Education and the Cloud

November 20, 2013

Configure x2go remote desktop capability into LXC Containers

Filed under: LXC, Remote Desktop, ubuntu, x2go — Tags: , , , — bmullan @ 8:32 am

I’ve long used x2go for remote desktop access to Linux machines.   So far I’ve found x2go to be by far the fastest/best remote desktop application for Linux whereby a Linux, Windows or Mac user can access that Linux desktop “server”.

The following will show you how to create an LXC container and configure it to implement the x2go (see www.x2go.org) remote desktop “server” so you can access the LXC container’s desktop using any of x2go native client (windows, linux, mac) or even the x2go web browser plugin (ubuntu only at this time).

Note 1:

  • the following assumes an Ubuntu Host OS.   LXC is implemented in the Linux Kernel and should be available on ANY Distro but use may differ in some ways not documented here.

First lets create a test LXC container

$ sudo lxc-create -t ubuntu -n test

Note 2:    -t specifies “what” linux LXC “template” to use in creation of the LXC container.   In ubuntu templates exist for:

  • lxc-alpine
  • lxc-busybox
  • lxc-fedora
  • lxc-sshd
  • lxc-altlinux
  • lxc-cirros
  • lxc-opensuse
  • lxc-ubuntu
  • lxc-archlinux
  • lxc-debian
  • lxc-oracle
  • lxc-ubuntu-cloud

So although I use Ubuntu I could create an LXC container running OpenSuse, Debian, Arch Linux etc….  very cool capability.

The ONLY caveate is that all container OS’s will have to run the Host OS’s “kernel”.    This normally is not a problem for most use-cases though.

Next we have to “start” the LXC container we called “test”

$ sudo lxc-start -n test

As part of executing the above command you will be presented with a login prompt for the LXC container.   The default LoginID = ubuntu and the password = ubuntu

So login to the LXC container called “test”

Next I started adding some of the applications I would be using to do the test.

First I make sure the test container is updated

test:~$ sudo apt-get update && sudo apt-get upgrade -y

Next I install either an XFCE or LXDE desktop… Note, I use one of these because no remote desktop software I am aware of supports the 3D graphics of etiher Unity or Gnome3… including x2go. But x2go does support xfce, lxde, mate and a couple others.

So lets install xfce desktop in the container.

test:~$ sudo apt-get install xubuntu-desktop -y

In order to install x2go PPA in the container I have to get “add-apt-repository” (its not by default)

test:~$ sudo apt-get install sofware-properties-common -y

Now I can add the x2go PPA:

test:~$ sudo add-apt-repository ppa:x2go/stable

Next, install the x2goserver to which I will connect from my Host by using the x2goclient I will install there later.

test:~$ sudo apt-get install x2goserver x2goserver-xsession -y

x2goclient uses SSH to login to an x2goserver.

There are various advanced x2go configs you can do for login but to keep it simple I am going to just be using login/password combo.

However, to be able to do that the default Ubuntu /etc/ssh/sshd_config file needs 2 changes to allow logging in with login/password.

Use whatever editor you use to edit (I use nano – which you would have to also install with apt-get into the container)

test:~$ sudo nano /etc/ssh/sshd_config

Change the following from NO to YES to enable challenge-response passwords

ChallengeResponseAuthentication no

Uncomment out (re remove the #) the following to enable Password Authentication

#PasswordAuthentication yes 

Save your 2 changes and exit your editor.

Now, restart SSH so the changes take effect

 test:~$ sudo service ssh restart

At this point the x2goserver is all setup in the LXC container so you can access it with your x2goclient on your Host OS or wherever they might be assuming they can connect to your LXC container’s IP address.

You can shutdown (or reboot) the LXC container while logged into it just as you would in any Ubuntu by:

test:~$ sudo shutdown -r now  -or- $ sudo shutdown -h now

What is nice about LXC is that once you have shutdown the LXC container you can “clone” that entire container very quickly by issuing the following command on your Host OS

hostOS:~$  sudo lxc-clone -o test -n new_container

Each new LXC container will get a new IP address (default will be in the 10.x.x.x address range).

After you “start” your new cloned LXC container:

hostOS:~$  sudo lxc-start -n new_container

To access the NEW LXC container you can find out the new LXC container’s IP address using the following command after the LXC container has been started:

hostOS:~$ sudo lxc-ls –fancy

 You can then use that IP address in creating a new x2go “session profile”.

Again, remember that each container “could” be configured with a different Desktop Environment so one user could have xfce another lxde another Mate etc.

Hope this is useful and fun for you to experiment with.

Brian

Advertisements

How to Enable Sound in LXC (Linux Containers)

Filed under: LXC, pulseaudio, ubuntu, x2go — Tags: , , , — bmullan @ 7:26 am

An Approach to Enable Sound in an LXC container

Background:

LXC Containers are usually used for “server” type applications where utilizing sound is not required.

My personal “use-case” is that I want to use LXC containers to provide a remote-desktop “server” to remote users.    In my use-case I use both the awesome x2go remote desktop application refer to: http://www.x2go.org and also my own spin of the great Guacamole HTML5 remote desktop proxy gateway.

I will not go into anything x2go or Guacamole related here regarding how to setup it up for use with LXC.

The following is how I enabled Sound in my LXC containers on my Ubuntu 15.10 amd64 host/server.

Before you do anything with a container you need to make 1 change to whatever “Host/Server” you want to play sound from LXC containers.   Whether that Host/Server is local or remote or the same Host/Server that the LXC containers are running on.

$ echo “load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;10.0.3.0/24” |  sudo tee -a /etc/pulse/system.pa  

$ echo “load-module module-zeroconf-publish”  | sudo tee -a /etc/pulse/system.pa 

The above will add the following 2 lines to the end of your Host’s /etc/pulse/system.pa  file:

load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;10.0.3.0/24

load-module module-zeroconf-publish

The 1st statement says to allow sound from “remote” systems whose IP addresses are part of 10.0.3.x … in essence from any LXC container running on that Host/Server.

Once you have done the above you will need to either reboot the Host or just “kill” the Pulseaudio Daemon running on the Host, which will auto-restart itself picking up the 2 new system.pa commands you created!

to restart pulseaudio

ps -ax | grep pulseaudio

then use the kill -9 command & the PID of the above pulseaudio output.   As an example lets assume pulseaudio is running on PID 2189

$ sudo kill -9 2189

You can check that pulseaudio daemon restarted by doing the “ps -ax | grep pulseaudio” command again.

 

Step 1 – Create a Test container

Create a test container (the following creates a “privileged” LXC container but Un-privileged works as well:

$ sudo lxc-create -t download -n test

Start the test container:

$ sudo lxc-start -n test

 

Step 2 – Add PulseAudio and an audio player (mpg321) into the Test container

$ sudo apt-get install  pulseaudio  mpg321  -y

Create your new Ubuntu UserID

$ sudo adduser YourID

 

Step 3 – Configure your LXC Test Container’s PulseAudio to redirect any Sound over the Network

PulseAudio is really a very powerful audio/sound management application and there are many ways to utilize it.

One such way allows you to configure a “remote system”… in this case “remote” being the Test LXC container which is on a different IP Network than your Host OS so that it plays any sound/audio on the Host/Server (or a truly remote Host/Server:

NOTE 1:

  1. The “target” PulseAudio Host PC that will “play” the sound … (if on a home network) is usually a 192.168.x.x IP network.
  2. An LXC container on your Host PC is usually on a 10.x.x.x IP Network
  3. The LXC “Host PC” and any LXC Containers are usually bridged together via the lxcbr0 (lxcbr”zero”) bridge so they can communicate and so your LXC container can communicate with the Internet.

