Linux X-terminal Details for Debian
The idea works very well; my wife and I have been unable to tell any difference in response between running applications directly on our Athlon-600 or running them indirectly via a pentium-133 that was converted to an X-terminal. Because we have used this X-terminal rather than buying a new machine we have saved ourselves a significant amount of money. Also, this X-terminal idea scales well to many systems where computer hardware costs, sysadmin costs, office noise, and office power requirements can greatly be reduced. So this is an ideal solution for settings that range from a small family LAN such as ours to much larger systems such as the 400 X-terminals served by a dual 933MHz computer running KDE that is used to satisfy the desktop needs of the employees of Largo, Florida.
The simplest X-terminal approach (see the first option in the overview) consists of an ordinary minimal Linux distribution installed on the hard drive of the slow machine (i.e. "tortoise") with the xdm server configured (see below) on the fast machine (i.e., "hare). Then simply execute "X -query hare" on tortoise, and from the tortoise keyboard, xdm will log you into hare where all your X applications can run and display their results to tortoise. The big advantage of this approach is its simplicity and security (no NFS). The principal disadvantage is you require a noisy, power-consuming disk drive on tortoise, and if that drive is old it may be difficult to maintain. OTOH, if you have a modern drive attached to your old PC, why not put that modern drive on your modern PC where you can take full advantage of it?
A slightly more complicated X-terminal approach (see the second option in the overview) consists of a separate minimal Linux root file system stored on hare's disk for each X-terminal. This file system is mounted over the network by the X-terminal kernel NFS client. The necessary kernel boot parameters for specifying the networking and the NFS client parameters are stored along with the kernel on a floppy diskette. This option is the one I chose to use, and we will explore it in a lot more detail below. The advantages of this option are it is still fairly simple and you have all your hard drives installed on the fast machine where they belong (IMHO). A disadvantage is that NFS version 3 is inherently insecure so it is best to run your fast box and X-terminal behind a firewall. Another disadvantage is that separate root file systems do not scale well to the situation where you have many X-terminals being served by a fast machine.
Before discussing the second option in detail we should at least mention the more complicated third option outlined in the overview. This option is what is described in the standard X-terminal references (the Linux Terminal Server Project documentation and the Diskless Nodes HOW-TO document for Linux). The process for booting such an X-terminal starts with an Etherboot boot ROM containing some minimalist boot code which goes through a DHCP phase to initialize the network card and find the kernel on the network and a TFTP phase to download that kernel. At that point the kernel takes over and goes through a DHCP phase to set up networking and find its (mostly shared) root file system on the network and then an NFS phase to mount that file system and go through the rest of the boot to initialize Linux from that root file system. This somewhat complicated scheme requires an EPROM burner and also relies on the insecure (see notes on security issues for X-terminals) TFTP protocol that the simpler options 1 and 2 avoid. OTOH, the complicated scheme allows you to dispense with the floppy drive (important for commercial X-terminals). Also, this scheme is especially appropriate for situations where large numbers of X-terminals are being used since it includes methods of sharing much of their root file systems (e.g. /usr) which greatly reduces the sysadmin effort required to keep packages updated.
The remainder of this document gives the specifics of my particular conversion of a pentium-133 into a Linux X-terminal using the second option from the overview. My conversion followed the advice in two especially helpful articles; Patrick Swieskowski's article is the first mention I have seen of the second X-terminal option and was the inspiration for my pentium-133 conversion using Debian while Rich Kaszeta's article, although based on the first X-terminal option, does give valuable background information.
Environment
I run Debian woody (now in freeze before its final release) on both hare and tortoise. You will have to adjust many of these details if you use a different Linux distribution for either your fast or slow box.
The /etc/hosts entries for these computers on hare are
127.0.0.1 localhost.localdomain localhost
192.168.1.1 hare.mylan.home hare
192.168.1.2 tortoise.mylan.home tortoise
The same is true on tortoise.
I am being particular about the IP addresses, names, and domain names here because these data appear in some of the script fragments below, and you will have to change them to the IP address and names that you use for your LAN computers. Just remember for now that hare == fast and tortoise == slow = X-terminal.
Hardware
Our hardware consists of a classical Athlon 600 MHz box with 768MB RAM (we will call this computer "hare") connected via 100BaseT cross-over cable (the simplest home LAN there can be) to a pentium-133 with 64MB RAM (we will call this computer "tortoise". Note that unlike Aesop's fable where hare and tortoise are in a race, in this X-terminal example, hare helps tortoise to look like it is running at the same speed as hare.
The memory size of hare is gross overkill for the purpose of running X client applications for X-terminals. Note in the city of Largo project with 400 X-terminals and 800 users (230 concurrent), the fast box has 3GB of memory which works out to an average of 13MB per concurrent user. So 13MB is roughly the RAM required for each additional X-terminal connected to hare after the first, but there is also a certain overhead as well to run all the X client applications in KDE for the first X-terminal. In the past I have successfully run KDE on a 64MB machine for a single user so I would expect that 128MB should be entirely adequate RAM size for the fast machine serving a small number of X-terminals. I don't know the RAM size required for GNOME, but I assume it is similar to KDE.
The memory size of tortoise should also be gross overkill for the purpose of being an X-terminal. I have heard and read anecdotal evidence that 16MB should be adequate for the X-terminal. Certainly from "top" statistics it looks like that would be enough on the first day after we start X on tortoise. But in later days the memory needs grow (I assume because there is a slow memory leak in XFree86-3.3.6) so we have to restart X roughly once per week with our 64MB of RAM in the pentium-133. We hope that this problem will be resolved when we move to XFree86-4.2 in the near future.
The 100BaseT networking on our home system is overkill as well. The VLUG demonstration of the X-terminal was done with a 10BaseT network, and the X display speed seemed fine.
Setup of hare
N.B. all steps in this section are done as ordinary root on hare.
(1) Install and configure the NFS kernel server on hare
I just followed the server steps in the Linux NFS HOWTO. Although, I believe the user-space NFS server should work fine for hare, I chose to use the NFS kernel server because it has worked well for me in the past. Accordingly I used the options CONFIG_NFSD=y and CONFIG_NFSD_V3=y to configure kernel-2.4.18 with the NFS server option with NFS version 3. (This version is much preferred according to the HOWTO.) After the build, I installed the resulting kernel on hare. (Note, if you are not comfortable doing a kernel configure, build and install, you should not be doing this X-terminal conversion in the first place.) On hare, the only NFS related packages I have installed are nfs-common and nfs-kernel-server. Finally, the following line was added to /etc/exports:
/usr/xterminal 192.168.1.2(rw,no_root_squash)
(2) Install and configure xdm on hare
The install is simple:
apt-get install xdm
The configuration is only slightly more complicated. All xdm configuration files are found under /etc/X11/xdm. I did not put Patrick Swieskowski's suggested "foreign" line in the "Xservers" file since according to my reading of the XDM and X Terminal mini-HOWTO it is not necessary. However, the rest of the xdm configuration followed Patrick's quite closely. In Xservers, I commented out the ":0 local /usr/X11R6/bin/X vt7 -dpi 100 -nolisten tcp" line so that I can login to a console and startx rather than xdm login on hare. In Xaccess I put in the line "tortoise" to allow the X-terminal to connect to the hare xdm server. Finally, in xdm-config, I commented out the "DisplayManager.requestPort: 0" line so that xdm would not deny all connection attempts.
(3) Configure networking on hare
The easiest way to do this is to put the following stanza in /etc/network/interfaces:
auto eth1
iface eth1 inet static
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
This assumes the connection from hare to tortoise is via the eth1 interface of hare. After /etc/network/interfaces is ready, then do
/etc/init.d/networking stop
/etc/init.d/networking start
Create root file system for tortoise on hare disk
We chose to use the second option (see overview) where the X-terminal mounts its root file system from the fast box using NFS. Thus, you need to create that root file system on the hare disk. This is done straightforwardly with the Debian base set of packages and the chroot environment. Note, that for Debian woody we haven't yet figured out how to create the base root file system directly so for now we proceed indirectly by copying the base root file system for Debian potato (the prior version of Debian) from the web and upgrading that system to woody.
Here are the steps for doing this.
(1) Create the raw base root file system (potato version) in /usr/xterminal
Note, I am following Patrick's naming convention for where (/usr/xterminal) the tortoise roof file system should be placed on the hare disk, but any choice that you use consistently for this location is fine.
