safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-682: Merge support for specfying the Maven build profile when building the Docker image.

Browse Source
This commit is contained in:
Michael Jumper
2018-12-24 09:06:41 -08:00
parent fd2198d62b 5fb537b707
commit 78f1ae1b4e
3 changed files with 117 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@@ -30,6 +30,10 @@ ARG TOMCAT_JRE=jre8
# Use official maven image for the build # Use official maven image for the build
FROM maven:3-jdk-8 AS builder FROM maven:3-jdk-8 AS builder
# Use args to build radius auth extension such as
# `--build-arg BUILD_PROFILE=lgpl-extensions`
ARG BUILD_PROFILE
# Build environment variables # Build environment variables
ENV \ ENV \
BUILD_DIR=/tmp/guacamole-docker-BUILD BUILD_DIR=/tmp/guacamole-docker-BUILD
@@ -41,7 +45,7 @@ COPY guacamole-docker/bin/ /opt/guacamole/bin/
COPY . "$BUILD_DIR" COPY . "$BUILD_DIR"
# Run the build itself # Run the build itself
RUN /opt/guacamole/bin/build-guacamole.sh "$BUILD_DIR" /opt/guacamole RUN /opt/guacamole/bin/build-guacamole.sh "$BUILD_DIR" /opt/guacamole "$BUILD_PROFILE"
# For the runtime image, we start with the official Tomcat distribution # For the runtime image, we start with the official Tomcat distribution
FROM tomcat:${TOMCAT_VERSION}-${TOMCAT_JRE} FROM tomcat:${TOMCAT_VERSION}-${TOMCAT_JRE}

19
guacamole-docker/bin/build-guacamole.sh
View File

@@ -38,9 +38,15 @@
## subdirectories within this directory, and files will thus be grouped by ## subdirectories within this directory, and files will thus be grouped by
## extension type. ## extension type.
## ##
## @param BUILD_PROFILE
## The build profile that will be passed to Maven build process. Defaults
## to empty string. Can be set to "lgpl-extensions" to e.g. include
## RADIUS authentication extension.
##
BUILD_DIR="$1" BUILD_DIR="$1"
DESTINATION="$2" DESTINATION="$2"
BUILD_PROFILE="$3"
# #
# Create destination, if it does not yet exist # Create destination, if it does not yet exist
@@ -53,7 +59,12 @@ mkdir -p "$DESTINATION"
# #
cd "$BUILD_DIR" cd "$BUILD_DIR"
if [ -z "$BUILD_PROFILE" ]; then
mvn package mvn package
else
mvn -P "$BUILD_PROFILE" package
fi
# #
# Copy guacamole.war to destination # Copy guacamole.war to destination
@@ -107,3 +118,11 @@ tar -xzf extensions/guacamole-auth-ldap/target/*.tar.gz \
"*.jar" \ "*.jar" \
"*.ldif" "*.ldif"
#
# Copy Radius auth extension if it was build
#
if [ -f extensions/guacamole-auth-radius/target/guacamole-auth-radius*.jar ]; then
mkdir -p "$DESTINATION/radius"
cp extensions/guacamole-auth-radius/target/guacamole-auth-radius*.jar "$DESTINATION/radius"
fi

96
guacamole-docker/bin/start.sh
View File

@@ -322,6 +322,88 @@ END
} }
##
## Adds properties to guacamole.properties which select the LDAP
## authentication provider, and configure it to connect to the specified LDAP
## directory.
##
associate_radius() {
# Verify required parameters are present
if [ -z "$RADIUS_SHARED_SECRET" -o -z "$RADIUS_AUTH_PROTOCOL" ]; then
cat <<END
FATAL: Missing required environment variables
-------------------------------------------------------------------------------
If using RADIUS server, you must provide each of the following environment
variables:
RADIUS_SHARED_SECRET The shared secret to use when talking to the
RADIUS server.
RADIUS_AUTH_PROTOCOL The authentication protocol to use when talking
to the RADIUS server.
Supported values are:
pap, chap, mschapv1, mschapv2, eap-md5,
eap-tls and eap-ttls.
END
exit 1;
fi
# Verify provided files do exist and are readable
if [ -n "$RADIUS_KEY_FILE" -a ! -r "$RADIUS_KEY_FILE" ]; then
cat <<END
FATAL: Provided file RADIUS_KEY_FILE=$RADIUS_KEY_FILE does not exist
or is not readable!
-------------------------------------------------------------------------------
If you provide key or CA files you need to mount those into the container and
make sure they are readable for the user in the container.
END
exit 1;
fi
if [ -n "$RADIUS_CA_FILE" -a ! -r "$RADIUS_CA_FILE" ]; then
cat <<END
FATAL: Provided file RADIUS_CA_FILE=$RADIUS_CA_FILE does not exist
or is not readable!
-------------------------------------------------------------------------------
If you provide key or CA files you need to mount those into the container and
make sure they are readable for the user in the container.
END
exit 1;
fi
if [ "$RADIUS_AUTH_PROTOCOL" == "eap-ttls" -a -z "$RADIUS_EAP_TTLS_INNER_PROTOCOL" ]; then
cat <<END
FATAL: Authentication protocol "eap-ttls" specified but
RADIUS_EAP_TTLS_INNER_PROTOCOL is not set!
-------------------------------------------------------------------------------
When EAP-TTLS is used, this parameter specifies the inner (tunneled)
protocol to use talking to the RADIUS server.
END
exit 1;
fi
# Update config file
set_optional_property "radius-hostname" "$RADIUS_HOSTNAME"
set_optional_property "radius-auth-port" "$RADIUS_AUTH_PORT"
set_property "radius-shared-secret" "$RADIUS_SHARED_SECRET"
set_property "radius-auth-protocol" "$RADIUS_AUTH_PROTOCOL"
set_optional_property "radius-key-file" "$RADIUS_KEY_FILE"
set_optional_property "radius-key-type" "$RADIUS_KEY_TYPE"
set_optional_property "radius-key-password" "$RADIUS_KEY_PASSWORD"
set_optional_property "radius-ca-file" "$RADIUS_CA_FILE"
set_optional_property "radius-ca-type" "$RADIUS_CA_TYPE"
set_optional_property "radius-ca-password" "$RADIUS_CA_PASSWORD"
set_optional_property "radius-trust-all" "$RADIUS_TRUST_ALL"
set_optional_property "radius-retries" "$RADIUS_RETRIES"
set_optional_property "radius-timeout" "$RADIUS_TIMEOUT"
set_optional_property \
"radius-eap-ttls-inner-protocol" \
"$RADIUS_EAP_TTLS_INNER_PROTOCOL"
# Add required .jar files to GUACAMOLE_EXT
ln -s /opt/guacamole/radius/guacamole-auth-*.jar "$GUACAMOLE_EXT"
}
## ##
## Starts Guacamole under Tomcat, replacing the current process with the ## Starts Guacamole under Tomcat, replacing the current process with the
## Tomcat process. As the current process will be replaced, this MUST be the ## Tomcat process. As the current process will be replaced, this MUST be the
@@ -424,6 +506,12 @@ if [ -n "$LDAP_HOSTNAME" ]; then
INSTALLED_AUTH="$INSTALLED_AUTH ldap" INSTALLED_AUTH="$INSTALLED_AUTH ldap"
fi fi
# Use RADIUS server if specified
if [ -n "$RADIUS_SHARED_SECRET" ]; then
associate_radius
INSTALLED_AUTH="$INSTALLED_AUTH radius"
fi
# #
# Validate that at least one authentication backend is installed # Validate that at least one authentication backend is installed
# #
@@ -433,10 +521,10 @@ if [ -z "$INSTALLED_AUTH" -a -z "$GUACAMOLE_HOME_TEMPLATE" ]; then
FATAL: No authentication configured FATAL: No authentication configured
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
The Guacamole Docker container needs at least one authentication mechanism in The Guacamole Docker container needs at least one authentication mechanism in
order to function, such as a MySQL database, PostgreSQL database, or LDAP order to function, such as a MySQL database, PostgreSQL database, LDAP
directory. Please specify at least the MYSQL_DATABASE or POSTGRES_DATABASE directory or RADIUS server. Please specify at least the MYSQL_DATABASE or
environment variables, or check Guacamole's Docker documentation regarding POSTGRES_DATABASE environment variables, or check Guacamole's Docker
configuring LDAP and/or custom extensions. documentation regarding configuring LDAP and/or custom extensions.
END END
exit 1; exit 1;
fi fi