diff --git a/1-setup.sh b/1-setup.sh index 0c17d61..5745ef4 100644 --- a/1-setup.sh +++ b/1-setup.sh @@ -173,7 +173,7 @@ SERVER_NAME="" # Preferred server hostname LOCAL_DOMAIN="" # Local DNS space in use INSTALL_MYSQL="" # Install locally (true/false) SECURE_MYSQL="" # Apply mysql secure configuration tool (true/false) -MYSQL_HOST="" # leave blank for localhost default, only specify for remote servers +MYSQL_HOST="" # Blank or localhost for a local MySQL install, a specific IP for remote MySQL option. MYSQL_PORT="" # If blank default is 3306 GUAC_DB="" # If blank default is guacamole_db GUAC_USER="" # If blank default is guacamole_user @@ -381,13 +381,13 @@ fi # Get additional MYSQL values if [ "${INSTALL_MYSQL}" = false ]; then [ -z "${MYSQL_HOST}" ] && - read -p "SQL: Enter MySQL server hostname or IP: " MYSQL_HOST + read -p "SQL: Enter remote MySQL server hostname or IP: " MYSQL_HOST [ -z "${MYSQL_PORT}" ] && - read -p "SQL: Enter MySQL server port [3306]: " MYSQL_PORT + read -p "SQL: Enter remote MySQL server port [3306]: " MYSQL_PORT [ -z "${GUAC_DB}" ] && - read -p "SQL: Enter Guacamole database name [guacamole_db]: " GUAC_DB + read -p "SQL: Enter remote Guacamole database name [guacamole_db]: " GUAC_DB [ -z "${GUAC_USER}" ] && - read -p "SQL: Enter Guacamole user name [guacamole_user]: " GUAC_USER + read -p "SQL: Enter remote Guacamole user name [guacamole_user]: " GUAC_USER fi # Checking if a mysql host given, if not set a default if [ -z "${MYSQL_HOST}" ]; then @@ -418,8 +418,8 @@ if [ -z "${GUAC_PWD}" ]; then done fi -# Get MySQL root password, confirm correct password entry and prevent blank passwords -if [ -z "${MYSQL_ROOT_PWD}" ]; then +# Get MySQL root password, confirm correct password entry and prevent blank passwords. No root pw needed for remote instances. +if [ -z "${MYSQL_ROOT_PWD}" ] && [ "${INSTALL_MYSQL}" = true ]; then while true; do read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL root password: " MYSQL_ROOT_PWD echo diff --git a/2-install-guacamole.sh b/2-install-guacamole.sh index 37a6bde..08b3179 100644 --- a/2-install-guacamole.sh +++ b/2-install-guacamole.sh @@ -249,6 +249,7 @@ fi echo -e "${GREY}Installing Guacamole-Server..." make install &>>${LOG_LOCATION} +ldconfig if [ $? -ne 0 ]; then echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 exit 1 @@ -256,7 +257,6 @@ else echo -e "${LGREEN}OK${GREY}" echo fi -ldconfig # Move files to correct install locations (guacamole-client & Guacamole authentication extensions) cd .. @@ -406,6 +406,7 @@ fi systemctl enable ${TOMCAT_VERSION} echo +if [ "${INSTALL_MYSQL}" = true ]; then # Set MySQL password export MYSQL_PWD=${MYSQL_ROOT_PWD} @@ -451,21 +452,6 @@ else echo fi -# Restart MySQL service -if [ "${INSTALL_MYSQL}" = true ]; then - echo -e "${GREY}Restarting MySQL service & enable at boot..." - # Set MySQl to start at boot - systemctl enable mysql - systemctl restart mysql - if [ $? -ne 0 ]; then - echo -e "${LRED}Failed${GREY}" 1>&2 - exit 1 - else - echo -e "${LGREEN}OK${GREY}" - echo - fi -fi - # Create ${GUAC_DB} and grant ${GUAC_USER} permissions to it GUAC_USERHost="localhost" if [[ "${MYSQL_HOST}" != "localhost" ]]; then @@ -473,48 +459,22 @@ if [[ "${MYSQL_HOST}" != "localhost" ]]; then echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${GREY}" fi -# Check if ${GUAC_DB} is already present -echo -e "${GREY}Checking MySQL for existing database (${GUAC_DB})" -SQLCODE=" -SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='${GUAC_DB}';" - # Execute SQL code -MYSQL_RESULT=$(echo ${SQLCODE} | mysql -u root -D information_schema -h ${MYSQL_HOST} -P ${MYSQL_PORT}) -if [[ $MYSQL_RESULT != "" ]]; then - echo -e "${LRED}It appears there is already a MySQL database (${GUAC_DB}) on ${MYSQL_HOST}${GREY}" 1>&2 - echo -e "${LRED}Try: mysql -e 'DROP DATABASE ${GUAC_DB}'${GREY}" 1>&2 - exit 1 -else - echo -e "${LGREEN}OK${GREY}" - echo -fi - -# Check if ${GUAC_USER} is already present -echo -e "${GREY}Checking MySQL for existing user (${GUAC_USER})" -SQLCODE=" -SELECT COUNT(*) FROM mysql.user WHERE user = '${GUAC_USER}';" - -# Execute SQL code -MYSQL_RESULT=$(echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} | grep '0') -if [[ $MYSQL_RESULT == "" ]]; then - echo -e "${LRED}It appears there is already a MySQL user (${GUAC_USER}) on ${MYSQL_HOST}${GREY}" 1>&2 - echo -e "${LRED}Try: mysql -e \"DROP USER '${GUAC_USER}'@'${GUAC_USERHost}'; FLUSH PRIVILEGES;\"${GREY}" 1>&2 - exit 1 -else - echo -e "${LGREEN}OK${GREY}" - echo -fi - -# Create database & user, then set permissions +echo -e "${GREY}Creating the Guacamole database..." SQLCODE=" DROP DATABASE IF EXISTS ${GUAC_DB}; CREATE DATABASE IF NOT EXISTS ${GUAC_DB}; CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GUAC_PWD}\"; GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}'; FLUSH PRIVILEGES;" - -# Execute SQL code echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed${GREY}" 1>&2 + exit 1 +else + echo -e "${LGREEN}OK${GREY}" + echo +fi # Add Guacamole schema to newly created database echo -e "${GREY}Adding database tables..." @@ -526,6 +486,7 @@ else echo -e "${LGREEN}OK${GREY}" echo fi +fi # Create guacd.conf and locahost IP binding. echo -e "${GREY}Binding guacd to 127.0.0.1 port 4822..." @@ -555,20 +516,6 @@ else echo fi -# Cleanup -echo -e "${GREY}Cleanup install files...${GREY}" -rm -rf guacamole-* -rm -rf mysql-connector-j-* -rm -rf mariadb_repo_setup -unset MYSQL_PWD -if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 - exit 1 -else - echo -e "${LGREEN}OK${GREY}" - echo -fi - # Apply Secure MySQL installation settings if [ "${SECURE_MYSQL}" = true ]; then echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}" @@ -593,6 +540,7 @@ send \"y\r\" expect eof ") echo "$SECURE_MYSQL" + systemctl restart mysql if [ $? -ne 0 ]; then echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 exit 1 @@ -602,6 +550,21 @@ expect eof fi fi +# Restart MySQL service +if [ "${INSTALL_MYSQL}" = true ]; then + echo -e "${GREY}Restarting MySQL service & enable at boot..." + # Set MySQl to start at boot + systemctl enable mysql + systemctl restart mysql + if [ $? -ne 0 ]; then + echo -e "${LRED}Failed${GREY}" 1>&2 + exit 1 + else + echo -e "${LGREEN}OK${GREY}" + echo + fi +fi + if [ "${CHANGE_ROOT}" = true ]; then echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}" systemctl stop ${TOMCAT_VERSION} @@ -633,5 +596,19 @@ else echo -e "${LGREEN}OK${GREY}" fi +# Cleanup +echo -e "${GREY}Cleanup install files...${GREY}" +rm -rf guacamole-* +rm -rf mysql-connector-j-* +rm -rf mariadb_repo_setup +unset MYSQL_PWD +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + exit 1 +else + echo -e "${LGREEN}OK${GREY}" + echo +fi + # Done echo -e ${NC} diff --git a/install-mysql-backend-only.sh b/install-mysql-backend-only.sh index 30d6ffa..8e78e35 100644 --- a/install-mysql-backend-only.sh +++ b/install-mysql-backend-only.sh @@ -1,6 +1,6 @@ #!/bin/bash ####################################################################################################################### -# Guacamole db build script +# Guacamole db build script. # For Ubuntu / Debian / Raspbian # David Harrop # September 2023 @@ -24,6 +24,7 @@ NC='\033[0m' #No Colour USER_HOME_DIR=$(eval echo ~${SUDO_USER}) DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup mkdir -p $DOWNLOAD_DIR +chown -R $SUDO_USER:root $DOWNLOAD_DIR # Install log Location INSTALL_LOG="${DOWNLOAD_DIR}/mysql_install.log" @@ -46,14 +47,15 @@ echo ####################################################################################################################### # Silent setup options - adding true/false or specific values below prevents prompt at install ######################## ####################################################################################################################### -MYSQL_HOST="localhost" # leave blank for localhost default, only specify for remote servers -SECURE_MYSQL="true" # Apply mysql secure configuration tool (true/false) -MYSQL_PORT="3306" # If blank default is 3306 -GUAC_DB="guacamole_db" # If blank default is guacamole_db -GUAC_USER="guacamole_user" # If blank default is guacamole_user -GUAC_PWD="test" # Requires an entry here or at at script prompt. -MYSQL_ROOT_PWD="test" # Requires an entry here or at at script prompt. -DB_TZ=$(cat /etc/timezone) # Database timezone to apply. Defaults to system TZ. Change to "UTC" if appropriate +BACKEND_MYSQL="true" # Separate the MySQL database and Guacamole application servers? (true/false) +MYSQL_BIND_ADDR="0.0.0.0" # Active when BACKEND_MYSQL="true". The the IP address to bind MySQL to. +SECURE_MYSQL="true" # Apply the mysql secure configuration tool (true/false) +MYSQL_PORT="3306" # Default is 3306 +GUAC_DB="guacamole_db" # Default is guacamole_db +GUAC_USER="guacamole_user" # Default is guacamole_user +GUAC_PWD="test" # Requires an entry +MYSQL_ROOT_PWD="test" # Requires an entry. +DB_TZ=$(cat /etc/timezone) # Database timezone defaults is system TZ. Change to "UTC" if appropriate # Force a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions. # If MYSQL_VERSION is left blank, script will default to the distro default MYSQL packages. @@ -61,22 +63,11 @@ MYSQL_VERSION="" if [ -z "${MYSQL_VERSION}" ]; then # Use Linux distro default version. MYSQLV="default-mysql-server default-mysql-client mysql-common" + DB_CMD="mysql" else # Use official mariadb.org repo MYSQLV="mariadb-server mariadb-client mariadb-common" -fi - -if [ -n "${MYSQL_VERSION}" ]; then - # Add the Official MariaDB repo. - apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG} - curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG} - bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG} -fi - -# Pre-seed MySQL root password values for Linux Distro default packages only -if [ -z "${MYSQL_VERSION}" ]; then - debconf-set-selections <<<"mysql-server mysql-server/root_password password ${MYSQL_ROOT_PWD}" - debconf-set-selections <<<"mysql-server mysql-server/root_password_again password ${MYSQL_ROOT_PWD}" + DB_CMD="mariadb" fi # Update everything but don't do the annoying prompts during apt installs @@ -92,6 +83,15 @@ else echo fi +cd $DOWNLOAD_DIR + +if [ -n "${MYSQL_VERSION}" ]; then + # Add the Official MariaDB repo. + apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG} + curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG} + bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG} +fi + # Download Guacamole mysql specific components echo -e "${GREY}Downloading Guacamole database source files..." wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz @@ -105,8 +105,8 @@ fi echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}" echo -echo -e "${GREY}Installing MySQL packages and dependencies..." -apt-get -qq -y install expect ${MYSQLV} &>>${INSTALL_LOG} +echo -e "${GREY}Installing MySQL packages..." +apt-get -qq -y install ${MYSQLV} &>>${INSTALL_LOG} if [ $? -ne 0 ]; then echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 @@ -115,22 +115,36 @@ else echo fi -# Find the location of the MySQL config files +echo -e "${GREY}Setting MySQL root password..." +SQLCODE=" +FLUSH PRIVILEGES; +ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';" +echo ${SQLCODE} | $DB_CMD -u root +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 + exit 1 +else + echo -e "${LGREEN}OK${GREY}" + echo +fi + +# Find the location of the MySQL or MariaDB config files. Add to this list for more candidates.. for x in /etc/mysql/mariadb.conf.d/50-server.cnf \ /etc/mysql/mysql.conf.d/mysqld.cnf \ /etc/mysql/my.cnf; do - # Check the path exists + # Check inside each to see if a [mysqld] or [mariadbd] section exists and assign x the correct filename. if [ -e "${x}" ]; then - # Does it have the necessary section? - if grep -q '^\[mysqld\]$' "${x}"; then + if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then mysqlconfig="${x}" + # Reduce any duplicated section names, then remove the [ ] special characters (for sed cmd below) + config_section=$(grep -m 1 -E '^\[(mysqld|mariadbd)\]$' "${x}" | sed 's/\[\(.