Full Report: LTSP Hackfest Maine 2008

The Linux Terminal Server Project (LTSP) enables Linux distributions to boot entire networks of diskless clients, and serve Linux desktop as a thin client, with storage handling (USB, CD, floppy) and remote sound.  LTSP is especially attractive for businesses and schools because it is the most cost effective way to deploy large numbers of desktops with extreme reliability and security, with minimal staff necessary to maintain it.

This is the report from LTSP Hackfest Maine 2008.  Last year we held this event at the same location, at the cozy Seawall Motel in Southwest Harbor, Maine.  This year's event and grand lobster feast was sponsored by DisklessWorkstations.com, the founders of the LTSP project nearly a decade ago.  Attendees this year include Red Hat, Disklessworkstations.com, LTSP upstream, Resara, Revolution Linux, Symbio, and a few educators and independent consultants that support LTSP at businesses and schools.

LDM is a graphical front-end greeter login screen for ssh.  Thin clients can boot and run LDM, where it asks for the login name and password.  Optionally the user can choose Session type (GNOME, KDE, XFCE, Sugar, etc.) or login language.  Gideon Romm, Scott Balneaves, Stéphane Graber and Francis Giraldeau focused their efforts on LDM improvements where they made much progress.  They implemented proper event handling by splitting X launching out of the LDM binary.  LDM is now a client of xinit where signal handling is now handled.  This eliminated a long standing race condition where LDM would crash, or keyboard layout setting would fail, because they attempted to run before X had fully initialized.  They fixed Tab key handling, where LDM now cycles through username and password dialogs in the same manner as GDM.  Proper syslog usage was implemented, which should make it more consistent to log and debug LDM in the future.  The long standing "kill -1" hack was finally eliminated after more than a year of effort.  LDM before had to forcibly kill the ssh session at logout.  By cleanly allowing the connection to exit, it is now possible to run other post-logout scripts to cleanup the session properly.

Further improvements to LDM were discussed and planned:

• Currently LDM has a significant problem in the way it talks to the remote SSH server.  It currently uses an expect-like parsing chat to determine if it had successfully logged in, or if password expiry and forced password changing is needed.  This is highly problematic because the chat from the SSH server can be localized in any arbitrary language.  The LTSP developers are thinking about switching LDM from parsing chat to a library interface like libssh2.  It is a shame that openssh does not provide a library interface like this.  libssh2 might work, except there are some concerns about its maintainbility given that the upstream project does not appear to be very active and it would be yet another crypto interface with potential security implications.  Debian does not ship libssh2 in the core repository.  Fedora apparently ships libssh2 in core because it is a dependency of libcurl, but this is suspected to be an accident.  RHEL5 does not have libssh2 at all.  More investigation is required into this issue.
• Handle password expiry better.
• Handle cases where client does not already know a SSH server key.
• Chris and Brendan of Resara are working on a qt greeter for LDM.  They also designed an improved protocol for greeter to LDM backend communication.

RHEL5 Backport
Warren Togami and Bryan Smith of Red Hat focused mostly on creating a plan for backporting LTSP5 to RHEL5.  The following is the basic implementation plan.

• mkinitrd (Warren): After examining a few different approaches including libkudzu, LTSP's old pci detection code, or system-config-netboot, we settled upon a backport of Fedora's mkinitrd loadDrivers function to RHEL5.  RHEL5's modprobe seems capable of handling modalias based loading.  It appears possible to pull in modprobe and minimal libraries needed to use modprobe without effecting anything else in RHEL5 mkinitrd.  The only difference that we will need to implement is a way to detect which kernel modules are network drivers.  Fedora's mkinitrd can use --with-avail==networking, but this is not possible on RHEL5 because there is no modules.networking group.  We will likely implement something that looks at PCIID's within kernel modules and automatically pulls in matching kernel modules.
• livecd-tools (Warren): Warren will backport necessary changes from Fedora's livecd-tools to the EPEL5 version to handle client chroot creation.
• GNOME backports (Warren): Warren will backport a few simple patches in modern GNOME and a few patches from Ubuntu to correct a few annoying problems with GNOME on a multi-user terminal server.
• Problem: RHEL5 lacks fuse kernel module (Bryan): A full backport to RHEL5 will require the fuse kernel module on both the client chroot (sshfs) and server (ltspfs).  Bryan will work on the business case to achieve this, while Warren will talk with the filesystem engineers about technical feasibility of shipping it.
• fuse setuid or fuse group permission issue (Bryan): The fuse userspace tools needs to either have setuid or users must be in a fuse group in order for fuse to work on RHEL5.  Fedora 9+ no longer has this problem because it uses gvfs.
• alsa-plugins-pulseaudio missing from EPEL5 (Bryan): Bryan plans on figuring out the ideal version of alsa-plugins to put a tested version of the alsa-plugins-pulseaudio in EPEL5.

Miscellaneous Stuff

• ltsp-cluster is an optional add-on project from Revolution Linux.  ltsp-cluster enables the ability to have a cluster of LTSP servers that load balance and fail-over.  There is also central configuration management of thin clients, PXE configuration management.  It is a work in progress to get all of this merged upstream.
• Local apps menu integration merged into ltsp-trunk.  It automatically generates an XDG compliant menu entry for local applications to show up automatically on the menus of the remote GNOME/KDE desktop.  This requires more polish.
• Serial printer support was merged into jetpipe.  Testing is encouraged.
• Local Volume Manager is planned.  This would modify ltspfs to support local apps to be able to directly access local devices (like USB sticks).
• Gideon Romm plans to push his timezone and time server handling code, and PTP Camera support for local devices upstream.  DPMS power saving support should also go upstream soon.
• Chuck Liebow and David Johnston worked on documentation.
• Warren began thinking about PXE to Flash update architecture.
• Fedora K12Linux Live Server was demonstrated.
• Gideon Romm demonstrated his Symbiont Boot Appliance.
• Warren fixed a few Fedora 10 LTSP issues.

Next LTSP Event
The next LTSP Event is planned in Brazil during 2009 at the 10th anniversary of FISL, which is also the 10th anniversay of the LTSP project.  Then the group plans on meeting again at Southwest Harbor for another Maine hackfest during the same time early November 2009.