4. The Terminals
The machines you use to connect to the mock mainframe should be inexpensive, easy to maintain and, from a security point of view, expendable.
4.1. Dual Boot Machines
Some people — those without a time consuming job, a spouse, or children, for example — will want to be able to spend lots of time playing hardware intensive computer games. Although more and more games are coming out for Linux, this usually means running a machine that has a closed source operating system such as Microsoft Windows. The solution to this problem is to set up the game computers as dual boot machines. The messy details are usually handled automatically by whatever distribution you are using; if not, check out the Linux Installation Strategies mini-HOWTO Tobby Banerjee.
The mock mainframe setup lets you keep the size and complexity of the Linux partition on a dual boot machine to a minimum: All it has to do is to get X running and connected. There are various way to do this, I usually just do the following:
Go to /etc/X11/xdm/. In the file Xservers, comment out the line that is either :0 local /usr/X11R6/bin/X :0 vt07 or something similar by putting a hash mark ("#") at the beginning. This will stop the computer from starting up X locally during boot time.
In etc/inittab, insert a new line such as (for SuSE 8.2) xx:5:respawn:/usr/X11R6/bin/X -query <host> where "<host>" again is the name of the mock mainframe. The "5" is the runlevel that boots with X; "xx" is just a label I picked; you might have to adapt both to your system (please be careful: Playing around with inittab can cause serious trouble). This will start X with a call to the mock mainframe, and you should get the login window when you are on the dual boot computer.
Dual boot machines are nice if you don't have to switch between operating systems too often. All of the rebooting can quickly become a bore, though, and a dual boot machine cannot be considered truly expendable, given the price of closed source operating systems.
4.2. Linux Terminals
The Linux Terminal Server http://www.ltsp.org (LTSP) lets you use old hardware to put together bare-bones computers without hard disks that run as thin clients. These machines are cheap, quiet, quick to set up, and once they are running, require just about zero maintenance (unless, say, a fan breaks). The LTSP has taken all kinds of awards and is being used in situations far more demanding than a small mock mainframe for your home. For example, Orwell High School in England used LTSP machines and IBM Blade Servers for their complete system (see http://www.cutterproject.co.uk/Casestudies/orwell_high_school_cutter_case_study.php ). If you are going to have terminals that are in use constantly, it is hard to see how this would not be the best solution.
Required hardware. More likely than not, somewhere in your cellar or garage (or wherever you keep the stuff your partner lovingly calls "all that crap"), you probably have a hopelessly outdated mainboard and processor that you've been saving because you never know. Well, guess what.
If you are using a 100 Mbit ("Fast") Ethernet network, stay above a 486DX; a Pentium II should be fine. See if you can scrape together about 32 MByte of RAM. You'll need a floppy drive for the initial phase. You'll also need a decent graphics card and a monitor — "decent" doesn't necessarily mean a AGP graphics card with 128 MByte RAM, it means a clear, crisp picture.
The only thing you have to pay slightly more attention to is the network card. Find one that has a socket to plug ROM chips in: a "bootable" network card. You can get away with one that doesn't have the socket, but then you have to keep booting from the floppy. We'll also need the unique number (Media Access Control or MAC number) of the network card. On good cards, it is included on a little sticker on the board and looks something like this:
00:50:56:81:00:01 |
If you can't find it on the card, try booting the system with a Linux rescue floppy or any other kernel. The number should be displayed during boot when the card is detected.
Add a keyboard and a case and that's it. Notice we don't have a hard disk, let alone a CD-ROM. With the right kind of fans for the power supply and the processor, you have a very quiet machine.
How they work.
The LTSP home page has an in-depth technical discussion of what happens when the system powers up. In brief, human terms:
When turned on, the Linux Terminal, like any other computer, looks around to see what it has been given in way of hardware. It finds a network card with a MAC and notices that it has a floppy with a boot disk (or a boot ROM in the network card.) It starts the boot program. This in effect tells the Linux Terminal:
Got your MAC? Good. Now scream for help as loud as you can. |
The terminal's call goes through the whole (local) network. On the mock mainframe, a program called dhcpd (Dynamic Host Configuration Protocol Server Daemon) is listening. It compares the MAC the terminal sent to a list of machines it has been told to take care of, and then sends the terminal an answer that includes an IP address and a location where the terminal can get a kernel. The terminal then configures itself with its new name.
Using some more code from the boot program, the terminal starts a program called tftp (Trivial File Transfer Protocol, a stripped-down version of the venerable ftp. This downloads the kernel from the host machine. The terminal then boots this kernel.
Like every other Linux system, the terminal needs a root filesystem. Instead of getting it from a harddisk, it imports it from the mock mainframe via NFS (Network File System). If the terminal has very little memory, it can also mount a swap partition this way. The terminal then starts X, connects to the mock mainframe via xdm, and throws up the login screen.
This all happens amazingly fast. If you turn off all of the various BIOS boot checks on the terminal and boot off of an EPROM in the network card instead of a floppy, it happens even faster.
Running dhcpd, tftpd, and nfsd on the mock mainframe is a security risk you might not be willing to take. In the chapter on Support Machines, we'll show a way of getting around this.
Setting up the software. On the server (mock mainframe) side, you need to install nfsd tftpd, and dhcpd, which your distribution should include as standard packages.
Leave their configuration files untouched for now. The LTSP configuration and installation programs will do most of the work for you. Some files you should be aware of:
- /etc/dhcpd.conf
Provide the IP address of the terminal, the hostname, the IP address of the mock mainframe, the MAC of the terminal, and the default gateway. Check to see if the kernel pathname is correct.
- /opt/ltsp/i386/etc/lts.conf
These options control the terminal itself.
- /etc/hosts
The names of the Linux Terminals and their IP addresses must be listed here. Further down, while describing the network, we'll introduce a systematic naming convention to make this easier.
- /etc/hosts.allow
Though not mentioned in the current LTSP documentation, you probably will have to add the following lines to this file: rpc.mountd : <terminal> : ALLOW rpc.mountd : ALL : DENY where "<terminal>" is the terminal's IP address. This tells the host to allow the terminal to mount the NFS file system.
Creating a boot floppy for the Linux Terminal is usually trivial. Armed with your type of Ethernet card, go to the website mentioned in the LTSP documentation (currently Marty Connor's ROM-O-Matic Website http://www.rom-o-matic.net/, and follow the instructions for a boot floppy. This should produce a file of a few dozen kilobytes that you can then put on a floppy and boot from. Later, when you are sure that your hardware configuration is not going to change and your setup works, replace the floppy by an EPROM that you plug into your Ethernet card.
If you have a more modern motherboard on your Terminal machine, you might be able to get around all of this by selecting "PXE" (Pre-eXecution Environment), "MBA" (Management Boot Agent) or "Network" from the boot sequence (CMOS) menu.
Using the terminals. Just how many Linux Terminals can one mock mainframe support? The LTSP documentation gives the following example:
It's not unusual to have 40 workstations [Linux Terminals], all running Netscape and StarOffice from a Dual PIII-650 with 1GB of ram. We know this works. In fact, the load-average is rarely above 1.0! |
(This part of the documentation was written in March 2002, hence the reference to Netscape, an ancestor of Mozilla FireFox. StarOffice is a commercial variant of OpenOffice.org.)
Linux Terminals will probably require some user education. People who have only ever used Windows tend to have trouble visualizing a system where the graphics layer is not only independent from the rest of the operating system, but can also be accessed from multiple screens. The best way to explain this is with examples. One trick that people new to X just love is when programs start on one terminal and then appear on a different one. To enable this (but only in a safe environment!), sit down at a terminal and type
xhost +<host> |
where "<host>" is the name of the mock mainframe. Then, move to a different terminal and start a program such as xeyes or xroach:
xeyes -display <terminal>:0 & |
The eyes should appear on the first terminal's monitor, providing endless amusement for all. When you are done explaining what happened, remember to retract the privileges again on the first terminal with
xhost -<host> |
You can also use this example to point out why it is dangerous to use the xhost command.
Another question that usually comes up is the speed of Linux Terminals. One nice way to demonstrate this is to run a series of screen savers from the xlock suite. For example
xlock -inwindow -mode kumppa |
or more generally
xlock -inwindow -mode random |
Though the results will depend on your hardware, this usually takes care of any doubts.
If you are using a desktop such as KDE that allows you to shut down the computer when you log off, make sure that this function is disabled. Otherwise, your users will shut down the mock mainframe when trying to get out of the terminal. Tell them to just turn off the power once they have logged out. Older users will feel a sense of nostalgia, and younger users will stare at you as if you have gone mad. Such is progress.
4.3. Real X Terminals
If fortune smiles on you or you are rich, you might find yourself with a real thin client. Installing one is usually not much different than setting up a Linux Terminal, except that you will need the software from the vendor, you will probably have to pay for support, and when something goes wrong, you won't be able to fix it yourself.
The Linux Documentation Project has a number of general and special HOWTOs on how to set up X Terminals, for example the Connecting X Terminals to Linux Mini-HOWTO by Salvador J. Peralta or the NCD-X-Terminal Mini-HOWTO by Ian Hodge.
4.4. X11 Forwarding with ssh
If you are on a machine that already supports X, you might be able to use the X11 Forwarding function of the Secure Shell (ssh) program. This is invoked with
ssh -X <HOST> |
and creates a cryptographically protected tunnel to the host machine. X forwarding has to be configured on both machines — in /etc/ssh/sshd_config on the host machine, X11Forwarding must be set to yes — and it can be a little clumsy to use every day. However, for quick and dirty work, this is a good alternative.
4.5. X Server Programs
As a final way of connecting to the mock mainframe, there are "X server" programs that run under different operating systems (remember, the X server powers the terminal side of things). These let you log onto Linux machines with an operating system that does not natively run X.
Most X servers for Windows cost money, in some cases a lot of money. The single Cygwin http://cygwin.com/xfree/, which ports X (and GNU tools) to Windows machines.
If you have an Apple computer with OS X, you are in better shape. For OS 10.3 "Panther", you need to install the X11 package from the installation disks. Then, with any text editor, create an executable bash shell script such as:
#!/bin/bash /usr/X11R6/bin/X -terminate -query "<HOST>" :1 exit |
Note the window number is :1, because :0 is used by Aqua. Do not use the X11 Server in /Applications/Utilities/X11.app/Contents/MacOS/X11, as this doesn't understand the -query command: Apple doesn't seem to want people to run remote Aqua sessions. Then, tell the firewall what you are up to (you do have the firewall on, don't you): In SystemPreferences -> Sharing -> Firewall create an new entry "X Window System" for Port 6001 (not: 6000). Then, move the shell script icon to wherever you want to keep it. To start an X session, click on the icon. An "EXEC"-icon called "X" will appear in the Dock. Click on this. Enjoy your connection. To get out again, press Command-Option-a. (Note: This has not been tested with Mac OS X 10.4 "Tiger")
You can also check the XDarwin http://www.xdarwin.com/ project. XDarwin is an Apple version of the X Window System that sits on the Darwin operating system — a variant of BSD — that is the core of OS X.
(There is one GPL X Server written in Java you might try: Weirdx http://www.jcraft.com/weirdx/, though the author points out it is not made for heavy loads.)
In this chapter, we have examined terminals that will give you a GUI (graphical user interface). If you are tough enough, you can also hook up a text terminal to your mock mainframe and access the system via a CLI (command line interface). This option is covered further down.