Merge branch 'develop/guacamole'

templates/Guacamole/0/README.md

@@ -1 +1,16 @@
 # Guacamole
+
+## Initial Setup
+
+On the "guacamole" container, run:
+`/opt/guacamole/bin/initdb.sh --mysql > /setup/initdb.sql`
+
+On the "mysql" container, run:
+`cat /setup/initdb.sql | mysql -u root -p guacamole_db`
+
+## Post-Installation
+
+Make sure you create your own user account and delete the "guacadmin" user (or at very least change the password)
+
+## TODO
+* Allow adding extensions

templates/Guacamole/0/docker-compose.yml

@@ -1,49 +1,80 @@
-database-data:
+version: '2'
-  image: busybox
+
-  labels:
+services:
-    io.rancher.container.start_once: 'true'
+  guacamole:
-  net: none
+    image: guacamole/guacamole:latest
-  entrypoint: /bin/true
+    dns:
-  volumes:
+      - 1.1.1.1
-    - /var/lib/mysql
+      - 1.0.0.1
-    - /docker-entrypoint-initdb.d
-database:
-  image: mariadb
     environment:
-    MYSQL_DATABASE: ${guacamole_db}
+      GUACD_HOSTNAME: guacd
-    MYSQL_ONETIME_PASSWORD: 'true'
+      MYSQL_HOSTNAME: mysql
-    MYSQL_PASSWORD: ${guacamole_password}
+      MYSQL_DATABASE: guacamole_db
-    MYSQL_RANDOM_ROOT_PASSWORD: 'true'
+      MYSQL_USER: guacamole_user
-    MYSQL_USER: ${guacamole_user}
+      MYSQL_PASSWORD: ${DB_USER_PASS}
-  volumes_from:
-    - database-data
     labels:
-    io.rancher.sidekicks: setup-get-db-script, database-data
+      io.rancher.container.pull_image: always
-setup-get-db-script:
+      {{- if .Values.HOST_LABEL}}
-  image: glyptodon/guacamole:0.9.10-incubating
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
-  net: none
+      {{- end}}
-  volumes_from:
+      traefik.enable: true
-    - database-data
+      ### Start HTTP Segment (Each EntryPoint has it's own segment, that way on initial HTTP connection, the prefix isn't added twice)
-  command:
+      traefik.http.frontend.entryPoints: http
-  - bash
+      traefik.http.frontend.headers.SSLRedirect: true
-  - -c
+      traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME}
-  - /opt/guacamole/bin/initdb.sh --mysql > /docker-entrypoint-initdb.d/initdb.sql
+      traefik.http.port: "8080"
-  labels:
+      ### End HTTP Segment
-    io.rancher.container.start_once: 'true'
+      ### Start HTTPS Segment
-guacd:
+      traefik.https.frontend.entryPoints: https
-  image: glyptodon/guacd:0.9.10-incubating
+      traefik.https.frontend.headers.forceSTSHeader: true
-guacamole:
+      traefik.https.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
-  image: glyptodon/guacamole:0.9.10-incubating
+      traefik.https.frontend.headers.STSPreload: true
-  environment:
+      traefik.https.frontend.headers.STSSeconds: 15552000
-    MYSQL_DATABASE: ${guacamole_db}
+      traefik.https.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole"
-    MYSQL_HOSTNAME: database
+      traefik.https.port: "8080"
-    MYSQL_PASSWORD: ${guacamole_password}
+      ### End HTTPS Segment
-    MYSQL_USER: ${guacamole_user}
     links:
-   - guacd:guacd
+      - guacd
-  ports:
+      - mysql
-    - ${public_port}:8080/tcp
+    restart: on-failure
-  command:
+    volumes:
-    - /bin/bash
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
-    - -c
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
-    - cd /usr/local/tomcat/webapps;rm -rf ROOT/; ln -s guacamole.war ROOT.war; /opt/guacamole/bin/start.sh;
+      - /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler
+  guacd:
+    image: guacamole/guacd:latest
+    dns:
+      - 1.1.1.1
+      - 1.0.0.1
+    labels:
+      io.rancher.container.pull_image: always
+      {{- if .Values.HOST_LABEL}}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+      {{- end}}
+      traefik.enable: false
+    restart: on-failure
+    volumes:
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
+  mysql:
+    image: mysql:5
+    dns:
+      - 1.1.1.1
+      - 1.0.0.1
+    environment:
+      MYSQL_DATABASE: guacamole_db
+      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
+      MYSQL_USER: guacamole_user
+      MYSQL_PASSWORD: ${DB_USER_PASS}
+    labels:
+      io.rancher.container.pull_image: always
+      {{- if .Values.HOST_LABEL}}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+      {{- end}}
+      traefik.enable: false
+    restart: on-failure
+    volumes:
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
+      - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql
+      - /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler

templates/Guacamole/0/rancher-compose.yml

@@ -6,70 +6,45 @@ catalog:
   # minimum_rancher_version:
   # maximum_rancher_version:
   # upgrade_from:
+  # uuid:
   questions:
 
-    - variable: "guacamole_db"
+    - variable: "HOST_LABEL"
-      label: "MySQL Database Name"
+      label: "Host Label Key/Value Pair"
-      description: "Your MYSQL guacamole database name"
+      description: |
-      default: "guacamole_db"
+        The Key/Value pair on the host which the stack should be deployed.
-      required: true
+      default: "host.id=Controller"
-      type: "string"
+      required: false
+      type: string
 
-    - variable: "guacamole_user"
+    - variable: "TRAEFIK_HOSTNAME"
-      label: "MySQL Database User"
+      label: "Public Hostname"
-      description: "Your MYSQL guacamole user name"
+      description: |
+        The FQDN which Traefik should use to provide public access.
+      default: "subdomain.domain.tld"
       required: true
-      default: "guacamole_user"
+      type: string
-      type: "string"
 
-    - variable: "guacamole_password"
+    - variable: "DB_ROOT_PASS"
-      label: "MySQL Database Password"
+      label: "Database Root Password"
-      description: "Your MYSQL guacamole user password. Defaults to \"guacamole_password\""
+      description: |
+        A secure password to be used by the "root" user.
+      # default:
       required: true
-      default: "guacamole_password"
+      type: password
-      type: "password"
 
-    - variable: "public_port"
+    - variable: "DB_USER_PASS"
-      label: "Public Port"
+      label: "Database User Password"
-      description: "The public port that Guacamole listens on, defaults to 8080"
+      description: |
+        A secure password to be used by the "guacamole_user" user.
+      # default:
       required: true
-      default: 8080
+      type: password
-      type: "int"
 
-services:
+    - variable: "DATA_DIR"
-  guacamole:
+      label: "Data Directory"
-    scale: 1
+      description: |
-    health_check:
+        The directory to store persistent data for the stack.
-      healthy_threshold: 2
+      default: "Personal/Guacamole"
-      response_timeout: 2000
+      required: true
-      port: 8080
+      type: string
-      unhealthy_threshold: 3
-      initializing_timeout: 60000
-      interval: 2000
-      strategy: recreate
-      request_line: GET "/guacamole" "HTTP/1.0"
-      reinitializing_timeout: 60000
-  guacd:
-    scale: 1
-    health_check:
-      healthy_threshold: 2
-      response_timeout: 2000
-      port: 4822
-      unhealthy_threshold: 3
-      initializing_timeout: 60000
-      interval: 2000
-      strategy: recreate
-      reinitializing_timeout: 60000
-  setup-get-db-script:
-    scale: 1
-  database:
-    scale: 1
-    health_check:
-      healthy_threshold: 2
-      response_timeout: 2000
-      port: 3306
-      unhealthy_threshold: 3
-      initializing_timeout: 60000
-      interval: 2000
-      strategy: recreate
-      reinitializing_timeout: 60000

templates/Guacamole/config.yml

@@ -1,7 +1,7 @@
 name: Apache Guacamole
 description: |
   Status: NOT READY
-# version:
+version: latest
 #category:
 maintainer: WilliamMiceli
 # license: