[Thinlinc-technical] SOLVED: dynamically choosing terminal server

Rob De Langhe rob.de.langhe at twistfare.be
Wed Nov 12 19:59:17 CET 2014


  thanks to Peter for his clear recommendation :

my setup is now this (all servers are on Ubuntu 14.04 LTS 'trusty', running
inside LXC containers, on a Ubuntu 14.04 LTS guest host) :
1) on the master TL server, I configured 2 known agent servers (will make
that max 10 when all users are connecting)
2) I defined a new profile that runs the command
"/opt/thinlinc/bin/tl-run-unixapp mate-session"
3) on the agent TL servers, I modified this (shell script)
"/opt/thinlinc/bin/tl-run-unixapp" so that it does not use the fixed-coded
list of UNIX application servers from
"/opt/thinlinc/etc/conf.d/appservergroups.hconf", but instead applies my
custom method to map a user-name with his 'private' agent-hostname :
instead of the line
X11SERVER=`echo ${X11SERVERS} | awk '{print $1}'`X11SERVER=`echo
${X11SERVERS} | awk '{print $1}'`
this will become
X11SERVER=`mymethodToMapUserVersusHostname $USER`

A side-note : because the "mate-session" is being launched on a server (the
remote, per-user server) which does not run the X11-display server itself
(it runs on the selected agent-server), I hit the long-time-discussed issue
of 'dbus-launch' not terminating on the remote user-server because the
X11-server process is not stopped yet.

Peter suggested correctly to replace the command in "tl-run-unixapp" script
by the following :

echo "$@" | ${NOCTTY} ssh -Y -T ${USER}@${X11SERVER}
becomes
echo "$@ && pkill -u ${USER}" | ${NOCTTY} ssh -Y -T ${USER}@${X11SERVER}

so that all user processes (typically only "dbus" and "dbus-launch" are
still there) are gracefully killed, releasing the SSH connection from the
agent-server to the user-specific server, and thus releasing the session
from the agent.

The elegant thing about this is : the per-user-specific LXC containers are
very light-weight to start/stop, totally isolate each user's processes and
home-dir from another, and can be created (takes 1min) during the
new-user-registration process.

Quoting Rob De Langhe <rob.de.langhe at twistfare.be>:

> hy ThinLinc enthousiasts,
>
> I am looking for a 'best practice' to box users in their individual
> virtual server.
>
> At the highest level, I can choose to create individual terminal servers
> at the time where a new user gets defined in the system (that user list
> will probably be kept in LDAP). So this would become potentially many
> (10's, 100's or even 1000's) of terminal servers.
> - disadvantages (if I understood well) : not sure (documentation?) how
> we can replace the load-balancing method of the VSM server by some
> mechanism to force the VSM server to startup a session on a specific
> terminal server for an authenticated user ; a bit of effort to develop
> the automated creation/drop of virtual servers when users are
> created/deleted
> - advantages : user sessions are boxed ; virtual servers can be created
> and resources can be assigned/tuned dynamically
>
> At a lower level, I can define 2 (or more?) terminal servers to startup
> all user sessions. Is there a way to replace the startup of a user
> session on the terminal server by a script which determines a virtual
> server to use for that user, starts that virtual server (1-2 seconds
> needed only) does a X11-forwarded SSH connection to that virtual server
> and starts there a GNOME2 (or whatever chosen) X11 session
> - disadvantages : not sure (documentation?) how we can replace the
> session-startups on terminal servers by some new self-developed script
> (which will figure out the virtual server to use for this new session,
> startup that virtual server, SSH to it and starts session on it)
> - advantages : any server and any UNIX flavor can act as guest host to
> run such virtual servers ; virtual servers are totally independent from
> ThinLinc ; more control over the actions performed by the script running
> on the ThinLinc terminal servers
>
> Any comments, experiences, hints ?
>
> best regards,
> Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20141112/f505fb17/attachment.html>


More information about the Thinlinc-technical mailing list