*\)\]/\1/') break fi fi done if [ -z "${mysqlconfig}" ]; then - echo -e "${GREY}Couldn't detect MySQL config file - you may need to manually enter timezone settings" + echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings" else # Is there already a timzeone value configured? if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then @@ -142,10 +156,9 @@ else timezone="UTC" fi echo -e "Setting MySQL database timezone as ${timezone}${GREY}" - mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} - sed -i -e "/^\[mysqld\]/a default_time_zone = ${timezone}" "${mysqlconfig}" - # Restart to apply - systemctl restart mysql + mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | ${DB_CMD} -u root -D mysql -p${MYSQL_ROOT_PWD} + # Add the timzone value to the sanitsed server file section name. + sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}" fi fi if [ $? -ne 0 ]; then @@ -156,72 +169,58 @@ else echo fi -# Restart MySQL service - echo -e "${GREY}Restarting MySQL service & enable at boot..." - # Set MySQl to start at boot - systemctl enable mysql - systemctl restart mysql - if [ $? -ne 0 ]; then - echo -e "${LRED}Failed${GREY}" 1>&2 - exit 1 - else - echo -e "${LGREEN}OK${GREY}" - echo - fi +# Change the default localhost MySQL binding IP address for remote Guacamole server accessibility +if [[ "${BACKEND_MYSQL}" = true ]]; then + echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..." + sed -i "s/bind-address[[:space:]]*=[[:space:]]*127\.0\.0\.1/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig} +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed${GREY}" 1>&2 + exit 1 +else + echo -e "${LGREEN}OK${GREY}" + echo +fi +fi # Create ${GUAC_DB} and grant ${GUAC_USER} permissions to it -GUAC_USERHost="localhost" -if [[ "${MYSQL_HOST}" != "localhost" ]]; then +echo -e "${GREY}Setting up database access parameters for the Guacamole user ..." +if [[ "${BACKEND_MYSQL}" = true ]]; then GUAC_USERHost="%" - echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${GREY}" + echo -e "${YELLOW} MySQL ${GUAC_USER} is set to accept db login from any host, you may wish to limit this to specific IPs.${GREY}" +# e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';" +else + GUAC_USERHost=localhost + echo -e "${YELLOW}MySQL Guacamole user is set to only allow login from localhost.${GREY}" fi - -# Check if ${GUAC_DB} is already present -echo -e "${GREY}Checking MySQL for existing database (${GUAC_DB})" -SQLCODE=" -SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='${GUAC_DB}';" - -# Execute SQL code -MYSQL_RESULT=$(echo ${SQLCODE} | mysql -u root -D information_schema -h ${MYSQL_HOST} -P ${MYSQL_PORT}) -if [[ $MYSQL_RESULT != "" ]]; then - echo -e "${LRED}It appears there is already a MySQL database (${GUAC_DB}) on ${MYSQL_HOST}${GREY}" 1>&2 - echo -e "${LRED}Try: mysql -e 'DROP DATABASE ${GUAC_DB}'${GREY}" 1>&2 +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" echo fi -# Check if ${GUAC_USER} is already present -echo -e "${GREY}Checking MySQL for existing user (${GUAC_USER})" -SQLCODE=" -SELECT COUNT(*) FROM mysql.user WHERE user = '${GUAC_USER}';" - -# Execute SQL code -MYSQL_RESULT=$(echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} | grep '0') -if [[ $MYSQL_RESULT == "" ]]; then - echo -e "${LRED}It appears there is already a MySQL user (${GUAC_USER}) on ${MYSQL_HOST}${GREY}" 1>&2 - echo -e "${LRED}Try: mysql -e \"DROP USER '${GUAC_USER}'@'${GUAC_USERHost}'; FLUSH PRIVILEGES;\"${GREY}" 1>&2 - exit 1 -else - echo -e "${LGREEN}OK${GREY}" - echo -fi - -# Create database & user, then set permissions +# Create the new Guacamole database +echo -e "${GREY}Creating the Guacamole database..." SQLCODE=" DROP DATABASE IF EXISTS ${GUAC_DB}; CREATE DATABASE IF NOT EXISTS ${GUAC_DB}; CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GUAC_PWD}\"; GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}'; FLUSH PRIVILEGES;" - # Execute SQL code -echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} +echo ${SQLCODE} | $DB_CMD -u root -D mysql -p${MYSQL_ROOT_PWD} +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed${GREY}" 1>&2 + exit 1 +else + echo -e "${LGREEN}OK${GREY}" + echo +fi # Add Guacamole schema to newly created database -echo -e "${GREY}Adding database tables..." -cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} +echo -e "${GREY}Adding the Guacamole database schema..." +cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} if [ $? -ne 0 ]; then echo -e "${LRED}Failed${GREY}" 1>&2 exit 1 @@ -232,6 +231,7 @@ fi # Apply Secure MySQL installation settings if [ "${SECURE_MYSQL}" = true ]; then +apt-get -qq -y install expect &>>${INSTALL_LOG} echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}" SECURE_MYSQL=$(expect -c " set timeout 10 @@ -262,10 +262,23 @@ expect eof fi fi +# Restart MySQL service +echo -e "${GREY}Restarting MySQL service & enable at boot..." +# Set MySQl to start at boot +systemctl enable mysql +systemctl restart mysql +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed${GREY}" 1>&2 + exit 1 +else + echo -e "${LGREEN}OK${GREY}" + echo +fi + # Cleanup echo -e "${GREY}Cleaning up install files...${GREY}" -sudo apt-get -y remove expect &>>${INSTALL_LOG} -sudo apt-get -y autoremove &>>${INSTALL_LOG} +apt-get -y remove expect &>>${INSTALL_LOG} +apt-get -y autoremove &>>${INSTALL_LOG} rm -rf guacamole-* if [ $? -ne 0 ]; then echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 diff --git a/upgrade-mysql-backend-only.sh b/upgrade-mysql-backend-only.sh new file mode 100644 index 0000000..1219ca0 --- /dev/null +++ b/upgrade-mysql-backend-only.sh @@ -0,0 +1,139 @@ +#!/bin/bash +###################################################################################################################### +# Guacamole appliance upgrade script +# For Ubuntu / Debian / Raspbian +# David Harrop +# April 2023 +####################################################################################################################### + +# The Guacamole schema have not been updated since late 2021, suggesting that its now quite mature and there will be +# little need to use this, but just in case. Update the database packages separately via apt. + +####################################################################################################################### +# Script pre-flight checks and settings ############################################################################### +####################################################################################################################### + +clear + +# Prepare text output colours +GREY='\033[0;37m' +DGREY='\033[0;90m' +GREYB='\033[1;37m' +LRED='\033[0;91m' +LGREEN='\033[0;92m' +LYELLOW='\033[0;93m' +NC='\033[0m' #No Colour + +# Check if user is root or sudo +if ! [ $(id -u) = 0 ]; then + echo + echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2 + exit 1 +fi + +# Check to see if any previous version of build/install files exist, if so stop and check to be safe. +if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then + echo + echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2 + echo + exit 1 +fi + + +####################################################################################################################### +# Initial