safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-626: Merge add support for Docker secrets to startup.sh

Browse Source
This commit is contained in:
Virtually Nick
2019-02-02 14:38:25 -05:00
committed by GitHub
parent 48f5f57ce7 f12dd1e2bb
commit 8c5002cd7b
2 changed files with 141 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
guacamole-docker/README.md
View File

@@ -28,6 +28,29 @@ Once the Guacamole image is running, Guacamole will be accessible at
`-p 8080:8080` option to expose this port at the level of the machine hosting `-p 8080:8080` option to expose this port at the level of the machine hosting
Docker, as well. Docker, as well.
Docker Secrets
==============
The string `_FILE` may be appended to some of the environment variables listed
below if you are using MySQL or PostgreSQL authentication. This will cause the
startup script to load the values for those variables from files within
the container.
This is useful for specifying sensitive info, ie. passwords for
the database, in secured files instead of plaintext environment variables. This
is generally used for loading values from [Docker secrets](https://docs.docker.com/engine/swarm/secrets/#read-more-about-docker-secret-commands), which are stored at
`/run/secrets/<secret_name>` within the container.
It is important to note that the startup script is configured such that:
1. You may mix the use of Docker secrets and normal environment variables.
For example, you may wish to use `MYSQL_USER_FILE` and `MYSQL_PASSWORD_FILE`,
but wish to specify the database name with `MYSQL_DATABASE`
2. If both a normal environment variable and its corresponding secret are defined
in the same command line, or section within a [Compose](https://docs.docker.com/compose/) file,
the secret will take precedence. For instance, if both `MYSQL_PASSWORD`
and `MYSQL_PASSWORD_FILE` are given, `MYSQL_PASSWORD_FILE` will be used.
Deploying Guacamole with PostgreSQL authentication Deploying Guacamole with PostgreSQL authentication
-------------------------------------------------- --------------------------------------------------
@@ -36,6 +59,9 @@ Deploying Guacamole with PostgreSQL authentication
-e POSTGRES_DATABASE=guacamole_db \ -e POSTGRES_DATABASE=guacamole_db \
-e POSTGRES_USER=guacamole_user \ -e POSTGRES_USER=guacamole_user \
-e POSTGRES_PASSWORD=some_password \ -e POSTGRES_PASSWORD=some_password \
-e POSTGRES_DATABASE_FILE=/run/secrets/<secret_name> \
-e POSTGRES_USER_FILE=/run/secrets/<secret_name> \
-e POSTGRES_PASSWORD_FILE=/run/secrets/<secret_name> \
-d -p 8080:8080 guacamole/guacamole -d -p 8080:8080 guacamole/guacamole
Linking Guacamole to PostgreSQL requires three environment variables. If any of Linking Guacamole to PostgreSQL requires three environment variables. If any of
@@ -44,7 +70,14 @@ the image will stop:
1. `POSTGRES_DATABASE` - The name of the database to use for Guacamole authentication. 1. `POSTGRES_DATABASE` - The name of the database to use for Guacamole authentication.
2. `POSTGRES_USER` - The user that Guacamole will use to connect to PostgreSQL. 2. `POSTGRES_USER` - The user that Guacamole will use to connect to PostgreSQL.
3. `POSTGRES_PASSWORD` - The password that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER`. 3. `POSTGRES_PASSWORD` - The password that Guacamole will provide when connecting to
PostgreSQL as `POSTGRES_USER`.
4. `POSTGRES_DATABASE_FILE` - The path of the docker secret containing the name of database
to use for Guacamole authentication.
5. `POSTGRES_USER_FILE` - The path of the docker secret containing the name of the
user that Guacamole will use to connect to PostgreSQL.
6. `POSTGRES_PASSWORD_FILE` - The path of the docker secret containing the password
that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER.
### Initializing the PostgreSQL database ### Initializing the PostgreSQL database
@@ -81,6 +114,9 @@ Deploying Guacamole with MySQL authentication
-e MYSQL_DATABASE=guacamole_db \ -e MYSQL_DATABASE=guacamole_db \
-e MYSQL_USER=guacamole_user \ -e MYSQL_USER=guacamole_user \
-e MYSQL_PASSWORD=some_password \ -e MYSQL_PASSWORD=some_password \
-e MYSQL_DATABASE_FILE=/run/secrets/<secret_name> \
-e MYSQL_USER_FILE=/run/secrets/<secret_name> \
-e MYSQL_PASSWORD_FILE=/run/secrets/<secret_name> \
-d -p 8080:8080 guacamole/guacamole -d -p 8080:8080 guacamole/guacamole
Linking Guacamole to MySQL requires three environment variables. If any of Linking Guacamole to MySQL requires three environment variables. If any of
@@ -89,7 +125,14 @@ the image will stop:
1. `MYSQL_DATABASE` - The name of the database to use for Guacamole authentication. 1. `MYSQL_DATABASE` - The name of the database to use for Guacamole authentication.
2. `MYSQL_USER` - The user that Guacamole will use to connect to MySQL. 2. `MYSQL_USER` - The user that Guacamole will use to connect to MySQL.
3. `MYSQL_PASSWORD` - The password that Guacamole will provide when connecting to MySQL as `MYSQL_USER`. 3. `MYSQL_PASSWORD` - The password that Guacamole will provide when connecting
to MySQL as `MYSQL_USER`.
4. `MYSQL_DATABASE_FILE` - The path of the docker secret containing the name of the
database to use for Guacamole authentication.
5. `MYSQL_USER_FILE` - The path of the docker secret containing the name of the user
that Guacamole will use to connect to MySQL.
6. `MYSQL_PASSWORD_FILE` - The path of the docker secret containing the password
that Guacamole will provide when connecting to MySQL as`MYSQL_USER`.
### Initializing the MySQL database ### Initializing the MySQL database

130
guacamole-docker/bin/start.sh
View File

@@ -84,6 +84,29 @@ set_optional_property() {
} }
# Print error message regarding missing required variables for MySQL authentication
mysql_missing_vars() {
cat <<END
FATAL: Missing required environment variables
-------------------------------------------------------------------------------
If using a MySQL database, you must provide each of the following
environment variables or their corresponding Docker secrets by appending _FILE
to the environment variable, and setting the value to the path of the
corresponding secret:
MYSQL_USER The user to authenticate as when connecting to
MySQL.
MYSQL_PASSWORD The password to use when authenticating with MySQL as
MYSQL_USER.
MYSQL_DATABASE The name of the MySQL database to use for Guacamole
authentication.
END
exit 1;
}
## ##
## Adds properties to guacamole.properties which select the MySQL ## Adds properties to guacamole.properties which select the MySQL
## authentication provider, and configure it to connect to the linked MySQL ## authentication provider, and configure it to connect to the linked MySQL
@@ -125,32 +148,38 @@ END
exit 1; exit 1;
fi fi
# Verify required parameters are present
if [ -z "$MYSQL_USER" -o -z "$MYSQL_PASSWORD" -o -z "$MYSQL_DATABASE" ]; then
cat <<END
FATAL: Missing required environment variables
-------------------------------------------------------------------------------
If using a MySQL database, you must provide each of the following
environment variables:
MYSQL_USER The user to authenticate as when connecting to # Verify that the required Docker secrets are present, else, default to their normal environment variables
MySQL. if [ -n "$MYSQL_USER_FILE" ]; then
set_property "mysql-username" `cat $MYSQL_USER_FILE`
elif [ -n "$MYSQL_USER" ]; then
set_property "mysql-username" "$MYSQL_USER"
else
mysql_missing_vars
exit 1;
fi
MYSQL_PASSWORD The password to use when authenticating with MySQL as if [ -n "$MYSQL_PASSWORD_FILE" ]; then
MYSQL_USER. set_property "mysql-password" `cat $MYSQL_PASSWORD_FILE`
elif [ -n "$MYSQL_PASSWORD" ]; then
set_property "mysql-password" "$MYSQL_PASSWORD"
else
mysql_missing_vars
exit 1;
fi
MYSQL_DATABASE The name of the MySQL database to use for Guacamole if [ -n "$MYSQL_DATABASE_FILE" ]; then
authentication. set_property "mysql-database" `cat $MYSQL_DATABASE_FILE`
END elif [ -n "$MYSQL_DATABASE" ]; then
set_property "mysql-database" "$MYSQL_DATABASE"
else
mysql_missing_vars
exit 1; exit 1;
fi fi
# Update config file # Update config file
set_property "mysql-hostname" "$MYSQL_HOSTNAME" set_property "mysql-hostname" "$MYSQL_HOSTNAME"
set_property "mysql-port" "$MYSQL_PORT" set_property "mysql-port" "$MYSQL_PORT"
set_property "mysql-database" "$MYSQL_DATABASE"
set_property "mysql-username" "$MYSQL_USER"
set_property "mysql-password" "$MYSQL_PASSWORD"
set_optional_property \ set_optional_property \
"mysql-absolute-max-connections" \ "mysql-absolute-max-connections" \
@@ -178,6 +207,28 @@ END
} }
# Print error message regarding missing required variables for PostgreSQL authentication
postgres_missing_vars() {
cat <<END
FATAL: Missing required environment variables
-------------------------------------------------------------------------------
If using a PostgreSQL database, you must provide each of the following
environment variables or their corresponding Docker secrets by appending _FILE
to the environment variable, and setting the value to the path of the
corresponding secret:
POSTGRES_USER The user to authenticate as when connecting to
PostgreSQL.
POSTGRES_PASSWORD The password to use when authenticating with PostgreSQL
as POSTGRES_USER.
POSTGRES_DATABASE The name of the PostgreSQL database to use for Guacamole
authentication.
END
exit 1;
}
## ##
## Adds properties to guacamole.properties which select the PostgreSQL ## Adds properties to guacamole.properties which select the PostgreSQL
## authentication provider, and configure it to connect to the linked ## authentication provider, and configure it to connect to the linked
@@ -221,32 +272,37 @@ END
exit 1; exit 1;
fi fi
# Verify required parameters are present # Verify that the required Docker secrets are present, else, default to their normal environment variables
if [ -z "$POSTGRES_USER" -o -z "$POSTGRES_PASSWORD" -o -z "$POSTGRES_DATABASE" ]; then if [ -n "$POSTGRES_USER_FILE" ]; then
cat <<END set_property "postgresql-username" `cat $POSTGRES_USER_FILE`
FATAL: Missing required environment variables elif [ -n "$POSTGRES_USER" ]; then
------------------------------------------------------------------------------- set_property "postgresql-username" "$POSTGRES_USER"
If using a PostgreSQL database, you must provide each of the following else
environment variables: postgres_missing_vars
exit 1;
fi
POSTGRES_USER The user to authenticate as when connecting to if [ -n "$POSTGRES_PASSWORD_FILE" ]; then
PostgreSQL. set_property "postgresql-password" `cat $POSTGRES_PASSWORD_FILE`
elif [ -n "$POSTGRES_PASSWORD" ]; then
set_property "postgresql-password" "$POSTGRES_PASSWORD"
else
postgres_missing_vars
exit 1;
fi
POSTGRES_PASSWORD The password to use when authenticating with PostgreSQL if [ -n "$POSTGRES_DATABASE_FILE" ]; then
as POSTGRES_USER. set_property "postgresql-database" `cat $POSTGRES_DATABASE_FILE`
elif [ -n "$POSTGRES_DATABASE" ]; then
POSTGRES_DATABASE The name of the PostgreSQL database to use for Guacamole set_property "postgresql-database" "$POSTGRES_DATABASE"
authentication. else
END postgres_missing_vars
exit 1; exit 1;
fi fi
# Update config file # Update config file
set_property "postgresql-hostname" "$POSTGRES_HOSTNAME" set_property "postgresql-hostname" "$POSTGRES_HOSTNAME"
set_property "postgresql-port" "$POSTGRES_PORT" set_property "postgresql-port" "$POSTGRES_PORT"
set_property "postgresql-database" "$POSTGRES_DATABASE"
set_property "postgresql-username" "$POSTGRES_USER"
set_property "postgresql-password" "$POSTGRES_PASSWORD"
set_optional_property \ set_optional_property \
"postgresql-absolute-max-connections" \ "postgresql-absolute-max-connections" \
@@ -596,13 +652,13 @@ set_property "guacd-port" "$GUACD_PORT"
INSTALLED_AUTH="" INSTALLED_AUTH=""
# Use MySQL if database specified # Use MySQL if database specified
if [ -n "$MYSQL_DATABASE" ]; then if [ -n "$MYSQL_DATABASE" -o -n "$MYSQL_DATABASE_FILE" ]; then
associate_mysql associate_mysql
INSTALLED_AUTH="$INSTALLED_AUTH mysql" INSTALLED_AUTH="$INSTALLED_AUTH mysql"
fi fi
# Use PostgreSQL if database specified # Use PostgreSQL if database specified
if [ -n "$POSTGRES_DATABASE" ]; then if [ -n "$POSTGRES_DATABASE" -o -n "$POSTGRES_DATABASE_FILE" ]; then
associate_postgresql associate_postgresql
INSTALLED_AUTH="$INSTALLED_AUTH postgres" INSTALLED_AUTH="$INSTALLED_AUTH postgres"
fi fi