Education and the Cloud

November 20, 2013

Configure x2go remote desktop capability into LXC Containers

Filed under: LXC, Remote Desktop, ubuntu, x2go — Tags: , , , — bmullan @ 8:32 am

I’ve long used x2go for remote desktop access to Linux machines.   So far I’ve found x2go to be by far the fastest/best remote desktop application for Linux whereby a Linux, Windows or Mac user can access that Linux desktop “server”.

The following will show you how to create an LXC container and configure it to implement the x2go (see www.x2go.org) remote desktop “server” so you can access the LXC container’s desktop using any of x2go native client (windows, linux, mac) or even the x2go web browser plugin (ubuntu only at this time).

Note 1:

  • the following assumes an Ubuntu Host OS.   LXC is implemented in the Linux Kernel and should be available on ANY Distro but use may differ in some ways not documented here.

First lets create a test LXC container

$ sudo lxc-create -t ubuntu -n test

Note 2:    -t specifies “what” linux LXC “template” to use in creation of the LXC container.   In ubuntu templates exist for:

  • lxc-alpine
  • lxc-busybox
  • lxc-fedora
  • lxc-sshd
  • lxc-altlinux
  • lxc-cirros
  • lxc-opensuse
  • lxc-ubuntu
  • lxc-archlinux
  • lxc-debian
  • lxc-oracle
  • lxc-ubuntu-cloud

So although I use Ubuntu I could create an LXC container running OpenSuse, Debian, Arch Linux etc….  very cool capability.

The ONLY caveate is that all container OS’s will have to run the Host OS’s “kernel”.    This normally is not a problem for most use-cases though.

Next we have to “start” the LXC container we called “test”

$ sudo lxc-start -n test

As part of executing the above command you will be presented with a login prompt for the LXC container.   The default LoginID = ubuntu and the password = ubuntu

So login to the LXC container called “test”

Next I started adding some of the applications I would be using to do the test.

First I make sure the test container is updated

test:~$ sudo apt-get update && sudo apt-get upgrade -y

Next I install either an XFCE or LXDE desktop… Note, I use one of these because no remote desktop software I am aware of supports the 3D graphics of etiher Unity or Gnome3… including x2go. But x2go does support xfce, lxde, mate and a couple others.

So lets install xfce desktop in the container.

test:~$ sudo apt-get install xubuntu-desktop -y

In order to install x2go PPA in the container I have to get “add-apt-repository” (its not by default)

test:~$ sudo apt-get install sofware-properties-common -y

Now I can add the x2go PPA:

test:~$ sudo add-apt-repository ppa:x2go/stable

Next, install the x2goserver to which I will connect from my Host by using the x2goclient I will install there later.

test:~$ sudo apt-get install x2goserver x2goserver-xsession -y

x2goclient uses SSH to login to an x2goserver.

There are various advanced x2go configs you can do for login but to keep it simple I am going to just be using login/password combo.

However, to be able to do that the default Ubuntu /etc/ssh/sshd_config file needs 2 changes to allow logging in with login/password.

Use whatever editor you use to edit (I use nano – which you would have to also install with apt-get into the container)

test:~$ sudo nano /etc/ssh/sshd_config

Change the following from NO to YES to enable challenge-response passwords

ChallengeResponseAuthentication no

Uncomment out (re remove the #) the following to enable Password Authentication

#PasswordAuthentication yes 

Save your 2 changes and exit your editor.

Now, restart SSH so the changes take effect

 test:~$ sudo service ssh restart

At this point the x2goserver is all setup in the LXC container so you can access it with your x2goclient on your Host OS or wherever they might be assuming they can connect to your LXC container’s IP address.

You can shutdown (or reboot) the LXC container while logged into it just as you would in any Ubuntu by:

test:~$ sudo shutdown -r now  -or- $ sudo shutdown -h now

What is nice about LXC is that once you have shutdown the LXC container you can “clone” that entire container very quickly by issuing the following command on your Host OS

hostOS:~$  sudo lxc-clone -o test -n new_container

Each new LXC container will get a new IP address (default will be in the 10.x.x.x address range).

After you “start” your new cloned LXC container:

hostOS:~$  sudo lxc-start -n new_container

To access the NEW LXC container you can find out the new LXC container’s IP address using the following command after the LXC container has been started:

hostOS:~$ sudo lxc-ls –fancy

 You can then use that IP address in creating a new x2go “session profile”.

Again, remember that each container “could” be configured with a different Desktop Environment so one user could have xfce another lxde another Mate etc.

Hope this is useful and fun for you to experiment with.

Brian

How to Enable Sound in LXC (Linux Containers)

Filed under: LXC, pulseaudio, ubuntu, x2go — Tags: , , , — bmullan @ 7:26 am

An Approach to Enable Sound in an LXC container

Background:

LXC Containers are usually used for “server” type applications where utilizing sound is not required.

My personal “use-case” is that I want to use LXC containers to provide a remote-desktop “server” to remote users.    In my use-case I use both the awesome x2go remote desktop application refer to: http://www.x2go.org and also my own spin of the great Guacamole HTML5 remote desktop proxy gateway.

I will not go into anything x2go or Guacamole related here regarding how to setup it up for use with LXC.

The following is how I enabled Sound in my LXC containers on my Ubuntu 15.10 amd64 host/server.

