1
0
mirror of https://github.com/MysticRyuujin/guac-install.git synced 2023-10-10 13:36:56 +02:00

Add Optional MySQL Support (#99)

* Added missing package for guac-install-server.sh.

* Minor cleanup of Duo configuration settings.

* Prompt test.

* Working on adding prompts and replacing MySQL information with variables.

* Improved switch/variable management and checking, only prompt for values not already passed via command line switches.

* Removed variable that shouldn't be there.

* Updated switches.

* Updated readme to include new information and all switches.

* Updated readme again.

* -Updated variables and switches to match install script.
-Added check for MySQL host, prompt if necessary.

* Updated scripts to use given MySQL host/port when executing scripts.

* Fixed typo and removed line that always fails.

* More fixes.

* Added line back in.

* Added starting services message to upgrade script.
This commit is contained in:
SoulSeekkor 2020-02-09 17:40:11 -06:00 committed by GitHub
parent dfc6f05d85
commit 2c29ba8231
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 255 additions and 114 deletions

View File

@ -1,16 +1,18 @@
# guac-install
Script for installing Guacamole 1.1.0 on Ubuntu 16.04 or newer with MySQL. It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now**
Script for installing Guacamole 1.1.0 on Ubuntu 16.04 or newer (optionally with MySQL by default). It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now**
Run script, enter MySQL Root Password and Guacamole User password. Guacamole User is used to connect to the Guacamole Database.
The script attempts to install tomcat8 if the available version is 8.5.x or newer, if tomcat8 is only 8.0.x it will fall back to tomcat7. If you want to manually specify a tomcat version there's a commented out line you can modify at line #73. Have at it.
The script attempts to install tomcat8 if the available version is 8.5.x or newer, if tomcat8 is only 8.0.x it will fall back to tomcat7. If you want to manually specify a tomcat version there's a commented out line you can modify. Have at it.
If you're looking to also have NGINX / Let's Encrypt / HTTPS click [HERE](https://github.com/bigredthelogger/guacamole)
## MFA/2FA
By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you need to specify the `-t` or `--totp` or for Duo `-o` or `--duo` flags on the command line. Or modify the script variable `installTOTP=true` or `installDuo=true`
By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you need to specify the `-t` or `--totp` or for Duo `-d` or `--duo` flags on the command line. Or modify the script variables `installTOTP=true` or `installDuo=true`.
## How to Run:
@ -28,26 +30,71 @@ Interactive (asks for passwords):
<code>./guac-install.sh</code>
Non-Interactive (passwords provided via cli):
Non-Interactive (values provided via cli):
<code>./guac-install.sh --mysqlpwd password --guacpwd password</code>
OR
<code>./guac-install.sh -m password -g password</code>
<code>./guac-install.sh -r password -gp password</code>
Once installation is done you can access guacamole by browsing to: http://<host_or_ip>:8080/guacamole/
Once installation is done you can access Guacamole by browsing to: http://<host_or_ip>:8080/guacamole/
The default credentials are guacadmin as both username and password. Please change them or disable guacadmin after install!
# guac-upgrade
Script for upgrading currently installed Guacamole instance (previously installed via this script/guide)
Script for upgrading currently installed Guacamole instance (previously installed via this script/guide). This will also now update the TOTP or Duo extensions if used.
If looks for the tomcat folder in /etc/ (E.G. `/etc/tomcat7` or `/etc/tomcat8`) hopefully that works to identify the correct tomcat version/path :smile: I'm open to suggestions/pull requests for a cleaner method.
## All Switches
Install MySQL:
<code>-i or --installmysql</code>
Do *NOT* install MySQL:
<code>-n or --nomysql</code>
MySQL Host:
<code>-h or --mysqlhost</code>
MySQL Port:
<code>-p or --mysqlport</code>
MySQL Root Password:
<code>-r or --mysqlpwd</code>
Guacamole Database:
<code>-db or --guacdb</code>
Guacamole User:
<code>-gu or --guacuser</code>
Guacamole User Password:
<code>-gp or --guacpwd</code>
Install TOTP:
<code>-t or --totp</code>
Install Duo:
<code>-d or --duo</code>
NOTE: Only the switches for MySQL Host, MySQL Port and Guacamole Database are available in the upgrade script.
## WARNING
I don't think this script is working anymore. Way too many reports that 0.9.14 -> 1.0.0 are not working. I don't know why.
- Upgrading from 0.9.14 -> 1.1.0 has not been tested, only 1.0.0 -> 1.1.0.
- Switches have changed and additional ones have been added!
## How to Run:
@ -65,6 +112,6 @@ Interactive (asks for passwords):
<code>./guac-upgrade.sh</code>
Non-Interactive (password provided via cli):
Non-Interactive (MySQL root password provided via cli):
<code>./guac-upgrade.sh --mysqlpwd password</code>

View File

@ -32,7 +32,7 @@ fi
apt update
apt -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \
libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
libvorbis-dev libwebp-dev jq curl wget libtool-bin
libvorbis-dev libwebp-dev jq curl wget libtool-bin libwebsockets-dev
# If apt fails to run completely the rest of this isn't going to work...
if [ $? != 0 ]

View File

@ -17,93 +17,149 @@ NC='\033[0m' # No Color
# Log Location
LOG="/tmp/guacamole_${GUACVERSION}_build.log"
# Default : Do not install TOTP/Duo
installTOTP=false
installDuo=false
# Initialize variable values
installTOTP=""
installDuo=""
installMySQL=""
mysqlHost=""
mysqlPort=""
mysqlRootPwd=""
guacDb=""
guacUser=""
guacPwd=""
# Prompt the user if they would like to install MFA, default of no
PROMPT=""
echo -e -n "${CYAN}(!)${NC} Do you want to use TOTP? (y/N): "
read PROMPT
echo ""
if [[ $PROMPT =~ ^[Yy]$ ]]; then installTOTP=true; fi
echo -e -n "${CYAN}(!)${NC} Do you want to use Duo? (y/N): "
read PROMPT
echo ""
if [[ $PROMPT =~ ^[Yy]$ ]]; then installDuo=true; fi
# Get script arguments for non-interactive mode
while [ "$1" != "" ]; do
case $1 in
-m | --mysqlpwd )
shift
mysqlpwd="$1"
# Install MySQL selection
-i | --installmysql )
installMySQL=true
;;
-g | --guacpwd )
-n | --nomysql )
installMySQL=false
;;
# MySQL server/root information
-h | --mysqlhost )
shift
mysqlHost="$1"
;;
-p | --mysqlport )
shift
mysqlPort="$1"
;;
-r | --mysqlpwd )
shift
mysqlRootPwd="$1"
;;
# Guac database/user information
-db | --guacdb )
shift
guacDb="$1"
;;
-gu | --guacuser )
shift
guacUser="$1"
;;
-gp | --guacpwd )
shift
guacpwd="$1"
;;
-u | --mysqluser )
shift
mysqluser="$1"
;;
-d | --database )
shift
DB="$1"
;;
# MFA selection
-t | --totp )
installTOTP=true
;;
-o | --duo )
-d | --duo )
installDuo=true
esac
shift
done
if [[ -z $installTOTP ]]; then
# Prompt the user if they would like to install MFA, default of no
echo -e -n "${CYAN}(!)${NC} Would you like to install TOTP? (y/N): "
read PROMPT
if [[ $PROMPT =~ ^[Yy]$ ]]; then installTOTP=true; else installTOTP=false; fi
fi
if [[ -z $installDuo ]]; then
echo -e -n "${CYAN}(!)${NC} Would you like to install Duo (configuration values must be set after install in guacamole.properties)? (y/N): "
read PROMPT
if [[ $PROMPT =~ ^[Yy]$ ]]; then installDuo=true; else installDuo=false; fi
fi
if [[ -z $installMySQL ]]; then
# Prompt the user to see if they would like to install MySQL, default of yes
echo -e -n "${CYAN}(!)${NC} Would you like to install MySQL? (Y/n): "
read PROMPT
if [[ $PROMPT =~ ^[Nn]$ ]]; then installMySQL=false; else installMySQL=true; fi
fi
if [ "$installMySQL" = false ]; then
# We need to get additional values
read -p "Enter MySQL server hostname or IP: " mysqlHost
read -p "Enter MySQL server port [3306]: " mysqlPort
read -p "Enter Guacamole database name [guacamole_db]: " guacDb
read -p "Enter Guacamole user [guacamole_user]: " guacUser
fi
# Get MySQL Root password and Guacamole User password
echo
while true
do
read -s -p "Enter a MySQL ROOT Password: " mysqlRootPwd
echo
read -s -p "Confirm MySQL ROOT Password: " PROMPT2
echo
[ "$mysqlRootPwd" = "$PROMPT2" ] && break
echo "Passwords don't match. Please try again."
echo
done
echo
while true
do
read -s -p "Enter a Guacamole User Database Password: " guacPwd
