From X2Go-ML-1@baur-itcs.de Tue Mar 22 10:42:16 2016 Received: (at submit) by bugs.x2go.org; 22 Mar 2016 09:42:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 99DFE5DAB9 for ; Tue, 22 Mar 2016 10:42:16 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xcw-n8+5vEBH for ; Tue, 22 Mar 2016 10:42:10 +0100 (CET) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id F1B155DA92 for ; Tue, 22 Mar 2016 10:42:09 +0100 (CET) Received: from [192.168.0.171] ([109.193.81.164]) by mrelayeu.kundenserver.de (mreue002) with ESMTPSA (Nemesis) id 0Ljz90-1aC00x0tJK-00c6qd for ; Tue, 22 Mar 2016 10:42:09 +0100 To: submit@bugs.x2go.org From: Stefan Baur Subject: Session reconnect doesn't work (x2gobroker) Message-ID: <56F1136B.5000102@baur-itcs.de> Date: Tue, 22 Mar 2016 10:42:03 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="2UNbFlJD5MBWwe68VpfoF2uO8l0C99NE7" X-Provags-ID: V03:K0:jXS5TZ6N9lRqwGEUIJDDaOwuMVk3F/RRYN5l8as4/zH5sjyk3qp TfVRHpnjk9LQ7Aw/z3sKzhGwxJmeD+dHZv9Gny7fkgeCn62CnIXXR3lOK98YPZR4miUdB2U keUV0QGHvc/ukCz0j+5ydG6jvtdfGCKIHtDXXHKAwECYZYdpgJKhJHSQZJFO+/fHOcWMx4j 55oVb09W/lxT/xO+8Luvg== X-UI-Out-Filterresults: notjunk:1;V01:K0:PhorLsnQWck=:30r6zaipivHRVrDd11JLjV 6JjJaN53dOBMGRICxu78euZw6YtDXpxiQy6LiGprpTIDMo7WY9potHYeqwBRC+QJD9T8UC39y RRdZ3A4ejgfeX2IjOTTCiJOBiHBMZkHaG6qfh/Eg1hpZ0ssYjEDEISI8+Jrdf0Rs88hS41CtJ aOcqxP2MOSg1t3rRMEyCulUnYRSlieyC2fMdnii1Qx0rvkbtqmYRK4we5CPk7KJ8k43Oi8GZ0 J+pxF4yqhV1hh9quEY1oy3hka67LbOe5glat1uqjSVMm4TmAaNl2LUZXRyuqZ4hgQOdCCzO95 eANydbTCdOD8ihCK7Zpp4HZGFWbRTWFHEkQCzzaBewyRtWsYl3aT8tWXZB3CGrnpEXQSaR3di 99DcqqBRqt2/9ssFqZDF8ThzL3pEQKFl3qrmz7J15xz89t0PfvsABBsBE1mxxsfmvh6vrHdXd SOygWMtmO6pqoutLGI8HjkTCJF4OKHXQmS8PUOucLfTgCRxJvkERPMHkbsPKM3z40ozXiPnXh mkwHigo0JldMrkVBk0nZNHJkkushH4FZQIHGBmrCrrOqkC/j2pHBDbxtCxnvnuOK+FJZsJnFp u5IL6TYyrOE98K0avNoXr78Dp1NG07R9JxJRssg8woRcJmusqhCzkzo+ccfWuxIWrfKDqrFMZ VccTDjKivkZ7eauINccwYZKU5EElvwcz61/VuShZmd8CPqeG9CQJNKnuGQHH6bor6/Io= This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2UNbFlJD5MBWwe68VpfoF2uO8l0C99NE7 Content-Type: multipart/mixed; boundary="NnNeuJPlQq4GtBEBO7j0VtuuNQHaOgbNv" From: Stefan Baur To: submit@bugs.x2go.org Message-ID: <56F1136B.5000102@baur-itcs.de> Subject: Session reconnect doesn't work (x2gobroker) --NnNeuJPlQq4GtBEBO7j0VtuuNQHaOgbNv Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable package: x2gobroker version: 0.0.3.0 Situation: two identical nodes, only difference is DNS name + IP Desired result: load-balanced X2Go systems, where a suspended session can be resumed Actual outcome: Each connect starts a new session, suspended sessions are left dangling forever Questions: 1) Is x2gobroker-daemon needed at all for ssh-only connections to the broker? 2) Did I miss any obvious steps? 3) What would be the suggested path to debug this? A full typescript recording of the installation process is available, but as no command returned any error messages, let me shorten it down to the commands that were executed: # commands executed on both first and second node apt-get install x2gobroker -y cp /etc/x2go/x2gobroker.conf /etc/x2go/x2gobroker.conf.orig vi /etc/x2go/x2gobroker.conf # see diff below apt-get install x2gobroker-agent -y cp /etc/x2go/broker/x2gobroker-sessionprofiles.conf /etc/x2go/broker/x2gobroker-sessionprofiles.conf.orig vi /etc/x2go/broker/x2gobroker-sessionprofiles.conf # see diff below x2gobroker-keygen cp /var/lib/x2gobroker/.ssh/id_rsa.pub /tmp/ cd /tmp/ vi id_rsa.pub # added a blank and the server name to end of file python -m SimpleHTTPServer 8081 # run temporary web server so second node can fetch the file # once both web servers were up, the following commands were executed # on BOTH nodes: x2gobroker-pubkeyauthorizer -t http://firstnode:8081/id_rsa.pub x2gobroker-pubkeyauthorizer -t http://secondnode:8081/id_rsa.pub # Sadly, no working session reconnect with these command line # parameters - it always starts a new session: x2goclient --broker-url=3Dssh://accountwithapublickey@firstnode:22/usr/bin/x2gobroke= r --broker-autologin # This is using x2goclient-4.0.5.0-2015.07.31 # taking a closer look at # http://wiki.x2go.org/doku.php/doc:installation:x2gobroker: # maybe x2gobroker-daemon is missing? So ... apt-get install x2gobroker-daemon -y # this also pulls in x2gobroker-authservice # Sadly, no change, still no working session reconnect :-( # --------------------------------------------------------- diff -u /etc/x2go/x2gobroker.conf.orig /etc/x2go/x2gobroker.conf --- /etc/x2go/x2gobroker.conf.orig 2016-03-19 18:39:02.034407506 +01= 00 +++ /etc/x2go/x2gobroker.conf 2016-03-19 19:56:05.781729565 +0100 @@ -241,6 +241,7 @@ # The agent query mode can be configured on a per-broker-backend basis, = the # below value is the default. #default-agent-query-mode=3DNONE +default-agent-query-mode=3DSSH # Probe SSH port of X2Go Servers (availability check) # @@ -254,7 +255,7 @@ # Per default, we set this to "true" here. The portscan feature can be # deactivated on a per-session-profile basis (use: broker-portscan-x2goservers =3D # false in the session profile configuration). -#default-portscan-x2goservers =3D true +default-portscan-x2goservers =3D false # Use load checker for querying X2Go Servers' loads in regular intervals= # @@ -294,13 +295,13 @@ # o the session profile does not block queries to the load checker dae= mon # on a per profile basis # -#default-use-load-checker =3D false +default-use-load-checker =3D true # If the x2gobroker-loadchecker daemon gets used, define here how # many seconds to sleep between cycles of querying system load from the # associated X2Go Servers. # -#load-checker-intervals =3D 300 +load-checker-intervals =3D 300 ### @@ -345,9 +346,8 @@ #desktop-shell =3D KDE [broker_inifile] -#enable =3D true -#session-profiles =3D /etc/x2go/broker/x2gobroker-sessionprofiles.conf -#use-load-checker =3D false +enable =3D true +session-profiles =3D /etc/x2go/broker/x2gobroker-sessionprofiles.conf #[broker_ldap] -> MUSIC OF THE FUTURE #enable =3D false # --------------------------------------------------------- # --------------------------------------------------------- diff -u /etc/x2go/broker/x2gobroker-sessionprofiles.conf.orig /etc/x2go/broker/x2gobroker-sessionprofiles.conf --- /etc/x2go/broker/x2gobroker-sessionprofiles.conf.orig 2016-03-19 19:19:33.995277777 +0100 +++ /etc/x2go/broker/x2gobroker-sessionprofiles.conf 2016-03-19 19:58:45.407309387 +0100 @@ -63,146 +63,12 @@ directrdp=3Dfalse user=3DBROKER_USER -[localhost-kde] -name=3DKDE - localhost -host=3Dlocalhost -command=3DKDE +[GloveBox] +host=3Dfirstnode (firstnodeip), secondnode (secondnodeip) +name=3DGloveBox +published=3Dtrue usebrokerpass=3Dtrue - -[localhost-mate] -name=3DMATE - localhost -host=3Dlocalhost -command=3DMATE -usebrokerpass=3Dtrue - -[localhost-shadow] -name=3DSHADOW - localhost -# don't even try load-balancing here... it makes not sense and won't work (first given host will be used!) -host=3Dlocalhost -command=3DSHADOW -usebrokerpass=3Dtrue - -### EXAMPLES: Below you find some config examples. Adapt them to your needs or -### simply write your own session profiles and remove the examples below= =2E - -## -## EXAMPLE: pool-A (staff servers) -## -## The pool-A contains three X2Go Servers (server-A, server-B and server-C). - -## The staff of our example institute falls into two groups of users: -## gnome-users and kde-users. -## The gnome-users log into server-A or server-B, depending on their cli= ent -## subnet (IP configuration of the client). -## The kde-users login to server-C (server-C can be reached from the who= le -## intranet). -## -## The client IP based split-up of the GNOME users allows some primitive load -## balancing. -## -## If staff people are members of both groups (kde-users, gnome-users) b= oth -## session profiles will be shown in X2Go Client. -## - -#[pool-A-server-A] -#user=3D -#host=3Dserver-a.pool-a.domain.local -#name=3DGNOME - pool-A (srv-A) -#command=3DGNOME -#rootless=3Dfalse -#acl-groups-allow=3Dgnome-users,admins -#acl-groups-deny=3DALL -#acl-clients-deny=3DALL -#acl-clients-allow=3D10.1.0.0/16 -#acl-any-order=3Ddeny-allow -#broker-session-autologin=3Dtrue - -#[pool-A-server-B] -#user=3D -#host=3Dserver-b.pool-a.domain.local -#name=3DGNOME - pool-A (srv-B) -#command=3DGNOME -#rootless=3Dfalse -#acl-groups-allow=3Dgnome-users,admins -#acl-groups-deny=3DALL -#acl-clients-deny=3DALL -#acl-clients-allow=3D10.2.0.0/16 -#acl-any-order=3Ddeny-allow -#broker-session-autologin=3Dtrue - -#[pool-A-server-C] -#user=3D -#host=3Dserver-c.pool-a.domain.local -#name=3DKDE - pool-A (srv-C) -#command=3DKDE -#rootless=3Dfalse -#acl-groups-allow=3Dkde-users,admins -#acl-groups-deny=3DALL -#acl-any-order=3Ddeny-allow -#broker-session-autologin=3Dtrue - -## -## EXAMPLE: pool-B (e.g. webserver in the DMZ or on the internet) -## -## The pool-B is a single X2Go Server (server-D) that is -## hosted externally. The server-D has an official internet IP. -## -## The session profile for server-D shall be provided to the -## admins group only. -## -## Furthermore, the session profile for server-D shall only get -## offered to a member of the admins group if the admin is sitting -## in front of one of the admin client machines. -## - -#[pool-B-server-D-LXDE] -#user=3D -#host=3Dserver-d (server-d.domain.internet) -#name=3DLXDE - srv-D -#command=3DLXDE -#rootless=3Dfalse -#acl-groups-allow=3Dadmins -#acl-groups-deny=3DALL -## make sure hostnames in client ACLs are resolvable via libnss!!! -#acl-clients-deny=3DALL -#acl-clients-allow=3Dadmin-machine1.domain.local, admin-machine2.domain.local, admin-machine3.domain.local -#acl-any-order=3Ddeny-allow - -## -## EXAMPLE: pool-C (REAL LOAD BALANCING!!!) -## -## The pool-C is a server pool for students. Our example institute -## knows 200-300 students and has to offer working places for -## every student. -## -## The resource limits on these servers are pretty strict, so staff memb= ers -## normally stay away from these machines, anyway. Only two test account= -## get this session profile into their X2Go Clients. -## -## The pool-C contains 6 X2Go Servers that serve all students users together -## as a load balance server farm. The servers' hostnames are s-E1, s-E2, ... -## (as found in /etc/hostname). The hosts, however, are not configured in DNS -## so we give their IPs explicitly (also works for IPv6). -## -## Make sure to install x2gobroker-agent on all these 6 X2Go Servers. Also make -## sure to once run the script x2gobroker-keygen on the broker host and once -## the script x2gobroker-pubkeyauthorizer per X2Go Server. -## -## All 6 X2Go Servers have to be configured to use the PostgreSQL X2Go session -## DB backend. -## - -#[pool-C-XFCE] -#user=3D -#host=3Ds-E1 (10.0.2.11),s-E2 (10.0.2.12),s-E3 (10.0.2.13),s-E4 (10.0.2.14),s-E5 (10.0.2.15) -#name=3DXFCE - pool-C -#command=3DXFCE -#rootless=3Dfalse -#acl-users-allow=3Dtestuser-A,testuser-B -#acl-users-deny=3DALL -#acl-groups-allow=3Dstudents,admins -#acl-groups-deny=3DALL -#acl-any-order=3Ddeny-allow # this server pool has a special broker setup for SSH authorized_keys -#broker-session-autologin=3Dtrue -#broker-authorized-keys=3D/var/lib/x2gobroker/ssh/%u/authorized_keys +broker-session-autologin=3Dtrue +broker-authorized-keys=3D/etc/ssh/authorized_keys.d/%u # --------------------------------------------------------- # --------------------------------------------------------- dpkg -l|grep x2go ii cups-x2go 3.0.1.3-0x2go1+git20160127.135+jessie.main.1 all Virtual X2Go printer for CUPS ii libnx-x11-6:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 client-side library ii libnx-xcomposite1:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Composite extension library ii libnx-xdamage1:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 damaged region extension library ii libnx-xdmcp6:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Display Manager Control Protocol library ii libnx-xext6:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 miscellaneous extension library ii