someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-14 02:12:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

include mysql connector/j in upgrades

Browse source
This commit is contained in:
itiligent 2023-09-06 14:42:36 +10:00
parent 2aac12e7ce
commit 2dcbe83b47
4 changed files with 46 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
1-setup.sh
View file

@ -628,6 +628,7 @@ echo -e "${GREYB}Itiligent VDI & Jump Server Appliance Setup."
echo -e " ${LGREEN}Powered by Guacamole" echo -e " ${LGREEN}Powered by Guacamole"
echo echo
echo echo
echo -e "${LGREEN}Beginning Guacamole setup...${GREY}" echo -e "${LGREEN}Beginning Guacamole setup...${GREY}"
echo echo
echo -e "${GREY}Checking Linux distro specific dependencies..." echo -e "${GREY}Checking Linux distro specific dependencies..."

25
2-install-guacamole.sh
View file

@ -95,7 +95,18 @@ if [ $? -ne 0 ]; then
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}"
exit 1 exit 1
fi fi
echo -e "${LGREEN}Downloaded guacamole-${GUAC_VERSION}.war${GREY}" echo -e "${LGREEN}Downloaded guacamole-${GUAC_VERSION}.war (Guacamole client web application)${GREY}"
# Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}"
exit 1
else
tar -xzf mysql-connector-j-${MYSQLJCON}.tar.gz
fi
echo -e "${LGREEN}Downloaded mysql-connector-j-${MYSQLJCON}.tar.gz${GREY}"
# Download Guacamole authentication extensions # Download Guacamole authentication extensions
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
@ -172,17 +183,6 @@ if [ "${INSTALL_HISTREC}" = true ]; then
fi fi
echo -e "${LGREEN}Downloaded guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz${GREY}" echo -e "${LGREEN}Downloaded guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz${GREY}"
fi fi
# Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}"
exit 1
else
tar -xzf mysql-connector-j-${MYSQLJCON}.tar.gz
fi
echo -e "${LGREEN}Downloaded mysql-connector-j-${MYSQLJCON}.tar.gz${GREY}"
echo -e "Source download complete.${GREY}" echo -e "Source download complete.${GREY}"
# Option to pause script here as we might want to make final tweaks to source code just before compiling # Option to pause script here as we might want to make final tweaks to source code just before compiling
@ -262,6 +262,7 @@ chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.ja
# Create a symbolic link for Tomcat # Create a symbolic link for Tomcat
ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/ ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/
# Move MySQL connector/j files # Move MySQL connector/j files
echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..." echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..."
mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar

5
README.md
View file

@ -85,6 +85,9 @@ See theme and branding instructions [here](https://github.com/itiligent/Guacamol
- **Quick connect** allows for add-hoc unauthenticated connections. Whilst users must still authenticate directly with the endpoint, all other controls such as file sharing restrictions can be bypassed as add-hoc connections allow the user full access to all connection parameters. Also, add-hoc connections are not recorded or logged. - **Quick connect** allows for add-hoc unauthenticated connections. Whilst users must still authenticate directly with the endpoint, all other controls such as file sharing restrictions can be bypassed as add-hoc connections allow the user full access to all connection parameters. Also, add-hoc connections are not recorded or logged.
- **History Recorded Storage** creates a locked down location for recorded session storage, however potentially sensitive recorded session data may require additional considerations beyond just Guacamole console & local filesystem access controls. Risk mitigations across the full storage and data lifecylce may also be a requirement. - **History Recorded Storage** creates a locked down location for recorded session storage, however potentially sensitive recorded session data may require additional considerations beyond just Guacamole console & local filesystem access controls. Risk mitigations across the full storage and data lifecylce may also be a requirement.
## **Upgrading Guacamole**
To upgrade Guacamole, edit `upgrade-guac.sh` to reflect the desired `NEW_GUAC_VERSION` and `NEW_MYSQLJCON` values prior to running. The upgrade script will automatically update any pre-existing extensions already present (duo, ldap, totp, quick-connect or history-recored-storage) to the new Guacamole version.
## **Download manifest** ## **Download manifest**
The autorun link above downloads the following items into the `$DOWNLOAD_DIR/guac-setup` directory: The autorun link above downloads the following items into the `$DOWNLOAD_DIR/guac-setup` directory:
@ -103,5 +106,5 @@ The autorun link above downloads the following items into the `$DOWNLOAD_DIR/gua
- `add-tls-guac-daemon.sh`: A hardening script to add a TLS wrapper between the guacd server daemon and Guacamole application traffic (optional, consider extra performance impact mitigations) - `add-tls-guac-daemon.sh`: A hardening script to add a TLS wrapper between the guacd server daemon and Guacamole application traffic (optional, consider extra performance impact mitigations)
- `add-fail2ban.sh`: A hardening script to add a fail2ban policy (with local subnet override) to secure Guacamole against external brute force attacks - `add-fail2ban.sh`: A hardening script to add a fail2ban policy (with local subnet override) to secure Guacamole against external brute force attacks
- `backup-guacamole.sh`: A simple MySQL Guacamole backup script - `backup-guacamole.sh`: A simple MySQL Guacamole backup script
- `upgrade-guac.sh` upgrades the currently installed version of Guacamole to a new version (new version must specified in the script.) - `upgrade-guac.sh` Upgrades the currently installed versions of Guacamole and MySQL connector.
- `branding.jar`: An example template for a custom (dark mode) Guacamole theme. Delete this file to keep the default Guacamole UI. This extension's source is also included for easier study and customisation. - `branding.jar`: An example template for a custom (dark mode) Guacamole theme. Delete this file to keep the default Guacamole UI. This extension's source is also included for easier study and customisation.

