someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-14 02:12:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

3 tier arch install support

Browse source
This commit is contained in:
itiligent 2023-09-09 00:14:41 +10:00
parent ba7fab3e12
commit 798bd32f04
5 changed files with 283 additions and 154 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
1-setup.sh
View file

@ -173,7 +173,7 @@ SERVER_NAME="" # Preferred server hostname
LOCAL_DOMAIN="" # Local DNS space in use LOCAL_DOMAIN="" # Local DNS space in use
INSTALL_MYSQL="" # Install locally (true/false) INSTALL_MYSQL="" # Install locally (true/false)
SECURE_MYSQL="" # Apply mysql secure configuration tool (true/false) SECURE_MYSQL="" # Apply mysql secure configuration tool (true/false)
MYSQL_HOST="" # leave blank for localhost default, only specify for remote servers MYSQL_HOST="" # Blank or localhost for a local MySQL install, a specific IP for remote MySQL option.
MYSQL_PORT="" # If blank default is 3306 MYSQL_PORT="" # If blank default is 3306
GUAC_DB="" # If blank default is guacamole_db GUAC_DB="" # If blank default is guacamole_db
GUAC_USER="" # If blank default is guacamole_user GUAC_USER="" # If blank default is guacamole_user
@ -381,13 +381,13 @@ fi
# Get additional MYSQL values # Get additional MYSQL values
if [ "${INSTALL_MYSQL}" = false ]; then if [ "${INSTALL_MYSQL}" = false ]; then
[ -z "${MYSQL_HOST}" ] && [ -z "${MYSQL_HOST}" ] &&
read -p "SQL: Enter MySQL server hostname or IP: " MYSQL_HOST read -p "SQL: Enter remote MySQL server hostname or IP: " MYSQL_HOST
[ -z "${MYSQL_PORT}" ] && [ -z "${MYSQL_PORT}" ] &&
read -p "SQL: Enter MySQL server port [3306]: " MYSQL_PORT read -p "SQL: Enter remote MySQL server port [3306]: " MYSQL_PORT
[ -z "${GUAC_DB}" ] && [ -z "${GUAC_DB}" ] &&
read -p "SQL: Enter Guacamole database name [guacamole_db]: " GUAC_DB read -p "SQL: Enter remote Guacamole database name [guacamole_db]: " GUAC_DB
[ -z "${GUAC_USER}" ] && [ -z "${GUAC_USER}" ] &&
read -p "SQL: Enter Guacamole user name [guacamole_user]: " GUAC_USER read -p "SQL: Enter remote Guacamole user name [guacamole_user]: " GUAC_USER
fi fi
# Checking if a mysql host given, if not set a default # Checking if a mysql host given, if not set a default
if [ -z "${MYSQL_HOST}" ]; then if [ -z "${MYSQL_HOST}" ]; then
@ -418,8 +418,8 @@ if [ -z "${GUAC_PWD}" ]; then
done done
fi fi
# Get MySQL root password, confirm correct password entry and prevent blank passwords # Get MySQL root password, confirm correct password entry and prevent blank passwords. No root pw needed for remote instances.
if [ -z "${MYSQL_ROOT_PWD}" ]; then if [ -z "${MYSQL_ROOT_PWD}" ] && [ "${INSTALL_MYSQL}" = true ]; then
while true; do while true; do
read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL root password: " MYSQL_ROOT_PWD read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL root password: " MYSQL_ROOT_PWD
echo echo

105
2-install-guacamole.sh
View file

@ -249,6 +249,7 @@ fi
echo -e "${GREY}Installing Guacamole-Server..." echo -e "${GREY}Installing Guacamole-Server..."
make install &>>${LOG_LOCATION} make install &>>${LOG_LOCATION}
ldconfig
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
exit 1 exit 1
@ -256,7 +257,6 @@ else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
ldconfig
# Move files to correct install locations (guacamole-client & Guacamole authentication extensions) # Move files to correct install locations (guacamole-client & Guacamole authentication extensions)
cd .. cd ..
@ -406,6 +406,7 @@ fi
systemctl enable ${TOMCAT_VERSION} systemctl enable ${TOMCAT_VERSION}
echo echo
if [ "${INSTALL_MYSQL}" = true ]; then
# Set MySQL password # Set MySQL password
export MYSQL_PWD=${MYSQL_ROOT_PWD} export MYSQL_PWD=${MYSQL_ROOT_PWD}
@ -451,21 +452,6 @@ else
echo echo
fi fi
# Restart MySQL service
if [ "${INSTALL_MYSQL}" = true ]; then
echo -e "${GREY}Restarting MySQL service & enable at boot..."
# Set MySQl to start at boot
systemctl enable mysql
systemctl restart mysql
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Create ${GUAC_DB} and grant ${GUAC_USER} permissions to it # Create ${GUAC_DB} and grant ${GUAC_USER} permissions to it
GUAC_USERHost="localhost" GUAC_USERHost="localhost"
if [[ "${MYSQL_HOST}" != "localhost" ]]; then if [[ "${MYSQL_HOST}" != "localhost" ]]; then
@ -473,48 +459,22 @@ if [[ "${MYSQL_HOST}" != "localhost" ]]; then
echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${GREY}" echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${GREY}"
fi fi
# Check if ${GUAC_DB} is already present
echo -e "${GREY}Checking MySQL for existing database (${GUAC_DB})"
SQLCODE="
SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='${GUAC_DB}';"
# Execute SQL code # Execute SQL code
MYSQL_RESULT=$(echo ${SQLCODE} | mysql -u root -D information_schema -h ${MYSQL_HOST} -P ${MYSQL_PORT}) echo -e "${GREY}Creating the Guacamole database..."
if [[ $MYSQL_RESULT != "" ]]; then
echo -e "${LRED}It appears there is already a MySQL database (${GUAC_DB}) on ${MYSQL_HOST}${GREY}" 1>&2
echo -e "${LRED}Try: mysql -e 'DROP DATABASE ${GUAC_DB}'${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Check if ${GUAC_USER} is already present
echo -e "${GREY}Checking MySQL for existing user (${GUAC_USER})"
SQLCODE="
SELECT COUNT(*) FROM mysql.user WHERE user = '${GUAC_USER}';"
# Execute SQL code
MYSQL_RESULT=$(echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} | grep '0')
if [[ $MYSQL_RESULT == "" ]]; then
echo -e "${LRED}It appears there is already a MySQL user (${GUAC_USER}) on ${MYSQL_HOST}${GREY}" 1>&2
echo -e "${LRED}Try: mysql -e \"DROP USER '${GUAC_USER}'@'${GUAC_USERHost}'; FLUSH PRIVILEGES;\"${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Create database & user, then set permissions
SQLCODE=" SQLCODE="
DROP DATABASE IF EXISTS ${GUAC_DB}; DROP DATABASE IF EXISTS ${GUAC_DB};
CREATE DATABASE IF NOT EXISTS ${GUAC_DB}; CREATE DATABASE IF NOT EXISTS ${GUAC_DB};
CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GUAC_PWD}\"; CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GUAC_PWD}\";
GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}'; GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
# Execute SQL code
echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Add Guacamole schema to newly created database # Add Guacamole schema to newly created database
echo -e "${GREY}Adding database tables..." echo -e "${GREY}Adding database tables..."
@ -526,6 +486,7 @@ else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
fi
# Create guacd.conf and locahost IP binding. # Create guacd.conf and locahost IP binding.
echo -e "${GREY}Binding guacd to 127.0.0.1 port 4822..." echo -e "${GREY}Binding guacd to 127.0.0.1 port 4822..."
@ -555,20 +516,6 @@ else
echo echo
fi fi
# Cleanup
echo -e "${GREY}Cleanup install files...${GREY}"
rm -rf guacamole-*
rm -rf mysql-connector-j-*
rm -rf mariadb_repo_setup
unset MYSQL_PWD
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Apply Secure MySQL installation settings # Apply Secure MySQL installation settings
if [ "${SECURE_MYSQL}" = true ]; then if [ "${SECURE_MYSQL}" = true ]; then
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}" echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
@ -593,6 +540,7 @@ send \"y\r\"
expect eof expect eof
") ")
echo "$SECURE_MYSQL" echo "$SECURE_MYSQL"
systemctl restart mysql
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
exit 1 exit 1
@ -602,6 +550,21 @@ expect eof
fi fi
fi fi
# Restart MySQL service
if [ "${INSTALL_MYSQL}" = true ]; then
echo -e "${GREY}Restarting MySQL service & enable at boot..."
# Set MySQl to start at boot
systemctl enable mysql
systemctl restart mysql
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
if [ "${CHANGE_ROOT}" = true ]; then if [ "${CHANGE_ROOT}" = true ]; then
echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}" echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}"
systemctl stop ${TOMCAT_VERSION} systemctl stop ${TOMCAT_VERSION}
@ -633,5 +596,19 @@ else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
fi fi
# Cleanup
echo -e "${GREY}Cleanup install files...${GREY}"
rm -rf guacamole-*
rm -rf mysql-connector-j-*
rm -rf mariadb_repo_setup
unset MYSQL_PWD
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Done # Done
echo -e ${NC} echo -e ${NC}

163
install-mysql-backend-only.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
####################################################################################################################### #######################################################################################################################
# Guacamole db build script # Guacamole db build script.
# For Ubuntu / Debian / Raspbian # For Ubuntu / Debian / Raspbian
# David Harrop # David Harrop
# September 2023 # September 2023
@ -24,6 +24,7 @@ NC='\033[0m' #No Colour
USER_HOME_DIR=$(eval echo ~${SUDO_USER}) USER_HOME_DIR=$(eval echo ~${SUDO_USER})
DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup
mkdir -p $DOWNLOAD_DIR mkdir -p $DOWNLOAD_DIR
chown -R $SUDO_USER:root $DOWNLOAD_DIR
# Install log Location # Install log Location
INSTALL_LOG="${DOWNLOAD_DIR}/mysql_install.log" INSTALL_LOG="${DOWNLOAD_DIR}/mysql_install.log"
@ -46,14 +47,15 @@ echo
####################################################################################################################### #######################################################################################################################
# Silent setup options - adding true/false or specific values below prevents prompt at install ######################## # Silent setup options - adding true/false or specific values below prevents prompt at install ########################
####################################################################################################################### #######################################################################################################################
MYSQL_HOST="localhost" # leave blank for localhost default, only specify for remote servers BACKEND_MYSQL="true" # Separate the MySQL database and Guacamole application servers? (true/false)
SECURE_MYSQL="true" # Apply mysql secure configuration tool (true/false) MYSQL_BIND_ADDR="0.0.0.0" # Active when BACKEND_MYSQL="true". The the IP address to bind MySQL to.
MYSQL_PORT="3306" # If blank default is 3306 SECURE_MYSQL="true" # Apply the mysql secure configuration tool (true/false)
GUAC_DB="guacamole_db" # If blank default is guacamole_db MYSQL_PORT="3306" # Default is 3306
GUAC_USER="guacamole_user" # If blank default is guacamole_user GUAC_DB="guacamole_db" # Default is guacamole_db
GUAC_PWD="test" # Requires an entry here or at at script prompt. GUAC_USER="guacamole_user" # Default is guacamole_user
MYSQL_ROOT_PWD="test" # Requires an entry here or at at script prompt. GUAC_PWD="test" # Requires an entry
DB_TZ=$(cat /etc/timezone) # Database timezone to apply. Defaults to system TZ. Change to "UTC" if appropriate MYSQL_ROOT_PWD="test" # Requires an entry.
DB_TZ=$(cat /etc/timezone) # Database timezone defaults is system TZ. Change to "UTC" if appropriate
# Force a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions. # Force a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
# If MYSQL_VERSION is left blank, script will default to the distro default MYSQL packages. # If MYSQL_VERSION is left blank, script will default to the distro default MYSQL packages.
@ -61,22 +63,11 @@ MYSQL_VERSION=""
if [ -z "${MYSQL_VERSION}" ]; then if [ -z "${MYSQL_VERSION}" ]; then
# Use Linux distro default version. # Use Linux distro default version.
MYSQLV="default-mysql-server default-mysql-client mysql-common" MYSQLV="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql"
else else
# Use official mariadb.org repo # Use official mariadb.org repo
MYSQLV="mariadb-server mariadb-client mariadb-common" MYSQLV="mariadb-server mariadb-client mariadb-common"
fi DB_CMD="mariadb"
if [ -n "${MYSQL_VERSION}" ]; then
# Add the Official MariaDB repo.
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
fi
# Pre-seed MySQL root password values for Linux Distro default packages only
if [ -z "${MYSQL_VERSION}" ]; then
debconf-set-selections <<<"mysql-server mysql-server/root_password password ${MYSQL_ROOT_PWD}"
debconf-set-selections <<<"mysql-server mysql-server/root_password_again password ${MYSQL_ROOT_PWD}"
fi fi
# Update everything but don't do the annoying prompts during apt installs # Update everything but don't do the annoying prompts during apt installs
@ -92,6 +83,15 @@ else
echo echo
fi fi
cd $DOWNLOAD_DIR
if [ -n "${MYSQL_VERSION}" ]; then
# Add the Official MariaDB repo.
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
fi
# Download Guacamole mysql specific components # Download Guacamole mysql specific components
echo -e "${GREY}Downloading Guacamole database source files..." echo -e "${GREY}Downloading Guacamole database source files..."
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
@ -105,8 +105,8 @@ fi
echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}" echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
echo echo
echo -e "${GREY}Installing MySQL packages and dependencies..." echo -e "${GREY}Installing MySQL packages..."
apt-get -qq -y install expect ${MYSQLV} &>>${INSTALL_LOG} apt-get -qq -y install ${MYSQLV} &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
@ -115,22 +115,36 @@ else
echo echo
fi fi
# Find the location of the MySQL config files echo -e "${GREY}Setting MySQL root password..."
SQLCODE="
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo ${SQLCODE} | $DB_CMD -u root
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Find the location of the MySQL or MariaDB config files. Add to this list for more candidates..
for x in /etc/mysql/mariadb.conf.d/50-server.cnf \ for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
/etc/mysql/mysql.conf.d/mysqld.cnf \ /etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do /etc/mysql/my.cnf; do
# Check the path exists # Check inside each to see if a [mysqld] or [mariadbd] section exists and assign x the correct filename.
if [ -e "${x}" ]; then if [ -e "${x}" ]; then
# Does it have the necessary section? if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
if grep -q '^\[mysqld\]$' "${x}"; then
mysqlconfig="${x}" mysqlconfig="${x}"
# Reduce any duplicated section names, then remove the [ ] special characters (for sed cmd below)
config_section=$(grep -m 1 -E '^\[(mysqld|mariadbd)\]$' "${x}" | sed 's/\[\(.*\)\]/\1/')
break break
fi fi
fi fi
done done
if [ -z "${mysqlconfig}" ]; then if [ -z "${mysqlconfig}" ]; then
echo -e "${GREY}Couldn't detect MySQL config file - you may need to manually enter timezone settings" echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else else
# Is there already a timzeone value configured? # Is there already a timzeone value configured?
if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then
@ -142,10 +156,9 @@ else
timezone="UTC" timezone="UTC"
fi fi
echo -e "Setting MySQL database timezone as ${timezone}${GREY}" echo -e "Setting MySQL database timezone as ${timezone}${GREY}"
mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | ${DB_CMD} -u root -D mysql -p${MYSQL_ROOT_PWD}
sed -i -e "/^\[mysqld\]/a default_time_zone = ${timezone}" "${mysqlconfig}" # Add the timzone value to the sanitsed server file section name.
# Restart to apply sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
systemctl restart mysql
fi fi
fi fi
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
@ -156,11 +169,10 @@ else
echo echo
fi fi
# Restart MySQL service # Change the default localhost MySQL binding IP address for remote Guacamole server accessibility
echo -e "${GREY}Restarting MySQL service & enable at boot..." if [[ "${BACKEND_MYSQL}" = true ]]; then
# Set MySQl to start at boot echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..."
systemctl enable mysql sed -i "s/bind-address[[:space:]]*=[[:space:]]*127\.0\.0\.1/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig}
systemctl restart mysql
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
@ -168,60 +180,47 @@ fi
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
fi
# Create ${GUAC_DB} and grant ${GUAC_USER} permissions to it # Create ${GUAC_DB} and grant ${GUAC_USER} permissions to it
GUAC_USERHost="localhost" echo -e "${GREY}Setting up database access parameters for the Guacamole user ..."
if [[ "${MYSQL_HOST}" != "localhost" ]]; then if [[ "${BACKEND_MYSQL}" = true ]]; then
GUAC_USERHost="%" GUAC_USERHost="%"
echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${GREY}" echo -e "${YELLOW} MySQL ${GUAC_USER} is set to accept db login from any host, you may wish to limit this to specific IPs.${GREY}"
# e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
else
GUAC_USERHost=localhost
echo -e "${YELLOW}MySQL Guacamole user is set to only allow login from localhost.${GREY}"
fi fi
if [ $? -ne 0 ]; then
# Check if ${GUAC_DB} is already present echo -e "${LRED}Failed${GREY}" 1>&2
echo -e "${GREY}Checking MySQL for existing database (${GUAC_DB})"
SQLCODE="
SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='${GUAC_DB}';"
# Execute SQL code
MYSQL_RESULT=$(echo ${SQLCODE} | mysql -u root -D information_schema -h ${MYSQL_HOST} -P ${MYSQL_PORT})
if [[ $MYSQL_RESULT != "" ]]; then
echo -e "${LRED}It appears there is already a MySQL database (${GUAC_DB}) on ${MYSQL_HOST}${GREY}" 1>&2
echo -e "${LRED}Try: mysql -e 'DROP DATABASE ${GUAC_DB}'${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
# Check if ${GUAC_USER} is already present # Create the new Guacamole database
echo -e "${GREY}Checking MySQL for existing user (${GUAC_USER})" echo -e "${GREY}Creating the Guacamole database..."
SQLCODE="
SELECT COUNT(*) FROM mysql.user WHERE user = '${GUAC_USER}';"
# Execute SQL code
MYSQL_RESULT=$(echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} | grep '0')
if [[ $MYSQL_RESULT == "" ]]; then
echo -e "${LRED}It appears there is already a MySQL user (${GUAC_USER}) on ${MYSQL_HOST}${GREY}" 1>&2
echo -e "${LRED}Try: mysql -e \"DROP USER '${GUAC_USER}'@'${GUAC_USERHost}'; FLUSH PRIVILEGES;\"${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Create database & user, then set permissions
SQLCODE=" SQLCODE="
DROP DATABASE IF EXISTS ${GUAC_DB}; DROP DATABASE IF EXISTS ${GUAC_DB};
CREATE DATABASE IF NOT EXISTS ${GUAC_DB}; CREATE DATABASE IF NOT EXISTS ${GUAC_DB};
CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GUAC_PWD}\"; CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GUAC_PWD}\";
GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}'; GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
# Execute SQL code # Execute SQL code
echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} echo ${SQLCODE} | $DB_CMD -u root -D mysql -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Add Guacamole schema to newly created database # Add Guacamole schema to newly created database
echo -e "${GREY}Adding database tables..." echo -e "${GREY}Adding the Guacamole database schema..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
@ -232,6 +231,7 @@ fi
# Apply Secure MySQL installation settings # Apply Secure MySQL installation settings
if [ "${SECURE_MYSQL}" = true ]; then if [ "${SECURE_MYSQL}" = true ]; then
apt-get -qq -y install expect &>>${INSTALL_LOG}
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}" echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c " SECURE_MYSQL=$(expect -c "
set timeout 10 set timeout 10
@ -262,10 +262,23 @@ expect eof
fi fi
fi fi
# Restart MySQL service
echo -e "${GREY}Restarting MySQL service & enable at boot..."
# Set MySQl to start at boot
systemctl enable mysql
systemctl restart mysql
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Cleanup # Cleanup
echo -e "${GREY}Cleaning up install files...${GREY}" echo -e "${GREY}Cleaning up install files...${GREY}"
sudo apt-get -y remove expect &>>${INSTALL_LOG} apt-get -y remove expect &>>${INSTALL_LOG}
sudo apt-get -y autoremove &>>${INSTALL_LOG} apt-get -y autoremove &>>${INSTALL_LOG}
rm -rf guacamole-* rm -rf guacamole-*
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2

139
upgrade-mysql-backend-only.sh Normal file
View file

@ -0,0 +1,139 @@
#!/bin/bash
######################################################################################################################
# Guacamole appliance upgrade script
# For Ubuntu / Debian / Raspbian
# David Harrop
# April 2023
#######################################################################################################################
# The Guacamole schema have not been updated since late 2021, suggesting that its now quite mature and there will be
# little need to use this, but just in case. Update the database packages separately via apt.
#######################################################################################################################
# Script pre-flight checks and settings ###############################################################################
#######################################################################################################################
clear
# Prepare text output colours
GREY='\033[0;37m'
DGREY='\033[0;90m'
GREYB='\033[1;37m'
LRED='\033[0;91m'
LGREEN='\033[0;92m'
LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
fi
#######################################################################################################################
# Initial environment setup ###########################################################################################
#######################################################################################################################
#Setup download and temp directory paths
USER_HOME_DIR=$(eval echo ~${SUDO_USER})
DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup
# Setup directory locations
mkdir -p $DOWNLOAD_DIR
sudo chown -R $SUDO_USER:root $DOWNLOAD_DIR
# Version of Guacamole to upgrade to. See https://guacamole.apache.org/releases/ for latest version info.
NEW_GUAC_VERSION="1.5.3"
# The currently installed Guacamole schema version is needed to evaluate the required schema upgrades.
OLD_GUAC_VERSION="1.5.0"
# Set preferred Apache CDN download link)
GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${NEW_GUAC_VERSION}"
# Install log Location
INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${NEW_GUAC_VERSION}_mysql_install.log"
# Database details
GUAC_DB="guacamole_db"
MYSQL_ROOT_PWD="test"
clear
# Script branding header
echo
echo -e "${GREYB}Guacamole Backend MySQL Schema UPGRADE."
echo -e " ${LGREEN}Powered by Itiligent${GREY}"
echo
echo
#######################################################################################################################
# Start install actions ##############################################################################################
#######################################################################################################################
# Download and extract the Guacamole SQL authentication extension containing the database schema
wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
exit 1
else
tar -xzf guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
fi
echo
# Get list of SQL Upgrade Files
echo -e "${GREY}Upgrading MySQL Schema..."
UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V))
# Compare SQL Upgrage Files against old version, apply upgrades as needed
for FILE in ${UPGRADEFILES[@]}; do
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then
echo "Patching ${GUAC_DB} with ${FILE}"
mariadb -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi
done
if [ $? -ne 0 ]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Restart MySQL service
echo -e "${GREY}Restarting MySQL service..."
systemctl restart mysql
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Cleanup
echo -e "${GREY}Clean up install files...${GREY}"
rm -rf guacamole-*
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
# Done
printf "${LGREEN}Guacamole ${NEW_GUAC_VERSION} schema upgrade complete - check log for details! \n${NC}"
echo -e ${NC}

2
useful-config-info.txt
View file

@ -61,7 +61,7 @@ Quit to exit
############################################### ###############################################
# This is likely not needed beyond in Gucamole 1.40 as the gui provides an option to reset. Kept for reference. # This is likely not needed beyond in Gucamole 1.40 as the gui provides an option to reset. Kept for reference.
mysql -u root -p mysql -u root -p
use guacamol_db; use guacamole_db;
SELECT user_id FROM guacamole_user INNER JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user.entity_id WHERE guacamole_entity.name = 'guacadmin'; SELECT user_id FROM guacamole_user INNER JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user.entity_id WHERE guacamole_entity.name = 'guacadmin';
UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name = 'guac-totp-key-confirmed' and user_id = '1'; UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name = 'guac-totp-key-confirmed' and user_id = '1';
quit; quit;