REMOTE MANAGEMENT
A huge milestone has been accomplished in Porteus Kiosk version 3.3.0: it is possible to centrally manage all your kiosks from a single configuration file stored on the network!
Up until now the kiosk config (presented on the final configuration page in the kiosk wizard) was always embedded in the ISO and burnt on the hard drive/usb stick during system installation. The main advantage of this approach is that the system configuration file is encrypted and stored in a safe, read-only place. Nobody can access it so the kiosk can be exposed on a public network without a fear of adverse manipulation.
Such a feature works really well but there are cases where a more flexible solution is needed.
In Porteus Kiosk 3.3.0 we have introduced a new feature which lets you choose how your kiosk config will be handled. You may decide if you want the system settings to be stored in the ISO itself (default action) or downloaded from a remote location during each system boot. If you prefer to keep the config on your server then you have to activate a certain option in the wizard and provide an URL pointing to the remote kiosk configuration file.
Requirements
HTTP or FTP server which is able to host a plain text file.
WARNING: when kiosk config is hosted on a web/ftp server then anybody who knows or finds its URL (internet bots/spiders/crawlers systematically caches and parses the webpages on the internet) is able to view the config and read the sensitive data from it: homepage address, Access Point name, wifi/SSH/VNC passwords, etc.
Kiosk configs (and other files e.g. wallpaper) can be hosted also on Porteus Kiosk Server.
Files are downloaded from PK Server over a secure SSH connection and not through the http(s)/ftp protocols.
From the security point of view it's highly recommended to use our dedicated server solution as 3rd parties are not able to access the files which are hosted on it. PK Server also has many other functions which are useful in remote management tasks: monitoring and interacting with the clients, viewing logs generated by the client, email notifications, etc.
If you are interested in a professional management solution then please utilize our server system for this task.
Config rules
WARNING: Be careful when updating the network, proxy, or kiosk server related settings in the remote config. If you enter incorrect values for the IP settings, proxy address, server URL or remove SSH from additional components (required for communication with Porteus Kiosk Server) then you may lose the control over the clients and manual reinstallation will be necessary.
a) When doing manual edits to the config please make sure it's saved with ANSI or UTF-8 encoding as UTF-16 (sometimes called "Unicode") is not supported in kiosk.
This rule does not apply to remote configs hosted on PK Server as correct formatting is used there by default.
b) All parameters in the config must be placed on new lines and must be aligned to the left to be recognized by the system.
c) Parameter value (even if it's long, e.g. whitelist) must be placed on the same line as the parameter name. Line wrapping is not supported.
d) You can add comments to your config on a new line and proceed them with a hash, e.g.
# First comment
parameter_one=value1
# Second comment
parameter_two=value2
WARNING: comments should not be added to the same line as the parameter as they will be treated as a part of the parameter value.
e) IMPORTANT: If you double parameters in the config then only first one will be processed by the system:
homepage=https://kernel.org
browser_idle=5
# parameter below is doubled and will be ignored:
homepage=http://google.com
f) 'kiosk_config=' parameter must be present in your remote config to keep remote management active after system reconfiguration. Sample for web hosted configs:
kiosk_config=http://domain.com/files/kiosks.txt
and for configs hosted on Porteus Kiosk Server:
kiosk_config=server://kiosks.txt
Advantages
Setup procedure
a) boot Porteus Kiosk installation ISO on the target PC
b) setup network then select 'Launch wizard to create new configuration' on the initial wizard screen
b) enable 'Remote kiosk management' in the wizard options and provide URL to the place where your config will be stored
c) select other kiosk options as you like
d) on the final configuration page in the wizard take a copy the config and send it to your email address or save on removable media
e) save the config on some hosting server as a plain text file preserving correct URL provided in the wizard
f) install kiosk and check that it's able to download the config from the network during first boot
Configuration of additional kiosks:
a) boot Porteus Kiosk on the target PC
b) setup the network then select 'Point kiosk to existing remote configuration' on the initial wizard screen and provide URL to the config which is saved already on your server
c) install the kiosk
Remote Management FAQ
In which situations is remote management useful?
In which situations should this feature NOT be activated?
How do I know which parameters are responsible for certain kiosk functions?
A full list of currently supported kiosk parameters can be found here. If you need to make broad modifications to the kiosk config it's recommended to run the Kiosk Wizard and use it as a helper to generate your preferred kiosk settings.
What happens if the remote config isn't available when the kiosk PC boots?
The system defaults to the last downloaded configuration and displays notification that the remote config was not accessible.
What does a remote kiosk config look like?
A remote kiosk config looks exactly the same as a normal config except for the 'kiosk_config=http://domain.com/path/config-A.txt' parameter which must be present in it.
I have 10 kiosks assigned to config A and 10 other machines assigned to config B. Is it possible to move 5 kiosks from group A to group B?
Please edit remote config-A and change 'kiosk_config=http://domain.com/path/config-A.txt' parameter to 'kiosk_config=http://domain.com/path/config-B.txt' then reboot your 5 PCs. After reconfiguration they will be assigned to config-B.txt so please revert the changes made to config-A (it should point to itself again).
Can I have each PC assigned to a different config?
It's totally up to you if you want to manage a group of kiosks from one config or prefer to control every unit separately by using different configs.
Sample management tasks
REMINDER: After performing an update to the remote config, the kiosk PC must be rebooted so it can reconfigure itself.
1) There is a need to change the wallpaper in the kiosk which would display a new company logo.
In this case simply update the existing 'wallpaper=' parameter with the new URL:
- wallpaper=http://domain.com/new-image.png
2) You are running a digital signage business and need to update the kiosk homepage every week.
