Skip to content

A demo for setting up Guacamole in Docker using Ansible

License

Notifications You must be signed in to change notification settings

mboehm21/ansible-guac-setup

Repository files navigation

ansible-guac-setup

CI

Purpose

This role demonstrates some key-features of Ansible to provision a demo-application (clientless remote desktop gateway Apache Guacamole) on a Docker-host.

Showcased features

Prerequisites

  • Install Ansible on your controller (pip3 install ansible)
  • Install linters on your controller (pip3 install yamllint ansible-lint, optional)
  • Add your Docker-server to the group guacamole_hosts in the hosts-file and remove localhost
  • Ensure Ansible's public-key is present at the Docker-server and the remote-user has sudo-permissions
  • Test the access using ansible -b -m ping guacamole_hosts

Usage

  • Overwrite the default-settings in provision.yml if needed
  • Run the playbook (step by step for demonstration): cd playbooks && ansible-playbook --step provision.yml

Tags

Tag Action
<none> Deploy Guacamole and terminalserver-containers according to configuation
teardown Destroy Docker-containers and -volumes
teardown-full Destroy Docker-containers, volumes and the created file-structure

Docker-images in use

Image Description
guacamole/guacamole Clientless remote desktop gateway web frontend
guacamole/guacd Clientless remote desktop gateway backend
mysql Relational database for Guacamole
danielguerra/ubuntu-xrdp Terminalserver

Versions / tags can be set using configuration-variables (see default-settings).

Best Practices

Before using this in production some changes should be made to the setup:

  • Use features like Ansible Vault to encrypt sensitive variables
  • Use a local trusted Docker-registry instead of Docker Hub
  • Use a central user-management like LDAP for both Guacamole and the terminalservers instead of the local database
  • Use a reverse-proxy with TLS termination like an nginx container in front of Guacamole

Use yamllint and Ansible Lint to check the playbooks and roles when changes are made:

mboehm21@dws-mboehm21:/var/mboehm21.guacamole_rdp$ yamllint . && ansible-lint 
./tasks/main.yml
  141:201   warning  line too long (229 > 200 characters)  (line-length)
  172:201   warning  line too long (206 > 200 characters)  (line-length)
  198:201   warning  line too long (238 > 200 characters)  (line-length)
  214:201   warning  line too long (238 > 200 characters)  (line-length)
  246:201   warning  line too long (212 > 200 characters)  (line-length)
  324:201   warning  line too long (212 > 200 characters)  (line-length)
  382:201   warning  line too long (212 > 200 characters)  (line-length)
  392:201   warning  line too long (238 > 200 characters)  (line-length)

About

A demo for setting up Guacamole in Docker using Ansible

Resources

License

Stars

Watchers

Forks

Packages

No packages published