guacamole install build

guacamole-1.0.0 mounting configuration

Environment: tomcat9.0 + openjdk version "1.8.0_212" + centos7.5

Installation depends

You must install it depends
libguac use of Cairo for graphics rendering. If you do not Cairo, you can not function avocado sauce.
libguac use libjpeg-turbo to provide support JPEG
libgung be written using libpng PNG image
libguac use OSSP UUID each Guacamole connection is assigned a unique ID.
yum -y install cairo-devel libjpeg-devel libpng-devel uuid-devel
Optionally installed dependent
Guacamole alternative dependency determines which part of guacamole-server will be constructed. This includes support for a variety of remote desktop protocols, as well as any other function of these protocols:

VNC support is dependent on libvncclient library, which is part of libVNCServer.
pulseaudio provide VNC experimental audio capabilities
```
yum install libvncserver-devel pulseaudio-libs-devel
```
RDP support depends on the latest version of FreeRDP (version 1.0 or later, but please do not use the non-release version of git).
```
yum install freerdp-devel
```
SSH support relies on
libssh2 SSH support.
OpenSSL support for SSL and TLS are.
Pango font rendering and text layout library used by the Guacamole built-in terminal emulator.
```
yum install libssh2-devel openssl-devel pango-devel
```
Telnet depends on libtelnet and Pango. (Not within libtelnet-devel yum CentOS7 official sources, can be installed epel-release source)
```
yum install libtelnet-devel pango-devel
```
guacenc (will be converted to a video screen recording) utility relies on FFmpeg, and only in the libavcodec FFmpeg provide installation, built unless libavutil and libswscale library. (Ffmpeg-devel yum not CentOS7 within the official source, can be installed DEXTOP source) is not required screen recording function, not installed.
```
yum install ffmpeg-devel
```
libvorbis support Ogg Vorbis - a free, open and sound compression standard. If libguac installation will support Ogg Vorbis, audio support agreement will try to use Ogg Vorbis compression. Otherwise, the sound will only be encoded as WAV (uncompressed), and can be used only if your browser supports WAV.
```
yum install libvorbis-devel
```
libgubp by the libgub for writing WebP image. Although the agreement does not force the Guacamole support WebP, but if the browser and libguac support WebP image will be used WebP image.
```
yum install libwebp-devel
```
Using the clipboard to be installed dependent
```
yum -y install freerdp-plugins
```

In order to experience the full functionality, install all of the above.
If you want to directly set up, then please copy and paste

yum -y install cairo-devel libjpeg-devel libpng-devel uuid-devel
yum -y install ffmpeg-devel  freerdp-devel pango-devel libssh2-devel
yum -y install libtelnet-devel libvncserver-devel pulseaudio-libs-devel
yum -y install openssl-devel libvorbis-devel libwebp-devel
yum -y install freerdp-plugins ##不安装剪切板不能用

Download the relevant package

mysql ldap plus we use two-factor authentication, the user login control ldap go, go mysql user access control

Download guacamole-server

wget https://mirrors.tuna.tsinghua.edu.cn/apache/guacamole/1.0.0/source/guacamole-server-1.0.0.tar.gz

Download guacamole-client for the client is the guacd. For the end user, or server

wget https://mirrors.tuna.tsinghua.edu.cn/apache/guacamole/1.0.0/binary/guacamole-1.0.0.war

Download ldap-related dependent plug-in package

wget https://mirrors.tuna.tsinghua.edu.cn/apache/guacamole/1.0.0/binary/guacamole-auth-ldap-1.0.0.tar.gz

Download mysql dependencies

wget https://mirrors.tuna.tsinghua.edu.cn/apache/guacamole/1.0.0/binary/guacamole-auth-jdbc-1.0.0.tar.gz

Download tomcat

wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz

Guacamole-server installation

tar xvf guacamole-server-1.0.0.tar.gz
cd guacamole-server-1.0.0
./configure --with-init-dir=/etc/init.d
make & make install & ldconfig
/etc/init.d/guacd start  guacd

This process is the real server. All connections are completed this process
will be the default port 4822 to listen 127.0.0.1 after this process started

Installation guacamole-client

cd /data/w/www
tar xvf apache-tomcat-9.0.19.tar.gz
mv apache-tomcat-9.0.19 guacamole.corp.bianlifeng.com
cp /root/guacamole-1.0.0.war guacamole.corp.bianlifeng.com/webapps/
cd guacamole.corp.bianlifeng.com/
./bin/startup.sh

Guacamole.properties configuration file

mkdir /etc/guacamole/
vim /etc/guacamole/guacamole.properties
hostname:localhost   # 这个是guacd进程所在的地址
guacd-port:4822  # guacd端口
enable-clipboard-integration:true
# mysql的配置
mysql-hostname: rw-common-ops-mysql.vip.blibee.com
mysql-port: 33006
mysql-database: guacamole
mysql-username: guacamol_9p_rw
mysql-password: 9AnC6gbsgS14zwxi
# ldap的配置
ldap-hostname: ad.vip.blibee.com
ldap-port: 389
ldap-user-base-dn: ou=allusers,ou=blf,dc=corp,dc=bianlifeng,dc=com
ldap-search-bind-dn: CN=bind_******,OU=Ldap_User,OU=OtherUser,DC=corp,DC=bianlifeng,DC=com
ldap-search-bind-password:*****
ldap-username-attribute: sAMAccountName
ldap-user-search-filter:(objectClass=user)
ldap-max-search-results: 40000

Configuring mysql and ldap

Then put forward a database table into the line

tar xvf guacamole-auth-jdbc-1.0.0.tar.gz
tar xvf guacamole-auth-ldap-1.0.0.tar.gz
mkdir /etc/guacamole/lib/
mkdir /etc/guacamole/extensions
yum install mysql-connector-java-8.0.16-1.el7.noarch.rpm -y
配置jar包
cp /usr/share/java/mysql-connector-java.jar /etc/guacamole/lib/
cp /root/guacamole-auth-jdbc-1.0.0/mysql/guacamole-auth-jdbc-mysql-1.0.0.jar  /etc/guacamole/extensions/
cp /root/guacamole-auth-ldap-1.0.0/guacamole-auth-ldap-1.0.0.jar /etc/guacamole/extensions/

Introducing into a database in mysql
position table /root/guacamole-auth-jdbc-1.0.0/mysql/schema

Tomcat way to restart the process server's 8080 port will be able to visit

Synchronization over user data to the database every day

#!/bin/python
#coding: utf-8
 
import  pymysql
import requests
class Exec():
    def __init__(self):
        self.hostname = "****"
        self.user = "****"
        self.passwd = "****"
        self.port = ****
        self.database = "guacamole"
    def conn(self):
        self.db = pymysql.connect(host=self.hostname, user=self.user, password=self.passwd, database=self.database, port=self.port)
        self.cursor = self.db.cursor()
    def run_exec(self, sql):
        self.cursor.execute(sql)
        self.db.commit()
 
    def query(self, sql):
        self.cursor.execute(sql)
        data = self.cursor.fetchall()
        return data
    def close(self):
        self.db.close()
 
if __name__ == '__main__':
    a = Exec()
    a.conn()
    result = requests.get("xxxxxxxxxxxxx")
    result = result.json()["data"]["data"]
    for username in result:
        query_user = '''select entity_id from guacamole_entity where  name="{username}";''' . format(username=username)
        user =  a.query(sql=query_user)
        if user != ():
            continue
        add_user = '''insert into guacamole_entity (name, type) value ("%s", "USER");''' % (username)
        a.run_exec(sql=add_user)
        query_entity_id = '''select entity_id from guacamole_entity where  name="{username}";''' . format(username=username)
        entity_id = a.query(sql=query_entity_id)[0][0]
        add_password = '''INSERT INTO guacamole_user (entity_id, password_salt, password_hash, password_date) SELECT {entity_id}, UNHEX(SHA2(UUID(), 256)), UNHEX(SHA2(CONCAT('', HEX(UNHEX(SHA2(UUID(), 256)))), 256)), CURRENT_TIMESTAMP FROM guacamole_entity WHERE name = '{username}' AND type = 'USER';'''.format(entity_id=entity_id, username=username)
        a.run_exec(sql=add_password)
        add_permission = '''insert into guacamole_system_permission (entity_id, permission) value ("{entity_id}", "CREATE_CONNECTION");''' .format(entity_id=entity_id)
        a.run_exec(sql=add_permission)
        print ("add user %s"% (username))
    a.close()