diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index b891d90..b9cc313 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -1 +1,16 @@ -# Guacamole \ No newline at end of file +# Guacamole + +## Initial Setup + +On the "guacamole" container, run: +`/opt/guacamole/bin/initdb.sh --mysql > /setup/initdb.sql` + +On the "mysql" container, run: +`cat /setup/initdb.sql | mysql -u root -p guacamole_db` + +## Post-Installation + +Make sure you create your own user account and delete the "guacadmin" user (or at very least change the password) + +## TODO +* Allow adding extensions \ No newline at end of file diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 8dd69b7..e919025 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -1,49 +1,80 @@ -database-data: - image: busybox - labels: - io.rancher.container.start_once: 'true' - net: none - entrypoint: /bin/true - volumes: - - /var/lib/mysql - - /docker-entrypoint-initdb.d -database: - image: mariadb - environment: - MYSQL_DATABASE: ${guacamole_db} - MYSQL_ONETIME_PASSWORD: 'true' - MYSQL_PASSWORD: ${guacamole_password} - MYSQL_RANDOM_ROOT_PASSWORD: 'true' - MYSQL_USER: ${guacamole_user} - volumes_from: - - database-data - labels: - io.rancher.sidekicks: setup-get-db-script, database-data -setup-get-db-script: - image: glyptodon/guacamole:0.9.10-incubating - net: none - volumes_from: - - database-data - command: - - bash - - -c - - /opt/guacamole/bin/initdb.sh --mysql > /docker-entrypoint-initdb.d/initdb.sql - labels: - io.rancher.container.start_once: 'true' -guacd: - image: glyptodon/guacd:0.9.10-incubating -guacamole: - image: glyptodon/guacamole:0.9.10-incubating - environment: - MYSQL_DATABASE: ${guacamole_db} - MYSQL_HOSTNAME: database - MYSQL_PASSWORD: ${guacamole_password} - MYSQL_USER: ${guacamole_user} - links: - - guacd:guacd - ports: - - ${public_port}:8080/tcp - command: - - /bin/bash - - -c - - cd /usr/local/tomcat/webapps;rm -rf ROOT/; ln -s guacamole.war ROOT.war; /opt/guacamole/bin/start.sh; \ No newline at end of file +version: '2' + +services: + guacamole: + image: guacamole/guacamole:latest + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + GUACD_HOSTNAME: guacd + MYSQL_HOSTNAME: mysql + MYSQL_DATABASE: guacamole_db + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: ${DB_USER_PASS} + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + traefik.enable: true + ### Start HTTP Segment (Each EntryPoint has it's own segment, that way on initial HTTP connection, the prefix isn't added twice) + traefik.http.frontend.entryPoints: http + traefik.http.frontend.headers.SSLRedirect: true + traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} + traefik.http.port: "8080" + ### End HTTP Segment + ### Start HTTPS Segment + traefik.https.frontend.entryPoints: https + traefik.https.frontend.headers.forceSTSHeader: true + traefik.https.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.https.frontend.headers.STSPreload: true + traefik.https.frontend.headers.STSSeconds: 15552000 + traefik.https.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" + traefik.https.port: "8080" + ### End HTTPS Segment + links: + - guacd + - mysql + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler + guacd: + image: guacamole/guacd:latest + dns: + - 1.1.1.1 + - 1.0.0.1 + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + traefik.enable: false + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + mysql: + image: mysql:5 + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + MYSQL_DATABASE: guacamole_db + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: ${DB_USER_PASS} + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + traefik.enable: false + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler \ No newline at end of file diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index 32c9fd9..7aefee8 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -6,70 +6,45 @@ catalog: # minimum_rancher_version: # maximum_rancher_version: # upgrade_from: + # uuid: questions: - - variable: "guacamole_db" - label: "MySQL Database Name" - description: "Your MYSQL guacamole database name" - default: "guacamole_db" - required: true - type: "string" + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Key/Value pair on the host which the stack should be deployed. + default: "host.id=Controller" + required: false + type: string - - variable: "guacamole_user" - label: "MySQL Database User" - description: "Your MYSQL guacamole user name" + - variable: "TRAEFIK_HOSTNAME" + label: "Public Hostname" + description: | + The FQDN which Traefik should use to provide public access. + default: "subdomain.domain.tld" required: true - default: "guacamole_user" - type: "string" + type: string - - variable: "guacamole_password" - label: "MySQL Database Password" - description: "Your MYSQL guacamole user password. Defaults to \"guacamole_password\"" + - variable: "DB_ROOT_PASS" + label: "Database Root Password" + description: | + A secure password to be used by the "root" user. + # default: required: true - default: "guacamole_password" - type: "password" + type: password - - variable: "public_port" - label: "Public Port" - description: "The public port that Guacamole listens on, defaults to 8080" + - variable: "DB_USER_PASS" + label: "Database User Password" + description: | + A secure password to be used by the "guacamole_user" user. + # default: required: true - default: 8080 - type: "int" + type: password -services: - guacamole: - scale: 1 - health_check: - healthy_threshold: 2 - response_timeout: 2000 - port: 8080 - unhealthy_threshold: 3 - initializing_timeout: 60000 - interval: 2000 - strategy: recreate - request_line: GET "/guacamole" "HTTP/1.0" - reinitializing_timeout: 60000 - guacd: - scale: 1 - health_check: - healthy_threshold: 2 - response_timeout: 2000 - port: 4822 - unhealthy_threshold: 3 - initializing_timeout: 60000 - interval: 2000 - strategy: recreate - reinitializing_timeout: 60000 - setup-get-db-script: - scale: 1 - database: - scale: 1 - health_check: - healthy_threshold: 2 - response_timeout: 2000 - port: 3306 - unhealthy_threshold: 3 - initializing_timeout: 60000 - interval: 2000 - strategy: recreate - reinitializing_timeout: 60000 \ No newline at end of file + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/Guacamole" + required: true + type: string \ No newline at end of file diff --git a/templates/Guacamole/config.yml b/templates/Guacamole/config.yml index 0082952..95762a4 100644 --- a/templates/Guacamole/config.yml +++ b/templates/Guacamole/config.yml @@ -1,7 +1,7 @@ name: Apache Guacamole description: | Status: NOT READY -# version: +version: latest #category: maintainer: WilliamMiceli # license: