[X2Go-Commits] [[X2Go Wiki]] page changed: doc:howto:x2gobroker
wiki-admin at x2go.org
wiki-admin at x2go.org
Fri Feb 10 17:48:13 CET 2017
A page in your DokuWiki was added or changed. Here are the details:
Date : 2017/02/10 16:48
Browser : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
IP-Address : 78.43.90.159
Hostname : HSI-KBW-078-043-090-159.hsi4.kabel-badenwuerttemberg.de
Old Revision: http://wiki.x2go.org/doku.php/doc:howto:x2gobroker?rev=1486745191
New Revision: http://wiki.x2go.org/doku.php/doc:howto:x2gobroker
Edit Summary: added x2gobroker1.xgo.example.com
User : stefanbaur
@@ -746,5 +746,289 @@
nslcd nslcd/ldap-base string dc=x2go,dc=example,dc=com
nslcd nslcd/ldap-sasl-realm string
nslcd nslcd/ldap-reqcert select
nslcd nslcd/ldap-starttls boolean false
+ </file>
+
+ ==== x2gobroker1.xgo.example.com ====
+ <file - preseed_x2gobroker1>
+ # There are two sets of parameters you can use as the append line:
+ # The minimum required is:
+ # hostname=x2gobroker1 domain=x2go.example.com
+ # url=http://192.168.0.224/preseed_x2gobroker1
+ #
(all in one line, and without the leading "#" marks)
+ # If you only use these, you will have to answer a few questions
+ # - mainly regarding country, keyboard and locale - interactively.
+ # For a fully automated installation, add these parameters
+ # *in addition to the ones listed above*
+ # (again, all in one line, and without the leading "#" marks):
+ # priority=critical netcfg/use_dhcp=true netcfg/choose_interface=eth0
+ # debian-installer/locale=de_DE keymap=de-latin1
+ # debian-installer/locale=de_DE.UTF-8 DEBCONF_DEBUG=5
+
+ # We prefer to stay anonymous ;-)
+ popularity-contest popularity-contest/participate boolean false
+
+ # Load non-free firmware, if possible
+ d-i hw-detect/load_firmware boolean true
+
+ # Repository
+ # CHANGE THIS to your nearest mirror
+ d-i mirror/http/hostname string ftp.de.debian.org
+ d-i mirror/http/directory string /debian/
+ d-i mirror/suite string jessie
+
+ # Post install APT setup
+ d-i
apt-setup/uri_type select d-i
+ # CHANGE THIS to your nearest mirror
+ d-i apt-setup/hostname string ftp.de.debian.org
+ d-i apt-setup/directory string /debian/
+ d-i apt-setup/another boolean false
+ d-i apt-setup/security-updates boolean true
+ d-i finish-install/reboot_in_progress note
+ d-i prebaseconfig/reboot_in_progress note
+
+ d-i apt-setup/non-free boolean true
+ d-i apt-setup/contrib boolean true
+
+ # Network-related settings
+ # Every hostname and domain name assigned via DHCP
+ # takes priority over these values
+ # however, if they are left empty, the installer will query them interactively
+ d-i netcfg/get_hostname string x2gobroker1
+ d-i netcfg/get_domain string x2go.example.com
+ d-i netcfg/disable_dhcp boolean false
+ d-i mirror/http/proxy string
+ d-i netcfg/choose_interface select eth0
+ d-i netcfg/wireless_wep string
+
+ # Partitioning and
Bootloader settings
+ d-i partman-auto/disk string /dev/sda
+ d-i partman-auto/method string regular
+
+ # Do not use UUIDs in fstab (and not in bootloader config, either)
+ d-i partman/mount_style string traditional
+
+ # This silences an interactive "are you sure?" query
+ d-i partman/confirm boolean true
+ d-i partman-partitioning/confirm_write_new_label boolean true
+ d-i partman/choose_partition select finish
+ d-i partman/confirm_nooverwrite boolean true
+ d-i partman-lvm/device_remove_lvm boolean true
+ d-i partman-lvm/confirm boolean true
+ d-i partman-md/device_remove_md boolean true
+ d-i partman-md/confirm boolean true
+
+ d-i partman-auto/choose_recipe select atomic
+ #d-i partman-auto/choose_recipe select home
+ #d-i partman-auto/choose_recipe select multi
+
+ d-i debian-installer/add-kernel-opts string nomodeset gfxpayload=vga=normal
+
+ d-i grub-installer/only_debian boolean true
+ d-i
grub-installer/with_other_os boolean true
+ d-i grub-installer/bootdev string /dev/sda
+
+ # Country, keyboard, locale settings - CHANGE THIS
+ d-i debian-installer/locale string de_DE
+ d-i debian-installer/keymap select de-latin1
+ d-i debian-installer/keymap string de-latin1
+
+ d-i languagechooser/language-name-fb select German
+ d-i countrychooser/country-name select Germany
+ d-i console-setup/layoutcode string de_DE
+ d-i debian-installer/locale select de_DE.UTF-8
+
+ # Time zone settings - CHANGE THIS
+ d-i tzconfig/gmt boolean false
+ d-i tzconfig/choose_country_zone/Europe select Berlin
+ d-i tzconfig/choose_country_zone_single boolean true
+ d-i time/zone select Europe/Berlin
+ d-i clock-setup/utc boolean true
+ d-i mirror/country string manual
+ d-i clock-setup/ntp boolean false
+
+ # Root Account
+ # this says "start" in MD5 - CHANGE THIS
+ d-i passwd/root-password-crypted passwd
$1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.
+
+ # Do not create a regular user account when installing a server
+ d-i passwd/make-user boolean false
+ #d-i passwd/user-fullname string Local User
+ #d-i passwd/username string localuser
+ #d-i passwd/user-password-crypted passwd $1$ekONVtC5$rTbjMaMA6cqFpbWu7UXWN.
+
+
+ # Additional repositories, local[0-9] available
+ # this is where we add the X2Go repo
+ d-i apt-setup/local0/repository string \
+ http://packages.x2go.org/debian jessie main
+ d-i apt-setup/local0/comment string X2Go Repository
+
+ # URL to the public key of the local repository; you must provide a key or
+ # apt will complain about the unauthenticated repository and so the
+ # sources.list line will be left commented out
+
+ # CHANGE THIS - you need to download this keyfile onto your web server
+ # run these gpg commands to download it:
+ # gpg --keyserver keys.gnupg.net --recv-keys E1F958385BFE2B6E
+ # gpg -a --export E1F958385BFE2B6E
> x2go.key.gpg
+ d-i apt-setup/local0/key string http://192.168.0.224/x2go.key.gpg
+
+ # Task and Package Selection
+ tasksel tasksel/first multiselect ssh-server
+ d-i pkgsel/include string ssh \
+ console-setup \
+ debconf-i18n \
+ ldap-utils \
+ libnss-ldapd \
+ libpam-ldapd \
+ mc \
+ nslcd \
+ ntp \
+ postgresql-client-9.4 \
+ postgresql-client-common \
+ rsync \
+ screen \
+ sysvinit-core \
+ sysvinit-utils \
+ unattended-upgrades \
+ vim \
+ x2go-keyring \
+ x2gobroker \
+ x2gobroker-agent \
+ x2gobroker-authservice \
+ x2gobroker-daemon \
+ x2gobroker-ssh
+
+ # Commands to be executed after package installation
+ # Note: The only way to insert comments below is to add an "echo COMMENT"
+ d-i preseed/late_command string echo "COMMENT: Begin Post-Install Setup/Config" ;\
+ echo "COMMENT: Configure SSH" ;\
+ mkdir -p /target/root/.ssh ; \
+ chmod 700 /target/root/.ssh ;\
+ touch /target/root/.ssh/authorized_keys ; \
+ chmod 600 /target/root/.ssh/authorized_keys ;\
+ sed
-i '/^PermitRootLogin/c PermitRootLogin without-password' /target/etc/ssh/sshd_config ;\
+ echo "COMMENT: Insert your own SSH public key here" ;\
+ echo "COMMENT: User echo -n as shown so multiline echo doesn't add Newlines when appending" ;\
+ echo -n 'ssh-rsa AAAAB3blahblahblah' >>/target/root/.ssh/authorized_keys ;\
+ echo -n 'blahblahblahOQ== SSH Key Comment here' >>/target/root/.ssh/authorized_keys ;\
+ echo "COMMENT: Fixing shortcomings of netcfg here..." ;\
+ sed -i "s/$(cat /etc/hostname)/x2gobroker1/" /target/etc/hosts ;\
+ echo "x2gobroker1" >/target/etc/hostname ;\
+ echo "COMMENT: Fix ends here." ;\
+ echo "COMMENT: This is said to be required for LDAP UID/GID sync." ;\
+ sed -i '/^NEED_IMAPD/cNEED_IMAPD=yes' /target/etc/default/nfs-common ;\
+ echo "COMMENT: This fixes some annoyances regarding UTF-8 and MidnightCommander" ;\
+ echo "export LANG=de_DE.UTF-8" >>/target/etc/bash.bashrc ;\
+ echo "export NCURSES_NO_UTF8_ACS=1" >>/target/etc/bash.bashrc ;\
+
echo "COMMENT: This is for homedir autocreation." ;\
+ echo -e 'session required\tpam_mkhomedir.so\tskel=/etc/skel umask=0022' >>/target/etc/pam.d/common-session ;\
+ echo "COMMENT: This is so LDAP users are added to local groups when logging in to a remote system." ;\
+ echo -e "auth\trequired\tpam_group.so\tuse_first_pass" >>/target/etc/pam.d/common-auth ;\
+ echo "common-auth;*;*;A10000-2400;users,x2gousers,x2gobroker-users" >>/target/etc/security/group.conf ;\
+ echo "COMMENT: This makes sure error messages during bootup remain on screen." ;\
+ sed -i -e '/^1/ s/getty/getty --noclear/' /target/etc/inittab ;\
+ echo "COMMENT: This is so /home gets mounted from nfs1" ;\
+ echo -e 'nfs1:/export/home\t/home\tnfs\tsoft,intr,rsize=8192,wsize=8192\t0\t0' >>/target/etc/fstab ;\
+ echo "COMMENT: This is so dnsmasq on ldap1 is queried for DNS first" ;\
+ sed 's/#prepend domain-name-servers 127.0.0.1;/prepend domain-name-servers 192.168.154.146;/' -i
/target/etc/dhcp/dhclient.conf ;\
+ echo "COMMENT: This removes the cdrom entry from sources list (left behind by installer)" ;\
+ sed -i '/^#* *deb cdrom/d' /target/etc/apt/sources.list ;\
+ echo "COMMENT: This patches the x2gobroker configuration files the way we need them to be for our demo." ;\
+ sed -i -e '/^host=/chost=x2goserver1.x2go.example.com,x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^#default-agent-query-mode/adefault-agent-query-mode=SSH' /target/etc/x2go/x2gobroker.conf ;\
+ sed -i -e '/^#default-use-load-checker/adefault-use-load-checker=true' /target/etc/x2go/x2gobroker.conf ;\
+ sed -i -e 's/localhost-kde/localhost-lxde/g' -e 's/=KDE/=LXDE/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e 's/localhost-shadow/localhost-xfce/g' -e 's/=SHADOW/=XFCE/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e "/# don't even try/d"
/target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e 's/ - localhost/ - X2GoFarm/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e 's/localhost-/x2gofarm-/g' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^command=LXDE/aacl-any-order=deny-allow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^command=LXDE/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^command=LXDE/aacl-groups-allow=group-a' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^command=XFCE/aacl-any-order=deny-allow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^command=XFCE/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^command=XFCE/aacl-groups-allow=group-b' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/i[x2goserver1-shadow]'
/target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/iname=SHADOW - X2GoServer1' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/ihost=x2goserver1.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/icommand=SHADOW' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/iusebrokerpass=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/i ' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/i[x2goserver2-shadow]' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/iname=SHADOW - X2GoServer2' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/ihost=x2goserver2.x2go.example.com' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^###
EXAMPLES:/icommand=SHADOW' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/iusebrokerpass=true' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^### EXAMPLES:/i ' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^command=SHADOW/aacl-any-order=deny-allow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^command=SHADOW/aacl-groups-deny=ALL' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ sed -i -e '/^command=SHADOW/aacl-groups-allow=group-shadow' /target/etc/x2go/broker/x2gobroker-sessionprofiles.conf ;\
+ echo "COMMENT: This patches rc.local so the following set of commands is run" ;\
+ echo "COMMENT: exactly *once* - at the first boot after installation." ;\
+ echo "COMMENT: First, remove the 'exit 0'" ;\
+ sed -i '/^exit 0/d' /target/etc/rc.local ;\
+ echo "COMMENT: This is so /bin/sh points to /bin/bash instead of /bin/dash" ;\
+ echo "COMMENT:
As the standard shell of our LDAP users is set to /bin/sh." ;\
+ echo 'dpkg-reconfigure -pcritical dash' >>/target/etc/rc.local ;\
+ echo "COMMENT: This is the cleanup job for the dpkg-reconfigure call, so it doesn't run more than once." ;\
+ echo 'sed -i -e "/dpkg/d" /etc/rc.local' >>/target/etc/rc.local ;\
+ echo "COMMENT: We're cheating here:" \n
+ echo "COMMENT: We're calling the pubkeyauthorizer on x2gobroker, rather than from each x2goserver." \;
+ echo "COMMENT: That way, we don't have to open :8080 for anything more than localhost." \;
+ echo 'x2gobroker-pubkeyauthorizer --broker-url http://localhost:8080/pubkeys/' >>/target/etc/rc.local ;\
+ echo "COMMENT: Now we create a directory (watch permissions/ownership!) on the NFS share, and dump the generated key file there." ;\
+ echo 'mkdir -p /home/root/x2gobroker' >>/target/etc/rc.local ;\
+ echo 'chmod 700 /home/root #x2gobroker' >>/target/etc/rc.local ;\
+ echo 'chown -R root:root /home/root #x2gobroker'
>>/target/etc/rc.local ;\
+ echo 'cp -a /var/lib/x2gobroker/.ssh /home/root/x2gobroker' >>/target/etc/rc.local ;\
+ echo "COMMENT: This is the cleanup job for the pubkeyauthorizer stuff, so it doesn't run more than once." ;\
+ echo 'sed -i -e "/x2gobroker/d" /etc/rc.local' >>/target/etc/rc.local ;\
+ echo "COMMENT: Finally, rc.local must terminate with 'exit 0' again." ;\
+ echo 'exit 0' >>/target/etc/rc.local ;\
+ echo "COMMENT: Make sure x2gobroker has a key pair available at first boot" ;\
+ in-target x2gobroker-keygen ;\
+ echo "COMMENT: Finally, take out the trash (yes, this includes systemd)" ;\
+ in-target apt-get purge -y systemd systemd-shim ;\
+ in-target apt-get autoremove --purge -y ;\
+ in-target apt-get clean ;\
+ echo "End Post-Install Setup/Config"
+
+ # Shut down and power off after installation
+ d-i debian-installer/exit/poweroff boolean true
+
+ # preseed key-value pairs for the packages we intend to install
+ dash dash/sh boolean false
+
exim4-config exim4/no_config boolean true
+ libnss-ldapd libnss-ldapd/nsswitch multiselect passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netgroup
+ libnss-ldapd libnss-ldapd/clean_nsswitch boolean false
+ libpam-runtime libpam-runtime/profiles multiselect unix, ldap
+ mdadm mdadm/autostart boolean false
+ mdadm mdadm/mail_to string root
+ mdadm mdadm/initrdstart string all
+ mdadm mdadm/initrdstart_notinconf boolean true
+ mdadm mdadm/autocheck boolean true
+ mdadm mdadm/start_daemon boolean true
+ nslcd nslcd/ldap-bindpw password
+ nslcd nslcd/ldap-sasl-secprops string
+ nslcd nslcd/ldap-sasl-krb5-ccname string /var/run/nslcd/nslcd.tkt
+ nslcd nslcd/ldap-sasl-authcid string
+ nslcd nslcd/ldap-binddn string
+ nslcd nslcd/ldap-cacertfile string /etc/ssl/certs/ca-certificates.crt
+ nslcd nslcd/ldap-sasl-authzid string
+ nslcd nslcd/ldap-uris string
ldap://ldap1.x2go.example.com/
+ nslcd nslcd/ldap-sasl-mech select
+ nslcd nslcd/ldap-auth-type select none
+ nslcd nslcd/ldap-base string dc=x2go,dc=example,dc=com
+ nslcd nslcd/ldap-sasl-realm string
+ nslcd nslcd/ldap-reqcert select
+ nslcd nslcd/ldap-starttls boolean false
+ x2gobroker-ssh x2gobroker-ssh/group-x2gobroker-users string x2gobroker-users
+ x2gobroker-ssh x2gobroker-ssh/group-does-not-exist note
+ x2gobroker-ssh x2gobroker-ssh/use-existing-group boolean false
+ x2gobroker-ssh x2gobroker-ssh/create-group boolean true
+ x2gobroker-ssh x2gobroker-ssh/manual-setup-required boolean false
+ x2gobroker-ssh x2gobroker-ssh/del-last-group-x2gobroker-users boolean false
+ x2gobroker-ssh x2gobroker-ssh/last-group-x2gobroker-users string x2gobroker-users
</file>
--
This mail was generated by DokuWiki at
http://wiki.x2go.org/
More information about the x2go-commits
mailing list