Add Optional MySQL Support (#99)

* Added missing package for guac-install-server.sh. * Minor cleanup of Duo configuration settings. * Prompt test. * Working on adding prompts and replacing MySQL information with variables. * Improved switch/variable management and checking, only prompt for values not already passed via command line switches. * Removed variable that shouldn't be there. * Updated switches. * Updated readme to include new information and all switches. * Updated readme again. * -Updated variables and switches to match install script. -Added check for MySQL host, prompt if necessary. * Updated scripts to use given MySQL host/port when executing scripts. * Fixed typo and removed line that always fails. * More fixes. * Added line back in. * Added starting services message to upgrade script.
2020-02-09 17:40:11 -06:00 · 2020-02-09 17:40:11 -06:00 · 2c29ba8231
parent dfc6f05d85
commit 2c29ba8231
4 changed files with 255 additions and 114 deletions
--- a/README.md
+++ b/README.md
@ -1,16 +1,18 @@
+
+
 # guac-install

-Script for installing Guacamole 1.1.0 on Ubuntu 16.04 or newer with MySQL. It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now**
+Script for installing Guacamole 1.1.0 on Ubuntu 16.04 or newer (optionally with MySQL by default). It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now**

 Run script, enter MySQL Root Password and Guacamole User password. Guacamole User is used to connect to the Guacamole Database.

-The script attempts to install tomcat8 if the available version is 8.5.x or newer, if tomcat8 is only 8.0.x it will fall back to tomcat7. If you want to manually specify a tomcat version there's a commented out line you can modify at line #73. Have at it.
+The script attempts to install tomcat8 if the available version is 8.5.x or newer, if tomcat8 is only 8.0.x it will fall back to tomcat7. If you want to manually specify a tomcat version there's a commented out line you can modify. Have at it.

 If you're looking to also have NGINX / Let's Encrypt / HTTPS click [HERE](https://github.com/bigredthelogger/guacamole)

 ## MFA/2FA

-By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you need to specify the `-t` or `--totp` or for Duo `-o` or `--duo` flags on the command line. Or modify the script variable `installTOTP=true` or `installDuo=true`
+By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you need to specify the `-t` or `--totp` or for Duo `-d` or `--duo` flags on the command line. Or modify the script variables `installTOTP=true` or `installDuo=true`.

 ## How to Run:

@ -28,26 +30,71 @@ Interactive (asks for passwords):

 <code>./guac-install.sh</code>

-Non-Interactive (passwords provided via cli):
+Non-Interactive (values provided via cli):

 <code>./guac-install.sh --mysqlpwd password --guacpwd password</code>

 OR

-<code>./guac-install.sh -m password -g password</code>
+<code>./guac-install.sh -r password -gp password</code>

-Once installation is done you can access guacamole by browsing to: http://<host_or_ip>:8080/guacamole/
+Once installation is done you can access Guacamole by browsing to: http://<host_or_ip>:8080/guacamole/
 The default credentials are guacadmin as both username and password. Please change them or disable guacadmin after install!

 # guac-upgrade
-Script for upgrading currently installed Guacamole instance (previously installed via this script/guide)
+Script for upgrading currently installed Guacamole instance (previously installed via this script/guide).  This will also now update the TOTP or Duo extensions if used.


 If looks for the tomcat folder in /etc/ (E.G. `/etc/tomcat7` or `/etc/tomcat8`) hopefully that works to identify the correct tomcat version/path :smile: I'm open to suggestions/pull requests for a cleaner method.

+## All Switches
+
+Install MySQL:
+
+<code>-i or --installmysql</code>
+
+Do *NOT* install MySQL:
+
+<code>-n or --nomysql</code>
+
+MySQL Host:
+
+<code>-h or --mysqlhost</code>
+
+MySQL Port:
+
+<code>-p or --mysqlport</code>
+
+MySQL Root Password:
+
+<code>-r or --mysqlpwd</code>
+
+Guacamole Database:
+
+<code>-db or --guacdb</code>
+
+Guacamole User:
+
+<code>-gu or --guacuser</code>
+
+Guacamole User Password:
+
+<code>-gp or --guacpwd</code>
+
+Install TOTP:
+
+<code>-t or --totp</code>
+
+Install Duo:
+
+<code>-d or --duo</code>
+
+NOTE: Only the switches for MySQL Host, MySQL Port and Guacamole Database are available in the upgrade script.
+
 ## WARNING

-I don't think this script is working anymore. Way too many reports that 0.9.14 -> 1.0.0 are not working. I don't know why.
+- Upgrading from 0.9.14 -> 1.1.0 has not been tested, only 1.0.0 -> 1.1.0.
+- Switches have changed and additional ones have been added!

 ## How to Run:

@ -65,6 +112,6 @@ Interactive (asks for passwords):

 <code>./guac-upgrade.sh</code>

-Non-Interactive (password provided via cli):
+Non-Interactive (MySQL root password provided via cli):

 <code>./guac-upgrade.sh --mysqlpwd password</code>
--- a/guac-install-server.sh
+++ b/guac-install-server.sh
@ -32,7 +32,7 @@ fi
 apt update
 apt -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \
 libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
-libvorbis-dev libwebp-dev jq curl wget libtool-bin
+libvorbis-dev libwebp-dev jq curl wget libtool-bin libwebsockets-dev

 # If apt fails to run completely the rest of this isn't going to work...
 if [ $? != 0 ]
--- a/guac-install.sh
+++ b/guac-install.sh
@ -17,93 +17,149 @@ NC='\033[0m' # No Color
 # Log Location
 LOG="/tmp/guacamole_${GUACVERSION}_build.log"

-# Default : Do not install TOTP/Duo
-installTOTP=false
-installDuo=false
+# Initialize variable values
+installTOTP=""
+installDuo=""
+
+installMySQL=""
+mysqlHost=""
+mysqlPort=""
+mysqlRootPwd=""
+
+guacDb=""
+guacUser=""
+guacPwd=""

-# Prompt the user if they would like to install MFA, default of no
 PROMPT=""
-echo -e -n "${CYAN}(!)${NC} Do you want to use TOTP? (y/N): "
-read PROMPT
-echo ""
-if [[ $PROMPT =~ ^[Yy]$ ]]; then installTOTP=true; fi
-
-echo -e -n "${CYAN}(!)${NC} Do you want to use Duo? (y/N): "
-read PROMPT
-echo ""
-if [[ $PROMPT =~ ^[Yy]$ ]]; then installDuo=true; fi

 # Get script arguments for non-interactive mode
 while [ "$1" != "" ]; do
    case $1 in
-        -m | --mysqlpwd )
-            shift
-            mysqlpwd="$1"
+        # Install MySQL selection
+        -i | --installmysql )
+            installMySQL=true
            ;;
-        -g | --guacpwd )
+        -n | --nomysql )
+            installMySQL=false
+            ;;
+
+        # MySQL server/root information
+        -h | --mysqlhost )
+            shift
+            mysqlHost="$1"
+            ;;
+        -p | --mysqlport )
+            shift
+            mysqlPort="$1"
+            ;;
+        -r | --mysqlpwd )
+            shift
+            mysqlRootPwd="$1"
+            ;;
+
+        # Guac database/user information
+        -db | --guacdb )
+            shift
+            guacDb="$1"
+            ;;
+        -gu | --guacuser )
+            shift
+            guacUser="$1"
+            ;;
+        -gp | --guacpwd )
            shift
            guacpwd="$1"
            ;;
-        -u | --mysqluser )
-            shift
-            mysqluser="$1"
-            ;;
-        -d | --database )
-            shift
-            DB="$1"
-            ;;
+
+        # MFA selection
        -t | --totp )
            installTOTP=true
            ;;
-        -o | --duo )
+        -d | --duo )
            installDuo=true
    esac
    shift
 done

