X2Go Bug report logs -
#692
select_session offers offline servers to X2Go Client
Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Tue, 2 Dec 2014 12:35:01 UTC
Severity: wishlist
Tags: pending
Found in version 0.0.3.0-preview
Fixed in version 0.0.3.0
Done: X2Go Release Manager <git-admin@x2go.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#684
; Package python-x2gobroker
.
(Tue, 02 Dec 2014 12:35:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 02 Dec 2014 12:35:01 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: python-x2gobroker
Severity: important
Version: 0.0.3.0-preview
The X2Go Session Broker should be able to detect offline X2Go Servers.
It should not offer session via the select_session() method to X2Go
Client, if a server is offline.
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#684
; Package python-x2gobroker
.
(Fri, 05 Dec 2014 16:25:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Sergey Savko <savko@tophouse.ru>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Fri, 05 Dec 2014 16:25:01 GMT) (full text, mbox, link).
Message #10 received at 684@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This patch work after patch from http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=686
--
С уважением,
Сергей Савко,
начальник IT отдела.
+7-931-361-04-02
[0002-Gives-a-coefficient-of-1-for-the-server-if-the-serve.patch (text/x-patch, attachment)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#684
; Package python-x2gobroker
.
(Sat, 06 Dec 2014 23:00:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Sat, 06 Dec 2014 23:00:02 GMT) (full text, mbox, link).
Message #15 received at 684@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: clone -1 -2 -3
Control: reassign -2 x2goclient
Control: reassign -3 python-x2go
Control: retitle -1 add exclude-hosts parameter to selectsession task
Control: retitle -2 request another server from broker provided server is down
Control: retitle -3 request another server from broker provided server is down
Control: severity -1 wishlist
Control: severity -2 wishlist
Control: severity -3 wishlist
Control: block -2 by -1
Control: block -3 by -1
Control: tag -1 - patch
Hi Sergey,
On Fr 05 Dez 2014 17:14:51 CET, Sergey Savko wrote:
> This patch work after patch from
> http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=686
After thinking this through a little, I come to the conclusion that
the broker cannot decide if a machine is down or not.
We have to think very generically. There may be a scenario where the
broker machine may be on an network segment where it cannot ping/reach
the X2Go Servers.
The X2Go Clients can reach the X2Go Broker. The broker provides an
X2Go Server address on the "selectsession" broker task to the X2Go
Client. Then the X2Go Client should test if that X2Go Server address
works (via a simple ping6/ping command, machines should always be
pingable!!!). If the ping fails, X2Go Client should go back to the
broker and say: hey, that server failed for me, give me another one
(but not the one you already gave me).
I fear we need to do four things for this bug to get fixed:
1. extend broker/client communication protocol (second/third/...
selectsession
call with a list of hosts that did not work on previous attempts)
2. extend X2Go Session Broker with an exclude-hosts (or so)
parameter for the
selectsession task
3. Adapt X2Go Client: ping X2Go Server, go back to the broker if
server is down
and request another server
4. Adapt Python X2Go: dito
Regards,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]
Bug 684 cloned as bugs 690, 691
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 684-submit@bugs.x2go.org
.
(Sat, 06 Dec 2014 23:00:03 GMT) (full text, mbox, link).
Changed Bug title to 'add exclude-hosts parameter to selectsession task' from 'select_session offers offline servers to X2Go Client'
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 684-submit@bugs.x2go.org
.
(Sat, 06 Dec 2014 23:00:03 GMT) (full text, mbox, link).
Severity set to 'wishlist' from 'important'
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 684-submit@bugs.x2go.org
.
(Sat, 06 Dec 2014 23:00:03 GMT) (full text, mbox, link).
Added indication that bug 684 blocks 690
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 684-submit@bugs.x2go.org
.
(Sat, 06 Dec 2014 23:00:03 GMT) (full text, mbox, link).
Added indication that bug 684 blocks 691
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 684-submit@bugs.x2go.org
.
(Sat, 06 Dec 2014 23:00:03 GMT) (full text, mbox, link).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#684
; Package python-x2gobroker
.
(Sat, 06 Dec 2014 23:25:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Baur <X2Go-ML-1@baur-itcs.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Sat, 06 Dec 2014 23:25:02 GMT) (full text, mbox, link).
Message #30 received at 684@bugs.x2go.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 06.12.2014 um 23:56 schrieb Mike Gabriel:
> Then the X2Go Client should test if that X2Go Server address works
> (via a simple ping6/ping command, machines should always be
> pingable!!!)
