Difference between revisions of "Cool Solution - Guacamole"

From Univention Wiki

Jump to: navigation, search
(Migrated into App Center)
 
Line 1: Line 1:
{{Version|UCS=4.2}}
 
{{Cool Solutions Disclaimer|Repository=yes}}
 
 
{{#seo:
 
{{#seo:
 
|title={{#replace:{{#replace:{{#replace:{{#replace:{{FULLPAGENAME}}|'|'}}|&|&}}|"|"}}|Cool Solution - |}} - {{SITENAME}}
 
|title={{#replace:{{#replace:{{#replace:{{#replace:{{FULLPAGENAME}}|'|'}}|&|&}}|"|"}}|Cool Solution - |}} - {{SITENAME}}
 
<!--|description=-->
 
<!--|description=-->
 
}}
 
}}
Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC and RDP.
 
  
The version of Guacamole used in this article is Guacamole 0.9.13-incubating.
+
Guacamole has been moved to the Univention App Center and can be reached under https://www.univention.com/products/univention-app-center/app-catalog/guacamole/.
 
 
== Installation ==
 
To successfully deploy and start Guacamole, two images are downloaded via Docker by a joinscript:
 
* guacd
 
* guacamole
 
 
 
In this article the following Guacamole docker containers are used:
 
* https://hub.docker.com/r/mjumper/guacd/
 
* https://hub.docker.com/r/mjumper/guacamole/
 
 
 
=== Package "univention-guacamole-schema" ===
 
The package <code>univention-guacamole-schema</code> can only be installed on the following UCS server roles:
 
* UCS DC Master
 
* UCS DC Backup
 
 
 
Install the package with the following command:
 
<pre>
 
univention-install univention-guacamole-schema
 
</pre>
 
 
 
During the installation, the joinscript "99univention_register_guacamole_schema.inst" is called automatically and registers a new LDAP schema and adds two extended attributes to the UMC which extend the Groups module. After the joinscript is finished existing and new groups can be configured to provide a Guacamole configuration.
 
 
 
=== Package "univention-guacamole-rollout" ===
 
This package <code>univention-guacamole-rollout</code> can be installed in all UCS server roles. The package provides two joinscripts: one which creates a search user for Guacamole, and one which deploys the two containers:
 
* guacd
 
* guacamole
 
 
 
Install the package with the following command:
 
<pre>
 
univention-install univention-guacamole-rollout
 
</pre>
 
 
 
==== Creating the searchuser ====
 
The joinscript "98univention-guacamole-searchuser.inst" checks if the searchuser is already present in the LDAP. If not, the searchuser is created as a "Simple authentication account" user and the password is saved in the file <code>/etc/guacamole.secret</code>.
 
 
 
'''Attention''': If the package <code>univention-guacamole-rollout</code> is installed on a second server, the file <code>/etc/guacamole.secret</code> must be copied by hand, else the joinscript "99univention_install_guacamole.inst" will fail with an error message in the join.log file.
 
 
 
==== Deploying Guacamole ====
 
The joinscript "99univention_install_guacamole-inst" must be executed either by running the joinscript via the UMC or on the shell via <code>univention-run-join-scripts</code>. The reason for this behaviour is that some Guacamole UCR variables should be checked first:
 
{|class="wikitable"
 
|-
 
! UCR variable                      || Default value              || Description
 
|-
 
| guacamole/user/dn                || cn=users,dc=example,dc=com || Top-most DN to search for users
 
|-
 
| guacamole/config/base/dn          || cn=groups,dc=example,dc=com || DN for configuration groups
 
|-
 
| guacamole/ldap/username/attribute || uid                        || Attribute to map usernames to
 
|-
 
| guacamole/external/port          || 8080                        || Port to which the Guacamole Tomcat should be mapped to
 
        |-
 
        | guacamole/ldap/user/searchfilter  || (objectClass=*)            || LDAP search filter to limit login to users matching the search filter
 
|}
 
 
 
After any of these variables is changed, '''<code>univention-guacamole-renew</code>''' must be run to recreate the Guacamole container. Additionally, when the UCR variable '''guacamole/external/port''' is changed, the Apache2 webserver must be reloaded:
 
<pre>
 
systemctl reload apache2.service
 
</pre>
 
 
 
Guacamole can be accessed from the Univention Portal.
 
 
 
== Configuration ==
 
Start by editing an existing group, or by creating a new group. On the tab '''Guacamole''' the protocol and parameter can be edited. Every user, that is a direct member of this group can access this configuration. Only one connection can be configured for a group.
 
 
 
=== RDP ===
 
At least the following parameters must be provided for the connection to success:
 
* hostname
 
 
 
For a full list of parameters, please have a look at the [http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#rdp Guacamole manual].
 
 
 
=== Telnet ===
 
At least the following parameters must be provided for the connection to success:
 
* hostname
 
* port
 
 
 
For a full list of parameters, please have a look at the [http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#telnet Guacamole manual].
 
 
 
=== SSH ===
 
At least the following parameters must be provided for the connection to success:
 
* hostname
 
 
 
For a full list of parameters, please have a look at the [http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#ssh Guacamole manual].
 
 
 
=== VNC ===
 
At least the following parameters must be provided for the connection to success:
 
* hostname
 
* port
 
 
 
For a full list of parameters, please have a look at the [http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#vnc Guacamole manual].
 
 
 
== Archive ==
 
There is a version of this article for [http://wiki.univention.de/index.php?title=Cool_Solution_-_Guacamole&oldid=11794 UCS 4.1].
 
 
 
[[Category: EN]]
 

Latest revision as of 11:56, 8 February 2019

Guacamole has been moved to the Univention App Center and can be reached under https://www.univention.com/products/univention-app-center/app-catalog/guacamole/.

Personal tools