Jeremy S's picture

I built a Guacamole 9.1 appliance for my own use, and wanted to share it with you guys. I didn't have time to figure out TKLPatch, so I exported a VMWare appliance. Guacamole is a self-hosted web based RDP/VNC/Telnet/SSH solution. No longer will you need a client program to remote into other VMs or physical boxes.

 

http://www.filedropper.com/guacamole91appliance_1

 

I hope that somebody finds it useful.

Forum: 
Jeremy Davis's picture

Did you document the steps required to install? If so then could you please post them?

Then someone else could create the build code. Also FWIW whilst TKLPatch I still available and useful, we are more focused on creating code for TKLDev now as that's what is already used to create the TurnKey Appliances.

For reference, all the code for the existing appliance library is on GitHub here, as are the TKLDev docs.

Björn Berglund's picture

Hello Jeremy

In case this is still interesting I posted the documentation below.

Cheers,
//Björn

Jeremy Davis's picture

I saw and I hope you don't mind, but I tidied up the formatting a little (you weren't logged in when you posted it and "guest" posts lose much of their formatting).

I've also just tweaked your user account so when you are logged in, you should be able to avoid all the spam traps now too! :)

Thanks again.

Jeremy Davis's picture

And it looks cool! :)

I also noticed that it is available from the Debian repos too but it's quite an old version (v0.6.0) and it looks like there have been a lot of improvements between then and the current version (0.9.1 which I assume is what you meant...).

Jeremy S's picture

Yes, I meant 0.9.1. I should have paid more careful attention to the version numbering. I didn't document the install, but I could. Where could I learn to build the appliance myself with TKLDev? I had a little trouble following the documentation, but I have a computer science degree, and I do Linux administration, so I'd love to be able to figure it out. If I can't, where should I send the writeup? (I'd have to go back and do it, but I believe so firmly in both Turnkey and Guacamole that I'd be willing to do that.)

Jeremy Davis's picture

My suggestion is to read through all the TKLDev docs, but particularly the development docs right through (if you haven't already) and download yourself a copy and setup in a VM. There are a few steps you need to do before you can start.

As described in the docs, basically you start with your base appliance (fork it from the closest starting point on GitHub - you'll need a GitHub account). If you're not familiar with GitHub and gitflow then this is worth a read.

You'll want to follow the steps for creating a new appliance but it may also be useful to read through the maintenance docs.

Personally I found it really useful to also have a look at other appliance build code to get an idea of how it's done in practice. Essentially, any packages that can be installed with apt-get go straight in the plan, any files you want to overlay go in the overlay directory (e.g. if you wanted to put a conf file to go to /etc/foo/conf then it goes in overlay/etc/foo/conf) and your build script(s) go in conf.d. As a general rule it's best to put downloads in a separate conf file, then install code in another. If the set up is particularly complex then you can further break it down. The conf scripts are processed in order so if you have multiple ones then prefix them with a number (i.e. the order you want them to be processed in). E.g. 00foo, 10bar, 30etc

Feel free to ask here - it's your thread! :) - and if there is anything that you think could be described better in the docs, then please let us know and we'll tweak them. Or if you know what needs to change, then feel free to fork the docs and issue a pull request.

Liraz Siri's picture

The problem with a VMDK image is that it's not reproducible. TKLDev source code is. And when a new version of Debian comes out we can just rebuild the app and it will most likely work with little maintenance. Just a bit of testing.

Jeremy S's picture

Like I said in the original post, I made it for myself because I needed a few instances of it on a couple of servers in my infrastructure, and liked that Turnkey Core updates itself with Security Updates. Was it inappropriate to share it here?

Liraz Siri's picture

Sharing is always appropriate. Getting an image that works is a win.

It's just that there are hidden gotchas to distributing VMDK images such as having the same secret keys/credentials embedded in it because you don't go through the normal initialization process. That's another reason TKLDev source is preferable. That and we can actually import that into TurnKey.

An easy way to take the next step would be to just use TKLBAM to get more visibility into what changes you made relative to Core:

tklbam-backup --dump=/tmp/backup

You can then have a look inside /tmp/backup and take out the non-essentials. You can test that it works by copying /tmp/backup to a clean Core install and then do this:

tklbam-restore /tmp/copy-of-backup
Adam Powell's picture

I was just about to build one myself! Thank you for sharing, even if it is not perfection is still was a big time saver for me! Thnx

Brandon's picture

Hi Jeremy

Would you mind reposting the link?  It looks like it may have expired.

Thanks!

Jeremy Davis's picture

And it still seems to be valid to me (or perhaps Jeremy reuploaded it or updated the link...?)

Brandon's picture

I am able to download a tiny ova.

371 bytes.  This can't be it.  I'm not sure what my issue is.

Can someone actually test the filedropper file?

 

Jeremy Davis's picture

I only checked that the link was valid, I didn't check that it was actually the full image... Sorry about that.

Jeremy S's picture

He's right, the link is down. There's an entirely new release of Guacamole though (.9.2). Jeremy, if I document the steps for installation would someone else be able to build a real Appliance? I tried, and had a lot of trouble figuring it out.

Jeremy Davis's picture

If you can provide build docs, then that would be a great first step. I'd be more than happy to provide some support on building the appliance if you wanted to have a crack at TKLDev. But even if that feel like too much, post your build docs and we can go from there.

And thanks again for contributing to TurnKey! :)

Pascal d'Hermilly's picture

Was an app build?

Jeremy Davis's picture

See links above. But we are waiting for him to give us some more. I really hope that this ends up as an official appliance! :)

Brandon's picture

Thanks in advance guys
 

Tyler Bamberg's picture

Any updates on this appliance? I am very interested in this.
 

Marcin's picture

Looking forward to this build. Any ETA?

Jeremy Davis's picture

But it seems that no one has really picked up the development of this. So at this stage the time between now and an official TurnKey release is about the length of a piece of string...!

Unfortunately we are way behind on where we'd like to be. For example the v13.1 maintenance release is long overdue... So as a dev team we are stretched to our limit. We have a list of appliance requests a mile long which we will never get through unless the community can step up and help out.

Having said that though, we still really appreciate any input from anyone, even if it is just asking for an ETA. At least then we can build a picture of which appliances are most desired, so eventually when we do get it, we'll know best what to focus on...

Joel's picture

A turnkey for guacamole would be an excellent addition!

Great work Op kicking this off.

Björn Berglund's picture

Having followed this post a while ago, I'm still hoping for it to come through. I tried setting it up on my own, but since the quality of the  Documentation from guacamole.org have varied I've always failed. It not quite straight forward to set up and needs a proper step by step instruction about the size of a novel...
Björn Berglund's picture

Hello Guys

I'm not a TKL builder and have no experience for this, but now - having spent a few nights hammering away at the keyboard  - I've managed to write this step by step installation instruction. I've repeated it a few times to ensure it actually works so, either use it on its own, or if someone is able to produce a TKL Guacamole that's fine.

Building a Guacamole you will find a few sites that list how its done, but few if any are updated and the depreciated instructions take a while to be updated and meanwhile some new part of the build has been depreciated. Recognise the anguish? Ubuntu has one Debian has one, but then when you follow them you end up in failing. Having said this - also this instruction will have a "best before date". Hope you get a chance to use it while it still works;-)


Ubuntu 18.04 LTS
Guacamole 1.0.0

 

  • Install Ubuntu 18.04 LTS (no additional options/flavors)
  • Update system (update | upgrade)
  • Download four source files from https://guacamole.apache.org/releases/1.0.0/
    • guacamole-client-1.0.0.tar.gz
    • guacamole-server-1.0.0.tar.gz
    • guacamole-auth-jdbc-1.0.0.tar.gz
    • guacamole-1.0.0.war

Copy all four to the home folder of your Ubuntu user. Install "prerequisites" (line breaks added for readability, backslashes mean it can be copy/pasted).

sudo apt install -y gcc-6 g++-6 libcairo2-dev libjpeg-turbo8-dev libpng-dev \
libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libssh2-1-dev libvncserver-dev \
libssl-dev libvorbis-dev libwebp-dev libossp-uuid-dev libavcodec-dev libavutil-dev \
libswscale-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
libvorbis-dev libwebp-dev libpng16-16 libossp-uuid-dev libpango1.0-dev openjdk-8-jdk \
default-jdk maven

Set openjdk-8 to auto/default via:

$ sudo update-alternatives --config java

Add $JAVA_HOME in environments

$ sudo nano /etc/environment

At the bottom add row:

JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/bin/"

Add the parameters to the system & install tomcat:

$ source /etc/environment
$ sudo apt install -y tomcat8 mariadb-server

Create folders that will be needed:

$ sudo mkdir -p /etc/guacamole/lib /etc/guacamole/extensions

Executed as root-> NOT as sudo (sudo su)

$ mysql_secure_installation

Follow instructions.
Allow MariaDB to set root password, you may remove password for root later on. (sudo passwd root -> your_password_for_root)

Create the Guacamole database

$ mysql -u root -p

Here you will add the username and password of you choice for administrating guacamole through the web client.

Enter password: *** 

Welcome to the MySQL monitor. Commands end with ; or \g. 
Your MySQL connection id is 233 
Server version: 5.5.29-0ubuntu0.12.10.1 (Ubuntu)
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE DATABASE guacamole_db;
-> Query OK, 1 row affected (0.00 sec)

mysql> CREATE USER 'guacamole_user_name'@'localhost' IDENTIFIED BY 'your_password_for_the_user';
-> Query OK, 0 rows affected (0.00 sec)

mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user_name'@'localhost';
-> Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
-> Query OK, 0 rows affected (0.02 sec)

mysql> quit;
-> Bye
$ sudo apt install libmysql-java

$ sudo ln -s /usr/share/java/mysql-connector-java.jar /etc/guacamole/lib/

Unpack jdbc driver from guacamloe and place it in the folder you created:

$ sudo tar -xzvf guacamole-auth-jdbc-1.0.0.tar.gz
$ sudo mv guacamole-auth-jdbc-1.0.0/mysql/guacamole-auth-jdbc-mysql-1.0.0.jar /etc/guacamole/extensions

Add tables/schemas to the database:

$ sudo ls guacamole-auth-jdbc-1.0.0/mysql/schema/ -> 001-create-schema.sql 002-create-admin-user.sql upgrade

As root (sudo su)

$ cat guacamole-auth-jdbc-1.0.0/mysql/schema/*.sql | mysql -u root -p guacamole_db

Build server from /home/user/ with the downloaded file from guacamole:

$ sudo tar -xzf guacamole-server-1.0.0.tar.gz
$ cd guacamole-server-1.0.0/
$ sudo ./configure --with-init-dir=/etc/init.d
-> checking for a BSD-compatible install... /usr/bin/install -c
   checking whether build environment is sane... yes

   ------------------------------------------------
   guacamole-server version 1.0.0
   ------------------------------------------------

      Library status:

        freerdp ............. yes
        pango ............... yes
        libavcodec .......... yes
        libavutil ........... yes
        libssh2 ............. yes
        libssl .............. yes
        libswscale .......... yes
        libtelnet ........... yes
        libVNCServer ........ yes
        libvorbis ........... yes
        libpulse ............ yes
        libwebp ............. yes
        wsock32 ............. no
###(don't worry - this will only show yes when guacamole is built on a microsoft OS)

      Protocol support:

         RDP ....... yes
         SSH ....... yes
         Telnet .... yes
         VNC ....... yes

      Services / tools:

         guacd ...... yes
         guacenc .... yes
         guaclog .... yes

      Init scripts: /etc/init.d
      Systemd units: no

   Type "make" to compile guacamole-server.

Make sure all options above show yes (apart from wsock32 and "Systemd units")

Compile:

$ sudo make

Install

$ sudo make install
$ sudo ldconfig
$ sudo systemctl enable guacd
$ /etc/init.d/guacd start
-> SUCCESS

Next step is optional if you don't want to use the prebuilt client (guacamole-1.0.0.war) downloaded and placed in your users home folder.


Unpack client from /home/user/ :

$ sudo tar -xzf guacamole-client-1.0.0.tar.gz
$ cd guacamole-client-1.0.0/

Build client:

$ sudo mvn package
-> [INFO] Scanning for projects...
...
[INFO] guacamole-common ................................... SUCCESS [ 21.852 s]
[INFO] guacamole-ext ...................................... SUCCESS [  9.055 s]
[INFO] guacamole-common-js ................................ SUCCESS [  1.988 s]
[INFO] guacamole .......................................... SUCCESS [ 18.040 s]
[INFO] guacamole-auth-cas ................................. SUCCESS [  4.203 s]
[INFO] guacamole-auth-duo ................................. SUCCESS [  2.251 s]
[INFO] guacamole-auth-header .............................. SUCCESS [  1.399 s]
[INFO] guacamole-auth-jdbc ................................ SUCCESS [  1.396 s]
[INFO] guacamole-auth-jdbc-base ........................... SUCCESS [  3.266 s]
[INFO] guacamole-auth-jdbc-mysql .......................... SUCCESS [  4.665 s]
[INFO] guacamole-auth-jdbc-postgresql ..................... SUCCESS [  3.764 s]
[INFO] guacamole-auth-jdbc-sqlserver ...................... SUCCESS [  3.738 s]
[INFO] guacamole-auth-jdbc-dist ........................... SUCCESS [  1.214 s]
[INFO] guacamole-auth-ldap ................................ SUCCESS [  1.991 s]
[INFO] guacamole-auth-openid .............................. SUCCESS [  2.204 s]
[INFO] guacamole-auth-quickconnect ........................ SUCCESS [  2.983 s]
[INFO] guacamole-auth-totp ................................ SUCCESS [  8.154 s]
[INFO] guacamole-example .................................. SUCCESS [  0.895 s]
[INFO] guacamole-playback-example ......................... SUCCESS [  0.795 s]
[INFO] guacamole-client ................................... SUCCESS [  7.478 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:41 min
[INFO] Finished at: 2018-10-15T17:08:29-07:00
[INFO] Final Memory: 42M/379M
[INFO] ------------------------------------------------------------------------

Verify that it says SUCCESS on all details. Unpack the result below under /home/user/guacamole-client-1.0.0/target/

$ sudo tar -xzf /home/user/guacamole-client-1.0.0/target/guacamole-client-1.0.0.tar.gz

Copy client from /home/user/ to tomcat8 webapps:

$ sudo cp guacamole-1.0.0.war /var/lib/tomcat8/webapps/guacamole.war

Create initial control file for guacamole _db login, and link it to Tomcat webserver:

$ sudo nano /etc/guacamole/guacamole.properties

Put the following in this file:

# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user_name
mysql-password: your_password_for_the_user

Link guacamole.properties to Tomcat

$ sudo ln -s /etc/guacamole/ /var/lib/tomcat8/.guacamole

Restart Tomcat and guacamole server and make sure it is a SUCCESS:

$ sudo /etc/init.d/tomcat8 restart
-> OK
$ /etc/init.d/guacd start
-> Starting guacd: SUCCESS

Verify that you can login with your users name and password in the web interface now available on you machine.
https://your_guacamole_adress_or_ip:8080/guacamole/#/
Go to the upper right corner and select "Settings" under your user. Under folder "Preferences" you should now be able to change the users password.
Even if the original password will remain in the "/etc/guacamole/guacamole.properties" it will have no function.

To use guacamole:
https://guacamole.apache.org/doc/gug/index.html

Have fun!

//Björn

Björn Berglund's picture

So...

I've made a few more runs on the instruction on request and found that not only human mind by also mine :-) is susceptible to influence when I'm not avare of it.

The site's I've gone through to write the instruction often had an instruction that lead me to believe any username and password would do fine. And also some places it was listed tthat there was a default username guacadmin and guacadmin.

So when doing my tests this is what I used...

Now I've come to the realisation that hard coded somewhere there is hidden a must to keep those. 

So if you follow the above and want it to work...

...add guacadmin both as username and password.

Cheers,

 

Add new comment