Ubuntu OVA for Horizon
Ubuntu OVA for Horizon is a pre-packaged OVA built on Ubuntu that automates the configuration needed for a Linux Desktop Template to be used in a VMware Horizon 7.1 environment. Ubuntu Desktop is the perfect Virtual Desktop Infrastructure (VDI) alternative to Windows for VDI Admins who are looking to move away from a Windows-centric desktop delivery:
- Base image is Ubuntu 16.04.2 LTS
- VMware HW v11 (requires ESXi 6.0 U2+)
- Default username/password is viewadmin/viewadmin
- The VM includes 2 scripts: horizon-optimizer.sh which configures the VM to Best Practices per Horizon 7 Documentation, and linux-agent-installer.sh which assists in the Horizon View Agent installation.
- Additional system tweaks and applications may be necessary for your needs.
- Due to licensing limitations, the Horizon Agent is currently not built into the OVA. It must be downloaded manually after booting and running the optimization script.
- The OVA has been tested with Windows 2003, 2008, 2012, and comparable Samba Domains.
- User permissions to deploy OVA/OVF
- Optimization script requires VM to have network access
- VM must be able to resolve https://raw.githubusercontent.com
- Domain Admin privileges (if joining to the domain)
- vSphere 6.0 U2, or later
- vSphere 6.5 or later
- ESXi 6.0 U2 or later
- Horizon Connection Server 7.1 or later
- Horizon Client 4.4 or later
- Comprehensive list of System Requirements for Horizon 7 for Linux here
- Download the pre-packaged OVA and deploy to your datacenter
- Boot up the VM
- Open a console to the VM and login as:
- Internet access is required to run the optimization script:
- Update the system by typing:
sudo apt-get update && sudo apt-get upgrade
- Invoke the optimization script by typing:
su root –c ./horizon-optimizer.sh
- Enter the root password
- Follow the prompts
Once complete, you can manually install the VMware Horizon Agent following the official instructions here, or you can download the Horizon Agent, and invoke the horizon-linux-installer.sh script by typing:
su root –c ./linux-agent-installer.sh
Proceed to building your Linux Desktop Pools
- Built from Ubuntu’s mini.iso for a minimal footprint
- Configures your Timezone
- Updates admin (viewadmin) and root passwords
- Configures DNS Servers
- Disables automatic updates (except for security updates)
- Sets default run level to 5
- Sets FQDN in /etc/hosts
- Installs Horizon Agent dependencies
- Installs Winbind
- Configures krb5.conf
- Configures smb.conf
- New user home directory config
- Optimizes login screen for VDI
- Removes guest login
- Installs Drivers & Media codecs
- Domain Join is optional and occurs using Winbind. Other domain-join methods require manual configuration
- Winbind default domain flag is optional (required for SSO)
- Utilizes MATE DE (fork from GNOME 2)
- OVA RAM configured for 2GB per best practice
- OVA CPU configured for 2vCPU per best practice
- OVA vRAM configured to 128 MB per best practice
- SVGA properties configured to best practice
- LTS Upgrade notifications disabled
- Support for 1 Domain Controller
- Support for 2D desktops only
- Your Active Directory may have different encryption type requirements. These can be modified in krb5.conf
- After rebooting, you can run the command wbinfo –g to see your AD groups. This also confirms you are joined to the domain
- This script defaults the Winbind Separator to “+” in smb.conf. You can change it depending on your needs. More info here.
- Using Winbind means each clone must re-join the domain after creation. You can create a local script on each clone to perform this, but it would require domain admin credentials in plaintext. In a production environment, it is recommended to remotely join your clones to the domain using PowerCLI or SSH.
- Consider deleting the scripts from /home/viewadmin/ prior to creating your clones
Joining the domain can fail for many reasons.
- If the VM failed to join the domain during the script, attempt manually joining again after the reboot.
klist(to verify you received a ticket)
net ads join -U username%password
net ads testjoin(should say “Join is OK” if it worked)
- If you consistently get the error This operation is only allowed for the PDC of the domain try
realm join -U username@DOMAIN.COM email@example.com
- Verify your hosts, KRB5 and SMB configuration files reflect the correct addresses and IP addresses.
- Verify there is no time drift between the Ubuntu VM and the DCs. You may need to reconfigure NTP.
- As a last resort, adding the DC FQDN to /etc/hosts can help nudge the domain join along
Agent StatusIf your Horizon Agent status is Unreachable or Waiting for Agent, review the official troubleshooting guide here.
Additionally, some environments may require you to add the Connection Server IP/FQDN to the /etc/hosts file. This usually indicates an environmental DNS issue.
- MATE Only Release
- Increased vRAM to 128 MB instead of Automatic
- Removed Audio Device
- Updated default network device to VMXNET3
- Updated repository for open-vm-tools to Ubuntu repo
- Added Horizon 7.1 Agent Dependencies
- Updated Dependency packages for Ubuntu 16.04 on Horizon 7.1
- Agent installer script updated with Horizon 7.1 links
- Updated Media Codec packages for Ubuntu 16.04
- Updated MATE packages to Xenial
- More reliable domain join
- Password update optional
- Timezone update optional
- Option to change hostname
- Desktop addons optional
- Added retry attempts for failed wgets of smb and krb5 configuration files
- Renamed ‘horizon-linux-installer.sh’ to ‘linux-agent-installer.sh