Diskless Linux X Terminals

How to network-boot a Linux box that has no persistent storage and use it as a diskless X terminal.
Configuring XFree86

The XFree86 executable normally is found in /usr/X11R6/bin, a subdirectory of /usr. We don't need to provide the X server in the RAM disk then, but can take it from the NFS mount. Although the modular XFree86 server itself has not been hardware-specific since about version 4.0, its configuration file definitely is. If you are managing several X terminals with different video hardware, it is impossible to use the same XF86Config file for all of them. Therefore, we prefer not to keep it in the RAM disk root filesystem, where it usually would be found in /etc/X11/XF86Config. Instead, we can use a per-terminal configuration file stored in the NFS /usr directory. Ultimately, the BusyBox init process is configured to respawn a shell script continuously containing the single line:

/usr/X11R6/bin/XFree86 \
-xf86config /usr/X11R6/configs/iphex -query \
server

where iphex is the client's IP address in hexadecimal (a naming convention borrowed from PXELINUX) and server is the server's IP address in dotted-decimal. With a few clever awk-on-/proc/cmdline tricks, we can entirely avoid hard coding any hostnames or IP addresses into the RAM disk image.

A basic XFree86 configuration file can be created by running XFree86 -configure on the terminal. In general, this correctly identifies the video hardware, and the resulting configuration file loads the appropriate XFree86 modules. It is worth mentioning, however, that the default pointer device, /dev/mouse, generally doesn't exist on a system using the device filesystem. For example, the PS/2 mouse is found at /dev/misc/psaux instead.

Server-Side Configuration

The part that makes the X terminal an X terminal instead of a Linux box with a graphical display is the -query server part of the XFree86 command line above. This causes the XFree86 server on the terminal to run an XDMCP (X Display Manager Control Protocol) session to try to get the server to manage its display. However, not every server is going to agree to do so.

First, and most obviously, the server must be listening for incoming XDMCP connections. XDMCP is normally on UDP port 177, and most display managers (xdm, gdm, kdm) can be configured to listen for XDMCP requests. Although most distributions are configured to run a display manager on bootup, most do not listen for incoming XDMCP requests due to security considerations. For example, the classic X display manager, xdm, usually is distributed with the line:


DisplayManager.requestPort: 0

in its configuration file (commonly /etc/X11/xdm/xdm-config). This would have to be commented out in order for xdm to accept XDMCP requests. In addition, xdm can be configured to restrict itself to connections on a per-host or per-subnet basis using the configuration file /etc/X11/xdm/Xaccess (don't be confused by /etc/X11/xdm/Xservers, which is largely a historical relic). For example, to restrict xdm to terminals in the 192.168.1.0/24 subnet, add a line containing only 192.168.1.0/24 to the end of /etc/X11/xdm/Xaccess.

In addition, it can be convenient if the server also provides fonts to the terminals, by way of the X font server process xfs. Once again, although most distributions run a font server process, it usually is configured not to listen for incoming requests. For example, the configuration file for xfs, /etc/X11/fs/config, generally contains the line no-listen = tcp. If this is commented out, the Files section of the terminal's XF86Config file (stored in /usr/X11R6/configs/iphex on the server) can contain only one FontPath instead of the usual half-dozen, as shown in Listing 3 (where a server IP of 192.168.1.1 is assumed).

Finally, the server must be configured to NFS export its /usr filesystem read-only to the terminal, as this is where the terminal gets the XFree86 server.

Some Words about Security

A number of security considerations should be kept in mind when running X terminals. First, it should be fairly obvious that the changes made to the xdm and xfs configurations are undoing things that were done to increase the security of the server. Furthermore, the setup described in this article does not encrypt any traffic. Every keystroke on the terminal goes over the network unencrypted. The only reasonably safe way to run with X terminals is to put them all on a private LAN that is used only by X terminals and that does not route to the Internet. The terminals and one interface on the server should be the only ones on the terminal LAN.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Symbio Technologies' LTSP based diskless thin client solution

Diane Romm's picture

Readers who are interested in Linux-based diskless thin client technology should find the products of our company, Symbio Technologies, very compelling.

We offer a complete solution, based on LTSP, that can replace the PC on the desktop with low powered network terminals. We call the solution The Symbiont Solution. It includes:

1. The Symbiont Management Suite: Server based software that makes it easy to setup, configure, manage, and control a network comprised of diskless network terminals.

2. The Symbiont Boot Appliance: A device that boots the network terminals, directs them to the appropriate application server(s), and offers Internet-based access to setup, configure, manage and control the network. The SBA takes the place of a boot server and enables the efficient consolidation, management, and control of application servers.

3. Network terminals: These energy efficient units have no moving parts including no hard drives, no floppy drives, and no fans. They are guaranteed to work perfectly with our management suite and boot appliance.

Diskless Linux X Terminals and LTSP

stern's picture

Thanks Chip for a great article. It motivated me to do something usefull. I'm setting up a diskless machine for a friend which will boot off her partner's linux pc. She doesn't have enough disk to
setup a stand alone machine. I may not use pxe but expect to use etherboot via a floppy.

I think it a real shame that the "Diskless Linux X Terminal" article made no mention of the Linux Terminal Server Project! I followed the article and links and found it frustrating. (using SuSE 9.2) I downloaded the latest LTSP (www.ltsp.org) and had it all working in an
hour. The hardest part being getting the xdmcp to work. I would have found something explaining the differences between bootp, etherboot, and pxe really helpfull. Again the LTSP is very good at explaining this.

In the end I feel that as good as it was, the article had the
potential to be much better.

John Stern
Linux Specialist
RHCE

NVRAM? (I actually do need it....)

mhoskins's picture

I liked your article, however, I am one of the few, the proud, who need NVRAM information:

The essential characteristic of any thin client is that it should have little or no persistent storage. Typically, a purpose-built X terminal has a small quantity of NVRAM used to store configuration options and nothing else. In practice, it usually is possible to put even these options in a configuration file stored on the server and downloaded by the terminal on boot. This article takes the purist view that an X terminal should have no persistent storage whatsoever.

I need to save some bootup settings there, such as monitor settings, kernel params, etc., in a situation that I do *not* have a managed thin-client situation.

I have a customer who does *not* want this saved on a server, but who wants to boot through CD's -- no hard disk drives, no flash, no boot ROMs or PXES, no floppies, etc.! Only whatever-else-is-part-of-a-bare-machine and CD-R's are allowed, here....

I also have a great deal of hardware configs, from P-90's to P4-2.5GHz machines, and a wide range of video cards and monitors....

Unfortunately, I have found virtually no information for /dev/nvram. I have done several Google searches, but perhaps I'm not using the correct search criteria.

Can anybody help, here?

You really want to check out

Alex S.'s picture

You really want to check out the "A Temporary Internet Lounge" article in the same issue - build your Knoppix disk to contain the stuff you want and not the stuff you don't.

Re: NVRAM? (I actually do need it....)

mhoskins (cannot login)'s picture

I have built several custom Knoppix and Morphix (and BeatrIX) CD's over the last year and a half, or so. This is precisely why I need to save my settings somewhere. (I read the "Internet Lounge" article ahwile ago, as well.)

All I have in my customer's machines is CD-R media and I just need a place to hold a few bytes for settings. This is a unique situation where I have no hard disk, no USB device, and I can't save to/load from a server.

Saving it in NVRAM would be ideal. I need maybe 20-30 bytes, or so, but I've heard that NVRAM can do 64-128 bytes, perhaps higher.

Can anybody help?

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState