TurnKey Linux Virtual Appliance Library

TKLPatch for TKLClient Core

 

Hi everyone! This patch based on TKLCore Lucid will get you a light-and-beautifull desktop system, that may serve as a base for the future TKL Client appliances. I must thank to everyone that gave it's opinion here. I took almost all of them in consideration. Special mention to Jed as he invested time investigating the available options in which I based this patch. Please give this patch a ride and continue the brainstorming here, as usual, comments are welcome. 
 

Features:

- LXDE (Lightweight X11 Desktop Environment)
- LXDM (Display Manager)
- Wicd (Wired and wireless Network Manager)
- Chromium Web Browser
- Xrdp+Tightvnc for remote desktop access (Terminal Services Compatible)
- Synaptic for package management.
- ePDFView (PDF Document Viewer).
- Root account disabled for extra security.
- Created an administrators group and added to the sudoers file (users in this group will be able to make sudo)
- Default user admin (added to administrators group) with pass turnkey.
 

What it does:

1. Set Hostname
HOSTNAME=tklclient
echo "$HOSTNAME" > /etc/hostname
sed -i "s|127.0.1.1 \(.*\)|127.0.1.1 $HOSTNAME|" /etc/hosts
hostname tklclient
 
2. Update package information
apt-get update 
 
3. Remove server stuff
apt-get -y purge webmin* confconsole shellinabox byobu openssh-server 
rm -Rf /usr/share/webmin
 
4. Install packages
install lxde lxdm xorg wicd-gtk chromium-browser xrdp tightvncserver gksu epdfview synaptic 
 
5. Create a default non-root user "admin" with password "turnkey"
useradd -m -s /bin/bash admin
passwd admin <<EOF
turnkey
turnkey
EOF
 
6. Add admin group and grant sudo permission
groupadd administrators
echo "%administrators ALL=(ALL) ALL" >> /etc/sudoers
 
7. Add user to some groups (netdev for wicd and administrators to give sudo permission)
usermod -a -G netdev admin
usermod -a -G administrators admin
 
8. Disable root account 
passwd -l root
 
9. Clean 
apt-get -y autoremove
apt-get clean
Attached: 
Jomy Muttathil's picture

TKLPatch for TKLClient Core

Adrian,

Nice work.

Patch worked without any trouble for me.

I was impressed with Chromium's speed although I am not as comfortable with it as I am with Firefox.

I'm sure it will grow on me over time.  I may have to start using it again on my regular desktop.

I have created a wallpaper and "start" menu icon for the client.

Your feedback is appreciated.

Thanks for the feedback

I was starting to worry that no one had commented the patch. When you work a bit with chromium, you'll find firefox too slow! I liked that you decided to work on a theme, Jed also was proposing a theme but haven't posted yet. 

Jeremy's picture

Good memory Adrian

My son isn't about at the moment but I'll ask him about it when he's about. I think he only did a prototype of a wallpaper. It was pretty simple but I liked it. I'm not sure about your wallpaper Jomy, but I definately like your Key button, that's cool!

I haven't tested your patch yet Adrian but I'm sure its good (despite not testing your patch I imagine its pretty similar to what I had installed when I was playing with LXDE on TKL). I'm glad to hear that Wicd is a winner, thats a major bonus (not having to install Gnome libraries etc).

I've been using Chromium a bit lately and it is fast but to be honest its mainly the startup speed that I notice - it starts in almost half the time it takes Firefox! But as I usually have a web browser open, that is not really a huge advantage to me. The other thing I have noticed is that the rate at which Chromium chews RAM and CPU cycles. It seems much higher proportionally to any increase in performance that may be acheived. I have read that this is due to the code being optimised for speed/performance, rather than power usage/efficiency, that makes sense but obviously I have no way of confirming this. I guess it would be interesting to test on lower end PCs and see if the extra CPU and RAM usage effects the performance of Firefox V Chromium?

More rambling on Chromium V Firefox (or trying to justify my prejudice)
On my desktop (Intel Core2Quad Q8200 @ 2.33GHz, 4GB RAM @ 1066MHz, Ubuntu 10.04) I currently have Chromium running (clean install, no plugins/addons added/configured) with 5 tabs open. According to System Monitor I have 8 instances of chromium-browser which between them are using a total of almost 250MB. I also have 2 Firefox windows currently open with 50 tabs between the two (and 6 extentions/addons + plugins) and it is using a total of just over 600MB (including the plugin-container process). I have also noticed too that lots of browsing using Chromium on my Ubuntu Karmic/9.10 laptop has a noticable negative impact on my battery life (although this is anecdotal). A quick test (google search on a subject, followed by loading one of the results and scrolling to the bottom) on both browsers shows a noticable difference in CPU spike (Chromium spiked higher - although Firefox took longer to level out again after). Still this test is not conclusive and with all these tabs open could hardly be called scientific! It is interesting to note that my Google search (in an existing tab) spawned a new chromium-browser instance (I have 9 now) using another 30MB. Firefox RAM usage appears not to have changed.

So I'm still not sure about Chromium. I know it has come a long way and is rapidly gaining popularity and while I'm happy to have it installed I think I'll probably mainly keep using Firefox. The main reason being familiarity and the fact that I have it set up how I like it. Also because of its layout, it doesn't display in the emerald theme that I have running so looks a little out of place.

[update] A few less reasons to dislike Chromium: It seems that the main extensions I use in Ff are also availble for Chrome/Chromium. Nice!

Some issues with this patch:

Ok, one of the issues I'm having is that recently installed, apt-get is locked. If you run an apt-get command, it will fail. The same is true when running synaptic. I've tracked down the issue to a dist-upgrade command called (I belive) in  /etc/cron-apt/action.d/5-install. It must be the automatic security updates that are being called when you first boot. Would it be fine to remove those? maybe just pop a reminder to the final user to upgrade as soon as possible? right now is taking too long because it downloads a kernel. 

Second: root account not being disabled. I'm moving the command to disable to a firstboot script and see if it results. 

Third: wicd ask for user pass on login. It needs access to the network cards info. I'll see if I can avoid this step. 

Four: international keyboard is not correctly configured. I think I'll have to install some extra language package for the keyboard layout. 

I'll change chromium for firefox for the second version of this patch.

This is a list for when the TKL Duo appears again, so I don't forget the decisions/questions that arise. I hope to see them back on the forums soon, or we'll have to fire the TKL Signal! 

Some minor changes comming

I've been testing this appliance as I need it as a base for a TKLClient Ruby Dev Env which I'm working on. By far, I think these steps are necessary to add here:

- CDROM automount feature (Done)

- Other languages for the keyboard: my spanish keyboard fails in the current appliance. I'll investigate which set of files I need to install to give international keyboards support.

- Defining the user and password during firstboot: Alon posted some docs on the comming release of TKL which I'll use to implement this feature. 

- Fix bugs of course (root not being disabled, deleting upgrade script that make synaptic fails)

I'm writing this down here so I don't forget the changes I'm making between versions... Maybe I should move this to the wiki? 

I like the idea but I still would like to be able to be a server

I like the idea but I still would like to be able to be a server(with the changes you mentained, like the desktop, remote desktop connection, etc.) because I like that you are thinking about making it a desktop, but I would like it to keep the server parts because I use the server parts for my server which is using the tkl core appliance.

Another Approach

Hello,

I have been playing with TKL on a few private projects. I also have a set-up I use to create a nice remote desktop in a VPS.
http://code.google.com/p/cloud-desktop/

So I though I convert this into a turnkeylinux appliance.

Background Why (the itch to scratch)
I wanted a desktop I could to connect to from any computer, even the most locked down computer in the world. For example, only ports 80 and 443 port, with some analysis done to stop just port forwarding ssh to 443. I also wanted to end to end encryption, without the need to install software. Basically something like shellinabox, but a full desktop.  

Enter x11vnc - http://www.karlrunge.com/x11vnc/ and the java viewer - http://www.karlrunge.com/x11vnc/java_console_proxy.html

I have been playing with this "cloud-desktop" and converting the scripts into a TKL patch. Still a little tidying up to do and make things pretty, but seeing this thread I thought I would post my patch so far.
Features:-
* Xfce desktop
* Shellinabox
* Ajaxplorer
* x11vnc configured,
* apache to port-forward everything.
* Everything is on one ip address/deomain name on a single port.


I like the ideas above from Adrian. I may try adding xrdp and playing with a sudoers file.

Outline of the patch.