+if [[ -z $installTOTP ]]; then
+    # Prompt the user if they would like to install MFA, default of no
+    echo -e -n "${CYAN}(!)${NC} Would you like to install TOTP? (y/N): "
+    read PROMPT
+    if [[ $PROMPT =~ ^[Yy]$ ]]; then installTOTP=true; else installTOTP=false; fi
+fi
+
+if [[ -z $installDuo ]]; then
+    echo -e -n "${CYAN}(!)${NC} Would you like to install Duo (configuration values must be set after install in guacamole.properties)? (y/N): "
+    read PROMPT
+    if [[ $PROMPT =~ ^[Yy]$ ]]; then installDuo=true; else installDuo=false; fi
+fi
+
+if [[ -z $installMySQL ]]; then
+    # Prompt the user to see if they would like to install MySQL, default of yes
+    echo -e -n "${CYAN}(!)${NC} Would you like to install MySQL? (Y/n): "
+    read PROMPT
+    if [[ $PROMPT =~ ^[Nn]$ ]]; then installMySQL=false; else installMySQL=true; fi
+fi
+
+if [ "$installMySQL" = false ]; then
+    # We need to get additional values
+    read -p "Enter MySQL server hostname or IP: " mysqlHost
+    read -p "Enter MySQL server port [3306]: " mysqlPort
+    read -p "Enter Guacamole database name [guacamole_db]: " guacDb
+    read -p "Enter Guacamole user [guacamole_user]: " guacUser
+fi
+
+# Get MySQL Root password and Guacamole User password
+echo
+while true
+do
+    read -s -p "Enter a MySQL ROOT Password: " mysqlRootPwd
+    echo
+    read -s -p "Confirm MySQL ROOT Password: " PROMPT2
+    echo
+    [ "$mysqlRootPwd" = "$PROMPT2" ] && break
+    echo "Passwords don't match. Please try again."
+    echo
+done
+echo
+while true
+do
+    read -s -p "Enter a Guacamole User Database Password: " guacPwd
+    echo
+    read -s -p "Confirm Guacamole User Database Password: " PROMPT2
+    echo
+    [ "$guacPwd" = "$PROMPT2" ] && break
+    echo "Passwords don't match. Please try again."
+    echo
+done
+echo
+
+if [ "$installMySQL" = true ]; then
+    # Seed MySQL install values
+    debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysqlRootPwd"
+    debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysqlRootPwd"
+fi
+
+# Checking if mysql host given
+if [ -z "$mysqlHost" ]; then
+    mysqlHost="localhost"
+fi
+
+# Checking if mysql port given
+if [ -z "$mysqlPort" ]; then
+    mysqlPort="3306"
+fi
+
 # Checking if mysql user given
-if [ -z "$mysqluser" ]; then
-    mysqluser="guacamole_user"
+if [ -z "$guacUser" ]; then
+    guacUser="guacamole_user"
 fi

 # Checking if database name given
-if [ -z "$DB" ]; then
-    DB="guacamole_db"
+if [ -z "$guacDb" ]; then
+    guacDb="guacamole_db"
 fi

-# Get MySQL root password and Guacamole User password
-if [ -n "$mysqlpwd" ] && [ -n "$guacpwd" ]; then
-    mysqlrootpassword=$mysqlpwd
-    guacdbuserpassword=$guacpwd
-else
-    echo
-    while true
-    do
-        read -s -p "Enter a MySQL ROOT Password: " mysqlrootpassword
-        echo
-        read -s -p "Confirm MySQL ROOT Password: " password2
-        echo
-        [ "$mysqlrootpassword" = "$password2" ] && break
-        echo "Passwords don't match. Please try again."
-        echo
-    done
-    echo
-    while true
-    do
-        read -s -p "Enter a Guacamole User Database Password: " guacdbuserpassword
-        echo
-        read -s -p "Confirm Guacamole User Database Password: " password2
-        echo
-        [ "$guacdbuserpassword" = "$password2" ] && break
-        echo "Passwords don't match. Please try again."
-        echo
-    done
-    echo
-fi
-
-debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysqlrootpassword"
-debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysqlrootpassword"
-
 # Ubuntu and Debian have different package names for libjpeg
 # Ubuntu and Debian versions have differnet package names for libpng-dev
 # Ubuntu 18.04 does not include universe repo by default
@ -142,10 +198,13 @@ else
    TOMCAT="tomcat7"
 fi

-if [ -z $(command -v mysql) ]; then
-    MYSQL="mysql-server mysql-client mysql-common mysql-utilities"
+MYSQL=""
+if [ "$installMySQL" = true ]; then
+    if [ -z $(command -v mysql) ]; then
+        MYSQL="mysql-server mysql-client mysql-common mysql-utilities"
+    fi
 else
-    MYSQL=""
+    MYSQL="mysql-client"
 fi

 # Uncomment to manually force a tomcat version
@ -198,6 +257,7 @@ if [ $? -ne 0 ]; then
    exit 1
 fi
 echo -e "${GREEN}Downloaded guacamole-auth-jdbc-${GUACVERSION}.tar.gz${NC}"
+
 # Download Guacamole authentication extensions
 if [ "$installTOTP" = true ]; then
    # TOTP
@ -225,6 +285,7 @@ if [ "$installDuo" = true ]; then
 	echo -e "${GREEN}Downloading complete.${NC}"
 	tar -xzf guacamole-auth-duo-${GUACVERSION}.tar.gz
 fi
+
 # Extract Guacamole files
 tar -xzf guacamole-server-${GUACVERSION}.tar.gz
 tar -xzf guacamole-auth-jdbc-${GUACVERSION}.tar.gz
@ -289,24 +350,19 @@ fi
 # Configure guacamole.properties
 rm -f /etc/guacamole/guacamole.properties
 touch /etc/guacamole/guacamole.properties
-echo "mysql-hostname: localhost" >> /etc/guacamole/guacamole.properties
-echo "mysql-port: 3306" >> /etc/guacamole/guacamole.properties
-echo "mysql-database: ${DB}" >> /etc/guacamole/guacamole.properties
-echo "mysql-username: ${mysqluser}" >> /etc/guacamole/guacamole.properties
-echo "mysql-password: ${guacdbuserpassword}" >> /etc/guacamole/guacamole.properties
+echo "mysql-hostname: ${mysqlHost}" >> /etc/guacamole/guacamole.properties
+echo "mysql-port: ${mysqlPort}" >> /etc/guacamole/guacamole.properties
+echo "mysql-database: ${guacDb}" >> /etc/guacamole/guacamole.properties
+echo "mysql-username: ${guacUser}" >> /etc/guacamole/guacamole.properties
+echo "mysql-password: ${guacPwd}" >> /etc/guacamole/guacamole.properties

+# Output Duo configuration settings but comment them out for now
+echo "# duo-api-hostname: " >> /etc/guacamole/guacamole.properties
+echo "# duo-integration-key: " >> /etc/guacamole/guacamole.properties
+echo "# duo-secret-key: " >> /etc/guacamole/guacamole.properties
+echo "# duo-application-key: " >> /etc/guacamole/guacamole.properties
 if [ "$installDuo" = true ]; then
-    echo "duo-api-hostname: <value>" >> /etc/guacamole/guacamole.properties
-    echo "duo-integration-key: <value>" >> /etc/guacamole/guacamole.properties
-    echo "duo-secret-key: <value>" >> /etc/guacamole/guacamole.properties
-    echo "duo-application-key: <value>" >> /etc/guacamole/guacamole.properties
-    echo -e "${BLUE}Duo is installed, it will need to be configured via guacamole.properties!${NC}"
-else
-    # Still output the values, but comment them out
-    echo "# duo-api-hostname: <value>" >> /etc/guacamole/guacamole.properties
-    echo "# duo-integration-key: <value>" >> /etc/guacamole/guacamole.properties
-    echo "# duo-secret-key: <value>" >> /etc/guacamole/guacamole.properties
-    echo "# duo-application-key: <value>" >> /etc/guacamole/guacamole.properties
+    echo -e "${YELLOW}Duo is installed, it will need to be configured via guacamole.properties!${NC}"
 fi

 # restart tomcat
@ -320,21 +376,30 @@ else
    echo -e "${GREEN}OK${NC}"
 fi

-# Create guacamole_db and grant $mysqluser permissions to it
+# Create $guacDb and grant $guacUser permissions to it

 # SQL code
+guacUserHost="localhost"
+
+if [[ "$mysqlHost" != "localhost" ]]; then
+    guacUserHost="%"
+    echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${NC}"
+fi
+
 SQLCODE="
-create database ${DB};
-create user if not exists '${mysqluser}'@'localhost' identified by \"${guacdbuserpassword}\";
-GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO '${mysqluser}'@'localhost';
+create database ${guacDb};
+create user if not exists '${guacUser}'@'${guacUserHost}' identified by \"${guacPwd}\";
+GRANT SELECT,INSERT,UPDATE,DELETE ON ${guacDb}.* TO '${guacUser}'@'${guacUserHost}';
 flush privileges;"

+export MYSQL_PWD=${mysqlRootPwd}
+
 # Execute SQL code
-echo ${SQLCODE} | mysql -u root -p${mysqlrootpassword}
+echo ${SQLCODE} | mysql -u root -h ${mysqlHost} -P ${mysqlPort}

 # Add Guacamole schema to newly created database
 echo -e "Adding db tables..."
-cat guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/*.sql | mysql -u root -p${mysqlrootpassword} ${DB}
+cat guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/*.sql | mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort}
 if [ $? -ne 0 ]; then
    echo -e "${RED}Failed${NC}"
    exit 1
@ -343,6 +408,7 @@ else
 fi

 # Ensure guacd is started
+echo -e "${BLUE}Starting guacamole...${NC}"
 service guacd start

 # Cleanup
@ -355,5 +421,6 @@ if [ $? -ne 0 ]; then
 else
    echo -e "${GREEN}OK${NC}"
 fi
+unset MYSQL_PWD

 echo -e "${BLUE}Installation Complete\nhttp://localhost:8080/guacamole/\nDefault login guacadmin:guacadmin\nBe sure to change the password.${NC}"
--- a/guac-upgrade.sh
+++ b/guac-upgrade.sh
@ -14,34 +14,60 @@ GREEN='\033[0;32m'
 CYAN='\033[0;36m'
 NC='\033[0m' # No Color

-# Try to get database from /etc/guacamole/guacamole.properties
-DATABASE=$(grep -oP 'mysql-database:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
-MYSQL_SERVER=$(grep -oP 'mysql-hostname:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
+# Try to get host and database from /etc/guacamole/guacamole.properties
+mysqlHost=$(grep -oP 'mysql-hostname:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
+mysqlPort=$(grep -oP 'mysql-port:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
+guacDb=$(grep -oP 'mysql-database:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')

 # Get script arguments for non-interactive mode
 while [ "$1" != "" ]; do
    case $1 in
-        -m | --mysqlpwd )
+        -h | --mysqlhost )
            shift
-            mysqlpwd="$1"
+            mysqlHost="$1"
+            ;;
+        -p | --mysqlport )
+            shift
+            mysqlPort="$1"
+            ;;
+        -r | --mysqlpwd )
+            shift
+            mysqlrootpwd="$1"
            ;;
    esac
    shift
 done

-# Get MySQL root password
-if [ -n "$mysqlpwd" ]; then
-        mysqlrootpassword=$mysqlpwd
-        export MYSQL_PWD=${mysqlrootpassword}
-        mysql -u root -h ${MYSQL_SERVER} ${DATABASE} -e"quit" || exit
+# Get MySQL host
+if [ -z "$mysqlHost" ]; then
+    read -p "Enter MySQL Host [localhost]: " mysqlHost
+    echo
+    if [ -z "$mysqlHost" ]; then
+        mysqlHost="localhost"
+    fi
+fi
+
+# Get MySQL port
+if [ -z "$mysqlPort" ]; then
+    read -p "Enter MySQL Port [3306]: " mysqlPort
+    echo
+    if [ -z "$mysqlPort" ]; then
+        mysqlPort="3306"
+    fi
+fi
+
+if [ -n "$mysqlRootPwd" ]; then
+    export MYSQL_PWD=${mysqlRootPwd}
+    mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} -e"quit" || exit
 else
+    # Get MySQL root password
    echo
    while true
    do
-        read -s -p "Enter MySQL ROOT Password: " mysqlrootpassword
-        export MYSQL_PWD=${mysqlrootpassword}
+        read -s -p "Enter MySQL ROOT Password: " mysqlRootPwd
+        export MYSQL_PWD=${mysqlRootPwd}
        echo
-        mysql -u root -h ${MYSQL_SERVER} ${DATABASE} -e"quit" && break
+        mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} -e"quit" && break
        echo
    done
    echo
@ -116,8 +142,8 @@ for FILE in ${UPGRADEFILES[@]}
 do
    FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
    if [[ $(echo -e "${FILEVERSION}\n${OLDVERSION}" | sort -V | head -n1) == ${OLDVERSION} && ${FILEVERSION} != ${OLDVERSION} ]]; then
-        echo "Patching ${DATABASE} with ${FILE}"
-        mysql -u root -h ${MYSQL_SERVER} ${DATABASE} < guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/${FILE}
+        echo "Patching ${guacDb} with ${FILE}"
+        mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} < guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/${FILE}
    fi
 done

@ -166,7 +192,8 @@ for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
    fi
 done

-# Start tomcat
+# Start tomcat and Guacamole
+echo -e "${BLUE}Starting tomcat and guacamole...${NC}"
 service ${TOMCAT} start
 service guacd start