ThinClientLocalDevices

Differences between revisions 21 and 43 (spanning 22 versions)
Revision 21 as of 2005-11-05 21:38:30
Size: 7505
Editor: 209
Comment:
Revision 43 as of 2008-08-06 16:22:55
Size: 6690
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
 * Created: [[Date(2005-10-07T12:40:00Z)]] by JaneWeideman
 * '''Contributors''': OliverGrawert, VáclavŠmilauer		  * Created: <<Date(2005-10-07T12:40:00Z)>> by JaneWeideman
 * '''Contributors''': OliverGrawert, Václav`milauer, ScottBalneaves
Line 7: Line 7:
    * dbus
    * udev
    * gnome-volume-manager
Line 11: Line 8:
    * gnome-system-tools (users-conf)
    * gnome-vfs		     * ltsp-server
    * ltsp-client
Line 15: Line 12:
Thin Client Local Devices how to provide safe access to local devices on the thin clients.
Line 17: Line 13:
Existing solutions should be taken into account:
 * samba. PXES (http://pxes.sf.net) and Thinstation (http://thinstation.sf.net) export local devices with samba and they are mounted on the server. Only does file-level operations. Not optimal security-wise.
 * nbd/enbd. Allows raw data access, enbd even implements some ioctls for CD burners etc. Complicated setup, bunch of scripting. Not optimized for thin clients. Enbd has SSL encryption of transferred data and other features. Enbd is not in vanilla kernel and there seem to be no plans to include it in the near future.
 * usbip (http://usbip.sf.net). Very low level, only handles USB devices. Probably in beta state. Never tried.
 * LTSPFS: (http://wiki.ltsp.org/twiki/bin/view/Ltsp/LtspFS) New method. Small, lightweight, atomic, will include automounter.

Other links:
 * LTSP hack: http://wiki.ltsp.org/twiki/bin/view/Ltsp/LocalMedia
 * Rich thread on the topic (WRT nx) starter, discussing HAL and d-bus deplyment etc.: http://mail.kde.org/pipermail/freenx-knx/2005-January/000608.html		 This specification describes how block devices on a thin client, such as usb memory sticks, floppies (both USB and Legacy) and cdrom drives (USB, ATAPI, SCSI) can all be accessed from the users session, which is running on the server.
Line 29: Line 17:
LTSP currently doesnt support local block devices on the Thin Clients. If you plug in a usb stick, usb storage capable camera, CD rom or floppy on the Thin Client, you dont have access to the device at all. A implementation deeply integrated with the existing blockdevice handling infrastructure is needed. It should integrate on a level below the desktop and should be exposed to the users desktop session. The device must be accessible from the users desktop. Ubuntu's LTSP currently doesn't support local block devices on thin clients. If you plug in a usb stick, usb storage capable camera, CD rom or floppy on the Thin Client, you don't have access to the device at all. An implementation to handle this was developed in LTSP-4.2.
Line 33: Line 21:
Scott uses a LTSP Thin Client and wants to copy files from a CD rom he burned at home, he puts in the CD into the drive of his Thin Client and it shows up on his desktop as it uses to do at home on his ubuntu desktop install. Scott uses a LTSP Thin Client and wants to copy files from a CD rom he burned at home. He puts the CD into the drive of his thin client and it shows up on his desktop just like it does on his Ubuntu desktop at home.
Line 35: Line 23:
Jane has taken a bunch of photos with her usb storage capable digital camera for usage in the art class she has. Janes school runs a edubuntu LTSP server in the classroom. She plugs in her camera and gets a popup that offers her to import the pictures into her photo album. Jane has taken a bunch of photos with her usb storage capable digital camera for use in her art class. Jane's school runs an Edubuntu LTSP server in the classroom. She plugs in her camera and gets a popup that shows the pictures that are on the camera.
Line 37: Line 25:
Willy brought his documents he wrote at home on a floppy to his office where ubuntu LTSP runs and where he works on a Thin Client. Willy wants to insert the floppy into the local floppy drive, mount it and copy the files on his desktop to edit them in openoffice. Willy brought his documents he wrote at home on a floppy to his office where Ubuntu LTSP runs and where he works on a thin client. Willy inserts the floppy into the local floppy drive and clicks on the floppy icon on his desktop. He then can edit the files using OpenOffice and when he saves the documents, they are saved back to the floppy disk.
Line 41: Line 29:
 * Block devices that interact in the normal manner with dbus, udev, etc.  
 * We won't handle special-function or character devices for Dapper.		  * Block devices that interact in the normal manner with udev to be automounted.
 * We won't handle special-function or character devices for Dapper. (i.e. cdrom burning or PDA syncing)
Line 46: Line 34:
=== Schema overview === The current udev/kernel structure already solves the raw automounting of the device on the thin client, ltsp.org designed a program called lbus that forwards a notification about new appearing devices on the client to the users session on the server.
Line 48: Line 36:
attachment:thin-client-local-dev.png The actual data transfer is done by a fuse based network filesystem called ltspfs. A daemon called ltspfsd runs on the client, a client program called ltspfs executed in the session of the user on the server does the mounting over the network. Both are purely userspace programs, and only rely on fuse, which Ubuntu already ships by default.
Line 50: Line 38:

The approach is to use dbus over the existing LTSP ssh X11 tunnel, attach the Thin Client's system dbus to the servers session dbus and do all the messaging through this implementation.

Mounting and actual data transport will be done through an additionally established ssh tunnel, ltspfs/ltspfsd will attach to this tunnel. Since ltspfs handles automated unmounting of unused devices after a period of time. Ltspfs also makes sure that the integrity of the written data over the network is given.		 When a notification from lbus running on the client is received by the lbus process listening in the users session on the server, ltspfs mounts the device into a subdir of /media/$USER which is owned by the user in 0700 mode.
Line 57: Line 42:
 * hal and udev will run on the client to fulfill the architectural requirements. A description of the existing implementation can be found on the following pages in the ltsp.org wiki: <<BR>> [[http://wiki.ltsp.org/twiki/bin/view/Ltsp/LtspFSAutomount|LtspFSAutomount]] <<BR>> [[http://wiki.ltsp.org/twiki/bin/view/Ltsp/LtspFS|LtspFS]]
Line 59: Line 44:
 * dbus will be enhanced to support X transport over the ssh tunnel, it will hook into the already running channel.
   * a system bus on the client connects to the session bus on the server, notifications will be sent through this connection to trigger gnome-volume-manager to mount via ltspfs.		 To integrate localdevs into Ubuntu LTSP, we'll need the following changes to the existing ltspfs:
Line 62: Line 46:
 * gnome-volume-manager will be enhanced to respect the LTSP_CLIENT variable; if set it will not run pmount but arrange (either itself or via a script) to send a dbus message to the system dbus on the client asking the client to make the filesystem mounted on the server. The client then does ssh server [a bit like under Implementation / Code in wiki page]  * An additional rules file for udev, to be inserted at 88-ltspfs in /etc/udev/rules.d/, to pick up inserted block devices and write the fstab entries.
 * Modify ltspfsd to use `/var/run` rather than `/tmp` to store its state
 * Additional script(s) to handle the updating of the `/var/run/fstab` entries.
 * The ltspfsd daemon as is.
 * mounter and unmounter scripts that mount from `/var/run/fstab`, and ignore /etc/fstab (see example below).
 * The lbuscd daemon.
 * The lbus_event_handler.sh script needs to create /media/$USER/ and do the automounting in that dir instead of the users homedir.
Line 64: Line 54:
 * Each user will have their own 0750 root.usergrp subdirectory of /media on the server to get a private namespace and to make device labels work properly.
   * This requires modifying gnome-vfs to respect this user directory (it must check the LTSP_CLIENT variable for that)
   * A ltsp-user option is to be added to the users and groups manager in gnome, so you can easily check a checkbox to have the required dir created.		 === Issues: ===

 * We can't use the $DISPLAY variable to find out the host name:
  * Instead, we can fall back to the SSH_CONNECTION environment variable if $DISPLAY points to localhost
 * lbus isn't packaged yet. A package that creates the lbussd and lbuscd binary packages needs to be created, ltsp-client needs to depend on the lbuscd package, the lbussd package needs to be pulled in by the ltsp-server package.
 * ltspfs-mounter and unmounter scripts need to be included in ltspfsd package.
 * Handling of LOCAL_STORAGE=True/False needs to be added to the ltsp-client-setup initscript in the ltsp-client package. (indeed that also needs to be documented as a lts.conf parameter)
 * We need to patch the ltspfs-mount and ltspfs-umount scripts to only look in /tmp/fstab.
 * '''Critical:'''
https://launchpad.net/distros/ubuntu/+source/gnome-vfs/+bug/50554 needs to be fixed
 * We've had a comment or two on the LTSP mailing list that codepages aren't supported under LTSPFS. We'll need to implement that in keeping with Ubuntu's i18n nature by adding glib's g_string functions for the string handling in ltspfs. -- ScottBalneaves
Line 70: Line 68:
The gnome-volume-manager triggered script of point 5 in the schema will be a simple python based dbus script running the commands dbus-connect and dbus-send to emit the message to the clients dbus. keybuk suggested the following udev rules for handling fstab:
Line 72: Line 70:
Command executed by mount initiation script on the client (point 7 in the schema):
  '''ssh ${user}@${server} "ltspfs ${LTSP_CLIENT}:/media/${devicelabel} /media/${user}/${devicelabel}"'''		 {{{
# /etc/udev/rules.d/88-ltsp.rules
ACTION=="add", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="?*", \
     RUN+="add_fstab_entry %k $ENV{ID_FS_TYPE}"
ACTION=="remove", SUBSYSTEM=="block", RUN+="remove_fstab_entry %k"
}}}
Line 75: Line 77:
== Outstanding issues == {{{
#!/bin/sh
# add_fstab_entry
# place in /lib/udev
Line 77: Line 82:
We cannot use the ltspfs builtin TCP transport because it has no encryption. (FUSE encryption is for encrypted filesystems, not encrypted ltspfs traffic.), ScottBalneaves will implement handling of stdin/out in ltspfs/ltspfsd to being able to tunnel through ssh connections. sed -i -e "|^/dev/$1 |d" /tmp/fstab
Line 79: Line 84:
Inspecting the required changes to gnome-vfs. # invent $MOUNTPOINT
MOUNTPOINT=/media/ltsp-$1
Line 81: Line 87:
Inspecting the changes to the user and group manager. echo "/dev/$1 $MOUNTPOINT $2 defaults 0 0" >> /tmp/fstab
}}}

{{{
#!/bin/sh
# remove_fstab_entry
# place in /lib/udev

sed -i -e "|^/dev/$1 |d" /tmp/fstab
}}}

ScottBalneaves suggests changing the ltspfs_mount script to the following, to avoid using /tmp/fstab at all:

{{{
#!/bin/sh
# ltspfs_mount, passed a directory name, used in /tmp/fstab. We can't use a simple
# mount /tmp/drives/directoryname, as that would need to reference /etc/fstab, which
# we're not going to touch.
grep $1 /tmp/fstab | while read DEV MOUNTPOINT TYPE OPTIONS DUMP PASS; do
   mount -t ${TYPE} -o ${OPTIONS} ${DEV} ${MOUNTPOINT}
done
}}}
Line 85: Line 112:
There were two approaches during the BoF discussions we discussed, they split up in two parts:   * Stability status of ltspfs not currently known. Update 17.6.2006: ltspfs is in current version of LTSP (4.2), and deployed. Reports coming back are positive, and the code's proven quite stable. Apart from i18n, things are looking good. -- ScottBalneaves
  * ltspfs designed for this scenario: copes better with unexpected media removal, etc.
  * There is a bug in LTSP-4.2 which prevents the second user who logs into a terminal to mount devices. Consider this in your testing.
    * This bug was fixed as of LTSP-4.2 r2. Updates have been pushed out to users and are in CVS.
Line 87: Line 117:
 1 How to notify insertion, transfer metadata, eject instructions, etc.

