1
0
mirror of https://git.koehlerweb.org/frodovdr/guac-install synced 2024-11-22 01:37:13 +01:00

Support for Guacamole 1.1.0 Install/Upgrade + More (#97)

* Updated to handle Guacamole 1.1.0 and to include support for installed Duo.

* Fixed missing no color code.

* Added .gitattributes file and updated README.md.

* Fixed package to use FreeRDP2 variant.

* Prompt test.

* Another prompt test.

* Another prompt test.

* Another prompt test.

* Formatting.

* -For the install output Duo configuration values no matter what.
-Updated upgrade script to include missing packages.

* Added additional package to the upgrade script that may be required.

* Formatting and added missing websockets package.

* Added logic for upgrading the TOTP and Duo extensions.

* Update README.md

Changed README.md links back.
This commit is contained in:
SoulSeekkor 2020-02-05 14:24:52 -06:00 committed by GitHub
parent 17e5793676
commit dfc6f05d85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 139 additions and 36 deletions

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
*.sh eol=lf

View File

@ -1,6 +1,6 @@
# guac-install # guac-install
Script for installing Guacamole 1.0.0 on Ubuntu 16.04 or newer with MySQL. It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now** Script for installing Guacamole 1.1.0 on Ubuntu 16.04 or newer with MySQL. It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now**
Run script, enter MySQL Root Password and Guacamole User password. Guacamole User is used to connect to the Guacamole Database. Run script, enter MySQL Root Password and Guacamole User password. Guacamole User is used to connect to the Guacamole Database.
@ -10,7 +10,7 @@ If you're looking to also have NGINX / Let's Encrypt / HTTPS click [HERE](https:
## MFA/2FA ## MFA/2FA
By default the script will install with TOTP support (Google Authenticator), if you do not want TOTP support (which if installed is mandatory for every user) you need to specify the `-n` or `--nototp` flags on the command line. Or Modify the script variable `installTOTP=false` By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you need to specify the `-t` or `--totp` or for Duo `-o` or `--duo` flags on the command line. Or modify the script variable `installTOTP=true` or `installDuo=true`
## How to Run: ## How to Run:

View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Version number of Guacamole to install # Version number of Guacamole to install
GUACVERSION="1.0.0" GUACVERSION="1.1.0"
# Get script arguments for non-interactive mode # Get script arguments for non-interactive mode
while [ "$1" != "" ]; do while [ "$1" != "" ]; do

View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Version number of Guacamole to install # Version number of Guacamole to install
GUACVERSION="1.0.0" GUACVERSION="1.1.0"
# Ubuntu and Debian have different names of the libjpeg-turbo library for some reason... # Ubuntu and Debian have different names of the libjpeg-turbo library for some reason...
source /etc/os-release source /etc/os-release
@ -31,8 +31,8 @@ fi
# Install Server Features # Install Server Features
apt update apt update
apt -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \ apt -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \
libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \ libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
libvorbis-dev libwebp-dev jq curl wget libvorbis-dev libwebp-dev jq curl wget libtool-bin
# If apt fails to run completely the rest of this isn't going to work... # If apt fails to run completely the rest of this isn't going to work...
if [ $? != 0 ] if [ $? != 0 ]

View File

@ -4,20 +4,35 @@
if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
# Version number of Guacamole to install # Version number of Guacamole to install
GUACVERSION="1.0.0" GUACVERSION="1.1.0"
# Colors to use for output # Colors to use for output
YELLOW='\033[1;33m' YELLOW='\033[1;33m'
BLUE='\033[0;34m' BLUE='\033[0;34m'
RED='\033[0;31m' RED='\033[0;31m'
GREEN='\033[0;32m' GREEN='\033[0;32m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color NC='\033[0m' # No Color
# Log Location # Log Location
LOG="/tmp/guacamole_${GUACVERSION}_build.log" LOG="/tmp/guacamole_${GUACVERSION}_build.log"
# Default : Install TOTP # Default : Do not install TOTP/Duo
installTOTP=true installTOTP=false
installDuo=false
# Prompt the user if they would like to install MFA, default of no
PROMPT=""
echo -e -n "${CYAN}(!)${NC} Do you want to use TOTP? (y/N): "
read PROMPT
echo ""
if [[ $PROMPT =~ ^[Yy]$ ]]; then installTOTP=true; fi
echo -e -n "${CYAN}(!)${NC} Do you want to use Duo? (y/N): "
read PROMPT
echo ""
if [[ $PROMPT =~ ^[Yy]$ ]]; then installDuo=true; fi
# Get script arguments for non-interactive mode # Get script arguments for non-interactive mode
while [ "$1" != "" ]; do while [ "$1" != "" ]; do
case $1 in case $1 in
@ -37,8 +52,11 @@ while [ "$1" != "" ]; do
shift shift
DB="$1" DB="$1"
;; ;;
-n | --nototp ) -t | --totp )
installTOTP=false installTOTP=true
;;
-o | --duo )
installDuo=true
esac esac
shift shift
done done
@ -55,8 +73,8 @@ fi
# Get MySQL root password and Guacamole User password # Get MySQL root password and Guacamole User password
if [ -n "$mysqlpwd" ] && [ -n "$guacpwd" ]; then if [ -n "$mysqlpwd" ] && [ -n "$guacpwd" ]; then
mysqlrootpassword=$mysqlpwd mysqlrootpassword=$mysqlpwd
guacdbuserpassword=$guacpwd guacdbuserpassword=$guacpwd
else else
echo echo
while true while true
@ -90,24 +108,19 @@ debconf-set-selections <<< "mysql-server mysql-server/root_password_again passwo
# Ubuntu and Debian versions have differnet package names for libpng-dev # Ubuntu and Debian versions have differnet package names for libpng-dev
# Ubuntu 18.04 does not include universe repo by default # Ubuntu 18.04 does not include universe repo by default
source /etc/os-release source /etc/os-release
if [[ "${NAME}" == "Ubuntu" ]] if [[ "${NAME}" == "Ubuntu" ]]; then
then
JPEGTURBO="libjpeg-turbo8-dev" JPEGTURBO="libjpeg-turbo8-dev"
if [[ "${VERSION_ID}" == "18.04" ]] if [[ "${VERSION_ID}" == "18.04" ]]; then
then
sed -i 's/bionic main$/bionic main universe/' /etc/apt/sources.list sed -i 's/bionic main$/bionic main universe/' /etc/apt/sources.list
fi fi
if [[ "${VERSION_ID}" == "16.04" ]] if [[ "${VERSION_ID}" == "16.04" ]]; then
then
LIBPNG="libpng12-dev" LIBPNG="libpng12-dev"
else else
LIBPNG="libpng-dev" LIBPNG="libpng-dev"
fi fi
elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]] elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]]; then
then
JPEGTURBO="libjpeg62-turbo-dev" JPEGTURBO="libjpeg62-turbo-dev"
if [[ "${PRETTY_NAME}" == *"stretch"* ]] if [[ "${PRETTY_NAME}" == *"stretch"* ]]; then
then
LIBPNG="libpng-dev" LIBPNG="libpng-dev"
else else
LIBPNG="libpng12-dev" LIBPNG="libpng12-dev"
@ -123,15 +136,13 @@ apt-get -qq update
# Tomcat 8.0.x is End of Life, however Tomcat 7.x is not... # Tomcat 8.0.x is End of Life, however Tomcat 7.x is not...
# If Tomcat 8.5.x or newer is available install it, otherwise install Tomcat 7 # If Tomcat 8.5.x or newer is available install it, otherwise install Tomcat 7
# I have not testing with Tomcat9... # I have not testing with Tomcat9...
if [[ $(apt-cache show tomcat8 | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]] if [[ $(apt-cache show tomcat8 | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
then
TOMCAT="tomcat8" TOMCAT="tomcat8"
else else
TOMCAT="tomcat7" TOMCAT="tomcat7"
fi fi
if [ -z $(command -v mysql) ] if [ -z $(command -v mysql) ]; then
then
MYSQL="mysql-server mysql-client mysql-common mysql-utilities" MYSQL="mysql-server mysql-client mysql-common mysql-utilities"
else else
MYSQL="" MYSQL=""
@ -146,8 +157,8 @@ echo -e "${BLUE}Installing dependencies. This might take a few minutes...${NC}"
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \ apt-get -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \
libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \ libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
libvorbis-dev libwebp-dev ${MYSQL} libmysql-java ${TOMCAT} freerdp-x11 \ libvorbis-dev libwebp-dev ${MYSQL} libmysql-java ${TOMCAT} freerdp2-x11 libtool-bin libwebsockets-dev \
ghostscript wget dpkg-dev &>> ${LOG} ghostscript wget dpkg-dev &>> ${LOG}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
@ -187,8 +198,9 @@ if [ $? -ne 0 ]; then
exit 1 exit 1
fi fi
echo -e "${GREEN}Downloaded guacamole-auth-jdbc-${GUACVERSION}.tar.gz${NC}" echo -e "${GREEN}Downloaded guacamole-auth-jdbc-${GUACVERSION}.tar.gz${NC}"
if [ "$installTOTP" = true ] ; then # Download Guacamole authentication extensions
# Download Guacamole authentication extensions (TOTP) if [ "$installTOTP" = true ]; then
# TOTP
wget -q --show-progress -O guacamole-auth-totp-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz wget -q --show-progress -O guacamole-auth-totp-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${RED}Failed to download guacamole-auth-totp-${GUACVERSION}.tar.gz" echo -e "${RED}Failed to download guacamole-auth-totp-${GUACVERSION}.tar.gz"
@ -200,6 +212,19 @@ if [ "$installTOTP" = true ] ; then
echo -e "${GREEN}Downloading complete.${NC}" echo -e "${GREEN}Downloading complete.${NC}"
tar -xzf guacamole-auth-totp-${GUACVERSION}.tar.gz tar -xzf guacamole-auth-totp-${GUACVERSION}.tar.gz
fi fi
if [ "$installDuo" = true ]; then
# Duo
wget -q --show-progress -O guacamole-auth-duo-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to download guacamole-auth-duo-${GUACVERSION}.tar.gz"
echo -e "${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz"
exit 1
fi
echo -e "${GREEN}Downloaded guacamole-auth-duo-${GUACVERSION}.tar.gz${NC}"
echo -e "${GREEN}Downloading complete.${NC}"
tar -xzf guacamole-auth-duo-${GUACVERSION}.tar.gz
fi
# Extract Guacamole files # Extract Guacamole files
tar -xzf guacamole-server-${GUACVERSION}.tar.gz tar -xzf guacamole-server-${GUACVERSION}.tar.gz
tar -xzf guacamole-auth-jdbc-${GUACVERSION}.tar.gz tar -xzf guacamole-auth-jdbc-${GUACVERSION}.tar.gz
@ -254,9 +279,13 @@ ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/${BUILD_FOLDER}/freerdp/
ln -s /usr/share/java/mysql-connector-java.jar /etc/guacamole/lib/ ln -s /usr/share/java/mysql-connector-java.jar /etc/guacamole/lib/
cp guacamole-auth-jdbc-${GUACVERSION}/mysql/guacamole-auth-jdbc-mysql-${GUACVERSION}.jar /etc/guacamole/extensions/ cp guacamole-auth-jdbc-${GUACVERSION}/mysql/guacamole-auth-jdbc-mysql-${GUACVERSION}.jar /etc/guacamole/extensions/
if [ "$installTOTP" = true ] ; then if [ "$installTOTP" = true ]; then
cp guacamole-auth-totp-${GUACVERSION}/guacamole-auth-totp-${GUACVERSION}.jar /etc/guacamole/extensions/ cp guacamole-auth-totp-${GUACVERSION}/guacamole-auth-totp-${GUACVERSION}.jar /etc/guacamole/extensions/
fi fi
if [ "$installDuo" = true ]; then
cp guacamole-auth-duo-${GUACVERSION}/guacamole-auth-duo-${GUACVERSION}.jar /etc/guacamole/extensions/
fi
# Configure guacamole.properties # Configure guacamole.properties
rm -f /etc/guacamole/guacamole.properties rm -f /etc/guacamole/guacamole.properties
touch /etc/guacamole/guacamole.properties touch /etc/guacamole/guacamole.properties
@ -266,6 +295,20 @@ echo "mysql-database: ${DB}" >> /etc/guacamole/guacamole.properties
echo "mysql-username: ${mysqluser}" >> /etc/guacamole/guacamole.properties echo "mysql-username: ${mysqluser}" >> /etc/guacamole/guacamole.properties
echo "mysql-password: ${guacdbuserpassword}" >> /etc/guacamole/guacamole.properties echo "mysql-password: ${guacdbuserpassword}" >> /etc/guacamole/guacamole.properties
if [ "$installDuo" = true ]; then
echo "duo-api-hostname: <value>" >> /etc/guacamole/guacamole.properties
echo "duo-integration-key: <value>" >> /etc/guacamole/guacamole.properties
echo "duo-secret-key: <value>" >> /etc/guacamole/guacamole.properties
echo "duo-application-key: <value>" >> /etc/guacamole/guacamole.properties
echo -e "${BLUE}Duo is installed, it will need to be configured via guacamole.properties!${NC}"
else
# Still output the values, but comment them out
echo "# duo-api-hostname: <value>" >> /etc/guacamole/guacamole.properties
echo "# duo-integration-key: <value>" >> /etc/guacamole/guacamole.properties
echo "# duo-secret-key: <value>" >> /etc/guacamole/guacamole.properties
echo "# duo-application-key: <value>" >> /etc/guacamole/guacamole.properties
fi
# restart tomcat # restart tomcat
echo -e "${BLUE}Restarting tomcat...${NC}" echo -e "${BLUE}Restarting tomcat...${NC}"

View File

@ -4,7 +4,15 @@
if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
# Version number of Guacamole to install # Version number of Guacamole to install
GUACVERSION="1.0.0" GUACVERSION="1.1.0"
# Colors to use for output
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
RED='\033[0;31m'
GREEN='\033[0;32m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
# Try to get database from /etc/guacamole/guacamole.properties # Try to get database from /etc/guacamole/guacamole.properties
DATABASE=$(grep -oP 'mysql-database:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}') DATABASE=$(grep -oP 'mysql-database:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
@ -48,8 +56,15 @@ OLDVERSION=$(grep -oP 'Guacamole.API_VERSION = "\K[0-9\.]+' /var/lib/${TOMCAT}/w
# Set SERVER to be the preferred download server from the Apache CDN # Set SERVER to be the preferred download server from the Apache CDN
SERVER="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUACVERSION}" SERVER="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUACVERSION}"
# Stop tomcat # Stop tomcat and guac
service ${TOMCAT} stop service ${TOMCAT} stop
service guacd stop
# Update apt so we can search apt-cache
apt-get -qq update
# Install additional packages if they do not exist yet
apt-get -y install freerdp2-dev freerdp2-x11 libtool-bin libwebsockets-dev
# Download Guacamole server # Download Guacamole server
wget -O guacamole-server-${GUACVERSION}.tar.gz ${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz wget -O guacamole-server-${GUACVERSION}.tar.gz ${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz
@ -100,13 +115,57 @@ UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/ |
for FILE in ${UPGRADEFILES[@]} for FILE in ${UPGRADEFILES[@]}
do do
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)') FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLDVERSION}" | sort -V | head -n1) == ${OLDVERSION} && ${FILEVERSION} != ${OLDVERSION} ]] if [[ $(echo -e "${FILEVERSION}\n${OLDVERSION}" | sort -V | head -n1) == ${OLDVERSION} && ${FILEVERSION} != ${OLDVERSION} ]]; then
then
echo "Patching ${DATABASE} with ${FILE}" echo "Patching ${DATABASE} with ${FILE}"
mysql -u root -h ${MYSQL_SERVER} ${DATABASE} < guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/${FILE} mysql -u root -h ${MYSQL_SERVER} ${DATABASE} < guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/${FILE}
fi fi
done done
# Check for either TOTP or Duo extensions and ugprade if found
for file in /etc/guacamole/extensions/guacamole-auth-totp*.jar; do
if [[ -f $file ]]; then
# Upgrade TOTP
echo -e "${BLUE}TOTP extension was found, upgrading...${NC}"
rm /etc/guacamole/extensions/guacamole-auth-totp*.jar
wget -q --show-progress -O guacamole-auth-totp-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to download guacamole-auth-totp-${GUACVERSION}.tar.gz"
echo -e "${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz"
exit 1
fi
echo -e "${GREEN}Downloaded guacamole-auth-totp-${GUACVERSION}.tar.gz${NC}"
echo -e "${GREEN}Downloading complete.${NC}"
tar -xzf guacamole-auth-totp-${GUACVERSION}.tar.gz
cp guacamole-auth-totp-${GUACVERSION}/guacamole-auth-totp-${GUACVERSION}.jar /etc/guacamole/extensions/
echo -e "${GREEN}TOTP copied to extensions.${NC}"
break
fi
done
for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
if [[ -f $file ]]; then
# Upgrade Duo
echo -e "${BLUE}Duo extension was found, upgrading...${NC}"
rm /etc/guacamole/extensions/guacamole-auth-duo*.jar
wget -q --show-progress -O guacamole-auth-duo-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${RED}Failed to download guacamole-auth-duo-${GUACVERSION}.tar.gz"
echo -e "${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz"
exit 1
fi
echo -e "${GREEN}Downloaded guacamole-auth-duo-${GUACVERSION}.tar.gz${NC}"
echo -e "${GREEN}Downloading complete.${NC}"
tar -xzf guacamole-auth-duo-${GUACVERSION}.tar.gz
cp guacamole-auth-duo-${GUACVERSION}/guacamole-auth-duo-${GUACVERSION}.jar /etc/guacamole/extensions/
echo -e "${GREEN}Duo copied to extensions.${NC}"
break
fi
done
# Start tomcat # Start tomcat
service ${TOMCAT} start service ${TOMCAT} start
service guacd start service guacd start