As root (but not the chroot environment)
cd /tmp
wget http://http.us.debian.org/debian/dists/stable/main/disks-i386/current/base2_2.tgz
mkdir /usr/xterminal
cd /usr/xterminal
tar zxf /tmp/base2_2.tgz
(2) Create or modify some specific files in the newly created root file system
Note /etc/resolv.conf allows DNS resolution; /etc/hosts allows you to associate specific computer names with their ip numbers (see above for the example used on our hare and tortoise systems); and /etc/hostname identifies the name of the X-terminal.
cp /etc/resolv.conf /etc/hosts /usr/xterminal/etc
echo tortoise >/usr/xterminal/etc/hostname
For additional X-terminal security I edited /usr/xterminal/etc/hosts.deny to have just one line
ALL: ALL
and edited /usr/xterminal/etc/hosts.allow to have these three lines:
ALL: 127.0.0.1 except paranoid
ALL: 192.168.1.1 except paranoid
ALL: 192.168.1.2 except paranoid
(Like other distributions, Debian is quite lax about this area of security. There simple All: paranoid in hosts.deny with nothing in hosts.allow reduces the chances of spoofed attacks, but leaves your computer wide open to attacks from computers that have already been taken over by a cracker. Furthermore, the hosts.deny and hosts.allow files are only a part of one layer of security, and I advocate you should at least also put your computer behind a firewall as well. (Further information about X-terminal security is discussed below.)
Put two lines in /usr/xterminal/etc/fstab
proc /proc proc defaults 0 0
hare:/usr/xterminal / nfs defaults,rsize=8192,wsize=8192,hard 0 1
Add this line in /usr/xterminal/etc/inittab
#X:123456:respawn:/usr/bin/X11/X -query 192.168.1.1
Note, I have commented it out this important line for now because I think it is better to get the X terminal machine working as a console first. Further instructions will be given below about this.
Remove or rename /usr/xterminal/sbin/unconfigured.sh. One of the Debian init scripts looks for this file and executes it (which issues a warning about not being configured.) Remove this file since you are now done configuring the X-terminal root file system (except for uncommenting the inittab line once the console mode works).
(3) Upgrade the tortoise root file system from potato to woody using the chroot environment
The woody version of Debian includes NFS version 3 which comes highly recommended in the Linux NFS HOWTO. Thus, woody (which is about to replace potato as the stable version of Debian) is necessary for obtaining the best stability for the X-terminal.
The upgrade from potato to woody is done by chrooting to the tortoise root file system on the hare disk that you have just created, editing the sources.list file, and then using apt-get. The detailed instructions below follow what is recommended at http://www.debian.org/releases/woody/i386/release-notes/ch-upgrading.en.html.
Note, the chroot environment puts you immediately into Debian potato with the root file system you just created, and, in fact, this step can be done from any distribution running on hare. However, the kernel you are using is still the kernel running on hare, and no init scripts are executed so be as conservative as possible about the commands you try in the chroot environment. I know the following commands work reasonably well under the chroot environment, but others may not work.
chroot /usr/xterminal bash --login
This mount command apparently only needed for first chroot session if you have more than one.
mount proc -t proc /proc
Change all references from "stable" to "woody", and comment out security sections because those don't yet exist for "woody".
vi /etc/apt/sources.list
apt-get update
Remove the lilo package because it is not needed by tortoise and because it gives nothing but trouble because of inconsistencies with the hare kernel (one of the problems with the chroot environment).
apt-get --purge remove lilo
Get modern versions of these packages first. Note you will be asked several configuration questions as you go along. I took defaults for the responses except that I used the dialog option for debconf, I had debconf ignore questions less than high, and replaced all potato versions of configuration files with the woody versions when asked.
apt-get install dpkg apt debconf
Upgrade the rest of the packages to woody.
apt-get --fix-broken --show-upgraded dist-upgrade
Exit from the hare chroot environment.
exit
(4) Restart the hare nfs server so the newly created /usr/xterminal directory can be exported
cd /etc/init.d
./nfs-kernel-server stop
./nfs-kernel-server start
The tortoise root file system is now ready for console mode testing. We will do the base-config and X stuff in the next step from tortoise once that is booted from the kernel diskette created in the next two steps.
Configure and build X-terminal kernel on hare
I configured and built kernel-2.4.18 on hare for eventual use on a floppy diskette file system on tortoise. You should make your life easier by simplifying the kernel configuration as much as possible keeping in mind that the X-terminal will use very few kernel services or devices when it is in operation. This means no modules (this is actually required and not optional for X-terminal kernels), no experimental options, no ATA, no SCSI, no sound, etc. Remember the KISS principle.
You should include in your configuration
IP: kernel level autoconfiguration (CONFIG_IP_PNP)
NFS file system support (CONFIG_NFS_FS)
Root file system on NFS (CONFIG_ROOT_NFS)
You should configure the driver appropriate for your network interface card. In my case that was via-rhine, but it is likely to be different in your case.
