[X2Go-Dev] Bug#1012: Bug#1012: Session reconnect doesn't work (x2gobroker)
I just tried to set up two fresh test servers and a broker to try. Sadly, your suggestion doesn't fix the issue for me. The problem remains: Suspended sessions remain suspended forever, and an new session is created for each new login. -Stefan Am 27.11.2016 um 20:04 schrieb Miguel Quero: > Ok, i fixit: > > I need use: > > --broker-url=ssh://../usr/bin/x2gobroker-ssh --broker-autologin > > and add users to x2gobroker-users group ;) > > Resume work too in ssh mode ;) > > On 11/26/2016 11:54 AM, Miguel Quero wrote: >> I can confirm this bug, but the problem is not with all x2gobroker, the >> resume problem become when you use ssh broker. >> >> In my setup, when client connect with >> --broker-url=https://..:8080/plain/inifile, all work fine >> and resume is working. But when same clients connect with same >> credentials to the same broker with x2goclient >> --broker-url=ssh://../usr/bin/x2gobroker --broker-autologin, >> all work fine but resume is not working, all connection open a new >> session :S. >> >> I cant debug with ssh broker :(. Any ideas? >> > -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 signature.asc Description: OpenPGP digital signature ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#1012: Bug#1012: Session reconnect doesn't work (x2gobroker)
Hi Stefan, On Mi 23 Mär 2016 09:05:40 CET, Stefan Baur wrote: Am 22.03.2016 um 12:14 schrieb Mike Gabriel: Where do you actually have the X2Go Broker installed? On both X2Go Servers? This is a non-recommended setup. The recommended setup is: on broker machine, several X2Go Servers or two broker machines (with DNS round robin), several X2Go Servers What's the reason for this? Our idea was to install the broker on all X2Go Servers, and have one Round-Robin-DNS entry for the broker connection, as well as separate names for the servers themselves. broker.example.com -> 192.168.0.10, 192.168.0.20 #RRDNS primarynode.example.com -> 192.168.0.10 secondarynode.example.com -> 192.168.0.20 Is this still a bad idea, and if so, why? If you setup the complete broker <-> broker-agent functionality, the broker becomes quite powerful. The software design should be safe regarding privilege handling. However, I personally prefer to have the broker on a machine where users won't get a login shell. It is just a gut feeling. In theory, it should be safe having the broker on X2Go Servers. But still... Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de pgphum3FRs9g5.pgp Description: Digitale PGP-Signatur ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#1012: Bug#1012: Session reconnect doesn't work (x2gobroker)
Am 22.03.2016 um 12:14 schrieb Mike Gabriel: > Where do you actually have the X2Go Broker installed? On both X2Go > Servers? This is a non-recommended setup. > > The recommended setup is: > > on broker machine, several X2Go Servers > > or > > two broker machines (with DNS round robin), several X2Go Servers What's the reason for this? Our idea was to install the broker on all X2Go Servers, and have one Round-Robin-DNS entry for the broker connection, as well as separate names for the servers themselves. broker.example.com -> 192.168.0.10, 192.168.0.20 #RRDNS primarynode.example.com -> 192.168.0.10 secondarynode.example.com -> 192.168.0.20 Is this still a bad idea, and if so, why? Kind Regards, Stefan Baur -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 signature.asc Description: OpenPGP digital signature ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#1012: Bug#1012: Session reconnect doesn't work (x2gobroker)
Hi Stefan, ah, sorry, missed your initial post around #1012. On Di 22 Mär 2016 10:42:03 CET, Stefan Baur wrote: package: x2gobroker version: 0.0.3.0 Situation: two identical nodes, only difference is DNS name + IP Desired result: load-balanced X2Go systems, where a suspended session can be resumed Actual outcome: Each connect starts a new session, suspended sessions are left dangling forever Questions: 1) Is x2gobroker-daemon needed at all for ssh-only connections to the broker? No. But I recommend starting with x2gobroker-daemon, because it allows much easier debugging. 2) Did I miss any obvious steps? What were your steps? (ah... ok... posted below...) 