This role demonstrates some key-features of Ansible to provision a demo-application (clientless remote desktop gateway Apache Guacamole) on a Docker-host.
- Assertion of conditions
- Package-management (apt, yum and pip)
- Linux user- and file-management
- Copying of files
- Templating
- Management of services
- Handling of docker-compose
- Waiting for an event
- Error-handling (rescue-block)
- Working with APIs
- Install Ansible on your controller (
pip3 install ansible
) - Install linters on your controller (
pip3 install yamllint ansible-lint
, optional) - Add your Docker-server to the group
guacamole_hosts
in the hosts-file and removelocalhost
- Ensure Ansible's public-key is present at the Docker-server and the remote-user has sudo-permissions
- Test the access using
ansible -b -m ping guacamole_hosts
- Overwrite the default-settings in provision.yml if needed
- Run the playbook (step by step for demonstration):
cd playbooks && ansible-playbook --step provision.yml
Tag | Action |
---|---|
<none> |
Deploy Guacamole and terminalserver-containers according to configuation |
teardown |
Destroy Docker-containers and -volumes |
teardown-full |
Destroy Docker-containers, volumes and the created file-structure |
Image | Description |
---|---|
guacamole/guacamole | Clientless remote desktop gateway web frontend |
guacamole/guacd | Clientless remote desktop gateway backend |
mysql | Relational database for Guacamole |
danielguerra/ubuntu-xrdp | Terminalserver |
Versions / tags can be set using configuration-variables (see default-settings).
Before using this in production some changes should be made to the setup:
- Use features like Ansible Vault to encrypt sensitive variables
- Use a local trusted Docker-registry instead of Docker Hub
- Use a central user-management like LDAP for both Guacamole and the terminalservers instead of the local database
- Use a reverse-proxy with TLS termination like an nginx container in front of Guacamole
Use yamllint and Ansible Lint to check the playbooks and roles when changes are made:
mboehm21@dws-mboehm21:/var/mboehm21.guacamole_rdp$ yamllint . && ansible-lint
./tasks/main.yml
141:201 warning line too long (229 > 200 characters) (line-length)
172:201 warning line too long (206 > 200 characters) (line-length)
198:201 warning line too long (238 > 200 characters) (line-length)
214:201 warning line too long (238 > 200 characters) (line-length)
246:201 warning line too long (212 > 200 characters) (line-length)
324:201 warning line too long (212 > 200 characters) (line-length)
382:201 warning line too long (212 > 200 characters) (line-length)
392:201 warning line too long (238 > 200 characters) (line-length)