package: x2gobroker version: 0.0.3.0 Situation: two identical nodes, only difference is DNS name + IP Desired result: load-balanced X2Go systems, where a suspended session can be resumed Actual outcome: Each connect starts a new session, suspended sessions are left dangling forever Questions: 1) Is x2gobroker-daemon needed at all for ssh-only connections to the broker? 2) Did I miss any obvious steps? 3) What would be the suggested path to debug this? A full typescript recording of the installation process is available, but as no command returned any error messages, let me shorten it down to the commands that were executed: # commands executed on both first and second node apt-get install x2gobroker -y cp /etc/x2go/x2gobroker.conf /etc/x2go/x2gobroker.conf.orig vi /etc/x2go/x2gobroker.conf # see diff below apt-get install x2gobroker-agent -y cp /etc/x2go/broker/x2gobroker-sessionprofiles.conf /etc/x2go/broker/x2gobroker-sessionprofiles.conf.orig vi /etc/x2go/broker/x2gobroker-sessionprofiles.conf # see diff below x2gobroker-keygen cp /var/lib/x2gobroker/.ssh/id_rsa.pub /tmp/ cd /tmp/ vi id_rsa.pub # added a blank and the server name to end of file python -m SimpleHTTPServer 8081 # run temporary web server so second node can fetch the file # once both web servers were up, the following commands were executed # on BOTH nodes: x2gobroker-pubkeyauthorizer -t http://firstnode:8081/id_rsa.pub x2gobroker-pubkeyauthorizer -t http://secondnode:8081/id_rsa.pub # Sadly, no working session reconnect with these command line # parameters - it always starts a new session: x2goclient --broker-url=ssh://accountwithapublickey@firstnode:22/usr/bin/x2gobroker --broker-autologin # This is using x2goclient-4.0.5.0-2015.07.31 # taking a closer look at # http://wiki.x2go.org/doku.php/doc:installation:x2gobroker: # maybe x2gobroker-daemon is missing? So ... apt-get install x2gobroker-daemon -y # this also pulls in x2gobroker-authservice # Sadly, no change, still no working session reconnect :-( # --------------------------------------------------------- diff -u /etc/x2go/x2gobroker.conf.orig /etc/x2go/x2gobroker.conf --- /etc/x2go/x2gobroker.conf.orig 2016-03-19 18:39:02.034407506 +0100 +++ /etc/x2go/x2gobroker.conf 2016-03-19 19:56:05.781729565 +0100 @@ -241,6 +241,7 @@ # The agent query mode can be configured on a per-broker-backend basis, the # below value is the default. #default-agent-query-mode=NONE +default-agent-query-mode=SSH # Probe SSH port of X2Go Servers (availability check) # @@ -254,7 +255,7 @@ # Per default, we set this to "true" here. The portscan feature can be # deactivated on a per-session-profile basis (use: broker-portscan-x2goservers = # false in the session profile configuration). -#default-portscan-x2goservers = true +default-portscan-x2goservers = false # Use load checker for querying X2Go Servers' loads in regular intervals # @@ -294,13 +295,13 @@ # o the session profile does not block queries to the load checker daemon # on a per profile basis # -#default-use-load-checker = false +default-use-load-checker = true # If the x2gobroker-loadchecker daemon gets used, define here how # many seconds to sleep between cycles of querying system load from the # associated X2Go Servers. # -#load-checker-intervals = 300 +load-checker-intervals = 300 ### @@ -345,9 +346,8 @@ #desktop-shell = KDE [broker_inifile] -#enable = true -#session-profiles = /etc/x2go/broker/x2gobroker-sessionprofiles.conf -#use-load-checker = false +enable = true +session-profiles = /etc/x2go/broker/x2gobroker-sessionprofiles.conf #[broker_ldap] -> MUSIC OF THE FUTURE #enable = false # --------------------------------------------------------- # --------------------------------------------------------- diff -u /etc/x2go/broker/x2gobroker-sessionprofiles.conf.orig /etc/x2go/broker/x2gobroker-sessionprofiles.conf --- /etc/x2go/broker/x2gobroker-sessionprofiles.conf.orig 2016-03-19 19:19:33.995277777 +0100 +++ /etc/x2go/broker/x2gobroker-sessionprofiles.conf 2016-03-19 19:58:45.407309387 +0100 @@ -63,146 +63,12 @@ directrdp=false user=BROKER_USER -[localhost-kde] -name=KDE - localhost -host=localhost -command=KDE +[GloveBox] +host=firstnode (firstnodeip), secondnode (secondnodeip) +name=GloveBox +published=true usebrokerpass=true - -[localhost-mate] -name=MATE - localhost -host=localhost -command=MATE -usebrokerpass=true - -[localhost-shadow] -name=SHADOW - localhost -# don't even try load-balancing here... it makes not sense and won't work (first given host will be used!) -host=localhost -command=SHADOW -usebrokerpass=true - -### EXAMPLES: Below you find some config examples. Adapt them to your needs or -### simply write your own session profiles and remove the examples below. - -## -## EXAMPLE: pool-A (staff servers) -## -## The pool-A contains three X2Go Servers (server-A, server-B and server-C). - -## The staff of our example institute falls into two groups of users: -## gnome-users and kde-users. -## The gnome-users log into server-A or server-B, depending on their client -## subnet (IP configuration of the client). -## The kde-users login to server-C (server-C can be reached from the whole -## intranet). -## -## The client IP based split-up of the GNOME users allows some primitive load -## balancing. -## -## If staff people are members of both groups (kde-users, gnome-users) both -## session profiles will be shown in X2Go Client. -## - -#[pool-A-server-A] -#user= -#host=server-a.pool-a.domain.local -#name=GNOME - pool-A (srv-A) -#command=GNOME -#rootless=false -#acl-groups-allow=gnome-users,admins -#acl-groups-deny=ALL -#acl-clients-deny=ALL -#acl-clients-allow=10.1.0.0/16 -#acl-any-order=deny-allow -#broker-session-autologin=true - -#[pool-A-server-B] -#user= -#host=server-b.pool-a.domain.local -#name=GNOME - pool-A (srv-B) -#command=GNOME -#rootless=false -#acl-groups-allow=gnome-users,admins -#acl-groups-deny=ALL -#acl-clients-deny=ALL -#acl-clients-allow=10.2.0.0/16 -#acl-any-order=deny-allow -#broker-session-autologin=true - -#[pool-A-server-C] -#user= -#host=server-c.pool-a.domain.local -#name=KDE - pool-A (srv-C) -#command=KDE -#rootless=false -#acl-groups-allow=kde-users,admins -#acl-groups-deny=ALL -#acl-any-order=deny-allow -#broker-session-autologin=true - -## -## EXAMPLE: pool-B (e.g. webserver in the DMZ or on the internet) -## -## The pool-B is a single X2Go Server (server-D) that is -## hosted externally. The server-D has an official internet IP. -## -## The session profile for server-D shall be provided to the -## admins group only. -## -## Furthermore, the session profile for server-D shall only get -## offered to a member of the admins group if the admin is sitting -## in front of one of the admin client machines. -## - -#[pool-B-server-D-LXDE] -#user= -#host=server-d (server-d.domain.internet) -#name=LXDE - srv-D -#command=LXDE -#rootless=false -#acl-groups-allow=admins -#acl-groups-deny=ALL -## make sure hostnames in client ACLs are resolvable via libnss!!! -#acl-clients-deny=ALL -#acl-clients-allow=admin-machine1.domain.local, admin-machine2.domain.local, admin-machine3.domain.local -#acl-any-order=deny-allow - -## -## EXAMPLE: pool-C (REAL LOAD BALANCING!!!) -## -## The pool-C is a server pool for students. Our example institute -## knows 200-300 students and has to offer working places for -## every student. -## -## The resource limits on these servers are pretty strict, so staff members -## normally stay away from these machines, anyway. Only two test account -## get this session profile into their X2Go Clients. -## -## The pool-C contains 6 X2Go Servers that serve all students users together -## as a load balance server farm. The servers' hostnames are s-E1, s-E2, ... -## (as found in /etc/hostname). The hosts, however, are not configured in DNS -## so we give their IPs explicitly (also works for IPv6). -## -## Make sure to install x2gobroker-agent on all these 6 X2Go Servers. Also make -## sure to once run the script x2gobroker-keygen on the broker host and once -## the script x2gobroker-pubkeyauthorizer per X2Go Server. -## -## All 6 X2Go Servers have to be configured to use the PostgreSQL X2Go session -## DB backend. -## - -#[pool-C-XFCE] -#user= -#host=s-E1 (10.0.2.11),s-E2 (10.0.2.12),s-E3 (10.0.2.13),s-E4 (10.0.2.14),s-E5 (10.0.2.15) -#name=XFCE - pool-C -#command=XFCE -#rootless=false -#acl-users-allow=testuser-A,testuser-B -#acl-users-deny=ALL -#acl-groups-allow=students,admins -#acl-groups-deny=ALL -#acl-any-order=deny-allow # this server pool has a special broker setup for SSH authorized_keys -#broker-session-autologin=true -#broker-authorized-keys=/var/lib/x2gobroker/ssh/%u/authorized_keys +broker-session-autologin=true +broker-authorized-keys=/etc/ssh/authorized_keys.d/%u # --------------------------------------------------------- # --------------------------------------------------------- dpkg -l|grep x2go ii cups-x2go 3.0.1.3-0x2go1+git20160127.135+jessie.main.1 all Virtual X2Go printer for CUPS ii libnx-x11-6:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 client-side library ii libnx-xcomposite1:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Composite extension library ii libnx-xdamage1:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 damaged region extension library ii libnx-xdmcp6:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Display Manager Control Protocol library ii libnx-xext6:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 miscellaneous extension library ii libnx-xfixes3:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 miscellaneous 'fixes' extension library ii libnx-xinerama1:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Xinerama extension library ii libnx-xpm4:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 pixmap library ii libnx-xrandr2:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 RandR extension library ii libnx-xrender1:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Rendering Extension client library ii libnx-xtst6:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 Testing -- Record extension library ii libxcomp3:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 compression library ii libxcompext3:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 protocol compression extensions library ii libxcompshad3:i386 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 nx-X11 shadowing library ii nx-x11-common 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 all nx-X11 (common files) ii nxagent 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 i386 NX agent ii python-x2gobroker 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 all X2Go Session Broker (Python modules) ii x2go-keyring 2012.07.23~jessie~main~17~build1 all GnuPG keys of all X2Go developers and the X2Go archive ii x2goagent 2:3.5.0.32-0x2go1+git20160126.734+jessie.main.1 all X2Go agent ii x2gobroker 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 all X2Go Session Broker (executable) ii x2gobroker-agent 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 i386 X2Go Session Broker (remote agent) ii x2gobroker-authservice 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 all X2Go Session Broker (PAM authentication service) ii x2gobroker-daemon 0.0.3.0-0x2go1+git20160126.999+jessie.main.1 all X2Go Session Broker (standalone daemon) ii x2goserver 4.0.1.19-0x2go2+git20160126.1064+jessie.main.1 i386 X2Go server daemon scripts ii x2goserver-extensions 4.0.1.19-0x2go2+git20160126.1064+jessie.main.1 all X2Go server daemon scripts (extensions) ii x2goserver-printing 4.0.1.19-0x2go2+git20160126.1064+jessie.main.1 all X2Go server daemon scripts (printing) ii x2goserver-xsession 4.0.1.19-0x2go2+git20160126.1064+jessie.main.1 all X2Go server daemon scripts (Xsession runner) # --------------------------------------------------------- cat /etc/apt/sources.list # Security Updates deb http://security.debian.org/ jessie/updates main contrib non-free deb-src http://security.debian.org/ jessie/updates main contrib non-free # Backports deb http://ftp.debian.org/debian/ jessie-backports main contrib non-free # ClamAV etc. deb http://ftp.debian.org/debian jessie-updates main contrib non-free deb-src http://ftp.debian.org/debian jessie-updates main contrib non-free # Stable deb http://ftp.de.debian.org/debian/ jessie main contrib non-free deb-src http://ftp.de.debian.org/debian/ jessie main contrib non-free # X2go Repository deb http://packages.x2go.org/debian jessie main # X2go Repository (sources) deb-src http://packages.x2go.org/debian jessie main # --------------------------------------------------------- # --------------------------------------------------------- cat /etc/debian_version 8.3 # --------------------------------------------------------- Kind Regards, Stefan Baur -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243