environment setup ########################################################################################### +####################################################################################################################### + +#Setup download and temp directory paths +USER_HOME_DIR=$(eval echo ~${SUDO_USER}) +DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup + +# Setup directory locations +mkdir -p $DOWNLOAD_DIR +sudo chown -R $SUDO_USER:root $DOWNLOAD_DIR + +# Version of Guacamole to upgrade to. See https://guacamole.apache.org/releases/ for latest version info. +NEW_GUAC_VERSION="1.5.3" + +# The currently installed Guacamole schema version is needed to evaluate the required schema upgrades. +OLD_GUAC_VERSION="1.5.0" + +# Set preferred Apache CDN download link) +GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${NEW_GUAC_VERSION}" + +# Install log Location +INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${NEW_GUAC_VERSION}_mysql_install.log" + +# Database details +GUAC_DB="guacamole_db" +MYSQL_ROOT_PWD="test" + +clear + +# Script branding header +echo +echo -e "${GREYB}Guacamole Backend MySQL Schema UPGRADE." +echo -e " ${LGREEN}Powered by Itiligent${GREY}" +echo +echo + +####################################################################################################################### +# Start install actions ############################################################################################## +####################################################################################################################### + +# Download and extract the Guacamole SQL authentication extension containing the database schema +wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2 + echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" + exit 1 +else + tar -xzf guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz +fi + +echo +# Get list of SQL Upgrade Files +echo -e "${GREY}Upgrading MySQL Schema..." +UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V)) + +# Compare SQL Upgrage Files against old version, apply upgrades as needed +for FILE in ${UPGRADEFILES[@]}; do + FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)') + if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then + echo "Patching ${GUAC_DB} with ${FILE}" + mariadb -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} >${INSTALL_LOG} + fi +done +if [ $? -ne 0 ]; then + echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2 + exit 1 +else + echo -e "${LGREEN}OK${GREY}" + echo +fi + +# Restart MySQL service +echo -e "${GREY}Restarting MySQL service..." +systemctl restart mysql +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed${GREY}" 1>&2 + exit 1 +else + echo -e "${LGREEN}OK${GREY}" + echo +fi + +# Cleanup +echo -e "${GREY}Clean up install files...${GREY}" +rm -rf guacamole-* +if [ $? -ne 0 ]; then + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 + exit 1 +else + echo -e "${LGREEN}OK${GREY}" + echo +fi + +# Done +printf "${LGREEN}Guacamole ${NEW_GUAC_VERSION} schema upgrade complete - check log for details! \n${NC}" +echo -e ${NC} \ No newline at end of file diff --git a/useful-config-info.txt b/useful-config-info.txt index c66a4bd..9fd64cd 100644 --- a/useful-config-info.txt +++ b/useful-config-info.txt @@ -61,7 +61,7 @@ Quit to exit ############################################### # This is likely not needed beyond in Gucamole 1.40 as the gui provides an option to reset. Kept for reference. mysql -u root -p -use guacamol_db; +use guacamole_db; SELECT user_id FROM guacamole_user INNER JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user.entity_id WHERE guacamole_entity.name = 'guacadmin'; UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name = 'guac-totp-key-confirmed' and user_id = '1'; quit;