You have to update 'homepage=' parameter in the kiosk config:
- homepage=http://domain.com/new_link.html
3) Wifi networking started misbehaving and you need to enable debug mode to generate a system report and query Porteus Kiosk support for help.
You have to add 'debug=yes' parameter to the config and reboot the PC. Once a system report is handed over to us you can remove 'debug=yes' and during next boot the kiosk will return to its default state.
More complicated management tasks
REMINDER: Please use the Kiosk Wizard to generate new configs when broader changes are required.
1) Your company bought a printer and you need to add support for it to the kiosk system.
The following parameters must be added to the config:
additional_components=existing_components.xzm 10-printing.xzm
printer_model=some_model
printer_connection=lpd:/ip_address/queue
2) The kiosk is installed in an organization where security is a top priority. You need to preserve the ability to login to the kiosk through SSH for system monitoring purposes.
Best way to handle this would be to setup a scheduled task on your server (e.g. by using cron in Linux) and update the kiosk config file with randomly generated passwords every day. During each boot the kiosk would reconfigure itself with a new password and you can login to it using the last password saved in your remote config file.
3) You need to move the kiosk to a new place where only wireless networking is available.
In this case you need to replace relevant network settings in the config.
Old settings:
connection=wired
network_interface=eth0
dhcp=yes
New settings:
connection=wifi
network_interface=wlan0
dhcp=yes
wifi_encryption=wpa
wpa_password=some_password
ssid_name=AP_name
Warning: it is necessary to reconfigure the kiosk with new settings when still using the wired connection. Once this is done you can move the PC to a new place so it can start using the wireless connection.
4) Your website has been updated and contains videos encoded with a codec which Firefox can not handle natively but Google Chrome can.
Since version 3.4.0 of Porteus Kiosk it is possible to swap the browser between Mozilla Firefox and Google Chrome. In order to exchange the browser you need to add/edit following parameter to your config:
Old setting:
- browser=firefox
New setting:
- browser=chrome
Note: Google Chrome does not support functions which are marked as *Firefox only* in the wizard. Please run the wizard to find out which functions (kiosk parameters) are not compatible with the Chrome browser.
Nested configurations
If you are having problems with nested configurations then please use separate configs for each kiosk which needs to be configured with different parameters.
Since version 3.5.0 of Porteus Kiosk it's possible to use one remote config for all your kiosks even if their configuration is different. The main advantage is that in case of making configuration changes you need to edit a single file instead of multiple ones and also have a clear view which settings apply to which kiosks.
Requirements and rules:
a) You must create a [[ GLOBAL ]] section in your config containing parameters which apply to all kiosks. If the [[ GLOBAL ]] string is not present in the config then nested configurations won't work.
b) For each kiosk with different parameters you must create a [[ PCID ]] section in the config. Porteus Kiosk FAQ explains how to find the PC identification number at this link.
c) Parameters in the [[ PCID ]] section are parsed until an empty line.
d) Parameters from the [[ PCID ]] section take priority over parameters included in the [[ GLOBAL ]] section.
e) If PC IDs are placed one under another then defined parameters apply to each of them.
f) Letters in the GLOBAL and PCID strings must be capital.
g) If you want to reset the parameter from the [[ GLOBAL ]] section for a specific kiosk then you must add a relevant parameter with an empty value to the [[ PCID ]] section of the config. Parameter below will deactivate URL filter for specific kiosk:
[[ 0-7C-7D7-1E-20 ]]
whitelist=
Sample config with nested configurations enabled:
[[ GLOBAL ]]
kiosk_config=http://192.168.1.15/config.txt
connection=wired
dhcp=yes
browser=firefox
homepage=https://kernel.org
root_password=toor
additional_components=08-ssh.xzm 09-x11vnc.xzm
#Louisville 1
[[ B-51-32D-29-37 ]]
homepage=https://domain.com
wallpaper=http://porteus-kiosk.org/public/wallpapers/sample.jpg
#Kent 1, 2, 3
[[ 0-7C-7D7-1E-20 ]]
[[ 0-71-EF9-C8-20 ]]
[[ 0-74-EF5-C3-23 ]]
browser=chrome
homepage=https://www.google.ie
additional_components=08-ssh.xzm
Explanation:
All kiosks have the same configuration defined in the [[ GLOBAL ]] section of the config:
- wired connection with dhcp enabled
- homepage set to kernel.org
- SSH and VNC access enabled
Kiosk with ID: B-51-32D-29-37 uses different homepage and wallpaper.
Kiosks with ID: 0-7C-7D7-1E-20, 0-71-EF9-C8-20 and 0-74-EF5-C3-23:
- use Chrome browser instead of Firefox
- have the homepage set to google.ie
- only SSH component is activated
Example of incorrectly created kiosk config:
- __[[ GLOBAL ]]
- connection=wired
- dhcp=yes
- browser=firefox
- homepage=https://kernel.org
- root_password=toor
- additional_components=08-ssh.xzm 09-x11vnc.xzm
- [[ B-51-32D-29-37 ]]
- homepage=https://domain.com # Some comment here
- wallpaper=http://porteus-kiosk.org/public/wallpapers/sample.jpg
- [[ 0-7c-7d7-1e-20 ]]
- [[ 0-71-EF9-C8-20 ]]
- [[ 0-74-EF5-C3-23 ]]
- browser=chrome
- homepage=https://www.google.ie
- additional_components=08-ssh.xzm
Explanation:
- '[[ GLOBAL ]]' string is not aligned to the left
- 'kiosk_config=' parameter is missing
- line 10 has a comment which is placed on the same line as the 'homepage=' parameter (comment will be treated as part of the parameter)
- line number 11 is empty and will cause that 'wallpaper=' parameter to be ignored (parameters in the PC ID section are parsed until empty line)
- line number 14 has PCID with lower case letters - this kiosk won't be recognized