3) What would be the suggested path to debug this? Use http brokerage for debugging. Run x2gobroker-daemon-debug as root on the cmdline and post suspicious messages here. Where do you actually have the X2Go Broker installed? On both X2Go Servers? This is a non-recommended setup. The recommended setup is: on broker machine, several X2Go Servers or two broker machines (with DNS round robin), several X2Go Servers A full typescript ecording of the installation process is available, but as no command returned any error messages, let me shorten it down to the commands that were executed: # commands executed on both first and second node apt-get install x2gobroker -y cp /etc/x2go/x2gobroker.conf /etc/x2go/x2gobroker.conf.orig vi /etc/x2go/x2gobroker.conf # see diff below apt-get install x2gobroker-agent -y cp /etc/x2go/broker/x2gobroker-sessionprofiles.conf /etc/x2go/broker/x2gobroker-sessionprofiles.conf.orig vi /etc/x2go/broker/x2gobroker-sessionprofiles.conf # see diff below x2gobroker-keygen cp /var/lib/x2gobroker/.ssh/id_rsa.pub /tmp/ cd /tmp/ vi id_rsa.pub # added a blank and the server name to end of file python -m SimpleHTTPServer 8081 # run temporary web server so second node can fetch the file # once both web servers were up, the following commands were executed # on BOTH nodes: x2gobroker-pubkeyauthorizer -t http://firstnode:8081/id_rsa.pub x2gobroker-pubkeyauthorizer -t http://secondnode:8081/id_rsa.pub # Sadly, no working session reconnect with these command line # parameters - it always starts a new session: x2goclient --broker-url=ssh://accountwithapublickey@firstnode:22/usr/bin/x2gobroker --broker-autologin # This is using x2goclient-4.0.5.0-2015.07.31 You could play with the x2gobroker-testagent script and investigate the calls to the X2Go Server side x2gobroker-agent. You could also check if you can use the broker-autologin feature on a per session basis. x2gobroker-daemon-debug will be your friend... # taking a closer look at # http://wiki.x2go.org/doku.php/doc:installation:x2gobroker: # maybe x2gobroker-daemon is missing? So ... It depends on what brokerage you want to use: x2gobroker-ssh -> SSH brokerage, x2gobroker-daemon or x2gobroker-wsgi -> http brokerage. apt-get install x2gobroker-daemon -y # this also pulls in x2gobroker-authservice Yes. It is required for the pam authmech inside the broker daemon. If you authenticate directly against LDAP or HTTPS, then x2gobroker-authservice is not needed. # Sadly, no change, still no working session reconnect :-( # - diff -u /etc/x2go/x2gobroker.conf.orig /etc/x2go/x2gobroker.conf --- /etc/x2go/x2gobroker.conf.orig 2016-03-19 18:39:02.034407506 +0100 +++ /etc/x2go/x2gobroker.conf 2016-03-19 19:56:05.781729565 +0100 @@ -241,6 +241,7 @@ # The agent query mode can be configured on a per-broker-backend basis, the # below value is the default. #default-agent-query-mode=NONE +default-agent-query-mode=SSH # Probe SSH port of X2Go Servers (availability check) # @@ -254,7 +255,7 @@ # Per default, we set this to "true" here. The portscan feature can be # deactivated on a per-session-profile basis (use: broker-portscan-x2goservers = # false in the session profile configuration). -#default-portscan-x2goservers = true +default-portscan-x2goservers = false # Use load checker for querying X2Go Servers' loads in regular intervals # @@ -294,13 +295,13 @@ # o the session profile does not block queries to the load checker daemon # on a per profile basis # -#default-use-load-checker = false +default-use-load-checker = true Do you have x2gobroker-loadchecker install on the broker server? Shouldn't cause your failure, but still... # If the x2gobroker-loadchecker daemon gets used, define here how # many seconds to sleep between cycles of querying system load from the # associated X2Go Servers. # -#load-checker-intervals = 300 +load-checker-intervals = 300 ### @@ -345,9 +346,8 @@ #desktop-shell = KDE [broker_inifile] -#enable = true -#session-profiles = /etc/x2go/broker/x2gobroker-sessionprofiles.conf -#use-load-checker = false +enable = true +session-profiles =
[X2Go-Dev] Bug#1012: Bug#1012: Session reconnect doesn't work (x2gobroker)
Wait ... is the step regarding the Postgres DB listed at http://wiki.x2go.org/doku.php/wiki:advanced:x2gobroker:loadbalancing and http://wiki.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-pgsql required even for the python broker? If so: a) Would it be possible to install the database server on one of the X2Go server nodes? b) How can it be avoided that this database server becomes a single point of failure? Does Postgres support replication in a multi- master way, so the database could reside on each node and they'd sync their state? -Stefan -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 signature.asc Description: OpenPGP digital signature ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev