GUACAMOLE-1418: Merge add support of SQLServer JDBC plugin to Docker build

2025-09-06 13:17:41 +00:00 · 2021-12-26 08:37:32 -07:00
parent 2d269a129d 42f753bda8
commit 881d203080
4 changed files with 249 additions and 11 deletions
--- a/guacamole-docker/README.md
+++ b/guacamole-docker/README.md
@@ -13,7 +13,7 @@ How to use this image
 Using this image will require an existing, running Docker container with the
 [guacd image](https://registry.hub.docker.com/u/guacamole/guacd/), and another
-Docker container providing either a PostgreSQL or MySQL database.
+Docker container providing either a PostgreSQL, MySQL or SQLServer database.
 The name of the database and all associated credentials are specified with
 environment variables given when the container is created. All other
@@ -31,9 +31,9 @@ Docker, as well.
 Docker Secrets
 ==============
 The string `_FILE` may be appended to some of the environment variables listed
-below if you are using MySQL or PostgreSQL authentication. This will cause the
+below if you are using MySQL, PostgreSQL or SQLServer authentication. This will
-startup script to load the values for those variables from files within
+cause the startup script to load the values for those variables from files
-the container.
+within the container.
 This is useful for specifying sensitive info, ie. passwords for
 the database, in secured files instead of plaintext environment variables. This
@@ -163,6 +163,71 @@ The process for doing this via the `mysql` utility included with MySQL is
 documented in
 [the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-mysql).
 Deploying Guacamole with SQLServer authentication
 --------------------------------------------------
 Linking Guacamole to SQLServer requires three environment variables. If any of
 these environment variables are omitted, you will receive an error message, and
 the image will stop:
 1. `SQLSERVER_DATABASE` - The name of the database to use for Guacamole
   authentication.
 2. `SQLSERVER_USER` - The user that Guacamole will use to connect to SQLServer.
 3. `SQLSERVER_PASSWORD` - The password that Guacamole will provide when
   connecting to SQLServer as `SQLSERVER_USER`.
    docker run --name some-guacamole --link some-guacd:guacd \
        --link some-sqlserver:sqlserver      \
        -e SQLSERVER_DATABASE=guacamole_db  \
        -e SQLSERVER_USER=guacamole_user    \
        -e SQLSERVER_PASSWORD=some_password \
        -d -p 8080:8080 guacamole/guacamole
 Alternatively, if you want to store database credentials using Docker secrets,
 the following three variables are required and replace the previous three:
 1. `SQLSERVER_DATABASE_FILE` - The path of the docker secret containing the name
   of database to use for Guacamole authentication.
 2. `SQLSERVER_USER_FILE` - The path of the docker secret containing the name of
   the user that Guacamole will use to connect to SQLServer.
 3. `SQLSERVER_PASSWORD_FILE` - The path of the docker secret containing the
   password that Guacamole will provide when connecting to SQLServer as
   `SQLSERVER_USER.
    docker run --name some-guacamole --link some-guacd:guacd \
        --link some-sqlserver:sqlserver      \
        -e SQLSERVER_DATABASE_FILE=/run/secrets/<secret_name> \
        -e SQLSERVER_USER_FILE=/run/secrets/<secret_name> \
        -e SQLSERVER_PASSWORD_FILE=/run/secrets/<secret_name> \
        -d -p 8080:8080 guacamole/guacamole
 ### Initializing the SQLServer database
 If your database is not already initialized with the Guacamole schema, you will
 need to do so prior to using Guacamole. A convenience script for generating the
 necessary SQL to do this is included in the Guacamole image.
 To generate a SQL script which can be used to initialize a fresh SQLServer
 database
 [as documented in the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver):
    docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --sqlserver > initdb.sql
 Alternatively, you can use the SQL scripts included with the
 guacamole-auth-jdbc extension from
 [the corresponding release](http://guacamole.apache.org/releases/).
 Once this script is generated, you must:
 1. Create a database for Guacamole within SQLServer, such as `guacamole_db`.
 2. Run the script on the newly-created database.
 3. Create a user for Guacamole within SQLServer with access to the tables and
   sequences of this database, such as `guacamole_user`.
 The process for doing this via the `sqlcmd` utilities included
 with SQLServer is documented in
 [the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver).
 Reporting issues
 ================
--- a/guacamole-docker/bin/build-guacamole.sh
+++ b/guacamole-docker/bin/build-guacamole.sh
@@ -121,6 +121,20 @@ tar -xzf extensions/guacamole-auth-sso/modules/guacamole-auth-sso-dist/target/*.
