Merge pull request #3 from mrlesmithjr/implement-mysql-auth

First working commit of MySQL Auth functionality.
mrlesmithjr · Dec 22, 2018 · 7d46919 · 7d46919
2 parents 8e88279 + 280c1b8
commit 7d46919
Show file tree

Hide file tree

Showing 7 changed files with 146 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -1,10 +1,10 @@
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
-**Table of Contents** _generated with [DocToc](https://github.com/thlorenz/doctoc)_
-
 - [ansible-guacamole](#ansible-guacamole)
+  - [Build Status](#build-status)
   - [Requirements](#requirements)
+    - [If using MySQL for authentication](#if-using-mysql-for-authentication)
   - [Role Variables](#role-variables)
   - [Dependencies](#dependencies)
   - [Example Playbook](#example-playbook)
@@ -26,6 +26,14 @@ An [Ansible](https://www.ansible.com) role to install/configure [Guacamole](http
 
 ## Requirements
 
+### If using MySQL for authentication
+
+> NOTE: A working MySQL DB must be available as this role does not install MySQL.
+> The DB, DB user, and DB populated with this role.
+
+The following Ansible role [ansible-mysql](https://github.com/mrlesmithjr/ansible-mysql)
+is what I test with.
+
 ## Role Variables
 
 [defaults/main.yml](defaults/main.yml)
@@ -34,6 +42,8 @@ An [Ansible](https://www.ansible.com) role to install/configure [Guacamole](http
 
 ## Example Playbook
 
+[playbook.yml](playbook.yml)
+
 ## License
 
 MIT

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,11 +1,32 @@
 ---
 # defaults file for ansible-guacamole
+
+# Authentication MySQL
+guacamole_auth_jdbc_package: "{{ 'guacamole-auth-jdbc-' + guacamole_version + '.tar.gz' }}"
+
 guacamole_auth_provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
 
 guacamole_client_package: "{{ 'guacamole-' + guacamole_version + '.war' }}"
 
 guacamole_dl_url: "{{ 'http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/' + guacamole_version }}"
 
+# Defines if MySQL DB should be used for authentication
+guacamole_mysql_auth: false
+
+guacamole_mysql_connector_package: "{{ guacamole_mysql_connector_dl_url + 'mysql-connector-java-' + guacamole_mysql_connector_version + '.tar.gz' }}"
+
+guacamole_mysql_connector_dl_url: https://dev.mysql.com/get/Downloads/Connector-J/
+
+guacamole_mysql_connector_version: 8.0.13
+
+# Define MySQL DB Info
+guacamole_mysql_db:
+  name: guacamole
+  host: localhost
+  port: 3306
+  username: guacamole
+  password: guacamole
+
 # RDP settings
 guacamole_rdp_color_depth: 24
 guacamole_rdp_disable_auth: false

