Scroll to navigation

LTSP.CONF(5) LTSP Manual LTSP.CONF(5)

NAME

ltsp.conf - client configuration file for LTSP

SYNOPSIS

The LTSP client configuration file is placed at /etc/ltsp/ltsp.conf and it loosely follows the .ini format. It is able to control various settings of the LTSP server and clients. After each ltsp.conf modification, the ltsp initrd command needs to be run so that it´s included in the additional ltsp.img initrd that is sent when the clients boot.

CREATION

To create an initial ltsp.conf, run the following command:

install -m 0660 -g sudo /usr/share/ltsp/common/ltsp/ltsp.conf /etc/ltsp/ltsp.conf

The optional -g sudo parameter allows users in the sudo group to edit ltsp.conf with any editor (e.g. gedit) without running sudo.

SYNTAX

Open and view the /etc/ltsp/ltsp.conf file that you just created, so that it´s easier to understand its syntax.

The configuration file is separated into sections:

The special [server] section is evaluated only by the ltsp server.
The special [common] section is evaluated by both the server and ltsp clients.
In the special [clients] section, parameters for all clients can be defined. Most ltsp.conf parameters should be placed here.
MAC address, IP address, or hostname sections can be used to apply settings to specific clients. Those support globs, for example [192.168.67.*].
It´s also possible to group parameters into named sections like [crt_monitor] in the example, and reference them from other sections with the INCLUDE= parameter.
Advanced users may also use [applet/host] sections, for example [initrd-bottom/library*] would be evaluated by the ltsp initrd-bottom applet only for clients that have a hostname that starts with "library".

The ltsp.conf configuration file is internally transformed into a shell script, so all the shell syntax rules apply, except for the sections headers which are transformed into functions.

This means that you must not use spaces around the "=" sign, and that you may write comments using the "#" character.

The ltsp initrd command does a quick syntax check by running sh -n /etc/ltsp/ltsp.conf and aborts if it detects syntax errors.

PARAMETERS

The following parameters are currently defined; an example is given in each case.

Configure the display manager to log in this user automatically. The user´s password must also be provided using the PASSWORDS_x parameter (see below), unless it´s a local, non-ltsp user. AUTOLOGIN can be a simple username like "user01", or it can be a partial regular expression that transforms a hostname to a username. For example, AUTOLOGIN="pc/guest" means "automatically log in as guest01 in pc01, as guest02 in pc02 etc".
RELOGIN=1 means to reconnect if the user logs off, but it´s only supported by gdm3 and sddm. Finally, the *_CONF parameters can be either filenames or direct text, and provide a way to write additional content to the generated display manager configuration.

Add a line in crontab. The example powers off the clients at 15:30.
Write warnings and error messages to /run/ltsp/debug.log. Defaults to 0.
Launch a debug shell when errors are detected. Defaults to 0.
These parameters can be defined under [mac:address] sections in ltsp.conf, and they are used by ltsp ipxe to generate the iPXE menu. They control the default menu item, the additional kernel parameters and the menu timeout for each client. MENU_TIMEOUT can also be defined globally under [clients].
Specify the DNS servers for the clients.
All parameters that start with FSTAB_ are sorted and then their values are written to /etc/fstab at the client init phase.
Specify the client hostname.
Specify the prefix for autogenerated client hostnames; defaults to "ltsp".
Specify the suffix for autogenerated client hostnames; defaults to "ip".
All parameters that start with HOSTS_ are sorted and then their values are written to /etc/hosts at the client init phase.
Include another section in this section.
Whitelist some session (user) services so that they´re not deleted, even if they´re listed in MASK_SESSION_SERVICES. Space separated list.
Whitelist some system services so that they´re not deleted, even if they´re listed in MASK_SYSTEM_SERVICES. Space separated list.
Activate local swap partitions. Defaults to 1.
Mask some session services that shouldn´t be started on LTSP clients. Space separated list. See /usr/share/ltsp/client/init/56-rm-services.sh for the default. Setting MASK_SESSION_SERVICES in ltsp.conf adds to that list.
Mask some system services that shouldn´t be started on LTSP clients. Space separated list. See /usr/share/ltsp/client/init/56-rm-services.sh for the default. Setting MASK_SYSTEM_SERVICES in ltsp.conf adds to that list.
Only use this under the [server] section. Normally, ltsp service runs when the server boots and detects if a server IP is 192.168.67.1, in which case it automatically enables IP forwarding for the clients to be able to access the Internet in dual NIC setups. But if there´s a chance that the IP isn´t set yet (e.g. disconnected network cable), setting NAT=1 enforces that.
A space separated list of regular expressions that match usernames, followed by slash and base64-encoded passwords. On boot, ltsp init writes those passwords for the matching users in /etc/shadow, so that then pamltsp can pass them to SSH/SSHFS. The end result is that those users are able to login either in the console or the display manager by just pressing [Enter] at the password prompt.
Passwords are base64-encoded to prevent over-the-shoulder spying and to avoid the need for escaping special characters. To encode a password in base64, run base64, type a single password, and then Ctrl+D.
In the example above, the teacher account will automatically use "qwer1234" as the password, the a1-01, b1-02 etc students will use "1234", and the guest01 etc accounts will be able to use an empty password without even authenticating against the server; in this case, SSHFS can´t be used, /home should be local or NFS.
All parameters that start with POST_ and then have an ltsp client applet name are sorted and their values are executed after the main function of that applet. See the ltsp(8) man page for the available applets. The usual place to run client initialization commands that don´t need to daemonize is POST_INIT_x.
All parameters that start with PRE_ and then have an ltsp client applet name are sorted and their values are executed before the main function of that applet.
Normally, all the server users are listed on the client login screens and are permitted to log in. To exclude some of them, define one or more of those regular expressions. For more information, read /usr/share/ltsp/client/login/pwmerge. For example, if you name your clients pc01, pc02 etc, and your users a01, a02, b01, b02 etc, then the following line only shows/allows a01 and b01 to login to pc01: PWMERGE_SUR=".*${HOSTNAME#pc}"
A search domain to add to resolv.conf and to /etc/hosts. Usually provided by DHCP.
The LTSP server is usually autodetected; it can be manually specified if there´s need for it.

If any of these parameters are set, the /usr/share/ltsp/client/init/xorg.conf template is installed to /etc/X11/xorg.conf, while applying the parameters. Read that template and consult xorg.conf(5) for more information. The most widely supported method to set a default resolution is X_MODES. If more parameters are required, create a custom xorg.conf as described in the EXAMPLES section.

EXAMPLES

To specify a hostname and a user to autologin in a client:

[3c:07:71:a2:02:e3]
HOSTNAME=pc01
PASSWORDS_PC01="user01:cGFzczAxCg=="
AUTOLOGIN=1

The password above is "pass01" in base64 encoding. To calculate it, the base64 command was run in a terminal:

base64
pass01
<press Ctrl+D at this point>
cGFzczAxCg==

If some clients need an custom xorg.conf file, create it in e.g. /etc/ltsp/xorg-nvidia.conf, and put the following in ltsp.conf to dynamically symlink it for those clients on boot:

[pc01]
INCLUDE=nvidia
[nvidia]
POST_INIT_LN_XORG="ln -sf ../ltsp/xorg-nvidia.conf /etc/X11/xorg.conf"

Since ltsp.conf is transformed into a shell script and sections into functions, it´s possible to do all kinds of fancy things, even to directly include code. But it´s usually best to keep it simple and put code in separate scripts.

[clients]
# Set the root password to "qwer1234" for all clients.
# The password hash contains ´ and $, making it hard to escape it,
# so use a "HEREDOC" instead.
{ POST_INIT_SET_ROOT_HASH=$(cat); } <<"EOF"
sed ´s|^root:[^:]*:|root:$6$p2LdWE6j$PDd1TUzGvvIkj9SE8wbw1gA/MD66tHHlStqi1.qyv860oK47UnKcafSKqGp7cbgZUPlgyPv6giCVyCSCdJt1b0:|´ -i /etc/shadow
EOF
[initrd-bottom/]
# Putting commands under [applet/] sections means that they will only be run
# by that specific ltsp applet.
# The following commands work around LP: #345374 bug for SiS clients.
test -d /sys/module/sis190 || return 0
ip link set dev "$DEVICE" mtu 1492

COPYRIGHT

Copyright 2019 the LTSP team, see AUTHORS

SEE ALSO

ltsp(8), ltsp.conf(5), ltsp-dnsmasq(8), ltsp-image(8), ltsp-info(8), ltsp-initrd(8), ltsp-ipxe(8), ltsp-kernel(8), ltsp-nfs(8)

October 2019 LTSP 19.10-1