ThinClientLocalDevices

Differences between revisions 15 and 43 (spanning 28 versions)
Revision 15 as of 2005-11-05 18:04:54
Size: 9026
Editor: 209
Comment:
Revision 43 as of 2008-08-06 16:22:55
Size: 6690
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
 * Created: [[Date(2005-10-07T12:40:00Z)]] by JaneWeideman
 * '''Contributors''': OliverGrawert, VáclavŠmilauer		  * Created: <<Date(2005-10-07T12:40:00Z)>> by JaneWeideman
 * '''Contributors''': OliverGrawert, Václav`milauer, ScottBalneaves
Line 7: Line 7:
    * dbus
    * udev
    * pmount
Line 11: Line 8:

 * Related: ThinClientLocalDevicesForwardConnection		     * ltsp-server
    * ltsp-client
Line 15: Line 12:
Thin Client Local Devices how to provide safe access to local devices on the thin clients.
Line 17: Line 13:
Existing solutions should be taken into account:
 * samba. PXES (http://pxes.sf.net) and Thinstation (http://thinstation.sf.net) export local devices with samba and they are mounted on the server. Only does file-level operations. Not optimal security-wise.
 * nbd/enbd. Allows raw data access, enbd even implements some ioctls for CD burners etc. Complicated setup, bunch of scripting. Not optimized for thin clients. Enbd has SSL encryption of transferred data and other features. Enbd is not in vanilla kernel and there seem to be no plans to include it in the near future.
 * usbip (http://usbip.sf.net). Very low level, only handles USB devices. Probably in beta state. Never tried.
 * LTSPFS: (http://wiki.ltsp.org/twiki/bin/view/Ltsp/LtspFS) New method. Small, lightweight, atomic, will include automounter.

Other links:
 * LTSP hack: http://wiki.ltsp.org/twiki/bin/view/Ltsp/LocalMedia
 * Rich thread on the topic (WRT nx) starter, discussing HAL and d-bus deplyment etc.: http://mail.kde.org/pipermail/freenx-knx/2005-January/000608.html		 This specification describes how block devices on a thin client, such as usb memory sticks, floppies (both USB and Legacy) and cdrom drives (USB, ATAPI, SCSI) can all be accessed from the users session, which is running on the server.
Line 29: Line 17:
LTSP currently doesnt support local block devices on the Thin Clients. If you plug in a usb stick, usb storage capable camera, CD rom or floppy on the Thin Client, you dont have access to the device at all. A implementation deeply integrated with the existing blockdevice handling infrastructure is needed. It should integrate on a level below the desktop and should be exposed to the users desktop session. The device must be accessible from the users desktop. Ubuntu's LTSP currently doesn't support local block devices on thin clients. If you plug in a usb stick, usb storage capable camera, CD rom or floppy on the Thin Client, you don't have access to the device at all. An implementation to handle this was developed in LTSP-4.2.
Line 33: Line 21:
Scott uses a LTSP Thin Client and wants to copy files from a CD rom he burned at home, he puts in the CD into the drive of his Thin Client and it shows up on his desktop as it uses to do at home on his ubuntu desktop install. Scott uses a LTSP Thin Client and wants to copy files from a CD rom he burned at home. He puts the CD into the drive of his thin client and it shows up on his desktop just like it does on his Ubuntu desktop at home.
Line 35: Line 23:
Jane has taken a bunch of photos with her usb storage capable digital camera for usage in the art class she has. Janes school runs a edubuntu LTSP server in the classroom. She plugs in her camera and gets a popup that offers her to import the pictures into her photo album. Jane has taken a bunch of photos with her usb storage capable digital camera for use in her art class. Jane's school runs an Edubuntu LTSP server in the classroom. She plugs in her camera and gets a popup that shows the pictures that are on the camera.
Line 37: Line 25:
Willy brought his documents he wrote at home on a floppy to his office where ubuntu LTSP runs and where he works on a Thin Client. Willy wants to insert the floppy into the local floppy drive, mount it and copy the files on his desktop to edit them in openoffice. Willy brought his documents he wrote at home on a floppy to his office where Ubuntu LTSP runs and where he works on a thin client. Willy inserts the floppy into the local floppy drive and clicks on the floppy icon on his desktop. He then can edit the files using OpenOffice and when he saves the documents, they are saved back to the floppy disk.
Line 41: Line 29:
 * Block devices that interact in the normal manner with dbus, udev, etc.  
 * We won't handle special-function or character devices for Dapper.		  * Block devices that interact in the normal manner with udev to be automounted.
 * We won't handle special-function or character devices for Dapper. (i.e. cdrom burning or PDA syncing)
Line 46: Line 34:
attachment:thin-client-local-dev.png The current udev/kernel structure already solves the raw automounting of the device on the thin client, ltsp.org designed a program called lbus that forwards a notification about new appearing devices on the client to the users session on the server.
Line 48: Line 36:
 * udev
  * Handles plug events.
  * makes it possible to use scripts to achieve what we want in udev.d at the lowest device level.
  * Could sends device notifications to the Ubuntu server via dbus + (some network backend for dbus)
 * hal
  * Handles polling of drives, and notification of media events (i.e. cdrom media ejected, floppy inserted)
 * dbus
  * Should/could be the general message passing system.
  * We'd need to write some kind of network communication plugin for dbus to handle network notifications.
 * ltspfs
  * ltspfs would need to listen for dbus messages for listening for media insert and remove messages.
 * pmount
   * pmount would need to respect the LTSP_CLIENT environment variable.		 The actual data transfer is done by a fuse based network filesystem called ltspfs. A daemon called ltspfsd runs on the client, a client program called ltspfs executed in the session of the user on the server does the mounting over the network. Both are purely userspace programs, and only rely on fuse, which Ubuntu already ships by default.
Line 62: Line 38:
Currently we are discussing two different approaches and try to decide which one is feasable to use for dapper.
One approach is to use dbus over the network, attach the Thin Clients system dbus to the servers session dbus and do all the messaging through this, the other approach would be to just call ltspfs-mount on the server via ssh to mount the remote device over the network without involving messaging at all:

Two parts of the proposed solution
 1 How to notify insertion, transfer metadata, eject instructions, etc.

 2 How to transfer/mount actual filesystem data
 
For metadata, two solutions:
 1 Simple scheme involving ssh on insertion, using ssh-agent to permit reverse connections if applicable
  * Pro: not much code: new udev script and glue, new script on server to run mount command, new arrangements to make new device appear in right nautilus session or right user's desktop view.
  * Con: metadata on server is not correct; error handling may be suboptimal; not clear yet how to make nautilus right.
    (since ssh transports environment variables through its connection this data could either made available through variables or directly to ltspfs-mount as options this program would need to respect)
 2 Dbus
  * Con: needs more code: dbus X transport (should be easy); gvm to run ltspfs-mount on system device events instead of normal pmount etc.
  * Pro: completely correct and `normal' visibility of client's devices just as if it would be if the user were running a session on the local workstation
Both schemes need ldm changed to store username and password on client (in tmpfs mounted /tmp) for future ssh connections

For filesystem data, two solutions:
 1 sftp/sshfs
  * Requires reverse-connection from server back to client (and ssh-agent)
  * Simple
  * sftp is not ideal as remote filesystem protocol
 2 ltspfs
  * Some modifications to ltspfs required to make it talk over stdin/stdout rather than wanting to do its own network and own authentication (straightforward we are told)
  * Stability status of ltspfs not currently known
  * ltspfs designed for this scenario: copes better with unexpected media removal, etc.		 When a notification from lbus running on the client is received by the lbus process listening in the users session on the server, ltspfs mounts the device into a subdir of /media/$USER which is owned by the user in 0700 mode.
Line 92: Line 42:
A description of the existing implementation can be found on the following pages in the ltsp.org wiki: <<BR>> [[http://wiki.ltsp.org/twiki/bin/view/Ltsp/LtspFSAutomount|LtspFSAutomount]] <<BR>> [[http://wiki.ltsp.org/twiki/bin/view/Ltsp/LtspFS|LtspFS]]

To integrate localdevs into Ubuntu LTSP, we'll need the following changes to the existing ltspfs:

 * An additional rules file for udev, to be inserted at 88-ltspfs in /etc/udev/rules.d/, to pick up inserted block devices and write the fstab entries.
 * Modify ltspfsd to use `/var/run` rather than `/tmp` to store its state
 * Additional script(s) to handle the updating of the `/var/run/fstab` entries.
 * The ltspfsd daemon as is.
 * mounter and unmounter scripts that mount from `/var/run/fstab`, and ignore /etc/fstab (see example below).
 * The lbuscd daemon.
 * The lbus_event_handler.sh script needs to create /media/$USER/ and do the automounting in that dir instead of the users homedir.

=== Issues: ===

 * We can't use the $DISPLAY variable to find out the host name:
  * Instead, we can fall back to the SSH_CONNECTION environment variable if $DISPLAY points to localhost
 * lbus isn't packaged yet. A package that creates the lbussd and lbuscd binary packages needs to be created, ltsp-client needs to depend on the lbuscd package, the lbussd package needs to be pulled in by the ltsp-server package.
 * ltspfs-mounter and unmounter scripts need to be included in ltspfsd package.
 * Handling of LOCAL_STORAGE=True/False needs to be added to the ltsp-client-setup initscript in the ltsp-client package. (indeed that also needs to be documented as a lts.conf parameter)
 * We need to patch the ltspfs-mount and ltspfs-umount scripts to only look in /tmp/fstab.
 * '''Critical:'''
https://launchpad.net/distros/ubuntu/+source/gnome-vfs/+bug/50554 needs to be fixed
 * We've had a comment or two on the LTSP mailing list that codepages aren't supported under LTSPFS. We'll need to implement that in keeping with Ubuntu's i18n nature by adding glib's g_string functions for the string handling in ltspfs. -- ScottBalneaves
Line 94: Line 68:
possible udev.d mount script example to outline the non-dbus approach:
  '''ssh ${user}@${server} "ltspfs-mount ${LTSP_CLIENT}:/media/${devicelabel} /media/${user}/${devicelabel}"'''		 keybuk suggested the following udev rules for handling fstab:
Line 97: Line 70:
=== Data preservation and migration === {{{
# /etc/udev/rules.d/88-ltsp.rules
ACTION=="add", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="?*", \
     RUN+="add_fstab_entry %k $ENV{ID_FS_TYPE}"
ACTION=="remove", SUBSYSTEM=="block", RUN+="remove_fstab_entry %k"
}}}
Line 99: Line 77:
== Outstanding issues == {{{
#!/bin/sh
# add_fstab_entry
# place in /lib/udev
Line 101: Line 82:
 * is ltspfs able to handle IOCTLs on the device? AFAIK it is neede in order to make e.g. CD burners work. The ltsp-discuss mailing list does not mention enbd which makes such things, albeit in a rather complex ways, possible. They suggest that IOCTLs have been superseeded by writes to sysfs but do not mention any implementation within ltspfs [VáclavŠmilauer]
  * No, ltspfs is a simple network filesystem, and not a low-level device access method like enbd. The ltspfs filesystem is the same sort of thing as NFS or Samba, neither of which handle IOCTL's either. The LTSP project tried enbd, but it has several difficulties, such as a crashed client can cause problems for the server, and the simple fact that it's not included by default on any of the big distros, which requires users to recompile their kernel. [ScottBalneaves]
 * We need to sort out who's going to handle the actual mounting/unmounting of the media. If it's to be done in ltspfs (mount on use of ltspfs filesystem, unmount media on idle), then ltspfs somehow needs to receive information about the removable media's geometry (vfat,iso9660,ro,rw,other -o's). This can happen a couple of ways:
  * Something cool with dbus
  * Something more pedestrian like getting passed the info at mount time.
 * If HAL/dbus handle the polling of media and mount/unmount, then that needs sorting out as well.
 * To me, nbd/enbd seems a nice solution but:
  * nbd doesn't supports ioctl nor encryption and isn't sync (ie removing the usb stick right after unmounting it can let the just copied file broken!)
  * [OliverGrawert] nbd will be used for swapping (see the ThinclientMemory) its not feasable for the purposes as we were discussing them here in montreal.
  * enbd is supposed to be nice but last time I checked it wasn't playing well with recent kernels (>=2.6.10)
  * [OliverGrawert] enbd is not being included upstream thats not an option for us.
 * I also tried mounting the /media of the thin client via samba (in a gdm presession script) and automounting each media locally with a simple udev script, works fine but nautilus refused to copy new files, (incorrectly) saying "not enough space", cp did it well. Probably a problem with my setup...
 * [OliverGrawert] we neither use gdm in ubuntu ltsp not do we see the need to introduce an additional filesystem.
 * whatever the solution is, privacy might be a problem, as well as discoverability: if ten users have their usbstick plugged in, each of them should only see it's own on the desktop (and ideally be unable to access to the other's even if he knows where it is mounted) [AurelienNaldi]
 * [OliverGrawert] thats the reason we discuss encrypted transports		 sed -i -e "|^/dev/$1 |d" /tmp/fstab

# invent $MOUNTPOINT
MOUNTPOINT=/media/ltsp-$1

echo "/dev/$1 $MOUNTPOINT $2 defaults 0 0" >> /tmp/fstab
}}}

{{{
#!/bin/sh
# remove_fstab_entry
# place in /lib/udev

sed -i -e "|^/dev/$1 |d" /tmp/fstab
}}}

ScottBalneaves suggests changing the ltspfs_mount script to the following, to avoid using /tmp/fstab at all:

{{{
#!/bin/sh
# ltspfs_mount, passed a directory name, used in /tmp/fstab. We can't use a simple
# mount /tmp/drives/directoryname, as that would need to reference /etc/fstab, which
# we're not going to touch.
grep $1 /tmp/fstab | while read DEV MOUNTPOINT TYPE OPTIONS DUMP PASS; do
   mount -t ${TYPE} -o ${OPTIONS} ${DEV} ${MOUNTPOINT}
done
}}}
Line 118: Line 111:

  * Stability status of ltspfs not currently known. Update 17.6.2006: ltspfs is in current version of LTSP (4.2), and deployed. Reports coming back are positive, and the code's proven quite stable. Apart from i18n, things are looking good. -- ScottBalneaves
  * ltspfs designed for this scenario: copes better with unexpected media removal, etc.
  * There is a bug in LTSP-4.2 which prevents the second user who logs into a terminal to mount devices. Consider this in your testing.
    * This bug was fixed as of LTSP-4.2 r2. Updates have been pushed out to users and are in CVS.

----
CategorySpec

Summary

This specification describes how block devices on a thin client, such as usb memory sticks, floppies (both USB and Legacy) and cdrom drives (USB, ATAPI, SCSI) can all be accessed from the users session, which is running on the server.

Rationale

Ubuntu's LTSP currently doesn't support local block devices on thin clients. If you plug in a usb stick, usb storage capable camera, CD rom or floppy on the Thin Client, you don't have access to the device at all. An implementation to handle this was developed in LTSP-4.2.

Use cases

Scott uses a LTSP Thin Client and wants to copy files from a CD rom he burned at home. He puts the CD into the drive of his thin client and it shows up on his desktop just like it does on his Ubuntu desktop at home.

Jane has taken a bunch of photos with her usb storage capable digital camera for use in her art class. Jane's school runs an Edubuntu LTSP server in the classroom. She plugs in her camera and gets a popup that shows the pictures that are on the camera.

Willy brought his documents he wrote at home on a floppy to his office where Ubuntu LTSP runs and where he works on a thin client. Willy inserts the floppy into the local floppy drive and clicks on the floppy icon on his desktop. He then can edit the files using OpenOffice and when he saves the documents, they are saved back to the floppy disk.

Scope

  • Block devices that interact in the normal manner with udev to be automounted.
  • We won't handle special-function or character devices for Dapper. (i.e. cdrom burning or PDA syncing)

Design

The current udev/kernel structure already solves the raw automounting of the device on the thin client, ltsp.org designed a program called lbus that forwards a notification about new appearing devices on the client to the users session on the server.

The actual data transfer is done by a fuse based network filesystem called ltspfs. A daemon called ltspfsd runs on the client, a client program called ltspfs executed in the session of the user on the server does the mounting over the network. Both are purely userspace programs, and only rely on fuse, which Ubuntu already ships by default.

When a notification from lbus running on the client is received by the lbus process listening in the users session on the server, ltspfs mounts the device into a subdir of /media/$USER which is owned by the user in 0700 mode.

Implementation

A description of the existing implementation can be found on the following pages in the ltsp.org wiki:
LtspFSAutomount
LtspFS

To integrate localdevs into Ubuntu LTSP, we'll need the following changes to the existing ltspfs:

  • An additional rules file for udev, to be inserted at 88-ltspfs in /etc/udev/rules.d/, to pick up inserted block devices and write the fstab entries.

  • Modify ltspfsd to use /var/run rather than /tmp to store its state

  • Additional script(s) to handle the updating of the /var/run/fstab entries.

  • The ltspfsd daemon as is.

  • mounter and unmounter scripts that mount from /var/run/fstab, and ignore /etc/fstab (see example below).

  • The lbuscd daemon.
  • The lbus_event_handler.sh script needs to create /media/$USER/ and do the automounting in that dir instead of the users homedir.

Issues:

  • We can't use the $DISPLAY variable to find out the host name:
    • Instead, we can fall back to the SSH_CONNECTION environment variable if $DISPLAY points to localhost
  • lbus isn't packaged yet. A package that creates the lbussd and lbuscd binary packages needs to be created, ltsp-client needs to depend on the lbuscd package, the lbussd package needs to be pulled in by the ltsp-server package.
  • ltspfs-mounter and unmounter scripts need to be included in ltspfsd package.
  • Handling of LOCAL_STORAGE=True/False needs to be added to the ltsp-client-setup initscript in the ltsp-client package. (indeed that also needs to be documented as a lts.conf parameter)
  • We need to patch the ltspfs-mount and ltspfs-umount scripts to only look in /tmp/fstab.

  • Critical:

https://launchpad.net/distros/ubuntu/+source/gnome-vfs/+bug/50554 needs to be fixed

  • We've had a comment or two on the LTSP mailing list that codepages aren't supported under LTSPFS. We'll need to implement that in keeping with Ubuntu's i18n nature by adding glib's g_string functions for the string handling in ltspfs. -- ScottBalneaves

Code

keybuk suggested the following udev rules for handling fstab: 

# /etc/udev/rules.d/88-ltsp.rules
ACTION=="add", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="?*", \
     RUN+="add_fstab_entry %k $ENV{ID_FS_TYPE}"
ACTION=="remove", SUBSYSTEM=="block", RUN+="remove_fstab_entry %k"

# add_fstab_entry
# place in /lib/udev

sed -i -e "|^/dev/$1 |d" /tmp/fstab

# invent $MOUNTPOINT
MOUNTPOINT=/media/ltsp-$1

echo "/dev/$1 $MOUNTPOINT $2 defaults 0 0" >> /tmp/fstab

# remove_fstab_entry
# place in /lib/udev

sed -i -e "|^/dev/$1 |d" /tmp/fstab

ScottBalneaves suggests changing the ltspfs_mount script to the following, to avoid using /tmp/fstab at all: 

# ltspfs_mount, passed a directory name, used in /tmp/fstab. We can't use a simple
# mount /tmp/drives/directoryname, as that would need to reference /etc/fstab, which
# we're not going to touch.
grep $1 /tmp/fstab | while read DEV MOUNTPOINT TYPE OPTIONS DUMP PASS; do
   mount -t ${TYPE} -o ${OPTIONS} ${DEV} ${MOUNTPOINT}
done

BoF agenda and discussion

  • Stability status of ltspfs not currently known. Update 17.6.2006: ltspfs is in current version of LTSP (4.2), and deployed. Reports coming back are positive, and the code's proven quite stable. Apart from i18n, things are looking good. -- ScottBalneaves

  • ltspfs designed for this scenario: copes better with unexpected media removal, etc.
  • There is a bug in LTSP-4.2 which prevents the second user who logs into a terminal to mount devices. Consider this in your testing.
    • This bug was fixed as of LTSP-4.2 r2. Updates have been pushed out to users and are in CVS.

CategorySpec

ThinClientLocalDevices (last edited 2008-08-06 16:22:55 by localhost)