Before you do anything with a container you need to make 1 change to whatever “Host/Server” you want to play sound from LXC containers.   Whether that Host/Server is local or remote or the same Host/Server that the LXC containers are running on.

$ echo “load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;10.0.3.0/24” |  sudo tee -a /etc/pulse/system.pa  

$ echo “load-module module-zeroconf-publish”  | sudo tee -a /etc/pulse/system.pa 

The above will add the following 2 lines to the end of your Host’s /etc/pulse/system.pa  file:

load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;10.0.3.0/24

load-module module-zeroconf-publish

The 1st statement says to allow sound from “remote” systems whose IP addresses are part of 10.0.3.x … in essence from any LXC container running on that Host/Server.

Once you have done the above you will need to either reboot the Host or just “kill” the Pulseaudio Daemon running on the Host, which will auto-restart itself picking up the 2 new system.pa commands you created!

to restart pulseaudio

ps -ax | grep pulseaudio

then use the kill -9 command & the PID of the above pulseaudio output.   As an example lets assume pulseaudio is running on PID 2189

$ sudo kill -9 2189

You can check that pulseaudio daemon restarted by doing the “ps -ax | grep pulseaudio” command again.

 

Step 1 – Create a Test container

Create a test container (the following creates a “privileged” LXC container but Un-privileged works as well:

$ sudo lxc-create -t download -n test

Start the test container:

$ sudo lxc-start -n test

 

Step 2 – Add PulseAudio and an audio player (mpg321) into the Test container

$ sudo apt-get install  pulseaudio  mpg321  -y

Create your new Ubuntu UserID

$ sudo adduser YourID

 

Step 3 – Configure your LXC Test Container’s PulseAudio to redirect any Sound over the Network

PulseAudio is really a very powerful audio/sound management application and there are many ways to utilize it.

One such way allows you to configure a “remote system”… in this case “remote” being the Test LXC container which is on a different IP Network than your Host OS so that it plays any sound/audio on the Host/Server (or a truly remote Host/Server:

NOTE 1:

  1. The “target” PulseAudio Host PC that will “play” the sound … (if on a home network) is usually a 192.168.x.x IP network.
  2. An LXC container on your Host PC is usually on a 10.x.x.x IP Network
  3. The LXC “Host PC” and any LXC Containers are usually bridged together via the lxcbr0 (lxcbr”zero”) bridge so they can communicate and so your LXC container can communicate with the Internet.

Make sure you are logged into your Test LXC container using “YourID” and “YourPassword”.    If you just created yourID in the container and are still logged in as ubuntu/root the SU to yourID   ( $ su yourID).

Next is the important step regarding PulseAudio configuration in your LXC Test Container.   The following command adds a new environment variable when you login to the Container in the future.

$  echo “export PULSE_SERVER=10.0.3.1” | tee -a ~/.bashrc

The above will add the following line to the end of your .bashrc file

export PULSE_SERVER=10.0.3.1

In the above 10.0.3.1 is the IP of the HOST OS on the lxcbr0 bridge that LXC by default installs for you when you install LXC.

Note:  if the actual Host/Server you want to play the sound on is a truly remote Host/Server (re not the Host of the LXC container) the use the IP address of that remote Host/Server in the above

NOTE 2:

  1. PulseAudio by default usesport 4713.  Both on your Target Host OS and in any LXC container you might create unless otherwise configured differently.
  2. If you have any problems using sound in a future container make sure that Port 4713 is open in any firewalls if you plan to send sound to your local workstation  over a network or the Internet itself.

 

Step 4 – Finally Check to see if Sound works from your LXC Test Container

To test that sound works in your container use SCP to copy some mp3 file from your Host to the LXC container (assume the mp3 is called test.mp3).

$  scp /path-to-mp3/test.mp3  yourID@container_ip:/home/yourID

Next log back into your container as yourID.  You can ssh into it or lxc-attach to it.  In either case make sure you are logged in as yourID not root or ubuntu user.

Now you can  use the application “mpg123” to see if sound worked.

If you did everything correctly and if you have your speaker On and Volume turned up on your Host PC you should hear the .mp3 file playing when you execute the following:

$ mpg123 ~/test.mp3

SUMMARY

The PulseAudio configuration I described here for the “test” LXC container allows PulseAudio to redirect sound to ANY other Linux system running PulseAudio on the network -or- the Internet.

IMPORTANT NOTE

This PulseAudio setup does allow concurrent simultaneous use of Sound by BOTH the Host and the Container.    For a single user case this may not be what you want but if you want the audio to play on some remote Linux machine, a Raspberry Pi out on your Deck etc. this is really useful

However, remember “my use-case” was for remote desktop access to LXC container based Ubuntu desktop systems. In “my use-case” … each container will eventually be configured so that any container will redirect PulseAudio TO the remote desktop “user” PC wherever that is on the “internet”.

Remember that the PulseAudio port 4713 can not be blocked by any firewalls

NOTE 4:

This configuration of course was simply to test that Sound would work.

I do think LXC could become a great User Desktop virtualization approach as it works great now with x2go (in my case) but there are other remote desktop access applications that others may utilize also.

Finally, the www.pulseaudio.org has a lot of other detailed information regarding advanced PulseAudio configuration and use. I’m still learning myself.

Hope this helps others trying to do similar things.

Blog at WordPress.com.