safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1418: Add support of SQL Server JDBC plugin in Docker Image

Browse Source
This commit is contained in:
Jean-Benoit Paux
2021-09-16 10:38:47 +02:00
parent 002cfded80
commit f66c81f351
4 changed files with 229 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
guacamole-docker/README.md
View File

@@ -13,7 +13,7 @@ How to use this image
Using this image will require an existing, running Docker container with the Using this image will require an existing, running Docker container with the
[guacd image](https://registry.hub.docker.com/u/guacamole/guacd/), and another [guacd image](https://registry.hub.docker.com/u/guacamole/guacd/), and another
Docker container providing either a PostgreSQL or MySQL database. Docker container providing either a PostgreSQL, MySQL or SQLServer database.
The name of the database and all associated credentials are specified with The name of the database and all associated credentials are specified with
environment variables given when the container is created. All other environment variables given when the container is created. All other
@@ -31,9 +31,9 @@ Docker, as well.
Docker Secrets Docker Secrets
============== ==============
The string `_FILE` may be appended to some of the environment variables listed The string `_FILE` may be appended to some of the environment variables listed
below if you are using MySQL or PostgreSQL authentication. This will cause the below if you are using MySQL, PostgreSQL or SQLServer authentication. This will
startup script to load the values for those variables from files within cause the startup script to load the values for those variables from files
the container. within the container.
This is useful for specifying sensitive info, ie. passwords for This is useful for specifying sensitive info, ie. passwords for
the database, in secured files instead of plaintext environment variables. This the database, in secured files instead of plaintext environment variables. This
@@ -163,6 +163,63 @@ The process for doing this via the `mysql` utility included with MySQL is
documented in documented in
[the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-mysql). [the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-mysql).
Deploying Guacamole with SQLServer authentication
--------------------------------------------------
docker run --name some-guacamole --link some-guacd:guacd \
--link some-sqlserver:sqlserver \
-e SQLSERVER_DATABASE=guacamole_db \
-e SQLSERVER_USER=guacamole_user \
-e SQLSERVER_PASSWORD=some_password \
-e SQLSERVER_DATABASE_FILE=/run/secrets/<secret_name> \
-e SQLSERVER_USER_FILE=/run/secrets/<secret_name> \
-e SQLSERVER_PASSWORD_FILE=/run/secrets/<secret_name> \
-d -p 8080:8080 guacamole/guacamole
Linking Guacamole to SQLServer requires three environment variables. If any of
these environment variables are omitted, you will receive an error message, and
the image will stop:
1. `SQLSERVER_DATABASE` - The name of the database to use for Guacamole
authentication.
2. `SQLSERVER_USER` - The user that Guacamole will use to connect to SQLServer.
3. `SQLSERVER_PASSWORD` - The password that Guacamole will provide when
connecting to SQLServer as `SQLSERVER_USER`.
4. `SQLSERVER_DATABASE_FILE` - The path of the docker secret containing the name
of database to use for Guacamole authentication.
5. `SQLSERVER_USER_FILE` - The path of the docker secret containing the name of
the user that Guacamole will use to connect to SQLServer.
6. `SQLSERVER_PASSWORD_FILE` - The path of the docker secret containing the
password that Guacamole will provide when connecting to SQLServer as
`SQLSERVER_USER.
### Initializing the SQLServer database
If your database is not already initialized with the Guacamole schema, you will
need to do so prior to using Guacamole. A convenience script for generating the
necessary SQL to do this is included in the Guacamole image.
To generate a SQL script which can be used to initialize a fresh SQLServer
database
[as documented in the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver):
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --sqlserver > initdb.sql
Alternatively, you can use the SQL scripts included with the
guacamole-auth-jdbc extension from
[the corresponding release](http://guacamole.apache.org/releases/).
Once this script is generated, you must:
1. Create a database for Guacamole within SQLServer, such as `guacamole_db`.
2. Run the script on the newly-created database.
3. Create a user for Guacamole within SQLServer with access to the tables and
sequences of this database, such as `guacamole_user`.
The process for doing this via the `sqlcmd` utilities included
with SQLServer is documented in
[the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver).
Reporting issues Reporting issues
================ ================

14
guacamole-docker/bin/build-guacamole.sh
View File

@@ -110,6 +110,20 @@ tar -xz \
echo "Downloading PostgreSQL JDBC driver ..." echo "Downloading PostgreSQL JDBC driver ..."
curl -L "https://jdbc.postgresql.org/download/postgresql-9.4-1201.jdbc41.jar" > "$DESTINATION/postgresql/postgresql-9.4-1201.jdbc41.jar" curl -L "https://jdbc.postgresql.org/download/postgresql-9.4-1201.jdbc41.jar" > "$DESTINATION/postgresql/postgresql-9.4-1201.jdbc41.jar"
#
# Download SQL Server JDBC driver
#
echo "Downloading SQL Server JDBC driver ..."
curl -L "https://go.microsoft.com/fwlink/?linkid=2168494&clcid=0x409" | \
tar -xz \
-C "$DESTINATION/sqlserver/" \
--wildcards \
--no-anchored \
--no-wildcards-match-slash \
--strip-components=2 \
"mssql-jdbc-*.jre8.jar"
# #
# Copy LDAP auth extension and schema modifications # Copy LDAP auth extension and schema modifications
# #

8
guacamole-docker/bin/initdb.sh
View File

@@ -26,7 +26,7 @@
## ##
## @param DATABASE ## @param DATABASE
## The database to generate the SQL script for. This may be either ## The database to generate the SQL script for. This may be either
## "--postgres", for PostgreSQL, or "--mysql" for MySQL. ## "--postgres", for PostgreSQL, "--mysql" for MySQL, or "--sqlserver" for Microsoft SQL Server.
## ##
DATABASE="$1" DATABASE="$1"
@@ -37,7 +37,7 @@ DATABASE="$1"
## ##
incorrect_usage() { incorrect_usage() {
cat <<END cat <<END
USAGE: /opt/guacamole/bin/initdb.sh [--postgres | --mysql] USAGE: /opt/guacamole/bin/initdb.sh [--postgres | --mysql | --sqlserver]
END END
exit 1 exit 1
} }
@@ -62,6 +62,10 @@ case $DATABASE in
cat /opt/guacamole/mysql/schema/*.sql cat /opt/guacamole/mysql/schema/*.sql
;; ;;
--sqlserver)
cat /opt/guacamole/sqlserver/schema/*.sql
;;
*) *)
echo "Bad database type: $DATABASE" echo "Bad database type: $DATABASE"
incorrect_usage incorrect_usage

153
guacamole-docker/bin/start.sh
View File

@@ -23,7 +23,7 @@
## ##
## Automatically configures and starts Guacamole under Tomcat. Guacamole's ## Automatically configures and starts Guacamole under Tomcat. Guacamole's
## guacamole.properties file will be automatically generated based on the ## guacamole.properties file will be automatically generated based on the
## linked database container (either MySQL or PostgreSQL) and the linked guacd ## linked database container (either MySQL,PostgreSQL or SQLServer) and the linked guacd
## container. The Tomcat process will ultimately replace the process of this ## container. The Tomcat process will ultimately replace the process of this
## script, running in the foreground until terminated. ## script, running in the foreground until terminated.
## ##
@@ -403,6 +403,142 @@ END
} }
# Print error message regarding missing required variables for SQLServer authentication
sqlserver_missing_vars() {
cat <<END
FATAL: Missing required environment variables
-------------------------------------------------------------------------------
If using a SQLServer database, you must provide each of the following
environment variables or their corresponding Docker secrets by appending _FILE
to the environment variable, and setting the value to the path of the
corresponding secret:
SQLSERVER_USER The user to authenticate as when connecting to
SQLServer.
SQLSERVER_PASSWORD The password to use when authenticating with SQLServer
as SQLSERVER_USER.
SQLSERVER_DATABASE The name of the SQLServer database to use for Guacamole
authentication.
END
exit 1;
}
##
## Adds properties to guacamole.properties which select the SQLServer
## authentication provider, and configure it to connect to the linked
## SQLServer container. If a SQLServer database is explicitly specified using
## the SQLSERVER_HOSTNAME and SQLSERVER_PORT environment variables, that will
## be used instead of a linked container.
##
associate_sqlserver() {
# Use linked container if specified
if [ -n "$SQLSERVER_NAME" ]; then
SQLSERVER_HOSTNAME="$SQLSERVER_PORT_1433_TCP_ADDR"
SQLSERVER_PORT="$SQLSERVER_PORT_1433_TCP_PORT"
fi
# Use default port if none specified
SQLSERVER_PORT="${SQLSERVER_PORT-1433}"
# Verify required connection information is present
if [ -z "$SQLSERVER_HOSTNAME" -o -z "$SQLSERVER_PORT" ]; then
cat <<END
FATAL: Missing SQLSERVER_HOSTNAME or "sqlserver" link.
-------------------------------------------------------------------------------
If using a SQLServer database, you must either:
(a) Explicitly link that container with the link named "sqlserver".
(b) If not using a Docker container for SQLServer, explicitly specify the TCP
connection to your database using the following environment variables:
SQLSERVER_HOSTNAME The hostname or IP address of the SQLServer server. If
not using a SQLServer Docker container and
corresponding link, this environment variable is
*REQUIRED*.
SQLSERVER_PORT The port on which the SQLServer server is listening for
TCP connections. This environment variable is option. If
omitted, the standard SQLServer port of 1433 will be
used.
END
exit 1;
fi
# Verify that the required Docker secrets are present, else, default to their normal environment variables
if [ -n "$SQLSERVER_USER_FILE" ]; then
set_property "sqlserver-username" "`cat "$SQLSERVER_USER_FILE"`"
elif [ -n "$SQLSERVER_USER" ]; then
set_property "sqlserver-username" "$SQLSERVER_USER"
else
sqlserver_missing_vars
exit 1;
fi
if [ -n "$SQLSERVER_PASSWORD_FILE" ]; then
set_property "sqlserver-password" "`cat "$SQLSERVER_PASSWORD_FILE"`"
elif [ -n "$SQLSERVER_PASSWORD" ]; then
set_property "sqlserver-password" "$SQLSERVER_PASSWORD"
else
sqlserver_missing_vars
exit 1;
fi
if [ -n "$SQLSERVER_DATABASE_FILE" ]; then
set_property "sqlserver-database" "`cat "$SQLSERVER_DATABASE_FILE"`"
elif [ -n "$SQLSERVER_DATABASE" ]; then
set_property "sqlserver-database" "$SQLSERVER_DATABASE"
else
sqlserver_missing_vars
exit 1;
fi
# Update config file
set_property "sqlserver-hostname" "$SQLSERVER_HOSTNAME"
set_property "sqlserver-port" "$SQLSERVER_PORT"
set_property "sqlserver-driver" "microsoft2005"
set_optional_property \
"sqlserver-absolute-max-connections" \
"$SQLSERVER_ABSOLUTE_MAX_CONNECTIONS"
set_optional_property \
"sqlserver-default-max-connections" \
"$SQLSERVER_DEFAULT_MAX_CONNECTIONS"
set_optional_property \
"sqlserver-default-max-group-connections" \
"$SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS"
set_optional_property \
"sqlserver-default-max-connections-per-user" \
"$SQLSERVER_DEFAULT_MAX_CONNECTIONS_PER_USER"
set_optional_property \
"sqlserver-default-max-group-connections-per-user" \
"$SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER"
set_optional_property \
"sqlserver-user-required" \
"$SQLSERVER_USER_REQUIRED"
set_optional_property \
"sqlserver-auto-create-accounts" \
"$SQLSERVERQL_AUTO_CREATE_ACCOUNTS"
set_optional_property \
"sqlserver-instance" \
"$SQLSERVERQL_INSTANCE"
# Add required .jar files to GUACAMOLE_LIB and GUACAMOLE_EXT
ln -s /opt/guacamole/sqlserver/mssql-jdbc-*.jar "$GUACAMOLE_LIB"
ln -s /opt/guacamole/sqlserver/guacamole-auth-*.jar "$GUACAMOLE_EXT"
}
## ##
## Adds properties to guacamole.properties which select the LDAP ## Adds properties to guacamole.properties which select the LDAP
## authentication provider, and configure it to connect to the specified LDAP ## authentication provider, and configure it to connect to the specified LDAP
@@ -813,6 +949,12 @@ if [ -n "$POSTGRES_DATABASE" -o -n "$POSTGRES_DATABASE_FILE" ]; then
INSTALLED_AUTH="$INSTALLED_AUTH postgres" INSTALLED_AUTH="$INSTALLED_AUTH postgres"
fi fi
# Use SQLServer if database specified
if [ -n "$SQLSERVER_DATABASE" -o -n "$SQLSERVER_DATABASE_FILE" ]; then
associate_sqlserver
INSTALLED_AUTH="$INSTALLED_AUTH sqlserver"
fi
# Use LDAP directory if specified # Use LDAP directory if specified
if [ -n "$LDAP_HOSTNAME" ]; then if [ -n "$LDAP_HOSTNAME" ]; then
associate_ldap associate_ldap
@@ -840,10 +982,11 @@ if [ -z "$INSTALLED_AUTH" -a -z "$GUACAMOLE_HOME_TEMPLATE" ]; then
FATAL: No authentication configured FATAL: No authentication configured
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
The Guacamole Docker container needs at least one authentication mechanism in The Guacamole Docker container needs at least one authentication mechanism in
order to function, such as a MySQL database, PostgreSQL database, LDAP order to function, such as a MySQL database, PostgreSQL database, SQLServer
directory or RADIUS server. Please specify at least the MYSQL_DATABASE or database, LDAP directory or RADIUS server. Please specify at least the
POSTGRES_DATABASE environment variables, or check Guacamole's Docker MYSQL_DATABASE or POSTGRES_DATABASE or SQLSERVER_DATABASE environment variables,
documentation regarding configuring LDAP and/or custom extensions. or check Guacamole's Docker documentation regarding configuring LDAP and/or
custom extensions.
END END
exit 1; exit 1;
fi fi