Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
vmware-view user-proof thin terminal based on RPi TC 1.4
28-09-2015, 05:06 PM, (This post was last modified: 27-11-2015, 02:09 PM by Walter Stemberger.)
#1
vmware-view user-proof thin terminal based on RPi TC 1.4
The goal is to have a user-proof thin client for the VMware view. Other clients are not in my interests now.

I started from the image distributed here and changed the following:

Modified at 01.October 2015. changes in point 17. and 20.
Modified at 02.October 2015. changes in point 17.
Modified at 15.October 2015. point 4: DO NOT UPGRADE!
Modified at 19.OCtober 2015. Point 4. Xinit 1.3.4-2 corrected, Upgrade is OK again.
Modified at 24.November 2015: Added config files description

1. Copy the downloaded image on a 8GB microSD (with Win32DiskImager)
2. gparted on Linux machine: expand the /dev/mmcblk0p2 to the empty space on SD (necessary for the following upgrade steps)
3. Define the local keyboard via System-settings, sudo dpkg-reconfigure locales
4. apt-get update & dist-upgrade; firmware update
5. /opt/scripts/ipaddress.sh and /opt/scripts/macaddress.sh: Change scripts to get the addresses in Conky, lost during upgrade
6. /etc/ntp.conf: Added a IP address of the NTP server on LAN
7. /boot/config.txt: Change the framebuffer_depth=32, disable overclocking (with the default settings the Raspberry freezes every time few hours after the start)
5. .conkyrc: Change to "own_window_type = 'override' to eliminate the disappearing of the Corky widget after few clicks on desktop
6. systemctl enable NetworkManager-wait-online.service to pause the starting process till the network is ready
7. .start-conky.sh: commenting the two rows about sntp invocation (time is adjusted by NTP) and changing the sleep to 5 (from time to time Conky was not displayed with the sleep set to 3, after I changed the framebuffer)
8. /etc/vmware/view-mandatory-config: Create the file with parameters necessary to make it working fullscreen and without all the unnecessary choices to user


nano /etc/vmware/view-mandatory-config
Code:
view.allowDefaultBroker ="False"
view.defaultBroker = "ip-address-orname-of-the-VMware-View-Manager"
view.defaultDomain = "Domain name"
view.nonInteractive = "True"
view.defaultProtocol = "PCOIP"
view.sslVerificationMode = "3"
view.defaultDesktopSize = "2"
view.fullScreen = "False"
view.noMenubar = "True"
view.sendCtrlAltDelToVM = "False"

9. /usr/bin/vmware-view.sh: Create the script to allow the start with options --save --nomenubar (to avoid the documented bug of the non-working view.noMenuBar in configuration file.

nano /usr/bin/vmware-view.sh
Code:
#! /bin/sh
/usr/bin/vmware-view --nomenubar --save

10. Create the /usr/bin/session-reboot.sh and /usr/bin/session-poweroff.sh

nano /usr/bin/session-reboot.sh
Code:
#! /bin/sh
sudo reboot

nano /usr/bin/session-poweroff.sh
Code:
#! /bin/sh
sudo poweroff

11. Destkop files in /usr/share/applications/: Add two desktop files for the poweroff and reboot buttons in Docky (next step)

nano /usr/share/applications/session-reboot.desktop
Code:
[Desktop Entry]
Version=1.0
Type=Application
Exec=/usr/bin/session-reboot.sh
Icon=system-log-out
StartupNotify=false
Terminal=false
Categories=System;X-XFCE;X-Xfce-Toplevel;
OnlyShowIn=XFCE;
Name=Restart
Comment=Restart the Desktop

nano /usr/share/applications/session-poweroff.desktop
Code:
[Desktop Entry]
[Desktop Entry]
Version=1.0
Type=Application
Exec=/usr/bin/session-poweroff.sh
Icon=system-shutdown
StartupNotify=false
Terminal=false
Categories=System;X-XFCE;X-Xfce-Toplevel;
OnlyShowIn=XFCE;
Name=Poweroff
Comment=Power-off the Desktop

12. Recreate the Docky configuration files to eliminate the left and right panel, and reduce the buttons in top panel to poweroff and reboot.

13. Editing the System.Settings->Session and Startup -> KeepMeUp for vmWare to start vmware-view.sh
14. Disabling all other non necessary startups (incl. vmware - KeepMeUp will do all) in the same screen
15. Disable all non necessary services with systemctl disable
16. Eliminate Crtl-Alt-F*
17. disable root user login, moved trap ' ' SIGINT to the top of the root's .bash_profile and rpitc's .bash_profile,

nano /home/rpitc/.bash_profile
Code:
trap ' ' SIGHUP SIGINT SIGTERM SIGKILL
if [[ -z $DISPLAY ]] && [[ "$(tty)" = "/dev/tty1" ]]; then
  exec startx >/dev/null 2>&1
fi

Putting all these signals in trap is probably paranoia :-)

18. Change the System settings -> Desktop -> Icons -> Icon type = None, and unchek Menu -> Include applications menu... to eliminate all the user interractions with the desktop and to disable the menu on right click; eliminate unnecesary keyboard shortcut
19. Made a settings-manager.sh script in rpitc home defining DISPLAY=:0.0 and starting xfce4-settings-manager. This script is just to simplify the starting of settings manager from ssh, for now on the TC desktop.
20. Replaced the root autologin to direcly autolog the rpitc user

nano /etc/systemd/system/getty@.service

replace:

ExecStart=-/sbin/agetty -a root %I $TERM
with
ExecStart=-/sbin/agetty -a rpitc %I $TERM

21. Cosmetics - change the desktop background; changed the rpitc password...

Tested the USB redirection with USB memory stick, it is working.

--------------

To do:


[SOLVED] Eliminate the boot process interruption problem:
During the boot, few lines are written over the animation (login: root...; Press secret key...).
If the user press the <Ctrl-C> at the right moment, the system interrupts the process and give them root privileges in CLI.

Intensive test, to see if there are remaining keyboard shortcuts or any other ways to let user communicate with the OS.

Test other classes of USB devices (smartcard readers, USB printers...)

Change the settings-manager.sh script to make it interactive and to allow to set the DISPLAY to IP address of any remote management X machine.

[SOLVED] Eliminate the log-out behavior where the logout process brings up the root CLI.

Study the changes to avoid file system corruptions, as told in other threads here... Hardware changes to implement the power-on / power-off button.

--------------

Any suggestions?
Reply
29-09-2015, 08:50 AM,
#2
RE: vmware-view user-proof thin terminal based on RPi TC 1.4
Point 12: Documentation:

http://wiki.go-docky.com/index.php?title=GConf_Settings
Reply
30-09-2015, 08:49 PM,
#3
RE: vmware-view user-proof thin terminal based on RPi TC 1.4
Hi Walter,

Can you share an img with your changes/configurations?
Every time i try to change/configure things like disk size, i've a corrupted sd.

I was thinking in create another user without permissions, but with no success too.

regards...
Reply
01-10-2015, 11:15 AM, (This post was last modified: 02-10-2015, 10:14 AM by Walter Stemberger.)
#4
RE: vmware-view user-proof thin terminal based on RPi TC 1.4
(30-09-2015, 08:49 PM)Alexandre Gnutzmann Wrote: Hi Walter,

Can you share an img with your changes/configurations?
Every time i try to change/configure things like disk size, i've a corrupted sd.

I was thinking in create another user without permissions, but with no success too.

regards...

When it will be ready and without traces of my tests and private data...

To write the image I used the Win32DiskImager... With dd on Linux I got some partition corruptions on SD and errors in boot process... I hadn't time to investigate deeper...

To expand the root partition I used the gparted on Linux (Mint). In its GUI the work to do was simple, only few clicks and worked every time.



[SOLVED] There are still one pretty big issue to solve:

During the boot, few lines are written over the animation (login: root...; Press secret key...).
If the user press the <Ctrl-C> at the right moment, the system interrupts the process and give them root privileges in CLI.



<Ctrl-c> issue, solved, I have to test it better:
in root's .bash_profile i moved the trap ' ' 2 to the beginning of the script.

[SOLVED]I will study better the profile, but I think this "Admin mode" behaviour is superfluous in my configuration...
Reply
01-10-2015, 12:32 PM,
#5
RE: vmware-view user-proof thin terminal based on RPi TC 1.4
Eliminated root autologin (and the "Admin mode" prompt, making the rpitc user to autologin directly

in: /etc/systemd/system/getty@.service

replaced:

ExecStart=-/sbin/agetty -a root %I $TERM
with
ExecStart=-/sbin/agetty -a rpitc %I $TERM
Reply
02-10-2015, 03:15 PM,
#6
RE: vmware-view user-proof thin terminal based on RPi TC 1.4
[SOLVED-Workaround] The user can gain CLI access to the OS with:
1. Put the cursor on the Desktop (out of VMware Horizon CLient logon screen)
2. <Alt>-<F4> start the logoff - autologin sequence
3. Pressing the <Ctrl>-C during this sequence interrupts ste profile script and returns the rpitc users CLI prompt.

I have to find how to disable this <Alt>-<F4> keyboard shortcut. In the mean time I placed the:
trap ' ' SIGHUP SIGINT SIGTERM SIGKILL
at the beginning of the rpitc .bash_profile

If the user is too fast, it will interrupt the logon - logoff procedure, with the result of a black screen, but at least there is not a prompt where it can make damage.
Reply
03-10-2015, 09:50 AM,
#7
RE: vmware-view user-proof thin terminal based on RPi TC 1.4
I've stick your post, very useful, thanks!
Reply
07-10-2015, 08:16 AM, (This post was last modified: 07-10-2015, 02:29 PM by Walter Stemberger.)
#8
RE: vmware-view user-proof thin terminal based on RPi TC 1.4
Tried to restore some overclocking, following the suggestions from: http://linuxonflash.blogspot.de/2015/02/...mance.html

arm_freq=1000
#sdram_freq=500
sdram_freq=483
core_freq=500
#over_voltage=2

[EDITED] It is working without freezing for 24 hours now. Card is in a small plastic housing for the Raspberry PI 2, chips without coolers, CPU temperature about 48-53°C. I will wait some time more to get my conclusions :-)
Reply
08-10-2015, 08:58 AM,
#9
RE: vmware-view user-proof thin terminal based on RPi TC 1.4
Hi Walter,
wouldn't be easier to build a custom raspbian with just the Horizon View client? I've been looking with no luck for the deb or the source of the client to do it. Does anybody know where can I find it?
Thank you
Reply
09-10-2015, 11:01 PM,
#10
RE: vmware-view user-proof thin terminal based on RPi TC 1.4
(08-10-2015, 08:58 AM)Eric Collazo Wrote: Hi Walter,
wouldn't be easier to build a custom raspbian with just the Horizon View client? I've been looking with no luck for the deb or the source of the client to do it. Does anybody know where can I find it?
Thank you

Maybe it would, but I haven't it. So I choosed to "close" this image around the Vmware-view. On the other side, a lot of good work is already done here, I am just hiding the OS and not using the unnecessary clients.

The work on the fixed configuration and elimination of the user interaction with the OS would be similar.

I tried also to nmap scan the client, only the ssh port is intentionally opened.

I done something similar before on Intel platform, with a minimal ubuntu on a bootable USB stick.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)