 2 How to transfer/mount actual filesystem data
 
For metadata, two solutions:
 1 Simple scheme involving ssh on insertion, using ssh-agent to permit reverse connections if applicable
  * Pro: not much code: new udev script and glue, new script on server to run mount command, new arrangements to make new device appear in right nautilus session or right user's desktop view.
  * Con: metadata on server is not correct; error handling may be suboptimal; not clear yet how to make nautilus right.
    (since ssh transports environment variables through its connection this data could either made available through variables or directly to ltspfs-mount as options this program would need to respect)
 2 Dbus
  * Con: needs more code: dbus X transport (should be easy); gvm to run ltspfs-mount on system device events instead of normal pmount etc.
  * Pro: completely correct and `normal' visibility of client's devices just as if it would be if the user were running a session on the local workstation
Both schemes need ldm changed to store username and password on client (in tmpfs mounted /tmp) for future ssh connections

For filesystem data, two solutions:
 1 sftp/sshfs
  * Requires reverse-connection from server back to client (and ssh-agent)
  * Simple
  * sftp is not ideal as remote filesystem protocol
 2 ltspfs
  * Some modifications to ltspfs required to make it talk over stdin/stdout rather than wanting to do its own network and own authentication (straightforward we are told)
  * Stability status of ltspfs not currently known
  * ltspfs designed for this scenario: copes better with unexpected media removal, etc.		 ----
CategorySpec

Summary

This specification describes how block devices on a thin client, such as usb memory sticks, floppies (both USB and Legacy) and cdrom drives (USB, ATAPI, SCSI) can all be accessed from the users session, which is running on the server.

Rationale

Ubuntu's LTSP currently doesn't support local block devices on thin clients. If you plug in a usb stick, usb storage capable camera, CD rom or floppy on the Thin Client, you don't have access to the device at all. An implementation to handle this was developed in LTSP-4.2.

Use cases

Scott uses a LTSP Thin Client and wants to copy files from a CD rom he burned at home. He puts the CD into the drive of his thin client and it shows up on his desktop just like it does on his Ubuntu desktop at home.

Jane has taken a bunch of photos with her usb storage capable digital camera for use in her art class. Jane's school runs an Edubuntu LTSP server in the classroom. She plugs in her camera and gets a popup that shows the pictures that are on the camera.

Willy brought his documents he wrote at home on a floppy to his office where Ubuntu LTSP runs and where he works on a thin client. Willy inserts the floppy into the local floppy drive and clicks on the floppy icon on his desktop. He then can edit the files using OpenOffice and when he saves the documents, they are saved back to the floppy disk.

Scope

  • Block devices that interact in the normal manner with udev to be automounted.
  • We won't handle special-function or character devices for Dapper. (i.e. cdrom burning or PDA syncing)

Design

The current udev/kernel structure already solves the raw automounting of the device on the thin client, ltsp.org designed a program called lbus that forwards a notification about new appearing devices on the client to the users session on the server.

The actual data transfer is done by a fuse based network filesystem called ltspfs. A daemon called ltspfsd runs on the client, a client program called ltspfs executed in the session of the user on the server does the mounting over the network. Both are purely userspace programs, and only rely on fuse, which Ubuntu already ships by default.

When a notification from lbus running on the client is received by the lbus process listening in the users session on the server, ltspfs mounts the device into a subdir of /media/$USER which is owned by the user in 0700 mode.

Implementation

A description of the existing implementation can be found on the following pages in the ltsp.org wiki:
LtspFSAutomount
LtspFS

To integrate localdevs into Ubuntu LTSP, we'll need the following changes to the existing ltspfs:

  • An additional rules file for udev, to be inserted at 88-ltspfs in /etc/udev/rules.d/, to pick up inserted block devices and write the fstab entries.

  • Modify ltspfsd to use /var/run rather than /tmp to store its state

  • Additional script(s) to handle the updating of the /var/run/fstab entries.

  • The ltspfsd daemon as is.

  • mounter and unmounter scripts that mount from /var/run/fstab, and ignore /etc/fstab (see example below).

  • The lbuscd daemon.
  • The lbus_event_handler.sh script needs to create /media/$USER/ and do the automounting in that dir instead of the users homedir.

Issues:

  • We can't use the $DISPLAY variable to find out the host name:
    • Instead, we can fall back to the SSH_CONNECTION environment variable if $DISPLAY points to localhost
  • lbus isn't packaged yet. A package that creates the lbussd and lbuscd binary packages needs to be created, ltsp-client needs to depend on the lbuscd package, the lbussd package needs to be pulled in by the ltsp-server package.
  • ltspfs-mounter and unmounter scripts need to be included in ltspfsd package.
  • Handling of LOCAL_STORAGE=True/False needs to be added to the ltsp-client-setup initscript in the ltsp-client package. (indeed that also needs to be documented as a lts.conf parameter)
  • We need to patch the ltspfs-mount and ltspfs-umount scripts to only look in /tmp/fstab.

  • Critical:

https://launchpad.net/distros/ubuntu/+source/gnome-vfs/+bug/50554 needs to be fixed

  • We've had a comment or two on the LTSP mailing list that codepages aren't supported under LTSPFS. We'll need to implement that in keeping with Ubuntu's i18n nature by adding glib's g_string functions for the string handling in ltspfs. -- ScottBalneaves

Code

keybuk suggested the following udev rules for handling fstab: 

# /etc/udev/rules.d/88-ltsp.rules
ACTION=="add", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="?*", \
     RUN+="add_fstab_entry %k $ENV{ID_FS_TYPE}"
ACTION=="remove", SUBSYSTEM=="block", RUN+="remove_fstab_entry %k"

# add_fstab_entry
# place in /lib/udev

sed -i -e "|^/dev/$1 |d" /tmp/fstab

# invent $MOUNTPOINT
MOUNTPOINT=/media/ltsp-$1

echo "/dev/$1 $MOUNTPOINT $2 defaults 0 0" >> /tmp/fstab

# remove_fstab_entry
# place in /lib/udev

sed -i -e "|^/dev/$1 |d" /tmp/fstab

ScottBalneaves suggests changing the ltspfs_mount script to the following, to avoid using /tmp/fstab at all: 

# ltspfs_mount, passed a directory name, used in /tmp/fstab. We can't use a simple
# mount /tmp/drives/directoryname, as that would need to reference /etc/fstab, which
# we're not going to touch.
grep $1 /tmp/fstab | while read DEV MOUNTPOINT TYPE OPTIONS DUMP PASS; do
   mount -t ${TYPE} -o ${OPTIONS} ${DEV} ${MOUNTPOINT}
done

BoF agenda and discussion

  • Stability status of ltspfs not currently known. Update 17.6.2006: ltspfs is in current version of LTSP (4.2), and deployed. Reports coming back are positive, and the code's proven quite stable. Apart from i18n, things are looking good. -- ScottBalneaves

  • ltspfs designed for this scenario: copes better with unexpected media removal, etc.
  • There is a bug in LTSP-4.2 which prevents the second user who logs into a terminal to mount devices. Consider this in your testing.
    • This bug was fixed as of LTSP-4.2 r2. Updates have been pushed out to users and are in CVS.

CategorySpec

ThinClientLocalDevices (last edited 2008-08-06 16:22:55 by localhost)