Now I will tell you about how you can save a considerable amount of time and money on your IT infrastructure.
How to centrally administer a large number of linux workstations without splitting up the chaos in your ecosystem.
And so, what is LTSP?

LTSP - This is a terminal solution on Linux.
Speaking of "terminal", I primarily mean not connecting to a remote desktop as in Windows. I mean a much more flexible and advanced system for delivering software, configs, home directory, and the operating system itself to client workstations from your terminal server.

In particular, LTSP is a set of pre-configured programs and scripts that will allow you to easily turn your newly installed Ubuntu, or other distribution, into a fully-ready terminal environment. Which will be loaded on any computers on your network and provide the user with a full interface.

LTSP has several modes of operation:

• thin client
• fat client

In order to understand the difference, first we need to understand how LTSP works.

Principle of operation

Suppose you have a server and a lot of computers (terminal stations) that you distribute to users so that they can work behind them. These terminal stations are almost indistinguishable from ordinary computers, except that their size is usually quite small, they don’t need a hard disk for work and, moreover, they can be quite weak and cheap, it’s not reflected in users ’work ( thin client mode). It should be noted that any computer that can boot via the network can act as a terminal station.

As I have already said, there may well be no hard disk at the terminal stations, and, accordingly, no operating system is installed on them, the entire load is from the LTSP server directly over the network.
You have a system installed on the terminal server, and all user data, configs, and software are stored in it.
When a user turns on his computer, his operating system is loaded from a terminal server, he can log in to it, work, disconnect. At the same time, all data always remain on the terminal server.

Now about the modes of operation:

• thin client - Applications run on a terminal server and are simply displayed on the terminal client display.
• thick client - Applications run directly on the terminal client, and the server simply provides access to user files and programs.

So which mode should we choose? - it all depends on what you want to receive. You can save a little by using weak stations on clients along with a powerful server in thin client mode. Or unload the terminal server and the local network, buying terminal stations more powerfully, shifting responsibility for the execution of programs to customers, forcing them to work in fat client mode.

In addition, modes can be combined and some applications can be made to work differently than all others. For example, to run a "heavy" browser with flash locally on clients, and to launch office applications on the server itself.

Advantages and disadvantages

Let's consider what advantages we have in comparison with the standard principles of building IT infrastructure:

• Centralized Management - You have one single configuration that you manage from one place.
• Backing up and backing up - All user data is stored on one server, and by adjusting the backup of this server accordingly, you will never lose user data.
• Savings on computers - Diskless terminal stations are significantly cheaper than full-fledged computers.
• Rapid deployment - you no longer need to install the OS. Having bought the next pack of terminals, they can be safely stuck into the network, they immediately pull up the OS from the server and they will be fully ready to work. Similarly, a non-working terminal can be quickly replaced by another.
• Independence from the workplace - Users can work under their account independently from any computer on the network; their personal profile will always be uploaded.
• OpenSource - First of all, LTSP is an open and free project. You do not need to buy licenses to use it. In addition, you can always see the source code, which is based on the usual bash scripts.

Minuses:

• A continuous LAN connection is required — the terminal stations are loaded and working over the network, so a stable wired connection to the network is required.
• Server dependency is understandable, without a server all terminal clients become useless and turn into a pumpkin.

Device

The first thing we need to know is the components that make up the server:

• DHCP server — used to give clients IP addresses and information about the tftp server and the path to the pxelinux bootloader. You can also use your own DHCP server.
• TFTP server - sends the bootloader, the kernel and the main config lts.conf via the tftp protocol.
• NBD server - used by the kernel to boot the base system over the network. Also, if desired, can be replaced by NFS
• SSH server - used to authorize users and transfer their home directories to terminal stations.

Secondly, let's understand how it works:

When you install the ltsp-server-standalone package on your server, you will get several more ltsp scripts to fully configured services:

• ltsp-build-client - collects for us an image of the system, which we will give to client machines.
• ltsp-chroot - chroot'it us to the client system, for example, to install additional packages and change configs.
• ltsp-config - generates default configs for LTSP.
• ltsp-info - displays information about the current installation.
• ltsp-update-image - updates the nbd image of the base system.
• ltsp-update-kernels - copies the kernel and bootloader from the client image to the tftp-server directory
• ltsp-update-sshkeys — adds ssh publickey of your server to the client image's known_hosts.

We will use them to configure our environment.

How does network boot work?

It is also extremely important to understand how network boot is arranged, the boot process looks something like this:

• The workstation turns on and polls the DHCP server, how to boot further:
  Or rather, two options are requested: next server is the address of the TFTP server and boot file is the path to the bootloader.
• DHCP server, gives a response with the server address and the path to pxelinux.
• Workstation loads pxelinux via TFTP
• pxelinux loads the kernel.
  In the pxelinux config in the kernel options, specify where to load the main system for NBD
• When the kernel starts up, it mounts the nbd image from the server to the root of the system and loads the init process, which in turn loads the rest in the usual way.
• Also at this moment, ltsp-reads the main lts.conf config from the server and starts LDM, after which the user sees an invitation to enter a login and password.

LDM is the LXDE logon manager, which is responsible for authorizing users and starting the environment.

When the user logs in, the following occurs:

• In the case of a thin client, LDM logs in with your login and password entered on your server via SSH, if successful, loads the environment from the server by simply forwarding X's.
• In the case of a thick client, LDM tries to connect with the login and password entered to your server, if successful, then mount the user's home directory from the server to the client using sshfs, then start the environment.

If you need more detailed information about booting Linux over the network, I recommend referring to the cycle of articles Roshalsky , here is the link to the first one .

Installation

I will describe the installation of LTSP in fat client mode as the most complex and interesting.
Configuring in thin client mode will do little more than that, except that you will need to install the necessary software not into chroot, but into the main system, and after that you will not need to rebuild the nbd image.

Little reservations, for the server it is better to take the distributions fresher, because LTSP is among the standard packages and is updated along with the distribution. For guest OS, it's better to take proven Ubuntu 14.04 LTS, since If you take the distribution kit fresher, then the problems begin, the bootloader does not stop, due to the renaming of packages, then what else.

UPD: Verified with the latest Ubuntu 16.04 LTS such problems do not arise.

So let's get started. First, install ltsp-server-standalone :

 apt-get update && apt-get install ltsp-server-standalone 

Now with the help of ltsp-build-client we will install the client system. LTSP supports various DEs, but what I liked most was how LXDE works. Unlike Unity, it consumes very few resources and, as it works on bare X, it is almost completely configured using environment variables, this is very convenient, as you can specify them in the main lts.conf config.

 ltsp-build-client --dist xenial --arch i386 --fat-client-desktop lubuntu-desktop 

All these options can be specified in the /etc/ltsp/ltsp-build-client.conf config /etc/ltsp/ltsp-build-client.conf , so as not to manually register them:

 # Distribution DIST=xenial # The chroot architecture. ARCH=i386 # ubuntu-desktop and edubuntu-desktop are tested. # If you test with [k|x]ubuntu-desktop, edit this page and mention if it worked OK. # kubuntu lucid (10.10) working okay. FAT_CLIENT_DESKTOPS="lubuntu-desktop" # Space separated list of programs to install. # The java plugin installation contained in ubuntu-restricted-extras # needs some special care, so let's use it as an example. #LATE_PACKAGES=" # ubuntu-restricted-extras # gimp # nfs-client #" # This is needed to answer "yes" to the Java EULA. # We'll create that file in the next step. DEBCONF_SEEDS="/etc/ltsp/debconf.seeds" # This uses the server apt cache to speed up downloading. # This locks the servers dpkg, so you can't use apt on # the server while building the chroot. MOUNT_PACKAGE_DIR="/var/cache/apt/archives/" 

If the option is not specified, the same distribution kit and / or architecture will be used as on the server system.

After running the command, you have a fully automatic mode, using debootstrap , the system will expand to the /opt/ltsp/i386 directory.

The same system will be used in the future by all LTSP commands, additional software will be installed into it, the bootloader with the kernel and the nbd image of the system will be generated from it. In principle, it is also possible to give it over nfs if the boot loader is properly configured.
After installing LTSP, an nbd image will be automatically generated from it. This image will be uploaded by our customers.

