[X2Go-Commits] [[X2Go Wiki]] page changed: doc:howto:x2gobroker

wiki-admin at x2go.org wiki-admin at x2go.org
Fri Feb 10 17:28:21 CET 2017


A page in your DokuWiki was added or changed. Here are the details:

Date        : 2017/02/10 16:28
Browser     : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
IP-Address  : 78.43.90.159
Hostname    : HSI-KBW-078-043-090-159.hsi4.kabel-badenwuerttemberg.de
Old Revision: http://wiki.x2go.org/doku.php/doc:howto:x2gobroker?rev=1486743723
New Revision: http://wiki.x2go.org/doku.php/doc:howto:x2gobroker
Edit Summary: added server setup section, added ldap preseed
User        : stefanbaur

@@ -37,4 +37,267 @@
      * what ends up in LDAP this way is not something you want to work with in a production environment
      * it will be faster to set up a new LDAP server with the proper settings for your production environment than to base your server on this demo and trying to "clean up" afterwards
      * Also, no user-friendly tool to manage LDAP settings is installed by default.
  </note>
+ ===== Setting up the servers =====
+ ==== ldap1.xgo.example.com ====
+
<file - preseed_ldap>
+ # There are two sets of parameters you can use as the append line:
+ # The minimum required is:
+ # hostname=ldap1 domain=x2go.example.com
+ # url=http://192.168.0.224/preseed_ldap1
+ # (all in one line, and without the leading "#" marks)
+ # If you only use these, you will have to answer a few questions
+ # - mainly regarding country, keyboard and locale - interactively.
+ # For a fully automated installation, add these parameters 
+ # *in addition to the ones listed above*
+ # (again, all in one line, and without the leading "#" marks):
+ # priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0 
+ # debian-installer/locale=de_DE keymap=de-latin1
+ # debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5
+ 
+ # We prefer to stay anonymous ;-)
+ popularity-contest popularity-contest/participate boolean false
+ 
+ # Load non-free firmware, if possible
+ d-i hw-detect/load_firmware boolean true
+ 
+ # Repository
+ # CHANGE THIS to your nearest mirror
+
d-i     mirror/http/hostname    string ftp.de.debian.org
+ d-i     mirror/http/directory   string /debian/
+ d-i     mirror/suite            string jessie
+ 
+ # Post install APT setup
+ d-i     apt-setup/uri_type      select d-i
+ # CHANGE THIS to your nearest mirror
+ d-i     apt-setup/hostname      string ftp.de.debian.org
+ d-i     apt-setup/directory     string /debian/
+ d-i     apt-setup/another       boolean false
+ d-i     apt-setup/security-updates      boolean true
+ d-i     finish-install/reboot_in_progress note
+ d-i     prebaseconfig/reboot_in_progress        note
+ 
+ d-i     apt-setup/non-free 	boolean true
+ d-i     apt-setup/contrib 	boolean true
+ 
+ # Network-related settings
+ # Every hostname and domain name assigned via DHCP  
+ # takes priority over these values 
+ # however, if they are left empty, the installer will query them interactively 
+ d-i     netcfg/get_hostname     string  ldap1
+ d-i     netcfg/get_domain       string  x2go.example.com
+ d-i    
netcfg/disable_dhcp     boolean false
+ d-i     mirror/http/proxy      string
+ d-i     netcfg/choose_interface select eth0
+ d-i     netcfg/wireless_wep     string
+ 
+ # Partitioning and Bootloader settings
+ d-i     partman-auto/disk               string /dev/sda
+ d-i     partman-auto/method             string regular
+ 
+ # Do not use UUIDs in fstab (and not in bootloader config, either)
+ d-i partman/mount_style string traditional
+ 
+ # This silences an interactive "are you sure?" query
+ d-i	partman/confirm	boolean	true
+ d-i     partman-partitioning/confirm_write_new_label boolean true
+ d-i     partman/choose_partition select finish
+ d-i     partman/confirm_nooverwrite boolean true
+ d-i     partman-lvm/device_remove_lvm boolean true
+ d-i     partman-lvm/confirm boolean true
+ d-i     partman-md/device_remove_md boolean true
+ d-i     partman-md/confirm boolean true
+ 
+ d-i partman-auto/choose_recipe select atomic
+ #d-i partman-auto/choose_recipe select home
+ #d-i
partman-auto/choose_recipe select multi
+ 
+ d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal
+ 
+ d-i grub-installer/only_debian boolean true
+ d-i grub-installer/with_other_os boolean true
+ d-i grub-installer/bootdev  string /dev/sda
+ 
+ # Country, keyboard, locale settings - CHANGE THIS
+ d-i 	debian-installer/locale string de_DE
+ d-i     debian-installer/keymap select de-latin1
+ d-i     debian-installer/keymap string de-latin1
+ 