diff --git a/playbook.yml b/playbook.yml
@@ -0,0 +1,7 @@
+---
+- hosts: guac_servers
+  vars:
+    pri_domain_name: test.vagrant.local
+  roles:
+    - role: ansible-mysql
+    - role: ansible-guacamole
diff --git a/tasks/client.yml b/tasks/client.yml
@@ -14,3 +14,11 @@
   notify:
     - "restart {{ guacamole_tomcat }}"
     - restart guacd
+
+# Moving here to ensure idempotency as it was failing when included above
+- name: client | Setting Permissions On Tomcat Symlink For {{ 'guacamole-' + guacamole_version + '.war' }}
+  file:
+    path: /etc/guacamole/guacamole.war
+    owner: "{{ guacamole_tomcat }}"
+    group: "{{ guacamole_tomcat }}"
+  become: true
diff --git a/tasks/config.yml b/tasks/config.yml
@@ -32,6 +32,97 @@
   notify:
     - "restart {{ guacamole_tomcat }}"
     - restart guacd
+  when: not guacamole_mysql_auth
+
+- name: config | Downloading Auth JDBC Library
+  unarchive:
+    src: "{{ guacamole_dl_url + '/binary/' + guacamole_auth_jdbc_package }}"
+    dest: "{{ guacamole_src_dir }}"
+    remote_src: true
+  become: true
+  when: guacamole_mysql_auth
+
+- name: config | Copying Auth JDBC Connector
+  copy:
+    src: "{{ guacamole_src_dir + '/' + 'guacamole-auth-jdbc-' + guacamole_version + '/mysql/' + 'guacamole-auth-jdbc-mysql-' + guacamole_version + '.jar' }}"
+    dest: /etc/guacamole/extensions/
+    owner: "{{ guacamole_tomcat }}"
+    group: "{{ guacamole_tomcat }}"
+    remote_src: true
+  become: true
+  when: guacamole_mysql_auth
+
+- name: config | Downloading MySQL Connector
+  unarchive:
+    src: "{{ guacamole_mysql_connector_package }}"
+    dest: "{{ guacamole_src_dir }}"
+    remote_src: true
+  become: true
+  when: guacamole_mysql_auth
+
+- name: config | Copying MySQL Connector
+  copy:
+    src: "{{ guacamole_src_dir + '/' + 'mysql-connector-java-' + guacamole_mysql_connector_version + '/' +'mysql-connector-java-' + guacamole_mysql_connector_version + '.jar' }}"
+    dest: /etc/guacamole/lib/
+    owner: "{{ guacamole_tomcat }}"
+    group: "{{ guacamole_tomcat }}"
+    remote_src: true
+  become: true
+  when: guacamole_mysql_auth
+
+- name: config | Creating Guacamole DB
+  mysql_db:
+    name: "{{ guacamole_mysql_db['name'] }}"
+    login_host: "{{ guacamole_mysql_db['host'] }}"
+    login_port: "{{ guacamole_mysql_db['port'] }}"
+    state: present
+  become: true
+  when: guacamole_mysql_auth
+
+- name: config | Creating Guacamole DB User
+  mysql_user:
+    name: "{{ guacamole_mysql_db['username'] }}"
+    password: "{{ guacamole_mysql_db['password'] }}"
+    login_host: "{{ guacamole_mysql_db['host'] }}"
+    login_port: "{{ guacamole_mysql_db['port'] }}"
+    priv: "{{ guacamole_mysql_db['name'] + '.*:GRANT,SELECT,INSERT,UPDATE,DELETE' }}"
+    state: present
+  become: true
+  when: guacamole_mysql_auth
+
+- name: config | Checking If DB Has Been Populated
+  stat:
+    path: /etc/guacamole/.db_populated
+  register: _guacamole_db_populated_check
+  when: guacamole_mysql_auth
+
+- name: config | Popluating DB
+  mysql_db:
+    name: "{{ guacamole_mysql_db['name'] }}"
+    login_host: "{{ guacamole_mysql_db['host'] }}"
+    login_port: "{{ guacamole_mysql_db['port'] }}"
+    state: import
+    target: "{{ guacamole_src_dir + '/' + 'guacamole-auth-jdbc-' + guacamole_version + '/mysql/schema/' + item }}"
+  become: true
+  register: _guacamole_db_populated
+  notify:
+    - "restart {{ guacamole_tomcat }}"
+    - restart guacd
+  with_items:
+    - 001-create-schema.sql
+    - 002-create-admin-user.sql
+  when: >
+        guacamole_mysql_auth and
+        not _guacamole_db_populated_check['stat']['exists']
+
+- name: config | Marking DB As Populated
+  file:
+    path: /etc/guacamole/.db_populated
+    state: touch
+  become: true
+  when: >
+        guacamole_mysql_auth and
+        _guacamole_db_populated['changed']
 
 - name: config | Creating Tomcat symlink For guacamole.properties
   file:

diff --git a/tasks/debian.yml b/tasks/debian.yml
@@ -6,15 +6,3 @@
   become: true
   register: result
   until: result is successful
-
-# - name: debian | Configuring Tomcat Default Config
-#   template:
-#     src: "{{ 'etc/default/' + guacamole_tomcat + '.j2' }}"
-#     dest: "{{ '/etc/default/' + guacamole_tomcat }}"
-#     owner: root
-#     group: root
-#     mode: u=rw,g=r,o=r
-#   become: true
-#   notify:
-#     - "restart {{ guacamole_tomcat }}"
-#     - restart guacd
diff --git a/templates/etc/guacamole/guacamole.properties.j2 b/templates/etc/guacamole/guacamole.properties.j2
@@ -4,3 +4,10 @@ auth-provider: {{ guacamole_auth_provider }}
 # guacd-hostname: {{ ansible_hostname }}
 # guacd-port: {{ guacamole_server_port }}
 user-mapping: /etc/guacamole/user-mapping.xml
+{% if guacamole_mysql_auth %}
+mysql-hostname: {{ guacamole_mysql_db['host'] }}
+mysql-port: {{ guacamole_mysql_db['port'] }}
+mysql-database: {{ guacamole_mysql_db['name'] }}
+mysql-username: {{ guacamole_mysql_db['username'] }}
+mysql-password: {{ guacamole_mysql_db['password'] }}
+{% endif %}