,8 +28,8 @@
#
# 1. backend = zeroconf
# Use the ZeroConf X2Go Session Broker backend, this backend is for demo only
-# and only operates on localhost. Make sure you have x2gobroker, x2gobroker-agent
-# and x2goserver installed on the same machine.
+# and only operates on localhost. Make sure you have x2gobroker-daemon and
+# x2goserver installed on the same machine. No need to install x2gobroker-agent.
# 2. backend = simple
# The Simple X2Go Session Broker backend is for providing session profiles
@@ -41,16 +41,16 @@
# 3. backend = minibalancer
# A minimal load balancer for an X2Go server farm. Provide the same set of
-# session profiles to multiple users, optimally without login (set check_credentials
-# to false, below) and offer one of several pre-configured X2Go servers running
-# the same setup.
+# session profiles to multiple users, optimally without login (set
+# check_credentials to false, below) and offer one of several pre-configured
+# X2Go servers running the same setup.
# 4. backend = ldap
# A production backend that stores all session profile, server and session
# profile mapping in LDAP
-# Allow unauthenticated connections? Then set check_credentials to false (i.e. 0)
+# Allow unauthenticated connections? Then set check_credentials to false.
#check-credentials = true
# To secure server-client communication the client can start the communication
@@ -58,8 +58,8 @@
# use of this feature
#use-authid = false
-# X2Go supports two different auth ID modes (static and dynamic), for now set the
-# below value to true
+# X2Go supports two different auth ID modes (static and dynamic), for now set
+# the below value to true
#use-static-authid = true
# Make up your own authid below...
@@ -80,14 +80,14 @@
# default authentication mechanism for all broker backends
#default-auth-mech = pam
-# how does this X2Go Session Broker instance retrieve user and group information
-# from the system? (defaults for all broker backends)
+# how does this X2Go Session Broker instance retrieve user and group
+# information from the system? (defaults for all broker backends)
#default-user-db = libnss
#default-group-db = libnss
-# on large deployments it is recommended to ignore primary group memberships
-# traversing into all user accounts for primary group detection can be quite
-# CPU intensive on the X2Go Broker server.
+# on large deployments it is recommended to ignore primary group
+# memberships traversing into all user accounts for primary group
+# detection can be quite CPU intensive on the X2Go Broker server.
#ignore-primary-group-memberships = true
# default X2Go Broker Agent query mode:
@@ -101,37 +101,43 @@
# So, there are two query modes for the X2GO Broker Agent: LOCAL and SSH.
#
# LOCAL - This LOCAL mode only works for _one_ configured multi-server farm.
-# If the locally installed X2Go Session Broker is to server many different
-# multi-server farms, then the LOCAL mode will not work!!!
+# If the locally installed X2Go Session Broker is to server many
+# different multi-server farms, then the LOCAL mode will not work!!!
#
# How it works: Assume that the local system has an X2Go Broker Agent
-# that knows about the multi-server setup. This means: X2Go Server has
-# to be installed locally and the X2Go Server has to be configured to
-# use the multi-server farms PostgreSQL session DB backend.
-#
-# The local system that is running the broker does not necessarily have
-# to be a real application server. It only has to be aware of running/suspended
-# sessions within the X2Go multi-server farm setup.
-#
-# A typical use-case is X2Go on top of a Debian Edu Terminal-Server farm:
-#
-# TJENER -> PostgreSQL DB, X2Go Server, X2Go Session Broker + Broker Agent
-# TS01 - TS0X -> X2Go Server configured to use the PostgreSQL DB on TJENER
-#
-# SSH - The more generic approach, but also more complex. It allows that the broker
-# on this system may serve for many different X2Go Server multi-server setups.
-#
-# With the SSH agent query mode, the X2Go Session Broker will query one of the X2Go
-# Servers in the targeted multi-server setup (through SSH). The SSH authentication
-# is done by a system user account (normally UID=x2gobroker) and SSH pub/priv
-# key authentication has to be configured to make this work.
-#
-# All X2Go Servers in a multi-server farm need the X2Go Broker Agent installed,
-# whereas this local system running the X2Go Session Broker does not need a
-# local X2Go Broker Agent at all.
-
-# The agent query mode can be configured on a per-broker-backend basis, the below value is
-# the default.
+# that knows about the multi-server setup. This means: X2Go Server
+# has to be installed locally and the X2Go Server has to be
+# configured to use the multi-server farms PostgreSQL session DB
+# backend.
+#
+# The local system that is running the broker does not necessarily
+# have to be a real application server. It only has to be aware of
+# running/suspended sessions within the X2Go multi-server farm setup.
+#
+# A typical use-case is X2Go on top of a Debian Edu Terminal-Server
+# farm:
+#
+# TJENER -> PostgreSQL DB, X2Go Server, X2Go Session Broker +
+# Broker Agent
+# TS01 - TS0X -> X2Go Server configured to use the PostgreSQL DB
+# on TJENER
+#
+# SSH - The more generic approach, but also more complex. It allows that
+# the broker on this system may serve for many different X2Go Server
+# multi-server setups.
+#
+# With the SSH agent query mode, the X2Go Session Broker will query
+# one of the X2Go Servers in the targeted multi-server setup (through
+# SSH). The SSH authentication is done by a system user account
+# (normally UID=x2gobroker) and SSH pub/priv key authentication has
+# to be configured to make this work.
+#
+# All X2Go Servers in a multi-server farm need the X2Go Broker Agent
+# installed, whereas this local system running the X2Go Session
+# Broker does not need a local X2Go Broker Agent at all.
+#
+# The agent query mode can be configured on a per-broker-backend basis, the
+# below value is the default.
#default-agent-query-mode=LOCAL
###
@@ -140,22 +146,23 @@
# Possible X2Go Session Broker backends:
#
-# 1. backend = zeroconf
+# 1. backend = zeroconf (activated by default)
# Use the ZeroConf X2Go Session Broker backend, this backend is for demo only
-# and only operates on localhost. Make sure you have x2gobroker, x2gobroker-agent
-# and x2goserver installed on the same machine.
+# and only operates on localhost. Make sure you have x2gobroker-daemon and
+# and x2goserver installed on the same machine. No need to install
+# x2gobroker-agent.
-# 2. backend = infile
+# 2. backend = infile (deactivated by default)
# The IniFile X2Go Session Broker backend is for providing session profiles
-# to multiple users/clients on a text config file basis.
+# to multiple users/clients on a text config file basis (.ini file format).
#
# The session profile setup is accomplished by an extra configuration file,
# by default named /etc/x2go/broker/x2gobroker-sessionproiles.conf.
#
# For small-scale deployments the IniFile backend is the recommended backend.
-# 4. backend = ldap
-# A production backend that stores all session profile, server and session
+# 4. backend = ldap (deactivated by default)
+# A production backend that stores all session profiles, servers and session
# profile mapping in LDAP (MUSIC OF THE FUTURE!!!)
[zeroconf]
hooks/post-receive
--
x2gobroker.git (HTTP(S) Session broker for X2Go)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).
More information about the x2go-commits
mailing list