Conf:-
1 - Install x11vnc and the minium to get port forwarding etc working
2 - xubuntu-desktop
3 - install ajaxplorer and the minimum required packages
4 - change hostname


Firstboot
1 - create normal user
2 - set up x11 certificates
3 - Set up apache proxies and port forwarding
4 - Set up connect switch (genius perl script form x11vnc)
5 - Setadmin password for ajaxplorer
6 - Make shellinabox local only, to be port-forwarded from apache

(The scripts for running x11vnc need work, as I need to learn how to do daemons correctly)

Then providing you have "Java runtime" installed (e.g.  openjdk-6-jre) just point your browser at the machine's IP address. Works when connecting from windows/mac/linux machines.

See screenshot with browser pointing to machine and resultant desktop...

Patch: https://cloud.barwap.com/tkl/cloud-desktop.tar.gz (12k)
Screenshot: https://cloud.barwap.com/tkl/cloud-desktop-screenshot.png
Download link: https://cloud.barwap.com/tkl/turnkey-cloud-desktop-11.1-lucid-x86_v001.iso (486M)

To Do:
* Add openVPN
* Daemon
* Add notices to Turnkey Configuration Console (Where are these messages?)
* ???
* Profit

Regards,
Brendan


This looks real nice!

I'll be checking your aproach when I have some spare time to see how to mix both ideas into a new version of this patch. Thanks for taking the time to post yours. TKLClient is still far from stable, so it´s a good moment to add/remove/test ideas. 

Err. Jeesh That's phenomenal.

I'll be working to wrap my brain around this. Very nice!


Ta

Glad you like it Rik.

It handy to have this set-up on a server somewhere. There are times when I need a real (i.e. GNU?linux) Desktop to connect to and this is handy.


Jeremy's picture

Mmmm, looks like a great idea!

I like it! I think that is a great use case for a TKL Client OS.

Beating a dead horse...

Hi all!  Just wondering if this project/patch/thread was still rolling along or if it has stalled?  I like this idea of a minimal cloud desktop client and have looked at the patches that have been listed here so far.  I can get both to work fine in a local VM (VMWare).

I tried to get Brendan's "Cloud-desktop" up on the HUB but I can't connect to it once it's running.  Since there are "first run" questions to answer I built it on a local VM then backed it up with TKBLAM.  Then I just restored to a new Small "Core" Appliance.  It seems to boot up fine but I can't connect to the "Desktop" like I can on the local VM.  The browser just acts like there is nothing to connect to.  I can connect fine to the WebMin interaface so I know it is running and responsive.  I checked to make sure that the Appliance's firewall has port 443 open on the Hub so I should be able to get there.

Any suggestions on what I can try?

-Mike


Jeremy's picture

Development has stalled

I was also quite interested, but have moved on to other things since I discovered Bodhi Linux (a lightweight Ubuntu based distro). I know the devs haven't forgotten about it and hope to get back to something along these lines. I know the developer desktop space is one they'd like to see TKL go to.

Who knows we may even see a prototype Core client/desktop system in the next release? However I don't know for sure because they have a lot of work to do, upgrading the current appliances as well as creating many of the new ones which have patches available.

I'd love to help you out but I have plenty on my plate ATM wihtout making further commitments. So for the moment you're on your own sorry (unless of course someone else is keen to work with you...).

I need to dig some more

Thanks for the reply Jeremy!

I found some interesting behavior with the Cloud Client while doing some more testing in my VM's.

When using NAT they system seems to perform as expected.  I can connect with a browser to 443 on the VM and I get a Desktop environment and I can get to Webmin  I recently found that the Web Shell will not work but I can SSH to it fine.  If I change the network card to Bridged then I can not connect to it any longer.  I also can not get to the Webmin or the Web Shell.  Originally I thought it might be my firewall on the host PC so I built the same image on bare metal.  I could SSH to it but nothing else.

I built just a plain TKL Core 11.3 to test the behavior of the Webmin and Web Shell on the same host and it worked fine with NAT and Bridged network settings on the VM.

I think the patch was originally made when TKL 11.1 was current.  Perhaps an update along the way broke something?  Just wish I could find decent documentation on Apache to figure out the port forwarding being used.  The documentation I am finding is useless to a noob with Apache.

I've been using Linux off and on since Slackware was distributed on floppy images but this is my first try at Apache/webserver stuff.  The hunt for info continues!


Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)