Chiming in here:
Even if they aren't pingable - Port 22 (or whichever you've set in the
config as SSH port to be used) must be accepting connections.
You can test that on Linux with
nc -z ip.goes.he.re port_goes_here && echo "is reachable"
... and I'm sure there are ways to do that inside the client code, too.
Check if you can get a TCP handshake going within a set time frame (1
second? 2 seconds? 5 seconds?), then disconnect and proceed depending
on the result.
Actually ... simply lowering the timeout value for the currently
existing code that handles the connection, when called in broker
client mode, might already work.
- -Stefan
- --
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUg46CAAoJEG7d9BjNvlEZAhIIAJA21I9lvk3hY6R3eAiCO2MG
YSNlsUy/ShyhwB37UCNyCLOtEJ9j14xS73UNjbTiRkIFRE12kdtS8vyAPAdZJYqi
2+vbiVjg+TZ31rvk7RrkPyEepJ3+0UfRkfFPDm07sTP47DiBx+zYOyie2qVdrw1U
GXJtQrylZRlzhVUi7rbAmNSp1HYaQ+B5yRX1ApmvNrZ+1+GZFybyZO2+eDM6ClHI
QBmCePp5DPfN5bE9d+GvxWArkWQe5sgNT1USz7r64F5DOgB09M8f6vkuW3ygq4cW
8dDBhPnJv4PKs7IxLNnM+K1OnPopcKs1/EmkD5nbcNCvGSRW93nV4ic6RoZSD7g=
=8x/F
-----END PGP SIGNATURE-----
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#684
; Package python-x2gobroker
.
(Sat, 06 Dec 2014 23:45:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Sergey Savko <savko@tophouse.ru>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Sat, 06 Dec 2014 23:45:02 GMT) (full text, mbox, link).
Message #35 received at 684@bugs.x2go.org (full text, mbox, reply):
If the server will give the address to which it can not connect, there will be no load balancing works.
Since the server is connected to receive the coefficient of loading.
----- Исходное сообщение -----
От: "Mike Gabriel" <mike.gabriel@das-netzwerkteam.de>
Кому: "Sergey Savko" <savko@tophouse.ru>, 684@bugs.x2go.org
Отправленные: Воскресенье, 7 Декабрь 2014 г 1:56:05
Тема: Re: [X2Go-Dev] Bug#684: select_session offers offline servers to X2Go Client
Control: clone -1 -2 -3
Control: reassign -2 x2goclient
Control: reassign -3 python-x2go
Control: retitle -1 add exclude-hosts parameter to selectsession task
Control: retitle -2 request another server from broker provided server is down
Control: retitle -3 request another server from broker provided server is down
Control: severity -1 wishlist
Control: severity -2 wishlist
Control: severity -3 wishlist
Control: block -2 by -1
Control: block -3 by -1
Control: tag -1 - patch
Hi Sergey,
On Fr 05 Dez 2014 17:14:51 CET, Sergey Savko wrote:
> This patch work after patch from
> http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=686
After thinking this through a little, I come to the conclusion that
the broker cannot decide if a machine is down or not.
We have to think very generically. There may be a scenario where the
broker machine may be on an network segment where it cannot ping/reach
the X2Go Servers.
The X2Go Clients can reach the X2Go Broker. The broker provides an
X2Go Server address on the "selectsession" broker task to the X2Go
Client. Then the X2Go Client should test if that X2Go Server address
works (via a simple ping6/ping command, machines should always be
pingable!!!). If the ping fails, X2Go Client should go back to the
broker and say: hey, that server failed for me, give me another one
(but not the one you already gave me).
I fear we need to do four things for this bug to get fixed:
1. extend broker/client communication protocol (second/third/...
selectsession
call with a list of hosts that did not work on previous attempts)
2. extend X2Go Session Broker with an exclude-hosts (or so)
parameter for the
selectsession task
3. Adapt X2Go Client: ping X2Go Server, go back to the broker if
server is down
and request another server
4. Adapt Python X2Go: dito
Regards,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#684
; Package python-x2gobroker
.
(Mon, 08 Dec 2014 07:25:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Mon, 08 Dec 2014 07:25:01 GMT) (full text, mbox, link).
Message #40 received at 684@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
clone #684 -1
retitle -1 select_session offers offline servers to X2Go Client
thanks
Hi Sergey,
On So 07 Dez 2014 00:45:28 CET, Sergey Savko wrote:
> If the server will give the address to which it can not connect,
> there will be no load balancing works.
> Since the server is connected to receive the coefficient of loading.
Actually, after a third or fourth though: in cases where we use SSH to
connected from broker server to broker agent, there we can evaluate
the online status of the X2Go Server. So, in those cases we should
filter out, if a server is down or not and exclude that server from
the list of possible X2Go Servers.
Plus, I still think, that X2Go Client should request another machine,
if the provided server was offline and more than one server is
configured in the broker's session profile.
So, cloning this bug again...
#684: for tracking the new feature of re-requesting a server address
new bug: filter out offline servers on the broker side already
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]
Bug 684 cloned as bug 692
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Mon, 08 Dec 2014 07:25:02 GMT) (full text, mbox, link).
Added blocking bug(s) of 692: 690
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Mon, 08 Dec 2014 07:25:02 GMT) (full text, mbox, link).
Added blocking bug(s) of 692: 691; removed blocking bug(s) of 692: 690
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Mon, 08 Dec 2014 07:25:02 GMT) (full text, mbox, link).
Changed Bug title to 'select_session offers offline servers to X2Go Client' from 'add exclude-hosts parameter to selectsession task'
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Mon, 08 Dec 2014 07:25:02 GMT) (full text, mbox, link).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#692
; Package python-x2gobroker
.
(Tue, 09 Dec 2014 12:10:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 09 Dec 2014 12:10:03 GMT) (full text, mbox, link).
Message #53 received at 692@bugs.x2go.org (full text, mbox, reply):
tag #692 pending
fixed #692 0.0.3.0
thanks
Hello,
X2Go issue #692 (src:x2gobroker) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:
http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=e4be2b0
The issue will most likely be fixed in src:x2gobroker (0.0.3.0).
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
commit e4be2b012706014d49a330c2a1058f85a5f9977d
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Tue Dec 9 13:08:25 2014 +0100
Don't return X2Go Servers that are actually down, currently.
The X2Go Servers get probed via a short portscan on the remote's SSH port. If
that portscan fails, another remote X2Go Server is chosen from the
list of available server (if any). This portscanning functionality
can be switched off via "default-portscan-x2goservers" in x2gobroker.conf
or via "broker-portscan-x2goservers" per session profile. (Fixes:
#692).
diff --git a/debian/changelog b/debian/changelog
index 02ed4b3..94f5c22 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -29,7 +29,7 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
- Provide a test function that checks if the basic broker agent setup
(SSH private/public key pair) is available. If not, no SSH broker
usage will be attempted.
- - Let an ICMP ping request precede the SSH ping command. This notably
+ - Let a portscan preceed the SSH ping command. This notably
reduces timeout duration if the host running the queried broker agent
is down).
- Catch RequestHandler errors and write them to the error log channel.
@@ -202,7 +202,15 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
- Enable basic/random load-balancing for UCCS broker frontend. Make UCCS
frontend aware of host session profile options of the form
"host=<fqdn> (<ipaddr>:<port>).
- - Do an ICMP ping before querying a remote agent via SSH.
+ - Do a portscan on the remote's SSH port before querying a remote agent
+ via SSH.
+ - Don't return X2Go Servers that are actually down, currently. The X2Go
+ Servers get probed via a short portscan on the remote's SSH port. If
+ that portscan fails, another remote X2Go Server is chosen from the
+ list of available server (if any). This portscanning functionality
+ can be switched off via "default-portscan-x2goservers" in x2gobroker.conf
+ or via "broker-portscan-x2goservers" per session profile. (Fixes:
+ #692).
* debian/control:
+ Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
+ Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
Added tag(s) pending.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Tue, 09 Dec 2014 12:10:03 GMT) (full text, mbox, link).
Marked as fixed in versions 0.0.3.0.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Tue, 09 Dec 2014 12:10:03 GMT) (full text, mbox, link).
Message sent on
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Bug#692.
(Tue, 09 Dec 2014 12:10:04 GMT) (full text, mbox, link).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#692
; Package python-x2gobroker
.
(Sat, 20 Jun 2015 12:15:33 GMT) (full text, mbox, link).
Acknowledgement sent
to X2Go Release Manager <git-admin@x2go.org>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Sat, 20 Jun 2015 12:15:33 GMT) (full text, mbox, link).
Message #65 received at 692@bugs.x2go.org (full text, mbox, reply):
close #692
thanks
Hello,
we are very hopeful that X2Go issue #692 reported by you
has been resolved in the new release (0.0.3.0) of the
X2Go source project »src:x2gobroker«.
You can view the complete changelog entry of src:x2gobroker (0.0.3.0)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2gobroker.
http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=30c316e66f4173d0e3577fe85817e73f822a479e;hp=81e28ea24b269fb24559d70c462b846cf2f56edd
If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2gobroker.
Thanks a lot for contributing to X2Go!!!
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
X2Go Component: src:x2gobroker
Version: 0.0.3.0-0x2go1
Status: RELEASE
Date: Sat, 20 Jun 2015 13:58:49 +0200
Fixes: 153 217 275 306 360 379 380 447 449 450 469 470 484 491 493 494 544 545 553 562 665 666 685 686 692 706 716 784 834 835 836
Changes:
x2gobroker (0.0.3.0-0x2go1) RELEASED; urgency=low
.
[ Mike Gabriel ]
* New upstream version (0.0.3.0):
- Add SSH support to X2Go Session Broker. (Fixes: #153).
- Move x2gobroker executable to /usr/bin.
- Update x2gobroker man page.
- SSH broker: Only allow context change to another user for the
magic user (default: x2gobroker).
- Fix logrotate script: x2gobroker-wsgi. (Fixes: #275).
- Get the cookie based extra-authentication working for SSH mode.
- Get the cookie based extra-authentication working for HTTP mode.
- Fix output of HTTP based connectivity test.
- Do not let the broker crash if an agent is not reachable. Capture
X2GoBrokerAgentExceptions when pinging the remote agent. (Fixes: #306).
- When calling the agent's suspend_session function, make sure to pass
on the remote_agent dictionary.
- Provide empty directory /etc/x2go/broker/ssl.
- Re-order x2gobroker main file. Move logging further to the back to
allow taking command-line options into account.
- Modify default x2gobroker-sessionprofiles.conf and provide something
that will work with every default setup.
- New broker session profile parameter: broker-agent-query-mode. Define
agent query methods per session profile.
- Rename base broker's use_session_autologin to get_session_autologin.
- Fix Python2'isms in three exceptions. Thanks to Mathias Ewald for
spotting.
- Make test_suite callable via setup.py.
- Provide a test function that checks if the basic broker agent setup
(SSH private/public key pair) is available. If not, no SSH broker
usage will be attempted.
- Let a portscan preceed the SSH ping command. This notably
reduces timeout duration if the host running the queried broker agent
is down).
- Catch RequestHandler errors and write them to the error log channel.
- Raised verbosity level to INFO for session broker utilities.
- Add sanity checks to x2gobroker-pubkeyauthorizer.
- Report stderr results to the broker log channel (broker.log). This
allows debugging of X2Go Session Broker Agent via the X2Go Session
Broker logging instance. (Fixes: #217).
- Fix the ping task in x2gobroker-agent.pl, process it without checking the
given username.
- Fix remote agent detection in case of some agents being down.
- Add utils function: matching_hostnames(): test hostname lists for
matching hostnames (with/without domain name).
- Add fuzzy tolerance when comparing host name lists as found in session
profile configuration and as reported by broker agent.
- In x2gobroker.conf: describe the manifold ways of providing a second
authorized_keys file location in SSH server daemon. Thanks to Stefan
Heitmüller for pointing out more recent SSH server's configuration
style.
- WSGI implementation: keep SCRIPT_NAME in environ, as removing it causes
AssertionErrors whenever we trigger a tornado.web.HTTPError.
- Add password prompt to x2gobroker-testauth. Password prompt is used
if the --password option is not used.
- New authentication mechanism: none. Always authenticate a user, even if
password is not provided or wrong.
- Ship python2.6 asyncore patch (Debian squeeze python2.6 version) in
python-x2gobroker's docs folder.
- Show correct environment variables in log file prelude when WSGI is used.
- Fix check-credentials = false for UCCS web frontend.
- Add a start page (,,It works'').
- Use IP addresses in apache2 config rather than hostnames.
- Add new helper tool: x2gobroker-daemon-debug.
- Add man page for x2gobroker-daemon-debug.
- WebUI "plain": throw explainative log errors for every 404 http error.
- Fix man pages (layout issues on x2gobroker-authservice man page).
- Adapt man page installation to moval of x2gobroker(-testauth) from
an sbin to a bin directory (executable for any user).
- Make the inifile broker backend the default backend. (Fixes: #360).
- Support daemonizing of the http broker.
- Default to http broker mode when daemonizing the broker.
- Support daemonizing of the authservice.
- Detect RUNDIR in x2gobroker-authservice and use it for the default
location of the authservice socket file.
- Detect RUNDIR in x2gobroker Python module and use it for the default
location of the authservice socket file.
- Let x2gobroker-authservice take care of tidying up its own socket file.
- Provide PAM config file for Debian and RHEL separately (as they differ).
- Makefile: Clean up x2gobroker-agent binary.
- Be more precise in Debian et al. init scripts when checking if the service
is already running.
- Add JSON WebUI backend for X2Go Session Broker.
- JSON WebUI backend renders data of content type "text/json".
- Provide configuration alternative to having /etc/defaults/* scripts parsed
in by init scripts. Make X2Go Session Broker ready for being run via
systemd.
- Provide symlink x2gobroker-daemon.
- Provide systemd service files for x2gobroker-daemon and
x2gobroker-authservice. (Fixes: #379, #380).
- Add --drop-privileges feature so that x2gobroker-daemon can drop root
privileges when started via systemd. Only drop privileges if
x2gobroker(-daemon) is run as uidNumber 0.
- Implement dynamic authid for JSON WebUI frontend. Add a generic metadata
top level to the JSON output tree.
- Store cookies in /var/lib/x2gobroker (path is more appropriate than
previously suggested path /var/log/x2gobroker).
- Handle selectsessions calls with a non-existent profile ID gracefully.
- Session profiles with marker user=BROKER_USER will now auto-fill-in the
broker username into the session profile's 'user' option.
- Provide tool: x2gobroker-testagent.
- Allow for broker clients to send in public SSH keys that the client may
use for authentication to X2Go Servers.
- broker agent: avoid one option system() calls in Perl. (Fixes: #784).
- For user context changes: set the HOME dir of the new user correctly.
- Reduce Paramiko/SSH verbosity (logging.ERROR) when connecting to remote
broker agents.
- Support adding remote broker agent's host keys via the
x2gobroker-testagent tool.
- If we received an SSH public key from a broker client, mark it as
ACCEPTED after we deployed it, so that the client knows that it can
its corresponding private key.
- Fix https brokerage in x2gobroker-daemon-debug.
- Load X2GOBROKER_DAEMON_USER's known_hosts key file before doing
remote agent calls.
- Fully rewrite agent.py.
- Fix broker crashes when no session status is available for certain
session profiles.
- JSON webUI: run pre and post auth scripts also via this backend.
- x2gobroker-daemon: become wrapper script, enable --mode HTTP by default.
Provide some intelligence when run as daemon (killing children processes
on reception of a SIGTERM, SIGINT, SIGQUIT, EXIT signal).
- Rename sections for broker backends in x2gobroker.conf
- Make config object of x2gobroker.conf available in authentication
mechanism backends.
- Fix SSH based broker client.
- Fix several failing tests, adapt tests to current code base.
- Introduce new global parameter for x2gobroker.conf: my-cookie-file. Allow
storing the initial authentication cookie/ID in a read-protected file.
- Explicitly set detach_process to True when calling daemon.DaemonContext().
Otherwise the daemons start but don't return to the cmdline prompt.
(Fixes: #484).
- Change agent API: all functions return a tuple where the first element
denotes if the underlying agent call has been successful.
- Correctly detect $HOME of the user that runs x2gobroker (including setuid
calls via x2gobroker-ssh).
- Enforce SSH agent query mode (instead of LOCAL mode) for SSH brokerage (as
LOCAL query mode won't work due to a permission koan that has not yet been
solved).
- Fix interpretation of SSH_CLIENT env variable.
- Make x2gobroker-agent usable/installable on non-X2Go server machines.
(Fixes: #493).
- Provide autologin support for session profiles that have an SSH proxy host
configured. (Fixes: #494).
- Fix IPv6 binding of the X2Go Session Broker daemon. If no bind port
is given via the cmdline, obtain it from other means (via
x2gobroker.defaults).
- Rename LICENSE file to COPYING.
- X2Go Broker Agent: Test if queried username exists on the system before
performing the query.
- Make sure bind_address and bind_port are correctly detected from
/etc/default/x2gobroker-daemon and /etc/x2go/broker/defaults.cfg.
- Move split_host_address() code into x2gobroker.utils.
- Report to log what the broker agent replied to us.
- Provide support for load-balancing to hosts that are all reachable
over the same IP address, but different TCP/IP ports (e.g. docker
instances or hosts behind a reverse NATed IPv4 gateway). This ended
up in a rewrite of the complete selection_session() method of the
base broker code.
- Use physical host address and port (if provided) for contacting
remote broker agent via SSH.
- Update README and TODO.
- Update copyright holders. Copyright is held only by people who actually
contributed to the current code base.
- logrotate configs: Rotated logs via "su x2gobroker adm".