104
upgrade-guac.sh
View file

@ -28,13 +28,6 @@ if ! [ $(id -u) = 0 ]; then
exit 1 exit 1
fi fi
#Setup download and temp directory paths
USER_HOME_DIR=$(eval echo ~${SUDO_USER})
DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup/upgrade
# Setup directory locations
mkdir -p $DOWNLOAD_DIR
# Check to see if any previous version of build/install files exist, if so stop and check to be safe. # Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 2 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then if [ "$(find . -maxdepth 2 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
echo echo
@ -49,13 +42,23 @@ fi
# Script branding header # Script branding header
echo echo
echo -e "${GREYB}Itiligent Virtual Desktop Appliance UPGRADE" echo -e "${GREYB}Itiligent VDI & Jump Server Appliance UPGRADE."
echo -e " ${LGREEN}Powered by Guacamole" echo -e " ${LGREEN}Powered by Guacamole"
echo echo
# Version of Guacamole to upgrade to #Setup download and temp directory paths
USER_HOME_DIR=$(eval echo ~${SUDO_USER})
DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup/upgrade
# Setup directory locations
mkdir -p $DOWNLOAD_DIR
# Version of Guacamole to upgrade to. See https://guacamole.apache.org/releases/ for latest version info.
NEW_GUAC_VERSION="1.5.3" NEW_GUAC_VERSION="1.5.3"
# MySQL Connector/J version. See https://dev.mysql.com/downloads/connector/j/ for latest version number.
NEW_MYSQLJCON="8.1.0"
# Get the currently installed Tomcat version. # Get the currently installed Tomcat version.
TOMCAT_VERSION=$(ls /etc/ | grep tomcat) TOMCAT_VERSION=$(ls /etc/ | grep tomcat)
@ -69,7 +72,7 @@ GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guac
# Install log Location # Install log Location
LOG_LOCATION="${DOWNLOAD_DIR}/guacamole_${NEW_GUAC_VERSION}_upgrade.log" LOG_LOCATION="${DOWNLOAD_DIR}/guacamole_${NEW_GUAC_VERSION}_upgrade.log"
# Auto updated values from main installer # Auto updated values from main installer (manually update if blank)
MYSQL_HOST= MYSQL_HOST=
MYSQL_PORT= MYSQL_PORT=
GUAC_USER= GUAC_USER=
@ -77,71 +80,6 @@ GUAC_PWD=
GUAC_DB= GUAC_DB=
MYSQL_ROOT_PWD= MYSQL_ROOT_PWD=
#######################################################################################################################
# Prompt inputs if used as a standalone script (without auto updated variables) #######################################
#######################################################################################################################
echo
# Get MySQL Hostname or IP
if [ -z "${MYSQL_HOST}" ]; then
read -p "Enter MySQL server hostname or IP [localhost]: " MYSQL_HOST
echo
fi
# Get MySQL Port
if [ -z "${MYSQL_PORT}" ]; then
read -p "Enter MySQL server port [3306]: " MYSQL_PORT
echo
fi
# Get MySQL database name
if [ -z "${GUAC_DB}" ]; then
read -p "Enter Guacamole database name [guacamole_db]: " GUAC_DB
echo
fi
# Get MySQL user name
if [ -z "${GUAC_USER}" ]; then
read -p "Enter Guacamole user name [guacamole_user]: " GUAC_USER
echo
fi
# Get Guacamole User password, confirm correct password entry and prevent blank passwords
if [ -z "${GUAC_PWD}" ]; then
read -s -p "Enter MySQL guacamole_user password: " GUAC_PWD
echo
fi
# Get MySQL root password
if [ -z "${MYSQL_ROOT_PWD}" ]; then
echo
read -s -p "Enter MySQL root password: " MYSQL_ROOT_PWD
echo
fi
# Set prompt input defaults if values not given
# Checking if a mysql host given, if not set a default
if [ -z "${MYSQL_HOST}" ]; then
MYSQL_HOST="localhost"
fi
# Checking if a mysql port given, if not set a default
if [ -z "${MYSQL_PORT}" ]; then
MYSQL_PORT="3306"
fi
# Checking if a database name given, if not set a default
if [ -z "${GUAC_DB}" ]; then
GUAC_DB="guacamole_db"
fi
# Checking if a mysql user given, if not set a default
if [ -z "${GUAC_USER}" ]; then
GUAC_USER="guacamole_user"
fi
####################################################################################################################### #######################################################################################################################
# Start upgrade actions ############################################################################################## # Start upgrade actions ##############################################################################################
####################################################################################################################### #######################################################################################################################
@ -155,7 +93,7 @@ systemctl stop guacd
cd $DOWNLOAD_DIR cd $DOWNLOAD_DIR
echo echo
echo -e "${GREY}Beginning Guacamole ${OLD_GUAC_VERSION} to ${NEW_GUAC_VERSION} upgrade..." echo -e "${GREY}Downloading updated Guacamole source files and beginning Guacamole ${OLD_GUAC_VERSION} to ${NEW_GUAC_VERSION} upgrade..."
wget -q --show-progress -O guacamole-${NEW_GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war wget -q --show-progress -O guacamole-${NEW_GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-${NEW_GUAC_VERSION}.war" 1>&2 echo -e "${LRED}Failed to download guacamole-${NEW_GUAC_VERSION}.war" 1>&2
@ -182,6 +120,19 @@ else
fi fi
echo -e "${LGREEN}Upgraded Guacamole SQL jdbc to version ${NEW_GUAC_VERSION}${GREY}" echo -e "${LGREEN}Upgraded Guacamole SQL jdbc to version ${NEW_GUAC_VERSION}${GREY}"
# Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${NEW_MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download mysql-connector-j-${NEW_MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}}.tar.gz${GREY}"
exit 1
else
tar -xzf mysql-connector-j-${NEW_MYSQLJCON}.tar.gz
rm /etc/guacamole/lib/mysql-connector-java.jar
mv -f mysql-connector-j-${NEW_MYSQLJCON}/mysql-connector-j-${NEW_MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
fi
echo -e "${LGREEN}Upgraded MySQL connector/j to ${NEW_MYSQLJCON}${GREY}"
# Download Guacamole Server # Download Guacamole Server
wget -q --show-progress -O guacamole-server-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-server-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
@ -382,6 +333,7 @@ fi
# Cleanup # Cleanup
echo -e "${GREY}Clean up install files...${GREY}" echo -e "${GREY}Clean up install files...${GREY}"
rm -rf guacamole-* rm -rf guacamole-*
rm -rf mysql-connector-j-*
unset MYSQL_PWD unset MYSQL_PWD
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2