    --strip-components=1                                \
    "*.jar"
 #
 # Download SQL Server JDBC driver
 #
 echo "Downloading SQL Server JDBC driver ..."
 curl -L "https://go.microsoft.com/fwlink/?linkid=2183223&clcid=0x409" | \
 tar -xz                        \
    -C "$DESTINATION/sqlserver/"   \
    --wildcards                \
    --no-anchored              \
    --no-wildcards-match-slash \
    --strip-components=2       \
    "mssql-jdbc-*.jre8.jar"
 #
 # Copy LDAP auth extension and schema modifications
 #
--- a/guacamole-docker/bin/initdb.sh
+++ b/guacamole-docker/bin/initdb.sh
@@ -26,7 +26,7 @@
 ##
 ## @param DATABASE
 ##     The database to generate the SQL script for. This may be either
-##     "--postgres", for PostgreSQL, or "--mysql" for MySQL.
+##     "--postgres", for PostgreSQL, "--mysql" for MySQL, or "--sqlserver" for Microsoft SQL Server.
 ##
 DATABASE="$1"
@@ -37,7 +37,7 @@ DATABASE="$1"
 ##
 incorrect_usage() {
    cat <<END
-USAGE: /opt/guacamole/bin/initdb.sh [--postgres | --mysql]
+USAGE: /opt/guacamole/bin/initdb.sh [--postgres | --mysql | --sqlserver]
 END
    exit 1
 }
@@ -62,6 +62,10 @@ case $DATABASE in
        cat /opt/guacamole/mysql/schema/*.sql
        ;;
    --sqlserver)
        cat /opt/guacamole/sqlserver/schema/*.sql
        ;;
    *)
        echo "Bad database type: $DATABASE"
        incorrect_usage
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -23,7 +23,7 @@
 ##
 ## Automatically configures and starts Guacamole under Tomcat. Guacamole's
 ## guacamole.properties file will be automatically generated based on the
-## linked database container (either MySQL or PostgreSQL) and the linked guacd
+## linked database container (either MySQL, PostgreSQL or SQLServer) and the linked guacd
 ## container. The Tomcat process will ultimately replace the process of this
 ## script, running in the foreground until terminated.
 ##
@@ -403,6 +403,154 @@ END
 }
 # Print error message regarding missing required variables for SQLServer authentication
 sqlserver_missing_vars() {
    cat <<END
 FATAL: Missing required environment variables
 -------------------------------------------------------------------------------
 If using a SQLServer database, you must provide each of the following
 environment variables:
    SQLSERVER_USER     The user to authenticate as when connecting to
                       SQLServer.
    SQLSERVER_PASSWORD The password to use when authenticating with SQLServer
                       as SQLSERVER_USER.
    SQLSERVER_DATABASE The name of the SQLServer database to use for Guacamole
                       authentication.
 Alternatively, if you want to store database credentials using Docker secrets,
 set the path of the corresponding secrets in the following three variables:
    SQLSERVER_DATABASE_FILE   The path of the docker secret containing the name
                              of database to use for Guacamole authentication.
    SQLSERVER_USER_FILE       The path of the docker secret containing the name of
                              the user that Guacamole will use to connect to SQLServer.
    SQLSERVER_PASSWORD_FILE   The path of the docker secret containing the
                              password that Guacamole will provide when connecting to 
                              SQLServer as SQLSERVER_USER.
 END
    exit 1;
 }
 ##
 ## Adds properties to guacamole.properties which select the SQLServer
 ## authentication provider, and configure it to connect to the linked
 ## SQLServer container. If a SQLServer database is explicitly specified using
 ## the SQLSERVER_HOSTNAME and SQLSERVER_PORT environment variables, that will
 ## be used instead of a linked container.
 ##
 associate_sqlserver() {
    # Use linked container if specified
    if [ -n "$SQLSERVER_NAME" ]; then
        SQLSERVER_HOSTNAME="$SQLSERVER_PORT_1433_TCP_ADDR"
        SQLSERVER_PORT="$SQLSERVER_PORT_1433_TCP_PORT"
    fi
    # Use default port if none specified
    SQLSERVER_PORT="${SQLSERVER_PORT-1433}"
    # Verify required connection information is present
    if [ -z "$SQLSERVER_HOSTNAME" -o -z "$SQLSERVER_PORT" ]; then
        cat <<END
 FATAL: Missing SQLSERVER_HOSTNAME or "sqlserver" link.
 -------------------------------------------------------------------------------
 If using a SQLServer database, you must either:
 (a) Explicitly link that container with the link named "sqlserver".
 (b) If not using a Docker container for SQLServer, explicitly specify the TCP
    connection to your database using the following environment variables:
    SQLSERVER_HOSTNAME The hostname or IP address of the SQLServer server. If
                       not using a SQLServer Docker container and
                       corresponding link, this environment variable is
                       *REQUIRED*.
    SQLSERVER_PORT     The port on which the SQLServer server is listening for
                       TCP connections. This environment variable is option. If
                       omitted, the standard SQLServer port of 1433 will be
                       used.
 END
        exit 1;
    fi
    # Verify that the required Docker secrets are present, else, default to their normal environment variables
    if [ -n "$SQLSERVER_USER_FILE" ]; then
        set_property "sqlserver-username" "`cat "$SQLSERVER_USER_FILE"`"
    elif [ -n "$SQLSERVER_USER" ]; then
        set_property "sqlserver-username" "$SQLSERVER_USER"
    else
        sqlserver_missing_vars
        exit 1;
    fi
    if [ -n "$SQLSERVER_PASSWORD_FILE" ]; then
        set_property "sqlserver-password" "`cat "$SQLSERVER_PASSWORD_FILE"`"
    elif [ -n "$SQLSERVER_PASSWORD" ]; then
        set_property "sqlserver-password" "$SQLSERVER_PASSWORD"
    else
        sqlserver_missing_vars
        exit 1;
    fi
    if [ -n "$SQLSERVER_DATABASE_FILE" ]; then
        set_property "sqlserver-database" "`cat "$SQLSERVER_DATABASE_FILE"`"
    elif [ -n "$SQLSERVER_DATABASE" ]; then
        set_property "sqlserver-database" "$SQLSERVER_DATABASE"
    else
        sqlserver_missing_vars
        exit 1;
    fi
    # Update config file
    set_property "sqlserver-hostname" "$SQLSERVER_HOSTNAME"
    set_property "sqlserver-port"     "$SQLSERVER_PORT"
    set_property "sqlserver-driver"   "microsoft2005"
    set_optional_property               \
        "sqlserver-absolute-max-connections" \
        "$SQLSERVER_ABSOLUTE_MAX_CONNECTIONS"
    set_optional_property                    \
        "sqlserver-default-max-connections" \
        "$SQLSERVER_DEFAULT_MAX_CONNECTIONS"
    set_optional_property                          \
        "sqlserver-default-max-group-connections" \
        "$SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS"
    set_optional_property                             \
        "sqlserver-default-max-connections-per-user" \
        "$SQLSERVER_DEFAULT_MAX_CONNECTIONS_PER_USER"
    set_optional_property                                   \
        "sqlserver-default-max-group-connections-per-user" \
        "$SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER"
    set_optional_property          \
        "sqlserver-user-required" \
        "$SQLSERVER_USER_REQUIRED"
    set_optional_property                  \
        "sqlserver-auto-create-accounts"  \
        "$SQLSERVERQL_AUTO_CREATE_ACCOUNTS"
    set_optional_property      \
        "sqlserver-instance"  \
        "$SQLSERVERQL_INSTANCE"
    # Add required .jar files to GUACAMOLE_LIB and GUACAMOLE_EXT
    ln -s /opt/guacamole/sqlserver/mssql-jdbc-*.jar "$GUACAMOLE_LIB"
    ln -s /opt/guacamole/sqlserver/guacamole-auth-*.jar "$GUACAMOLE_EXT"
 }
 ##
 ## Adds properties to guacamole.properties which select the LDAP
 ## authentication provider, and configure it to connect to the specified LDAP
@@ -820,6 +968,12 @@ if [ -n "$POSTGRES_DATABASE" -o -n "$POSTGRES_DATABASE_FILE" ]; then
    INSTALLED_AUTH="$INSTALLED_AUTH postgres"
 fi
 # Use SQLServer if database specified
 if [ -n "$SQLSERVER_DATABASE" -o -n "$SQLSERVER_DATABASE_FILE" ]; then
    associate_sqlserver
    INSTALLED_AUTH="$INSTALLED_AUTH sqlserver"
 fi
 # Use LDAP directory if specified
 if [ -n "$LDAP_HOSTNAME" ]; then
    associate_ldap
@@ -847,10 +1001,11 @@ if [ -z "$INSTALLED_AUTH" -a -z "$GUACAMOLE_HOME_TEMPLATE" ]; then
 FATAL: No authentication configured
 -------------------------------------------------------------------------------
 The Guacamole Docker container needs at least one authentication mechanism in
-order to function, such as a MySQL database, PostgreSQL database, LDAP
+order to function, such as a MySQL database, PostgreSQL database, SQLServer
-directory or RADIUS server. Please specify at least the MYSQL_DATABASE or
+database, LDAP directory or RADIUS server. Please specify at least the
-POSTGRES_DATABASE environment variables, or check Guacamole's Docker
+MYSQL_DATABASE or POSTGRES_DATABASE or SQLSERVER_DATABASE environment variables,
-documentation regarding configuring LDAP and/or custom extensions.
+or check Guacamole's Docker documentation regarding configuring LDAP and/or
 custom extensions.
 END
    exit 1;
 fi