SchwuZ Keller

We would like to inform you about further mile stones we achieved with our IT project at the Berlin-based cultural event organizer SchwuZ and therefore complement our last blog article bitpack.io modernizes IT at the SchwuZ in Berlin with Univention Corporate Server from last year with instructions on how to setup synchronized user profiles.

The IT Infrastructure at the SchwuZ

The SchwuZ organization has two locations, each equipped with separate network segments and a dedicated file server. Both file servers are backed up by an OpenVPN tunnel, synchronizing both ways. All desktops perform with Ubuntu and are incorporated in the domain by the software realmd from the project freedesktop.org. The home directories are incorporated by the network of each fileserver. All team members can login on each location with their personal ID.

Screenshot DNS Configuration in UCS

Occurred Network Problems

In this surrounding problems occurred as to the speed of the network, effecting desktops as well as the performances of the input devices. SchwuZ is using a WLAN-based network and the realization of a structured wiring would have caused high costs, complex infrastructural changes and excessive paper chase.

Solution: Synchronizing User Profiles

Therefore, we would like to inform you about the possibility of synchronizing profiles while logging in to or logging out of a file server. No profound interventions are necessary. Instead, we only added some scripts in order to set up all needed functionalities, leaving lots of opportunities for creative and individual improvements.

Login and Logout of domain users

The login of domain users is proceeded by the Display Manager LightDM.

hello@caelum:~# sudo less /etc/lightdm/lightdm.conf

greeter-show-manual-login=true

Screenshot Ubuntu Access

We decided to establish a user based synchronization. For this purpose, a script called profilemonitor is added to the configuration file .profile of each user to start the synchronization process.

hello@caelum:~# less /home/corp.schwuz.de/hello/.profile

/usr/local/bin/profilemonitor &

Screenshot Ubuntu sync process
The script profilemonitor is started in a user context and executed as a process in the background. This also initiates at the same time the start of anotherminor script, called profilesync, which synchronizes the file server during each login.

hello@caelum:~# less /usr/local/bin/profilesync

log "info: executed for ${USER}"

sync_from_fileserver

while true; do
sleep "${sync_interfall}"
done

Screenshot Ubuntu profile sync completed
In order to synchronize data back to the file server, the minor process profilesync needs to get a signal to shut down with a logout. We solved this by using the Display Manager LightDM, which initiates an adequate script while logging out.

hello@caelum:~# sudo less /etc/lightdm/lightdm.conf

session-cleanup-script=/usr/local/bin/profilecleanup

The script profilecleanup sends out a signal to log out during the profilesync process.

hello@caelum:~# less /usr/local/bin/profilecleanup

/usr/bin/pkill --uid ${USER} -f "/bin/bash /usr/local/bin/profilesync"

Once the minor process profilesync is completed, the main process profilemonitor is synchronizing back to the file server, terminating the process.

${bin_profilesync} &
child=$!
wait "$child"

[ “${?}" -eq "0" ] && {
sync_to_fileserver
}

Monitoring is essential since the Display Manager is expecting a direct return of the program when logging out. If there was no monitoring, it would shut down the process immediately. The ongoing process of monitoring in the background thus prevents an immediate shutdown and can thereby execute the synchronization of the profile.

Mar 20 19:14:09 caelum root: profilecleanup - profilesync shutdown successfully for user hello
Mar 20 19:14:09 caelum hello: profilemonitor[25152]: hello synchronized to fs01.corp.schwuz.de

We outsourced the functions needed for the synchronization into a small library. The two main functions, sync_from_fileserver and sync_to_fileserver, both use the SSH-key of a user and visualize the synchronization process during each login.

After the successful authentication and synchronization of each profile, users can utilize the full performance potential of the local SSD-hard disks. During login, net devices as well as network printers are embedded automatically for immediate use.

I hope you have enjoyed our update on this project which might even help for the optimization of your own IT.

In case of further questions or comments, just comment below or contact me directly via our website.

Martin Schubert

Martin Schubert from bitpack.io, a small company from the north of Berlin with a focus on open technologies for collaborative workspaces, has over 10 years experience in translating technologies into business concepts and concrete technical solutions.

What's your opinion? Leave a comment!

Your email address will not be published. Required fields are marked *