Make sure you are logged into your Test LXC container using “YourID” and “YourPassword”.    If you just created yourID in the container and are still logged in as ubuntu/root the SU to yourID   ( $ su yourID).

Next is the important step regarding PulseAudio configuration in your LXC Test Container.   The following command adds a new environment variable when you login to the Container in the future.

$  echo “export PULSE_SERVER=10.0.3.1” | tee -a ~/.bashrc

The above will add the following line to the end of your .bashrc file

export PULSE_SERVER=10.0.3.1

In the above 10.0.3.1 is the IP of the HOST OS on the lxcbr0 bridge that LXC by default installs for you when you install LXC.

Note:  if the actual Host/Server you want to play the sound on is a truly remote Host/Server (re not the Host of the LXC container) the use the IP address of that remote Host/Server in the above

NOTE 2:

  1. PulseAudio by default usesport 4713.  Both on your Target Host OS and in any LXC container you might create unless otherwise configured differently.
  2. If you have any problems using sound in a future container make sure that Port 4713 is open in any firewalls if you plan to send sound to your local workstation  over a network or the Internet itself.

 

Step 4 – Finally Check to see if Sound works from your LXC Test Container

To test that sound works in your container use SCP to copy some mp3 file from your Host to the LXC container (assume the mp3 is called test.mp3).

$  scp /path-to-mp3/test.mp3  yourID@container_ip:/home/yourID

Next log back into your container as yourID.  You can ssh into it or lxc-attach to it.  In either case make sure you are logged in as yourID not root or ubuntu user.

Now you can  use the application “mpg123” to see if sound worked.

If you did everything correctly and if you have your speaker On and Volume turned up on your Host PC you should hear the .mp3 file playing when you execute the following:

$ mpg123 ~/test.mp3

SUMMARY

The PulseAudio configuration I described here for the “test” LXC container allows PulseAudio to redirect sound to ANY other Linux system running PulseAudio on the network -or- the Internet.

IMPORTANT NOTE

This PulseAudio setup does allow concurrent simultaneous use of Sound by BOTH the Host and the Container.    For a single user case this may not be what you want but if you want the audio to play on some remote Linux machine, a Raspberry Pi out on your Deck etc. this is really useful

However, remember “my use-case” was for remote desktop access to LXC container based Ubuntu desktop systems. In “my use-case” … each container will eventually be configured so that any container will redirect PulseAudio TO the remote desktop “user” PC wherever that is on the “internet”.

Remember that the PulseAudio port 4713 can not be blocked by any firewalls

NOTE 4:

This configuration of course was simply to test that Sound would work.

I do think LXC could become a great User Desktop virtualization approach as it works great now with x2go (in my case) but there are other remote desktop access applications that others may utilize also.

Finally, the www.pulseaudio.org has a lot of other detailed information regarding advanced PulseAudio configuration and use. I’m still learning myself.

Hope this helps others trying to do similar things.

August 3, 2009

Part 2 – Using Cloud & Virtualization Technologies for Education -or- how Education and the Cloud met, married and had smarter kids!

Here I continue my last discussion about K-20 education and how to use cloud technology to possibly do things.

Lately, I’ve been following this thread… and would like to share some ideas and thoughts with you all…

===============================================================================================================================================


Message: 1
Date: Thu, 30 Jul 2009 15:32:18 -0600
From: xxxxxxxxxxxxxx
Subject: Re: [Ltsp-discuss] Recommend Server for 25 clients
To: ltsp-discuss@lists.sourceforge.net
Message-ID:
Content-Type: text/plain; charset=UTF-8

On Thu, Jul 30, 2009 at 1:40 PM, xxxxx xxxxxxxxx<xxxxxxxxxx> wrote:
> xxxxxx xxxxxxxxxx :
>
>> How powerful server would you recommend for 25 users ?
>
> “Server sizing in an LTSP network is more art than science. Ask any LTSP
> administrator how big a server you need to use, and you’ll likely be
> told “It depends”.”
>
> http://www.ltsp.org/~sbalneav/LTSPManual.html#id2697011

===============================================================================================================================================

So I replied to that thread with the following response with I’ll share here on my blog…

I’ve been using Amazon Web Services (AWS) ie Amazon’s cloud for K-20 proof-of-concept work. So bear with me while I describe some things…

  1. Amazon’s Elastic Compute Cloud (EC2) service is very inexpensive and easy to use and provides 5-6 different choices for “compute resources” (ie servers).
  2. Amazon uses a “Utility” based pricing model (you pay only for how much of something you use like water or electricity) and only when you are using it.

ie.  need a bigger server… just pick one and start it up (ie Launch it in AWS terminology) migrate your apps (won’t go into that here)

Need 10 or 100 servers… easy… pick the server model (linux/windows, 32/64 bit etc) — this is called an AMI – Amazon Machine Instance — and when you LAUNCH the AMI just put the # of servers you need into the “Number of Instances” box that pops up when you select to LAUNCH the AMI you picked.

5 minutes later… they will all be running.

You manage all the startup/shutdown, IP address’s, Security Firewall/Access lists etc using Amazon’s web based AWS Management Console.

Now I’ve always wanted say this … But WAIT there’s MORE… it gets better yet <g> !!

You can take ADVANTAGE of Amazon’s Auto-Scaling and Auto-Load-Balancing features.

Since AWS costs are based like a Utility …  you can start off with just 1 server at 5am and if you set it up for auto-scaling …

As students/teachers (ie Load) starts to build say around 9am… the server “can” Auto-Scale UP by cloning itself and at the end of the day the servers will Auto-Scale DOWN by terminating
themselves when no longer needed (ie you don’t pay for them when they aren’t running).   You are the one to configure the parameters for the UP/DOWN auto-scaling.

try doing that in your school or data center where 1st you have to buy the servers, rack/stack/cable/ pay for HVAC, maintenance contracts, insurance, replace parts, etc.

I like letting Amazon worry about that stuff!

I will copy some information from the AWS web site.

You can sign up for an AWS account free (again you only get billed if you start using something).

As you can see below a “small” server costs just 10 cents/hr while the largest (8 or 20 core) just 80 cents/hr.

I learned about AWS by starting a “small” Ubuntu server, installing my applications, testing etc. then blowing it away when I was done.   I spent 4-5 hours a day ($0.50/day) to do this.
It was very easy to learn !

===============================================================================================================================================

Instance Types

Standard Instances

Instances of this family are well suited for most applications.

  • Small Instance (Default) (ie virtual server)
    • 1.7 GB of memory
    • 1 virtual core
    • 160 GB of instance storage
    • 32-bit platform
  • Large Instance 7.5 GB of memory, 4 core, 850 GB of instance storage, 64-bit platform
  • Extra Large Instance (ie virtual server)
    • 15 GB of memory
    • 8 core
    • 1.7 TB of instance storage
    • 64-bit platform

High-CPU Instances

Instances of this family have proportionally more CPU resources than memory (RAM) and are well suited for compute-intensive applications.

  • High-CPU Medium Instance 1.7 GB of memory, 5 core, 350 GB of instance storage, 32-bit platform
  • High-CPU Extra Large Instance
    • 7 GB of memory,
    • 20 core
    • 1.7 TB of instance storage,
    • 64-bit platform


===============================================================================================================================================

Pricing

NOTE:   as of 9/2010 AWS has introduced an approximately 18% price decrease for most of the AWS EC2 compute instance sizes.    The pricing below does NOT reflect this change.

AWS has also introduced a new “micro” instance which provides 640Meg of RAM,  1/2 a cpu for only  $0.02 cents per hour —  48 cents per day ??

Pay only for what you use. There is no minimum fee. Estimate your monthly bill using AWS Simple Monthly Calculator.

On-Demand Instances

On-Demand Instances let you pay for compute capacity by the hour with no long-term commitments.

This frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs.

The pricing below includes the cost to run private and public AMIs on the specified operating system.

Amazon also provides you with additional instances with other option for Amazon EC2 running Microsoft and Amazon EC2 running IBM that are priced differently.

United States

Europe
Standard On-Demand Instances Linux/UNIX Usage Windows Usage
Small (Default) $0.10 per hour $0.125 per hour
Large $0.40 per hour $0.50 per hour
Extra Large $0.80 per hour $1.00 per hour
High CPU On-Demand Instances Linux/UNIX Usage Windows Usage
Medium $0.20 per hour $0.30 per hour
Extra Large $0.80 per hour $1.20 per hour

United States
Europe
Standard On-Demand Instances Linux/UNIX Usage Windows Usage
Small (Default) $0.11 per hour $0.135 per hour
Large $0.44 per hour $0.54 per hour
Extra Large $0.88 per hour $1.08 per hour
High CPU On-Demand Instances Linux/UNIX Usage Windows Usage
Medium $0.22 per hour $0.32 per hour
Extra Large $0.88 per hour $1.28 per hour

Pricing is per instance-hour consumed for each instance type, from the time an instance is launched until it is terminated. Each partial instance-hour consumed will be billed as a full hour.

Reserved Instances

Reserved Instances give you the option to make a low, one-time payment for each instance you want to reserve and in turn receive a significant discount on the hourly usage charge for that instance.

After the one-time payment for an instance, that instance is reserved for you, and you have no further obligation.

You may choose to run that instance for the discounted usage rate for the duration of your term, or when you do not use the instance, you will not pay usage charges on it.

United States

Europe
Linux/UNIX One-time Fee
Standard Reserved Instances 1 yr Term 3 yr Term Usage
Small (Default) $325 $500 $0.03 per hour
Large $1300 $2000 $0.12 per hour
Extra Large $2600 $4000 $0.24 per hour
High CPU Reserved Instances 1 yr Term 3 yr Term Usage
Medium $650 $1000 $0.06 per hour
Extra Large $2600 $4000 $0.24 per hour

United States
Europe
Linux/UNIX One-time Fee
Standard Reserved Instances 1 yr Term 3 yr Term Usage
Small (Default) $325 $500 $0.04 per hour
Large $1300 $2000 $0.16 per hour
Extra Large $2600 $4000 $0.32 per hour
High CPU Reserved Instances 1 yr Term 3 yr Term Usage
Medium $650 $1000 $0.08 per hour
Extra Large $2600 $4000 $0.32 per hour

Reserved Instances can be purchased for 1 or 3 year terms, and the one-time fee per instance is non-refundable.

Usage pricing is per instance-hour consumed.

Instance-hours are billed for the time that instances are in a running state; if you do not run the instance in an hour, there is zero usage charge. Partial instance-hours consumed are billed as full hours.
===============================================================================================================================================

Here’s how I make use of this.

On AWS you can pick from hundreds of pre-built “public” servers types (different flavors of Linux – Fedora, Ubuntu, Centos etc etc), 32 bit or 64 bit.

Some are “server” linux some are desktop linux.

Some have been built with apps already installed (Apache, MySQL, etc etc)

You get the idea.

So what have I been doing for kids/education… ?

Server Side:

I’m using AWS Desktop images where I’ve installed the x2go one-server.

x2go utilizes the NoMachine NX transport protocol libraries that are Open Source but x2go implements its own server-side and client modules.   The server side comes in a single user home version and also a x2go server implementation that is clustered and load balanced.

Unlike NoMachine’s current NX server/client …. where audio is a big problem.   x2go supports audio extremely well from server to client.    Local printing and sharing of folders between server and client is also supported.

Client Side:

Client side boots off of a Ubuntu USB thumb drive – preloaded with the x2go Open Source Windows, Mac or Linux clients.

x2go also has introduced a Web Portal capability for accessing the remote desktop.    Any user with a Browser that supports java can now access the Remote Desktop without installing any other client software on their local PC.

Each kid can have one and that way they can use it at school or — at home (same desktop, same cloud servers as at school).

Since the “real work” in terms of CPU and Storage is out on the AWS “cloud” it does NOT even matter what type PC they use…. all you use the local machine for is basically to boot off of
the USB and the local keyboard, mouse, screen and network connection (everything becomes a thin-client)

  • old pc, new pc
  • old laptop, new laptop
  • netbook
  • thin client

Since the “Desktop” that the students see is exported over NX from the AWS Desktop server where I can have from 1 – 20 CPU and I can have as many servers as I want… or can pay for <g>?

— and —

because storage using AWS’s S3 – Simple Storage Service and EBS – Elastic Block Storage is more or less infinite (at least as far as I’m concerned)

Now how’s performance.

Well you have to have a working and stable local network first of all but that’s true even if using a client/server model or a Thin Client model LTSP or Citrix etc.

The NX protocol is terrific and you can read about just how good it is here.

Here’s my basic process to create a server IF I start by using one of AWS’s Public Amazon Machine Image (AMI) that are  available.

  1. Launch the AMI instance I want
  2. Modify it by adding all the applications I need and configuring everything.
  3. Save the running “instance” using the free AWS EC2 AMI tools to what is called an S3 storage “bucket”.
  4. Re-register my now saved AMI “image” as a NEW Amazon AMI (once registered w/AWS I’ll be able to LAUNCH it from the AWS Management Console like any other AWS AMI.
  5. I then LAUNCH my new image like any other AWS AMI
    1. tell AWS how many “instance” … ie # virtual machines
    2. tell AWS what size server (32/64 bit small … up to Extra Large)
    3. Assign my firewall/access lists to the new instance
    4. Create and Assign an AWS Elastic IP address to MY “instance” (simple – takes 2 seconds)
  6. Once it’s in a “running” state.. just use the AWS cloud based server

Elastic IP Addresses – Elastic IP addresses are static IP addresses designed for dynamic cloud computing.
An Elastic IP address is associated with your account not a particular instance, and you control that address until you choose to explicitly release it.
Unlike traditional static IP addresses, however, Elastic IP addresses allow you to mask instance or Availability Zone failures by programmatically
remapping your public IP addresses to any instance in your account. Rather than waiting on a data technician to reconfigure or replace your host,
or waiting for DNS to propagate to all of your customers, Amazon EC2 enables you to engineer around problems with your instance or software by
quickly remapping your Elastic IP address to a replacement instance.

By the way, in case this isn’t obvious… got a new school that needs to be setup?

Other than the USBs for the kids and some kind of computer for them to use … the server can take only minutes to setup and there’s no physical installation involved !!!

Finally, I use my local machine with NX Client software to log in and I get a Desktop… and it’s all PFM …  magic !

Today (right now) I’m writing this while I have 4 AWS servers running that I am testing.

On my desk is a Lenovo T61p laptop

  • Dual Core
  • 4 Gig RAM

next to it I have an ASUS 1000HE Netbook

  • Atom processor
  • 1 G RAM

Both machines booted off of a USB.

I next used the  NX Client software to log into one of my AWS Desktop servers on each one and started working.

Performance is exactly the same on both clients (well  they ASUS display can only go 1400×600)

I wrote this on my AWS desktop server session using the ASUS while several of the  sessions on the Lenovo were doing some other things for me

I’d really like to get more in the Linux K-12 and K-20 community trying this so we can all share more of what we are doing for education of our kids.

Let me know if any of you would like some more pointers or information as I said I’d like some folks to work with on all of this.

I’ve also got some pretty cool AWS based solutions for the “Windows” in your life…

Hope you found this interesting!

Brian Mullan

Blog at WordPress.com.