You should configure a driver appropriate for your mouse. In my case that was a serial mouse, but it may be different in your case.
Configure and build the tortoise kernel with
make mrproper
This is the step where you configure the tortoise kernel in the simplest way possible, see above.
make xconfig (or config or menuconfig)
make dep
make bzImage
N.B. no make modules or make modules_install after this since no modules are configured.
Create tortoise boot diskette on hare
Mark special root device on kernel image so that it will attempt to find its root file system over NFS. This fake device will be used by lilo step below.
mknod /dev/boot255 c 0 255
Prepare 2S/2D (two-sided, double density) floppy.
superformat /dev/fd0 hd
Change directory to where newly compiled bzImage is located, create ext2 file system on floppy, copy /boot/boot.b and kernel to it, create a lilo.conf file on it, and run lilo with that file to copy that information to the boot diskette.
N.B. lilo is an inherently dangerous command (to hare) so make sure that /floppy/lilo.conf is correct (especially the boot = /dev/fd0 line), and also make sure that the lilo command uses that file (and no other) with the -C option.
cd arch/i386/boot
mke2fs -q /dev/fd0
mount -t ext2 /dev/fd0 /floppy
cp bzImage /floppy/vmlinuz
cp /boot/boot.b /floppy/boot.b
cat > /floppy/lilo.conf <
boot = /dev/fd0
install = boot.b
map = map
compact
prompt
timeout = 50
read-only
image = vmlinuz
label = linux
root = /dev/boot255
append = "root=/dev/nfs nfsroot=/usr/xterminal,rsize=8192,wsize=8192,hard ip=192.168.1.2:192.168.1.1:192.168.1.1:255.255.255.0:tortoise::off"
EOF
N.B. this is the dangerous (to hare) command if not done exactly as indicated. See comment above.
lilo -C /floppy/lilo.conf
The append configuration line for lilo.conf makes sure the kernel is booted with the specified options. The root option signals that it is a special NFS root mount. The nfsroot option gives the location of the root file system and important efficiency parameters and hard parameter recommended by the Linux NFS HOWTO. The ip option gives all the networking information.
Unmount the just-created tortoise kernel diskette from the hare floppy drive
umount /floppy
You are now done with creating the tortoise boot diskette. Save it for the following smoke test!
Time for the smoke test!
Insert the newly created tortoise boot diskette into the tortoise floppy drive, and change the BIOS on tortoise so that it will boot from that floppy drive. Boot tortoise!
Because of the kernel parameters stored by lilo on the boot diskette the kernel NFS-mounts the root file system that has just been prepared on hare for tortoise. If all goes well with booting from the tortoise kernel diskette you will get appropriate boot messages (especially networking and NFS mounting of the root file system) which will end with a login prompt on the Linux console (not the xdm login prompt to hare because you haven't installed or set up X yet, and because you have commented out the /etc/inittab X -query line.)
Finish console mode configuration and add useful packages.
Login as root on tortoise (no password will be required this first time, but that is about to change).
Do remainder of base configuration. This sets locale information, time zone, shadow passwords, the root password, etc. Do not add any users! Remember that once X is working, you will be logged into hare by xdm from the X-terminal so there is no need for user accounts on tortoise. Do not add any more packages at this time! Remember that all user applications are run on hare so there is no need to install them on tortoise. (You do want a nice lean distribution for your X-terminal, don't you?)
base-config
Here are some additional packages which are a good idea to install on tortoise.
Gaining access to the tortoise console via ssh. Make sure to specify server so can ssh to tortoise
apt-get install ssh
After this install, test to make sure you can ssh to and from tortoise. You may need this capability in an emergency.
Install man pages
apt-get install man
XFree86 details
Be careful of whether you download xfree-3.3.6 or xfree-4.x packages. Some older cards (typical of old computers you are going to turn into X-terminals) are still only supported under 3.3.6. For example, this was true of the S3 trio64 I had on my pentium-133. Find out the driver status for your old video card at the XFree86 driver status page: at http://xfree86.org/4.1.0/Status.html.
N.B. XFree86-4.2.0 is out now (which apparently adds support for older cards such as the trio64), but 4.2.0 will not be available for Debian until sometime after Debian woody goes final so that is why I have specified the 4.1.0 status page above.