libnx-xfixes3:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 miscellaneous 'fixes' extension library ii libnx-xinerama1:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Xinerama extension library ii libnx-xpm4:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 pixmap library ii libnx-xrandr2:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 RandR extension library ii libnx-xrender1:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Rendering Extension client library ii libnx-xtst6:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Testing -- Record extension library ii libxcomp3:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 compression library ii libxcompext3:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 protocol compression extensions library ii libxcompshad3:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 shadowing library ii nx-x11-common 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 all nx-X11 (common files) ii nxagent 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 NX agent ii python-x2gobroker 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 all X2Go Session Broker (Python modules) ii x2go-keyring 2012.07.23~jessie~main~17~build1 all GnuPG keys of all X2Go developers and the X2Go archive ii x2goagent 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 all X2Go agent ii x2gobroker 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 all X2Go Session Broker (executable) ii x2gobroker-agent 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 i386 X2Go Session Broker (remote agent) ii x2gobroker-authservice 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 all X2Go Session Broker (PAM authentication service) ii x2gobroker-daemon 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 all X2Go Session Broker (standalone daemon) ii x2goserver 4.0.1.19-0x2go2+git20160126.1064+jessie.main.1 i386 X2Go server daemon scripts ii x2goserver-extensions 4.0.1.19-0x2go2+git20160126.1064+jessie.main.1 all X2Go server daemon scripts (extensions) ii x2goserver-printing 4.0.1.19-0x2go2+git20160126.1064+jessie.main.1 all X2Go server daemon scripts (printing) ii x2goserver-xsession 4.0.1.19-0x2go2+git20160126.1064+jessie.main.1 all X2Go server daemon scripts (Xsession runner) # --------------------------------------------------------- cat /etc/apt/sources.list # Security Updates deb http://security.debian.org/ jessie/updates main contrib non-free deb-src http://security.debian.org/ jessie/updates main contrib non-free # Backports deb http://ftp.debian.org/debian/ jessie-backports main contrib non-free # ClamAV etc. deb http://ftp.debian.org/debian jessie-updates main contrib non-free deb-src http://ftp.debian.org/debian jessie-updates main contrib non-free= # Stable deb http://ftp.de.debian.org/debian/ jessie main contrib non-free deb-src http://ftp.de.debian.org/debian/ jessie main contrib non-free # X2go Repository deb http://packages.x2go.org/debian jessie main # X2go Repository (sources) deb-src http://packages.x2go.org/debian jessie main # --------------------------------------------------------- # --------------------------------------------------------- cat /etc/debian_version 8.3 # --------------------------------------------------------- Kind Regards, Stefan Baur --=20 BAUR-ITCS UG (haftungsbeschr=C3=A4nkt) Gesch=C3=A4ftsf=C3=BChrer: Stefan Baur Eichen=C3=A4ckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 --NnNeuJPlQq4GtBEBO7j0VtuuNQHaOgbNv-- --2UNbFlJD5MBWwe68VpfoF2uO8l0C99NE7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJW8RNvAAoJEG7d9BjNvlEZzNgH/jPBxFqS3zN7KXAtO616IpfF UBgeOphXsMtULdqU1vByZT5BcAWy8x5JRkZ34iK8pwR6gMZL938yP7tjKoWdzcAx E+c65QlSI3UO0lFwd/3wkRfjiNeHzUiSjPv7avGa+llg3BglfZek8wOLx1Sqm2KS jimO1TdIZCXGE0OIPrkl7MBnxPAJxknUEDzRXLyBDhHHWWVpc2Y1I4Q8ktNK8zRM F0LGL4Ts6bdv25menK+Evbt0FxCTi7zzvYcZfgUXB1QMN8oyGJmYCUc1QpGas+fp 5w2Kky/eN0iQBFhzHpFFnxA09r3nYDtDNLBgRE3UUj07noAR+PGkE8NZp/Jv9pU= =2LO8 -----END PGP SIGNATURE----- --2UNbFlJD5MBWwe68VpfoF2uO8l0C99NE7--