echo
read -s -p "Confirm Guacamole User Database Password: " PROMPT2
echo
[ "$guacPwd" = "$PROMPT2" ] && break
echo "Passwords don't match. Please try again."
echo
done
echo
if [ "$installMySQL" = true ]; then
# Seed MySQL install values
debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysqlRootPwd"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysqlRootPwd"
fi
# Checking if mysql host given
if [ -z "$mysqlHost" ]; then
mysqlHost="localhost"
fi
# Checking if mysql port given
if [ -z "$mysqlPort" ]; then
mysqlPort="3306"
fi
# Checking if mysql user given
if [ -z "$mysqluser" ]; then
mysqluser="guacamole_user"
if [ -z "$guacUser" ]; then
guacUser="guacamole_user"
fi
# Checking if database name given
if [ -z "$DB" ]; then
DB="guacamole_db"
if [ -z "$guacDb" ]; then
guacDb="guacamole_db"
fi
# Get MySQL root password and Guacamole User password
if [ -n "$mysqlpwd" ] && [ -n "$guacpwd" ]; then
mysqlrootpassword=$mysqlpwd
guacdbuserpassword=$guacpwd
else
echo
while true
do
read -s -p "Enter a MySQL ROOT Password: " mysqlrootpassword
echo
read -s -p "Confirm MySQL ROOT Password: " password2
echo
[ "$mysqlrootpassword" = "$password2" ] && break
echo "Passwords don't match. Please try again."
echo
done
echo
while true
do
read -s -p "Enter a Guacamole User Database Password: " guacdbuserpassword
echo
read -s -p "Confirm Guacamole User Database Password: " password2
echo
[ "$guacdbuserpassword" = "$password2" ] && break
echo "Passwords don't match. Please try again."
echo
done
echo
fi
debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysqlrootpassword"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysqlrootpassword"
# Ubuntu and Debian have different package names for libjpeg
# Ubuntu and Debian versions have differnet package names for libpng-dev
# Ubuntu 18.04 does not include universe repo by default
@ -142,10 +198,13 @@ else
TOMCAT="tomcat7"
fi
if [ -z $(command -v mysql) ]; then
MYSQL="mysql-server mysql-client mysql-common mysql-utilities"
MYSQL=""
if [ "$installMySQL" = true ]; then
if [ -z $(command -v mysql) ]; then
MYSQL="mysql-server mysql-client mysql-common mysql-utilities"
fi
else
MYSQL=""
MYSQL="mysql-client"
fi
# Uncomment to manually force a tomcat version
@ -198,6 +257,7 @@ if [ $? -ne 0 ]; then
exit 1
fi
echo -e "${GREEN}Downloaded guacamole-auth-jdbc-${GUACVERSION}.tar.gz${NC}"
# Download Guacamole authentication extensions
if [ "$installTOTP" = true ]; then
# TOTP
@ -225,6 +285,7 @@ if [ "$installDuo" = true ]; then
echo -e "${GREEN}Downloading complete.${NC}"
tar -xzf guacamole-auth-duo-${GUACVERSION}.tar.gz
fi
# Extract Guacamole files
tar -xzf guacamole-server-${GUACVERSION}.tar.gz
tar -xzf guacamole-auth-jdbc-${GUACVERSION}.tar.gz
@ -289,24 +350,19 @@ fi
# Configure guacamole.properties
rm -f /etc/guacamole/guacamole.properties
touch /etc/guacamole/guacamole.properties
echo "mysql-hostname: localhost" >> /etc/guacamole/guacamole.properties
echo "mysql-port: 3306" >> /etc/guacamole/guacamole.properties
echo "mysql-database: ${DB}" >> /etc/guacamole/guacamole.properties
echo "mysql-username: ${mysqluser}" >> /etc/guacamole/guacamole.properties
echo "mysql-password: ${guacdbuserpassword}" >> /etc/guacamole/guacamole.properties
echo "mysql-hostname: ${mysqlHost}" >> /etc/guacamole/guacamole.properties
echo "mysql-port: ${mysqlPort}" >> /etc/guacamole/guacamole.properties
echo "mysql-database: ${guacDb}" >> /etc/guacamole/guacamole.properties
echo "mysql-username: ${guacUser}" >> /etc/guacamole/guacamole.properties
echo "mysql-password: ${guacPwd}" >> /etc/guacamole/guacamole.properties
# Output Duo configuration settings but comment them out for now
echo "# duo-api-hostname: " >> /etc/guacamole/guacamole.properties
echo "# duo-integration-key: " >> /etc/guacamole/guacamole.properties
echo "# duo-secret-key: " >> /etc/guacamole/guacamole.properties
echo "# duo-application-key: " >> /etc/guacamole/guacamole.properties
if [ "$installDuo" = true ]; then
echo "duo-api-hostname: <value>" >> /etc/guacamole/guacamole.properties
echo "duo-integration-key: <value>" >> /etc/guacamole/guacamole.properties
echo "duo-secret-key: <value>" >> /etc/guacamole/guacamole.properties
echo "duo-application-key: <value>" >> /etc/guacamole/guacamole.properties
echo -e "${BLUE}Duo is installed, it will need to be configured via guacamole.properties!${NC}"
else
# Still output the values, but comment them out
echo "# duo-api-hostname: <value>" >> /etc/guacamole/guacamole.properties
echo "# duo-integration-key: <value>" >> /etc/guacamole/guacamole.properties
echo "# duo-secret-key: <value>" >> /etc/guacamole/guacamole.properties
echo "# duo-application-key: <value>" >> /etc/guacamole/guacamole.properties
echo -e "${YELLOW}Duo is installed, it will need to be configured via guacamole.properties!${NC}"
fi
# restart tomcat
@ -320,21 +376,30 @@ else
echo -e "${GREEN}OK${NC}"
fi
# Create guacamole_db and grant $mysqluser permissions to it
# Create $guacDb and grant $guacUser permissions to it
# SQL code
guacUserHost="localhost"
if [[ "$mysqlHost" != "localhost" ]]; then
guacUserHost="%"
echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${NC}"
fi
SQLCODE="
create database ${DB};
create user if not exists '${mysqluser}'@'localhost' identified by \"${guacdbuserpassword}\";
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO '${mysqluser}'@'localhost';
create database ${guacDb};
create user if not exists '${guacUser}'@'${guacUserHost}' identified by \"${guacPwd}\";
GRANT SELECT,INSERT,UPDATE,DELETE ON ${guacDb}.* TO '${guacUser}'@'${guacUserHost}';
flush privileges;"
export MYSQL_PWD=${mysqlRootPwd}
# Execute SQL code
echo ${SQLCODE} | mysql -u root -p${mysqlrootpassword}
echo ${SQLCODE} | mysql -u root -h ${mysqlHost} -P ${mysqlPort}
# Add Guacamole schema to newly created database
echo -e "Adding db tables..."
cat guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/*.sql | mysql -u root -p${mysqlrootpassword} ${DB}
cat guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/*.sql | mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort}
if [ $? -ne 0 ]; then
echo -e "${RED}Failed${NC}"
exit 1
@ -343,6 +408,7 @@ else
fi
# Ensure guacd is started
echo -e "${BLUE}Starting guacamole...${NC}"
service guacd start
# Cleanup
@ -355,5 +421,6 @@ if [ $? -ne 0 ]; then
else
echo -e "${GREEN}OK${NC}"
fi
unset MYSQL_PWD
echo -e "${BLUE}Installation Complete\nhttp://localhost:8080/guacamole/\nDefault login guacadmin:guacadmin\nBe sure to change the password.${NC}"

View File

@ -14,34 +14,60 @@ GREEN='\033[0;32m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
# Try to get database from /etc/guacamole/guacamole.properties
DATABASE=$(grep -oP 'mysql-database:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
MYSQL_SERVER=$(grep -oP 'mysql-hostname:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
# Try to get host and database from /etc/guacamole/guacamole.properties
mysqlHost=$(grep -oP 'mysql-hostname:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
mysqlPort=$(grep -oP 'mysql-port:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
guacDb=$(grep -oP 'mysql-database:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
# Get script arguments for non-interactive mode
while [ "$1" != "" ]; do
case $1 in
-m | --mysqlpwd )
-h | --mysqlhost )
shift
mysqlpwd="$1"
mysqlHost="$1"
;;
-p | --mysqlport )
shift
mysqlPort="$1"
;;
-r | --mysqlpwd )
shift
mysqlrootpwd="$1"
;;
esac
shift
done
# Get MySQL root password
if [ -n "$mysqlpwd" ]; then
mysqlrootpassword=$mysqlpwd
export MYSQL_PWD=${mysqlrootpassword}
mysql -u root -h ${MYSQL_SERVER} ${DATABASE} -e"quit" || exit
# Get MySQL host
if [ -z "$mysqlHost" ]; then
read -p "Enter MySQL Host [localhost]: " mysqlHost
echo
if [ -z "$mysqlHost" ]; then
mysqlHost="localhost"
fi
fi
# Get MySQL port
if [ -z "$mysqlPort" ]; then
read -p "Enter MySQL Port [3306]: " mysqlPort
echo
if [ -z "$mysqlPort" ]; then
mysqlPort="3306"
fi
fi
if [ -n "$mysqlRootPwd" ]; then
export MYSQL_PWD=${mysqlRootPwd}
mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} -e"quit" || exit
else
# Get MySQL root password
echo
while true
do
read -s -p "Enter MySQL ROOT Password: " mysqlrootpassword
export MYSQL_PWD=${mysqlrootpassword}
read -s -p "Enter MySQL ROOT Password: " mysqlRootPwd
export MYSQL_PWD=${mysqlRootPwd}
echo
mysql -u root -h ${MYSQL_SERVER} ${DATABASE} -e"quit" && break
mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} -e"quit" && break
echo
done
echo
@ -116,8 +142,8 @@ for FILE in ${UPGRADEFILES[@]}
do
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLDVERSION}" | sort -V | head -n1) == ${OLDVERSION} && ${FILEVERSION} != ${OLDVERSION} ]]; then
echo "Patching ${DATABASE} with ${FILE}"
mysql -u root -h ${MYSQL_SERVER} ${DATABASE} < guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/${FILE}
echo "Patching ${guacDb} with ${FILE}"
mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} < guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/${FILE}
fi
done
@ -166,7 +192,8 @@ for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
fi
done
# Start tomcat
# Start tomcat and Guacamole
echo -e "${BLUE}Starting tomcat and guacamole...${NC}"
service ${TOMCAT} start
service guacd start