YMMV, but for the old S3 trio64 card on tortoise the following apt-get command installed all the X packages that were required.
apt-get install xserver-s3 xfonts-100dpi xfonts-base
N.B. this *must be* done in console mode directly at tortoise keyboard (so that correct mouse, video card, and monitor are detected and configured.) If you do this step from the hare chroot environment or as part of an ssh session from hare to tortoise you will detect the hare hardware and generate an XF86Config file that certainly will not work and could potentially destroy your tortoise monitor! YOU HAVE BEEN WARNED!
If you would like to supplement the 100dpi font package in the apt-get line above, then Debian is the distribution for you. To check out all the fonts packages available simply run
dpkg --list '*font*'
or else use one of the search engines on http://www.debian.org/distrib/packages.
If you want to redo the X configuration for your X-terminal, I recommend using
dpkg-reconfigure xserver-s3
(or whatever your X server package is).
The first X test I recommend is
X -probeonly
This command does all the initial checks of your video card and monitor for the XF86Config file that you have prepared above. Pay attention to any warning messages that you may receive, look carefully at man XF86Config, and double-check that you have the ranges on the vertical and horizontal frequencies that match what your monitor manual says is correct. If you have lost the manual for your old monitor, usually a web search will reveal these important numbers.
If you are satisfied with the messages from X -probeonly the next step is to try out
X -query 192.168.1.1
If things go wrong, remember ctrl-alt-backspace gets you out of X. However, if things go right you should see the xdm login prompt on the tortoise monitor, and you should be able to login to any account on hare from that login prompt so long as that account has a valid .xsessions file in their home directory. Here is the version of that file for my account:
#!/bin/sh
#export PATH=$PATH:any_paths_you_want_to_add
startkde
If you prefer some other alternative to the KDE integrated desktop, change the startkde command to whatever is appropriate.
I had many failed logins before I found (by checking .xsession-errors) that the default PATH under xdm is quite limited and unchanged by anything you do in your .login file (under tcsh) or .profile file in bash. Thus, all path manipulations have to be done in the way above (which I have commented out since you may be happy with your default PATH) for xdm. (AFAIK. This has been my first experience with xdm. I ordinarily just simply use startx on hare.)
If you want access to the console mode again for tortoise, simply hit ctrl-alt-F2 on the tortoise keyboard from your X screen and as per usual hit ctrl-alt-F7 to get back into X. Alternatively, you can ssh root@tortoise from hare. Also, you have full access to the root file system of tortoise as superuser on hare (or even in chroot environment from hare as above, although I feel that is more dangerous than just accessing /usr/xterminal/whatever_file from hare superuser directly.)
Finally, if you are completely satisfied with the way that the X server is working on tortoise, you can uncomment the /etc/inittab line to read
X:123456:respawn:/usr/bin/X11/X -query 192.168.1.1
Afterwards execute
telinit q
(man telinit) to get init to re-examine the init file for changes.
The above inittab line means that you will be put right back into X (the respawn part) each time you exit from it. This is quite convenient once everything is settled down, but it is a real pain if there is still some X configuration refinement you would like to do. If you have the respawn line in, and there is some X emergency, if your tortoise keyboard is still working you should still be able to use ctrl-alt-F2 (or F3 or F4, etc.) to get to a console. If the keyboard is frozen, then your only recourse is to ssh in to root@tortoise from the tortoise keyboard and kill X. Of course the respawn will force it to start again, and put you back to the xdm login screen, but if you don't want that you should comment out the above line from /etc/inittab, and execute
telinit q
before killing X.
Security
I have mentioned security a fair amount throughout the course of this text. The sad fact is you don't have much security when you are running an X-terminal. (See Important notes on security issues for X-terminals for a sobering evaluation of this.) Dropping use of the DHCP and TFTP protocols helps for the second X-terminal option we are discussing, but we are currently stuck with the inherent insecurity in version 3 of NFS that is now available on Linux unless we use the first option for X-terminals discussed in the overview.
Even though I have attempted to make you aware of the security issues of X-terminals, you don't want to get so paranoid about security that you lose sight of the great practical benefits of turning your old computer into an X-terminal. So for now, I believe a good compromise is to make sure you (and only the users you trust) are behind a good firewall such as the stateful iptables firewall available via Linux kernel 2.4.x. Note also that once version 4 of NFS is implemented for Linux, the security concerns for NFS on Linux will be much reduced according to the Linux NFS HOWTO.
Conclusion
Good luck, and have fun following Patrick's article and these supplementary details for turning your old computer into a fast X-terminal. The results have been well worth it for my wife and me since it allowed us to put off a purchase of a new computer and thus skip one or possibly several expensive PC hardware upgrade cycles.
Tidak ada komentar:
Posting Komentar