In order to make any changes to the guest OS, for example, to install additional software, use the ltsp-chroot command.
If you want to change or add something to the guest system, run ltsp-choot and you will be inside it.
Then perform the actions you need, and exit with the exit command.
For the changes to apply, you need to regenerate the nbd-image with the command ltsp-update-image

DHCP server:

Together with the meta ltsp-server-standalone , we also installed isc-dhcp-server .
In principle, it works out of the box as it should, but if you wish, you can fix its config /etc/default/isc-dhcp-server .
There is a cool article on OpenNet from 2010 on how to configure LTSP, there is a good description of how to configure the DHCP server.

But, since I assume that you already have a DHCP server, I suggest setting it up.

Remove isc-dhcp-server :

 sudo apt-get remove isc-dhcp-server 

Now you need to add 2 options to your dhcp server:

 next-server 192.168.1.2; # TFTP- filename "/ltsp/i386/pxelinux.0"; #  

How to do this, see the instructions for your DHCP server.
Here, for example, instructions on how to do this on the equipment Mikrotik.

Software installation

• Let's enter into our guest system:

  
  

   ltsp-chroot 

  
  

• Now install vim:

  
  

   apt-get update && apt-get install vim 

  
  

• Russian language support:

  
  

   apt-get update && apt-get install `check-language-support -l ru` 

  
  

• The latest version of Remmina:

  
  

   apt-add-repository ppa:remmina-ppa-team/remmina-next apt-get update apt-get install remmina remmina-plugin-rdp libfreerdp-plugins-standard 

  
  

• Skype:

  
  

   add-apt-repository -y "deb http://archive.canonical.com/ $(lsb_release -sc) partner" apt-get -y update apt-get -y install skype 

  
  

• Chromium browser c PepperFlash plugin (fresh flash from google)

  
  

   sudo apt-get install chromium-browser sudo apt-get install pepperflashplugin-nonfree sudo update-pepperflashplugin-nonfree --install 

  
  

• By the way, PepperFlash can be installed and launched without Chromium, in Firefox:

  
  

 add-apt-repository -y ppa:skunk/pepper-flash add-apt-repository -y ppa:nilarimogard/webupd8 apt-get -y update apt-get -y install pepflashplugin-installer freshplayerplugin mkdir -p /opt/google/chrome/PepperFlash ln -s /usr/lib/pepflashplugin-installer/libpepflashplayer.so /opt/google/chrome/PepperFlash 

• To allow the administrator to remotely connect to a user session, install x11vnc:

 #   apt-get -y install x11vnc #    cat > /usr/bin/x11vncd <<EOT #!/bin/bash x11vncd () { XAUTH=\`ls -1td /var/run/ldm-xauth-* | head -n1 | sed 's|$|/Xauthority|'\` logger -f /var/log/x11vnc "Starting with \$XAUTH" /usr/bin/x11vnc -display :7 -rfbauth /etc/x11vnc.pass -logfile /var/log/x11vnc -xauth \$XAUTH sleep 1 x11vncd } x11vncd EOT #  init- cat > /etc/init.d/x11vnc <<EOT #!/bin/sh ### BEGIN INIT INFO # Provides:x11vnc # Required-Start:\$remote_fs \$syslog # Required-Stop:\$remote_fs \$syslog # Default-Start:2 3 4 5 # Default-Stop:0 1 6 # Short-Description:Start X11VNC # Description:Start VNC server X11VNC at boot ### END INIT INFO case "\$1" in start) start-stop-daemon --start --oknodo --pidfile /var/run/x11vnc.pid --background --nicelevel 15 --make-pidfile --exec /usr/bin/x11vncd ;; stop) logger -f /var/log/x11vnc "Stopping" start-stop-daemon --stop --oknodo --pidfile /var/run/x11vnc.pid ;; restart) logger -f /var/log/x11vnc "Restarting" \$0 stop \$0 start ;; status) PID=\`cat /var/run/x11vnc.pid\` if [ -e /proc/\$PID ]; then echo "Process \$PID is running" else echo "No process matching" fi ;; *) echo "Usage: \$0 start|stop|restart|status" exit 1 ;; esac exit 0 EOT #   chmod +x /usr/bin/x11vncd /etc/init.d/x11vnc #     update-rc.d x11vnc defaults #   x11vnc -storepasswd /etc/x11vnc.pass 

• And ssh server:

  
  

   apt-get -y install openssh-server 

  
  

• Even in Ubuntu 16.04 there is a certain problem, if you do not configure xscreensaver, then after a certain time, the client will show a black screen that you can’t get out of. Fix this:

  
  

  Install xscreenasver if it is not already installed:

  
  

   apt-get -y install xscreensaver 

  
  

  Set up autostart:

  
  

   cat > /etc/xdg/autostart/xscreensaver.desktop <<EOT [Desktop Entry] Type=Application Exec=/usr/bin/xscreensaver -nosplash Hidden=false NoDisplay=false X-GNOME-Autostart-enabled=true Name[en_US]=xscreenasaver Name=xscreensaver Comment[en_US]= Comment= EOT 

  
  

  If you intend to block the screen with a password, do not forget to add the following line to your lts.conf config:

  
  

   LDM_PASSWORD_HASH=true 

  
  

Do not forget to exit the chroot and update our nbd image:

 exit ltsp-update-image 

Create users

• Standard terminal server users can be created in the standard way:

  
  

   useradd -m -c " " -g users -s /bin/bash <username> passwd <username> 

  
  

  Or via GUI if it is installed on your server

  
  

• Also, if you wish, you can create a local administrator in the client image:

  
  

   ltsp-chroot useradd -g adm -G sudo -s /bin/bash -m <adminname> passwd <adminname> exit ltsp-update-image 

  
  

Lts.conf config

So we got to the most important configuration
It is located at /var/lib/tftpboot/ltsp/i386/lts.conf and presents itself with something else than the description of global variables.

The config is divided into sections, the Default section describes the settings common to all clients:

 [Default] #  LXDE LDM_XSESSION = /usr/bin/dbus-launch --exit-with-session /usr/bin/lxsession -s Lubuntu -e LXDE #      LOCALE = Europe/Moscow LC_ALL = ru_RU.UTF-8 LANG = ru_RU.UTF-8 LDM_LANGUAGE = ru_RU.UTF_8 #      XKBLAYOUT = "us,ru" XKBOPTIONS = "grp:ctrl_shift_toggle,terminate:ctrl_alt_bksp" X_NUMLOCK = true KEYTABLE = ru LDM_NUMLOCK = true #   HOTPLUG = True #    LOCALDEV = true #     SOUND = True MIC_VOLUME = 0 CAPTURE_VOLUME = 100 CAPTURE_SWITCH = toggle #   SSH RCFILE_01 = "ssh-keygen -A ; /usr/sbin/sshd" #    SYSLOG_HOST = server 

You can also add sections for individual clients, based on hostname, IP or MAC address:

 #   [oldmachine] X_COLOR_DEPTH=8 X_MODE_0=800x600 #   [192.168.1.123] LDM_AUTOLOGIN = True LDM_USERNAME = user LDM_PASSWORD = password # - [00:11:25:93:CF:00] PRINTER_0_DEVICE=/dev/usblp0 SCREEN_07=shell # FreeRDP,    [00:11:25:93:C:11] SCREEN_07=xfreerdp RDP_SERVER=192.168.100.10 RDP_OPTIONS="/f /sec:rdp /cert-ignore /multimon:force" 

In general, a full list of options can be found on this page , or in

 man lts.conf 

Results

As a result, we get at the same time a flexible, secure and easy to administer system.
We can use standard methods to install any software on it, differentiate user rights, edit configs common for each user separately, and not be afraid for data loss.

Moreover, thanks to the free license, all this comes to you absolutely free.

LTSP can be used both in educational institutions and in ordinary offices, both for remote connection to Windows, and simply for ordinary work.

UPD: wrote to widestream in the comments that he successfully uses a similar scheme for creating a render farm.

It’s no secret that nowadays, for the majority of employees, now, only a browser with a basic set of office programs in the workplace will be sufficient.

Some interesting links:

• LTSP.org - Official site of the project.
• UbuntuLTSP - A page on the Ubuntu Wiki.
• LTSP-Cluster . - The project to create a cluster on the LTSP (for large installations).
• Raspi-LTSP - An interesting project that allows you to use Raspberry Pi as a terminal station.

Russian-speaking community

If you have any questions, join our group in a telegram:
https://t.me/ltsp_ru