- Use hostname as hard-coded in server_list (from session profile
configuration),
don't try to strip off the domain name.
- Consolidate x2gobroker.utils.split_host_address() with a test and rewrite
completely.
- Make sure that without configuration files, the HTTP broker listens to
port 8080.
- Provide legacy support for deprecated x2gobroker.conf global parameter
'check-credentials'.
- Configure broker / authservice environment via .service files.
- Load defaults.conf via authservices and for logger configuration, as well.
- x2gobroker-authservice: Make sure socket file directory is created
before trying to create the socket file itself.
- Don't load defaults.conf twice. Only load it when initializing the
loggers.
- Provide a special PAM configuration file for SUSE systems
(identical to the PAM configuration file for Debian).
- defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section,
but also in the [daemon] and [authservice] section.
- x2gobroker-testauth: Don't use hard-coded default backend. Obtain
X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead.
- x2gobroker-testauth: Improve help text of --backend option. Display
the current backend default.
- x2gobroker-authservice: Restructure logging. Enable log messages
for authentication requests.
- Get several issues around select_session fixed via tests in the
broker's backend base.py.
- Add tests for broker agent queries.
- Fix setting the remote agent's SSH port if the host option
is of style "<hostname> (<ip-address>:<port>)".
- During select_session: Re-add subdomain (if possible) to the hostname to
make sure we can detect the host's <ip-address>:<port> further down in
the code.
- Properly set (/var)/run/x2gobroker directory permissions when started
via systemd.
- Fix privilege check for the broker daemon's log directory.
- Enable basic/random load-balancing for UCCS broker frontend. Make UCCS
frontend aware of host session profile options of the form
"host=<fqdn> (<ipaddr>:<port>).
- Do a portscan on the remote's SSH port before querying a remote agent
via SSH.
- Don't return X2Go Servers that are actually down, currently. The X2Go
Servers get probed via a short portscan on the remote's SSH port. If
that portscan fails, another remote X2Go Server is chosen from the
list of available server (if any). This portscanning functionality
can be switched off via "default-portscan-x2goservers" in x2gobroker.conf
or via "broker-portscan-x2goservers" per session profile. (Fixes:
#692).
- When load-balancing, switch to chosen server as remote broker agent before
deploying SSH keys.
- Allow resuming sessions from servers even if one offline server has
left bogus in the session DB (plus unit tests).
- Fix remote agent detection if one ore more X2Go Servers are offline and
hostname does not match host address (plus unit test).
- Allow remote agent calls via hostname or host address when using the
format "<hostname> (<hostaddr>)" in the session profile. This can be
useful if the <hostname> is a valid address on the local network
(broker <-> <server> communication), but the host address is valid for
clients (client <-> server communication).
- Don't check for running/suspended session if the session profile will
request a shadowing session.
- Disabled broker agent calls and load-balancing for session profiles that
will request shadowing sessions.
- Mention "usebrokerpass" session profile option in
x2gobroker-sessionprofiles.conf.
- Provide desktop sharing (shadow session) example in
x2gobroker-sessionprofiles.conf.
- Makefile: Add installation rules for x2gobroker-loadchecker.
- x2gobroker.1: Since systemd there are not only init scripts. Rephrasing
man page.
- New feature: x2gobroker-loadchecker daemon. (Fixes: #686).
- x2gobroker-agent.pl: Use var name server_usage instead of server_load.
Reflects better what that var denotes.
- agent.py: Completion of several __doc__ strings (missing @return:,
@rtype: fields).
- X2GoBroker.check_for_sessions(): Fix check for shadow / non-shadow
sessions.
- x2gobroker.1: Mention x2gobroker-ssh in its man page, differentiate
between the different modes (http/ssh) of the x2gobroker application.
- Pre-release pyflakes cleanup.
- agent.py: Capture login failures in checkload() function.
- agent.py: Allow providing a custom logger instance in all functions.
- LoadChecker.loadchecker(): Use load checker daemon's logger instance
for logging actions taken place in agent.py.
- agent.py: Make agent query mode LOCAL behave similar to agent query mode
SSH if things go wrong.
- agent.py: Set result to None, if SSH connection to broker agent fails.
- Calculate our own MemAvailable value in x2gobroker-agent.pl. Only
kernels newer than v3.14 offer the MemAvailable: field in /proc/meminfo.
- x2gobroker-agent.pl: Fix regexp for detecting number of CPUs and CPU
frequency.
- x2gobroker-agent.pl: Fall-back CPU detection for virtualized systems (e.g.
QEMU hosts).
