A huge milestone has been accomplished in Porteus Kiosk version 3.3.0: it is possible to centrally manage all your kiosks from a single configuration file stored on the network!
Up until now the kiosk config (presented on the final configuration page in the kiosk wizard) was always embedded in the ISO and burnt on the hard drive/usb stick during system installation. The main advantage of this approach is that system configuration file is encrypted and stored in a safe, read-only place. Nobody can access it so the kiosk can be exposed on a public network without a fear of adverse manipulation.
Such a feature works really well but there are cases where more flexible solution is needed.
In Porteus Kiosk 3.3.0 we have introduced a new feature which lets you choose how your kiosk config will be handled. You may decide if you want the system settings to be stored in the ISO itself (default action) or downloaded from remote location during each system boot. If you prefer to keep the config on your server then you have to activate a certain option in the wizard and provide an URL pointing to the remote kiosk configuration file.
Web server (http or ftp) which is able to host a plain text file.
Since version 4.1 kiosk configs can be stored directly on the Porteus Kiosk Server. From security point of view its highly recommended to use PK Server for remote management tasks.
WARNING: Be careful when updating the network, proxy, or kiosk server related settings in the remote config. If you enter incorrect values for the IP settings, proxy address, server URL or remove SSH from additional components (required for communication with Porteus Kiosk Server) then you may loose the control over the kiosk and manual reinstallation will be necessary.
a) When doing manual edits to the config please make sure it's saved with ANSI or UTF-8 encoding as UTF-16 (sometimes called "Unicode") is not supported in kiosk. This rule does not apply to remote configs hosted on PK Server as correct formatting is used there by default.
b) All parameters in the config must be placed on new lines and must be aligned to the left to be recognized by the system.
c) Parameter value (even if it's long, e.g. whitelist) must be placed on the same line as the parameter name. Line wrapping is not supported.
d) You can add comments to your config on a new line and proceed them with a hash, e.g.
# First comment
# Second comment
WARNING: comments should not be added to the same line as the parameter as they will be treated as part of the parameter value.
e) IMPORTANT: If you double parameters in the config then only first one will be processed by the system:
# This one will be ignored:
f) 'kiosk_config=' parameter must be present in your remote config to keep remote management active after system reconfiguration. Sample for web hosted configs:
and for configs hosted on Porteus Kiosk Server:
g) Optional: SSL/TLS + username/password as protection for accessing the web configs (does not apply to configs stored on Porteus Kiosk Server which uses SSL and SSH tunnels by default). Text file containing the kiosk settings will be kept in an unencrypted form (this way you can edit it easily) so it should be secured using web based techniques: SSL/TLS and basic access authentication.
a) boot Porteus Kiosk installation ISO on the target PC
b) setup network then select 'Launch wizard to create new configuration' on the initial wizard screen
b) enable 'Remote kiosk management' in the wizard options and provide URL to the place where your config will be stored
c) select other kiosk options as you like
d) on the final configuration page in the wizard take a copy the config and send it to your email address or save on removable media
e) save the config on some hosting server as a plain text file preserving correct URL provided in the wizard
f) install kiosk and check that it's able to download the config from the network during first boot
Configuration of additional kiosks:
a) boot Porteus Kiosk on the target PC
b) setup the network then select 'Point kiosk to existing remote configuration' on the initial wizard screen and provide URL to the config which is saved already on your server
c) install the kiosk
In which situations is remote management is useful?
In which situations should this feature NOT be activated?
How do I know which parameters are responsible for certain kiosk functions?
A full list of currently supported kiosk parameters can be found here. If you need to make broad modifications to the kiosk config it's recommended to run the Kiosk Wizard and use it as a helper to generate your preferred kiosk settings.
What happens if the remote config isn't available when the kiosk PC boots?
The system defaults to the last downloaded configuration and displays notification that the remote config was not accessible.
What does a remote kiosk config look like?
A remote kiosk config looks exactly the same as a normal config except for the 'kiosk_config=http://domain.com/path/config-A.txt' parameter which must be present in it.
I have 10 kiosks assigned to config A and 10 other machines assigned to config B. Is it possible to move 5 kiosks from group A to group B?
Yes. Please edit remote config-A and change 'kiosk_config=http://domain.com/path/config-A.txt' parameter to 'kiosk_config=http://domain.com/path/config-B.txt' then reboot your 5 PCs. After reconfiguration they will be assigned to config-B.txt so please revert the changes made to config-A (it should point to itself again).
Can I have each PC assigned to a different config?
It's totally up to you if you want manage a group of kiosks from one config or prefer to control every unit separately by using different configs.
REMINDER: After performing an update to the remote config, the kiosk PC must be rebooted so it can reconfigure itself.
1) There is a need to change the wallpaper in kiosk which would display a new company logo.
In this case simply update the existing 'wallpaper=' parameter with the new URL:
2) You are running digital signage business and need to update the kiosk homepage every week.
You have to update 'homepage=' parameter in the kiosk config:
3) Wifi networking started misbehaving and you need to enable debug mode to generate a system report and call Porteus Kiosk support for help.
You have to add 'debug=yes' parameter to the config and reboot the PC. Once a system report is handed over to us you can remove 'debug=yes' and during next boot the kiosk will return to its default state.
4) Your website stopped using flash in favor of a html5 solution and you want to get rid of the flash player component from the kiosk setup.
You need to update the 'additional_components=' parameter and remove 05-flash.xzm from it. After a reboot the kiosk will reconfigure itself and delete the unwanted module.
REMINDER: Please use the Kiosk Wizard to generate new configs when broader changes are required.
1) Your company bought a printer and you need to add support for it to the kiosk system.
The following parameters must be added to the config:
2) The kiosk is installed in an organization where security is a top priority. You need to preserve the ability to login to the kiosk through ssh for system monitoring purposes.
Best way to handle this would be to setup a scheduled task on your server (e.g. by using cron in Linux) and update the kiosk config file with randomly generated passwords every day. During each boot the kiosk would reconfigure itself with a new password and you can login to it using the last password saved in your remote config file.
3) You need to move the kiosk to new place where only wireless networking is available.
In this case you need to replace relevant network settings in the config.
Warning: it is necessary to reconfigure the kiosk with new settings when still using the wired connection. Once this is done you can move the PC to a new place so it can start using the wireless connection.
4) Your website has been updated and contains videos encoded with a codec which Firefox can not handle natively but Google Chrome can.
Since verion 3.4.0 of Porteus Kiosk it is possible to swap the browser between Mozilla Firefox and Google Chrome. In order to exchange the browser you need to add/edit following parameter to your config:
Note: Google Chrome does not support functions which are marked as *Firefox only* in the wizard. Please run the wizard to find out which functions (kiosk parameters) are not compatible with Chrome browser.
If you are having problems with nested configurations then please use separate configs for each kiosk which needs to be configured with different parameters.
Since version 3.5.0 of Porteus Kiosk it's possible to use one remote config for all your kiosks even if their configuration is different. The main advantage is that in case of making configuration changes you need to edit a single file instead of multiple ones and also have a clear view which settings apply to which kiosks.
Requirements and rules:
a) You must create a [[ GLOBAL ]] section in your config containing parameters which apply to all kiosks. If the [[ GLOBAL ]] string is not present in the config then nested configrations won't work.
b) For each kiosk with different parameters you must create a [[ PCID ]] section in the config. Porteus Kiosk FAQ explains how to find the PC identification number at this link.
c) Parameters in the [[ PCID ]] section are parsed until empty line.
d) Parameters from the [[ PCID ]] section take priority over parameters included in the [[ GLOBAL ]] section.
e) If PC IDs are placed one under another then defined parameters apply to each of them.
f) Letters in the GLOBAL and PCID strings must be capital.
g) If you want to reset the paraemter from [[ GLOBAL ]] section for specific kiosk then you must add relevant parameter with an empty value to the [[ PCID ]] section of the config. Parameter below will deactivate URL filter for specific kiosk:
[[ 0-7C-7D7-1E-20 ]]
Sample config with nested configurations enabled:
[[ GLOBAL ]]
[[ B-51-32D-29-37 ]]
#Kent 1, 2, 3
[[ 0-7C-7D7-1E-20 ]]
[[ 0-71-EF9-C8-20 ]]
[[ 0-74-EF5-C3-23 ]]
All kiosks have the same configuration defined in the [[ GLOBAL ]] section of the config:
- wired connection with dhcp enabled
- homepage set to kernel.org
- Adoble Flash player and ssh access enabled
Kiosk with ID: B-51-32D-29-37 uses different homepage and wallpaper.
Kiosks with ID: 0-7C-7D7-1E-20, 0-71-EF9-C8-20 and 0-74-EF5-C3-23:
- use Chrome browser instead of Firefox
- have the homepage set to google.ie
- only ssh component is activated (Chrome has Pepper flash embedded so Adoble Flash is not necessary)
Example of incorrectly created kiosk config:
- __[[ GLOBAL ]]
- additional_components=05-flash.xzm 08-ssh.xzm
- [[ B-51-32D-29-37 ]]
- homepage=https://domain.com # Some comment here
- [[ 0-7c-7d7-1e-20 ]]
- [[ 0-71-EF9-C8-20 ]]
- [[ 0-74-EF5-C3-23 ]]
- '[[ GLOBAL ]]' string is not aligned to the left
- 'kiosk_config=' parameter is missing
- line 10 has a comment which is placed on the same line as the 'homepage=' parameter (comment will be treated as part of the parameter)
- line number 11 is empty and will cause that 'wallpaper=' parameter to be ignored (parameters in the PC ID section are parsed until empty line)
- line number 14 has PCID with lower case letters - this kiosk wont be recognized