Last updated on January 27, 2024 by Robert Plamondon
This article is part of Using the Workspot Linux Agent.
3.0 Configuring the Template VM
Now that we have a base image, we need to log into it and install not only the Workspot Linux Agent but also the software packages that turn our generic image into an RDP-enabled graphical Linux desktop.
3.1 Using a Jump Server
Our RD gateways don’t know about the template VM yet. Our VMs are never directly connected to the Internet, so they must be reached indirectly through a jump server.
Different Clouds and datacenters give Remote Desktop admin access in different ways, and you can use one of those, but the one described here always works if your Workspot deployment is up and running and you already have access to a Windows Workspot desktop.
Once we’re on the jump server, we can use SSH to log into the template VM. If the jump server is a Windows VM, we need to install an SSH package first, usually PuTTY.
3.1.1 Install and Configure PuTTY
Step 1. Sign into a jump server, such as a Workspot desktop in the same Workspot customer deployment as the template.
Step 2. Download and install the PuTTY software from https://www.chiark.greenend.org.uk/~sgtatham/putty.
Step 3. Launch PuTTY.
Step 4. Type the IP of the Linux template VM in the IP field.
Step 5. Azure only. Prepare your private keys. If your VM was created with SSH keys instead of a password, import the SSH private key into PuTTY if you haven’t already. If you chose login/password, skip this step.
Step 5a. Convert your saved .pem SSH key file to a .ppk file using PuTTYgen (installed with PuTTY).
Step 5b. In PuTTYgen, use the “Load” button to open the .ppk file, then click “Save private key.”
Step 6. Skip this step if you’re using Azure login/password access instead of SSH keys.
Step 6a. Copy the saved .ppk (private key) file to the jump server. Pasting the text of the file into Notepad on the jump server will work.
Step 6b. On the jump server, in PuTTY, Go to “SSH > Auth > Private key file for authentication > Browse.” Find and select the .ppk file and hit “Open.” This saves the file for use with PuTTY.
3.1.2 Connect to the Template VM with PuTTY
Step 7. Click “Open” to open an SSH connection to the template VM. At the Linux login prompt, give the username you created along with the VM.
Step 7a. GCP assigns a username automatically, so you might have to look at the GCP console to find out what it is.
Step 8. If you created Linux VM with a password-protected admin account instead of SSH keys, enter the password.
3.2. Configure the Template VM
3.2.1 Set the Root Password
Step 1. Sign in to the Linux template VM.
Step 2. Change the root password. This is the equivalent of the local admin account on a Windows template:
sudo passwd root
3.2.2 Download/Launch Linux Agent Installer
The same installer script is used for the different flavors of Linux. The script is at https://download.workspot.com and has a name like Workspot_linux_installer_1.2.1.sh. Use the one with the highest release number at the end of the filename.
Step 3. Copy/paste the text block that matches your target OS to download and launch the installer:
curl -O \
https://download.workspot.com/workspot_linux_installer_1.2.0.sh
chmod +x workspot_installer.sh
sudo ./workspot_installer.sh
3.2.3 Continue Agent Installation
The Agent installer will spend a long time (fifteen minutes? half an hour?) downloading and installing packages, with a mix of pure-text progress messages and quasi-graphical ones like this:
Step 4. You will eventually be asked to configure Kerberos authentication. Don’t. Leave the field blank and hit Enter (or maybe Tab followed by Enter).
Step 5. Do the same for Additional DNS servers. We use only use the default DNS servers.
Step 6. Pay attention: We’re being asked a real question next. Are we creating a domain-joined template or not? Use Tab to select “Yes” or “No” and hit Enter. (But we won’t be asked for domain details until later.)
Step 7. After a delay, while the script installs more packages, we see the Template Registration screen. We choose whether to register the template via a template token or by entering the credentials of a Control administrator. (These are, of course, the same methods used for registering Windows templates.) Make your choice and hit Enter.
Step 7a. Control account method. Enter a Control administrative account ([email protected]) on the first screen, then the password on the next:
Step 7a. Token-based registration. Regenerate the template token in Control under “Setup > Configuration > General Settings > Template Registration Token,” copy the token and paste it into the token field.
Step 7b. You can see registration status near the end of the messages on the Linux terminal
3.2.4 Join the Domain
If you choose Domain Join as “Yes, ” you will be shown the Domain Join screens. The information you use here is identical to what you’d use for a Windows template.
Step 8. Enter the domain name; for example, example.com.
Step 9. Enter the OU details, which, as with Windows, may be significantly more complex than just the OU. For example,
OU=MyOu,DC=example,DC=com
Step 10. Enter the username (such as [email protected]) and password for an AD domain administrator in the target domain:
Step 11. The installer script will complete its tasks eventually and exit with a “Done” message, followed by “***** System restart required *****.” Do not restart the system.
3.2.5. Verify NTP Config
Your VMs must remain set to the current time. Clock drift will cause trouble with security functions such as sign-in. Verify that your time servers are specified according to your organization’s practices, either explicitly through ntp.conf or via DHCP through dhclient.conf. If you use external/public NTP servers, your firewalls must allow UDP port 123 to reach them.
3.2.6 Shut Down
Configuration is complete. Use “Stop VM” on the Azure/GCP portal so you can use the as a Workspot template for desktop pools.