+ d-i     languagechooser/language-name-fb    select German
+ d-i     countrychooser/country-name select Germany
+ d-i     console-setup/layoutcode string de_DE
+ d-i     debian-installer/locale             select de_DE.UTF-8
+ 
+ # Time zone settings - CHANGE THIS
+ d-i     tzconfig/gmt            boolean false
+ d-i     tzconfig/choose_country_zone/Europe select Berlin
+ d-i     tzconfig/choose_country_zone_single boolean true
+ d-i	time/zone	select	Europe/Berlin
+ d-i	clock-setup/utc	boolean	true
+
d-i	mirror/country	string	manual
+ d-i     clock-setup/ntp boolean false
+ 
+ # Root Account
+ # this says "start" in MD5 - CHANGE THIS
+ d-i	passwd/root-password-crypted    passwd    $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.
+ 
+ # Do not create a regular user account when installing a server
+ d-i passwd/make-user boolean false
+ #d-i	passwd/user-fullname            string Local User
+ #d-i	passwd/username                 string localuser
+ #d-i	passwd/user-password-crypted    passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.
+ 
+ # Task and Package Selection
+ tasksel	tasksel/first	multiselect	ssh-server
+ d-i	pkgsel/include	string		ssh \
+ console-setup \
+ debconf-i18n \
+ dnsmasq \
+ dnsmasq-base \
+ ldap-utils \
+ libnss-ldapd \
+ libpam-ldapd \
+ mc \
+ migrationtools \
+ nslcd \
+ ntp \
+ rsync \
+ screen \
+ slapd \
+ sysvinit-core \
+ sysvinit-utils \
+ unattended-upgrades \
+ vim
+ 
+ # Commands to be executed after package installation
+ # Note: The only way to insert comments below is
to add an "echo COMMENT"
+ d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
+  echo "COMMENT: Configure SSH" ;\
+  mkdir -p /target/root/.ssh ; \
+  chmod 700 /target/root/.ssh ;\
+  touch /target/root/.ssh/authorized_keys ; \
+  chmod 600 /target/root/.ssh/authorized_keys ;\
+  sed -i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
+  echo "COMMENT: Insert your own SSH public key here" ;\
+  echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
+  echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
+  echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
+  echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
+  sed -i "s/$(cat /etc/hostname)/ldap1/" /target/etc/hosts ;\
+  echo "ldap1" >/target/etc/hostname ;\
+  echo "COMMENT: Fix ends here." ;\
+  echo "COMMENT: This is said to be required for LDAP UID/GID
sync." ;\
+  sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\
+  echo "COMMENT: These are our IP-FQDN-Hostname mappings that will be picked up by dnsmasq" ;\
+  echo -e '192.168.154.146\tldap1.x2go.example.com\tldap1'>> /target/etc/hosts ;\
+  echo -e '192.168.154.147\tnfs1.x2go.example.com\tnfs1'>> /target/etc/hosts ;\
+  echo -e '192.168.154.148\tx2gobroker1.x2go.example.com\tx2gobroker1'>> /target/etc/hosts ;\
+  echo -e '192.168.154.149\tx2goserver1.x2go.example.com\tx2goserver1'>> /target/etc/hosts ;\
+  echo -e '192.168.154.150\tx2goserver2.x2go.example.com\tx2goserver2'>> /target/etc/hosts ;\
+  echo -e '192.168.154.151\tpg1.x2go.example.com\tpg1'>> /target/etc/hosts ;\
+  echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
+  echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
+  echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
+  echo "COMMENT: This is for homedir autocreation." ;\
+  echo -e
'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
+  echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\ 
+  echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
+  echo "common-auth;*;*;A10000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
+  echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
+  sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
+  echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
+  sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
+  echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
+  echo "COMMENT: exactly *once* - at the first boot after installation." ;\
+  echo "COMMENT: First, remove the 'exit 0'" ;\
+  sed -i '/^exit 0/d' /target/etc/rc.local ;\
+  echo "COMMENT:
This automagically injects all local users, groups, etc. into LDAP" ;\
+  echo "COMMENT: Yes, this is a mess, ugly, a dirty hack, etc - but remember, this isn't" ;\
+  echo "COMMENT: about maintainability - it is to get a small, simple, static LDAP setup up" ;\
+  echo "COMMENT: and running so you don't have to bother with LDAP when all you want to do is" ;\
+  echo "COMMENT: test-drive the broker setup." \;
+  echo '(cd /usr/share/migrationtools && LDAP_BASEDN="dc=x2go,dc=example,dc=com" LDAPHOST="ldap1" LDAP_BINDDN="cn=admin,dc=x2go,dc=example,dc=com" LDAP_BINDCRED="start" LDAP_PROFILE="no" LDAPADD="/usr/bin/ldapadd -c" ETC_ALIASES=/dev/null ./migrate_all_online.sh || true)' >>/target/etc/rc.local ;\
+  echo "COMMENT: This is the cleanup job for the LDAP migration, so it doesn't run more than once." ;\
+  echo 'sed -i -e "/LDAP/d" /etc/rc.local' >>/target/etc/rc.local ;\
+  echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
+  echo "COMMENT: As the
standard shell of our LDAP users is set to /bin/sh." ;\
+  echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
+  echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
+  echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
+  echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
+  echo 'exit 0' >>/target/etc/rc.local ;\
+  echo "COMMENT: Now we set the default shell, create groups, create users, and add them to groups" ;\
+  in-target useradd -D -s /bin/bash ;\
+  in-target addgroup x2gobroker-users ;\
+  in-target addgroup x2godesktopsharing ;\
+  in-target addgroup x2gousers ;\
+  in-target addgroup group-shadow ;\
+  in-target addgroup group-a ;\
+  in-target addgroup group-b ;\
+  in-target useradd user1 -G users,x2gousers,x2gobroker-users,group-shadow ;\
+  in-target useradd user2 -G users,x2gousers,x2gobroker-users,group-a ;\
+  in-target useradd user3 -G
users,x2gousers,x2gobroker-users,group-a ;\
+  in-target useradd user4 -G users,x2gousers,x2gobroker-users,group-b ;\
+  in-target useradd user5 -G users,x2gousers,x2gobroker-users,group-b ;\
+  echo "COMMENT: Users will need passwords to log in, so we set them as well." ;\
+  echo "user1:start" | chroot /target /usr/sbin/chpasswd ;\
+  echo "user2:start" | chroot /target /usr/sbin/chpasswd ;\
+  echo "user3:start" | chroot /target /usr/sbin/chpasswd ;\
+  echo "user4:start" | chroot /target /usr/sbin/chpasswd ;\
+  echo "user5:start" | chroot /target /usr/sbin/chpasswd ;\
+  echo "COMMENT: Finally, take out the trash (yes, this includes systemd)" ;\
+  in-target apt-get purge -y systemd systemd-shim ;\
+  in-target apt-get autoremove --purge -y ;\
+  in-target apt-get clean ;\
+  echo "End Post-Install Setup/Config"
+ 
+ # Shut down and power off after installation
+ d-i debian-installer/exit/poweroff boolean true
+ 
+ # preseed key-value pairs for the packages we intend to
install
+ dash	dash/sh	boolean	false
+ exim4-config exim4/no_config boolean true
+ libnss-ldapd	libnss-ldapd/nsswitch	multiselect	group, hosts, netgroup, passwd, shadow
+ libnss-ldapd	libnss-ldapd/clean_nsswitch	boolean	false
+ libpam-runtime  libpam-runtime/profiles multiselect     unix, ldap
+ mdadm   mdadm/autostart boolean false
+ mdadm   mdadm/mail_to   string  root
+ mdadm   mdadm/initrdstart       string  all
+ mdadm   mdadm/initrdstart_notinconf     boolean true
+ mdadm   mdadm/autocheck boolean true
+ mdadm   mdadm/start_daemon      boolean true
+ nslcd   nslcd/ldap-bindpw       password
+ nslcd   nslcd/ldap-sasl-secprops        string
+ nslcd   nslcd/ldap-sasl-krb5-ccname     string  /var/run/nslcd/nslcd.tkt
+ nslcd   nslcd/ldap-sasl-authcid string
+ nslcd   nslcd/ldap-binddn       string
+ nslcd   nslcd/ldap-cacertfile   string  /etc/ssl/certs/ca-certificates.crt
+ nslcd   nslcd/ldap-sasl-authzid string
+ nslcd   nslcd/ldap-uris string  ldap://ldap1.x2go.example.com/
+
nslcd   nslcd/ldap-sasl-mech    select
+ nslcd   nslcd/ldap-auth-type    select  none
+ nslcd   nslcd/ldap-base string  dc=x2go,dc=example,dc=com
+ nslcd   nslcd/ldap-sasl-realm   string
+ nslcd   nslcd/ldap-reqcert      select
+ nslcd   nslcd/ldap-starttls     boolean false
+ slapd	slapd/password1	password	start
+ slapd	slapd/internal/generated_adminpw	password	start
+ slapd	slapd/password2	password	start
+ slapd	slapd/internal/adminpw	password	start
+ slapd	slapd/purge_database	boolean	false
+ slapd	slapd/invalid_config	boolean	true
+ slapd	slapd/password_mismatch	note	
+ slapd	slapd/domain	string	x2go.example.com
+ #slapd	slapd/upgrade_slapcat_failure	error	
+ slapd	slapd/unsafe_selfwrite_acl	note	
+ slapd	slapd/dump_database	select	when needed
+ slapd	shared/organization	string	X2Go LDAP Example Environment
+ slapd	slapd/backend	select	MDB
+ slapd	slapd/no_configuration	boolean	false
+ slapd	slapd/allow_ldap_v2	boolean	false
+
slapd	slapd/dump_database_destdir	string	/var/backups/slapd-VERSION
+ slapd	slapd/move_old_database	boolean	true
+ 
+ </file>
+ 
+ 


-- 
This mail was generated by DokuWiki at
http://wiki.x2go.org/



More information about the x2go-commits mailing list