- LoadChecker.loadchecker(): Report about query failures, as well, in query
cycle summary.
- LoadCheckerServiceHandler(): Add line breaks in per-profile output.
Return nothing if the load checker service is unreachable.
- agent.py: Let get_servers() return a dictionary with hostnames as keys
and number of sessions as values.
- Fix X2GoBroker.use_load_checker(): Obtain broker-* option via
X2GoBroker.get_profile_broker(), not via X2GoBroker.get_profile().
- Various improvements / fixes for session selection via the load checker
daemon.
- Adapt tests to new load checker service feature.
- Only check for 'load_factors' key in remote_agent dict, if agent query
mode is SSH.
- Fix detection of running x2gobroker-daemon process in Debian's SystemV
init script.
- Set default log level to "WARNING", not "DEBUG".
- defaults/x2gobroker-logchecker.default: Fix copy+paste errors.
- doc/README.x2goclient+broker.getting-started: Mention how to launch
PyHoca-GUI in broker mode.
- etc/broker/defaults.conf: Fix copy+paste errors.
- etc/x2gobroker-wsgi.*.conf: Make host ACLs Apache2.4 compliant.
- logrotate/x2gobroker-loadchecker: The loadchecker.log file needs to be
owned by user x2gobroker.
- rpm/x2gobroker-*.init: Fix copy+paste errors.
- man pages: Update date.
- If non-load-balanced session profiles reference a non-reachable host,
hand-back the system's hostname to X2Go Client / Python X2Go.
- Add security notice / disclaimer to x2gbroker.1 man page as suggested
by Stefan Baur. (Fixes: #666).
- Provide x2gobroker system user public keys to broker agents with SSH
options--strongly restricting the key usage--now. Modify x2gobroker-
pubkeyauthorizer in a way that it replaces non-option keys with the
newly provided optionized/restricted pubkeys. (Fixes: #685).
- etc/x2gobroker.conf: Switch over to using dynamic auth cookies by default.
- X2GoBroker.get_agent_query_mode(): Immediately return overridden query
mode. Avoid logging of the configured query mode. Write the overridden
query mode to the logger instance instead.
- Don't enforce agent query mode "SSH" for x2gobroker-ssh anymore.
- If a single-host is unreachable, return the host address, not the hostname
and let X2Go Client release itself, that the host is unreachable.
- x2gobroker-loadchecker: Don't freeze if load information for a complete
load-balanced server farm is unavailable.
- x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/
old SSH options.
- x2gobroker-agent.pl: Add %U (uidNumber) and %G (primary gidNumber) as
further possible substitutions for deriving the full path of the
authorized_keys file where X2Go Broker Agent's deploys public SSH user
keys to. (Fixes: #665).
- agent.py: Use os.fork() instead of threading.Thread() to handle
delayed executions of broker agent tasks. This assures that SSH pub keys
are removed via the delauthkey broker agent task, if the SSH broker
is used. (Fixes: #491).
- Add run-optional-script support to SSH broker.
- x2gobroker-ssh: When agent query mode is set to LOCAL, Execute
x2gobroker-agent via sudo as group "X2GOBROKER_DAEMON_GROUP". (Fixes:
#835).
- When the x2gobroker-agent command call is shipped via
$SSH_ORIGINAL_COMMAND environment var, make sure to strip-off
"sh -c" from the command's beginning.
- x2gobroker-agent.pl: Fix detection of X2Go's library path (x2gopath lib).
- Implement "not-set" value for X2Go Client parameters. If a parameter
is set to "not-set", the parameter won't be handed over to X2Go Client.
(Fixes: #834, #836).
- agent.py: Fix missing "task" parameter for task "ping" against a local
broker agent.
- Fix task ping when tested via the x2gobroker-testagent script.
- Transliterate commands in session profiles to uppercase when checking if
the command is supposed to launch a desktop session.
* debian/control:
+ Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
+ Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
+ Fix SYNOPSIS texts.
+ Recommend apache2 and libapache2-mod-wsgi for x2gobroker-wsgi.
+ Fix position of XS-Python-Version: field.
+ Rework LONG_DESCRIPTION of bin:package x2gobroker-agent. Imporve line
breaks, so that we now have lines that are close to 80 chars long.
+ Make x2gobroker-daemon a symlink and recognize HTTP mode by the
executable's name.
+ Bump Standards: to 3.9.6. No changes needed.
+ Add to D (python-x2gobroker): python-urllib3.
* debian/copyright:
+ Update file to match current status quo of upstream source files.
* debian/x2gobroker-agent.dirs:
+ Provide empty log file directory.
* debian/x2gobroker-wsgi postinst/postrm:
+ Make bin:package x2gobroker-wsgi compliant Debian's packaging style of
Apache2.4 / Apache2.2.
+ On package purgal: Disable Apache2 config first and then attempt the
removal of the x2gobroker user/group.
+ Pass $@ to our apacheconf_configure, apacheconf_remove functions to not
break apache2-maintscript-helper.
* debian/x2gobroker-ssh.postinst:
+ Assure proper file permissions, owner and group settings for
x2gobroker-ssh.
* debian/x2gobroker-ssh.prerm:
+ Drop dpkg-statoverride of /usr/bin/x2gobroker-ssh before package
removal.
* debian/*.postinst:
+ Assure that the log directory always exists (no matter what combination
of packages got installed).
* debian/python-x2gobroker.install:
+ Install defaults.conf into bin:package python-x2gobroker.
* debian/source/format:
+ Switch to format 1.0.
* rpm/*.init:
+ Provide initscripts that are likely to work on RHEL plus derivatives.
* x2gobroker.spec:
+ Provide x2gobroker.spec file for building RPM packages. Inspired by
the packaging work in OpenSuSE.
+ Split out python-x2gobroker sub-package.
+ Install Apache2 config symlinks to /etc/httpd (not /etc/apache2).
+ Make sure x2gobroker-agent wrapper gets installed into x2gobroker-agent
sub-package.
+ Builds for EPEL-7 also have to systemd aware.
+ Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
+ Adapt to building on openSUSE/SLES.
+ Rework Description: of bin:package x2gobroker-agent. Imporve line
breaks, so that we now have lines that are close to 80 chars long.
+ Add x2gobroker-rpmlintrc file.
+ Don't package x2gobroker-daemon.1 nor x2gobroker-ssh.1 man pages
twice.
+ On SUSE, we have /etc/apache2, not /etc/httpd.
+ On SUSE, we have to provide our own python-pampy package (and depend on
that). In Fedora and RHEL, the same (upstream) software is named
python-pam. (Fixes: #562).
+ For distro versions with systemd, provide /etc/x2go/broker/defaults.conf.
For SysV distro versions, use /etc/defaults/* and source them via the
init scripts.
+ No adm group on non-Debian systems by default. Using root instead on RPM
based systems.
+ For Fedora 22 and beyond explicitly call python2 in all shebangs.
+ Add to BR: sudo (to have /etc/sudoers.d owned by some package).
.
[ Josh Lukens ]
* New upstream version (0.0.3.0):
- Add support for dynamic cookie based auth after initial password auth.
(Fixes: #447).
- Add support to run pre and post authentication scripts. (Fixes: #449).
- Add auth mechanism https_get. (Fixes: #450).
- Change pre and post scripts to use common codebase across frontends.
(Fixes: #469).
- Add ability to have script run in select session after server is
selected.
- Add basic support for pulling https_get authmech config from
configuration file. (Fixes: #470).
- Fix typos and host/port mixups in the remote_sshproxy logic. (Fixes:
#544).
- Make sure find_busy_servers in agent.py returns a tuple (recent API
change) to not break profiles with multiple servers. (Fixes: #545).
- On session resumption take profile's host list into account. Don't resume
sessions the profile has not been configured for. (Fixes: #553).
.
[ Jason Alavaliant ]
* New upstream version (0.0.3.0):
- Handle spaces in broker login passwords when authservice is used. (Fixes:
#706).
- Don't strip off spaces from password strings. (Fixes: #716).
.
[ Mihai Moldovan ]
* x2gobroker.spec:
+ Change all python-pampy references to python-pam on non-SUSE systems.
+ Fix %build scriptlet: add missing "done" in while; do; done shell script
part.
+ Don't do a weird escape slash dance in sed's replace command. Simply use
another separator.
* debian/rules:
+ Try to call common-binary-indep from common-binary-arch.
Message sent on
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Bug#692.
(Sat, 20 Jun 2015 12:16:37 GMT) (full text, mbox, link).
Marked Bug as done
Request was from X2Go Release Manager <git-admin@x2go.org>
to control@bugs.x2go.org
.
(Sat, 20 Jun 2015 12:16:53 GMT) (full text, mbox, link).
Notification sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Bug acknowledged by developer.
(Sat, 20 Jun 2015 12:16:53 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.x2go.org>
to internal_control@bugs.x2go.org
.
(Sun, 19 Jul 2015 05:24:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Sat Nov 23 10:10:07 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.