Connect user to runtime created instances.

[Mr X0rcist <mr...@gmail.com>]

Hi ,

I am trying to achieve the following:

When a user authenticates to the Guacamole I need to spin up new docker
image running VNC and connect user to it.

Note, all users are accessing same application hence one docker image .
However, no image is running before user logs on.

1)What I am trying to figure it out is how to run trigger starting new
docker image as soon as user successfully authenticated by Guacamole's
local database.
2)and connect authenticated user to that newly created instance (don't want
it to connect it to other users's instance)

Last, docker instance will be killed/removed once user logs off

Would appreciate if one can give me some hints being n00b to it.

Thanks

Re: Connect user to runtime created instances.

[Nick Couchman <vn...@apache.org>]

On Sat, Feb 2, 2019 at 1:28 PM Mike Jumper <mj...@apache.org> wrote:

> On Sat, Feb 2, 2019 at 6:37 AM Nick Couchman <vn...@apache.org> wrote:
> > On Sat, Feb 2, 2019 at 6:54 AM Mr X0rcist <mr...@gmail.com> wrote:
> >>
> >> Hi ,
> >>
> >> I am trying to achieve the following:
> >>
> >> When a user authenticates to the Guacamole I need to spin up new docker
> image running VNC and connect user to it.
> >>
> >> Note, all users are accessing same application hence one docker image .
> However, no image is running before user logs on.
> >>
> >> 1)What I am trying to figure it out is how to run trigger starting new
> docker image as soon as user successfully authenticated by Guacamole's
> local database.
> >> 2)and connect authenticated user to that newly created instance (don't
> want it to connect it to other users's instance)
> >>
> >> Last, docker instance will be killed/removed once user logs off
> >>
> >> Would appreciate if one can give me some hints being n00b to it.
> >
> >
> > There's not a currently implemented method for this, but off the bat I
> would say that implementing an Event Listener extension is probably the
> best way to go.  These allow you to act on and even intercept the following
> events:
> > - User Logon
> > - User Logoff
> > - Tunnel Connect
> > - Tunnel Close
> >
> > Based on your use case, you might actually need to implement an
> extension that does both event listening/handling, and authentication -
> you'll probably need to do something like this:
> > - Catch User Logon event
> > - Determine parameters for the connection (port, IP, etc.)
> > - Start Docker instance with the determined parameters
> > - Determine that the instance is running/ready
> > - Create/start a connection to the instance
> >
> > All of this should be doable, but, again, it is not currently
> implemented, so it will take some Java programming to get it done.  You can
> find documentation on the Event Listeners, including an example
> implementation, here:
> >
> > http://guacamole.apache.org/doc/gug/event-listeners.html
> >
>
> Extensions are definitely the way to achieve this. Rather than event
> listeners, I'd suggest writing an AuthenticationProvider which
> provides a UserContext (via getUserContext()) which provides a single
> connection, generated dynamically, and handles spinning up / tearing
> down the instance internally, either through the lifecycle of the
> UserContext or of the connection. Your AuthenticationProvider can
> delegate authentication to any other extension, including the
> database, as long as it accepts the AuthenticatedUser received by
> getUserContext().
>

Yeah, after sending that reply I was thinking about it more, and it
occurred to me that the Event Listener is just a needless complication to
that scenario - the authentication extension should be able to do
everything required.

-Nick

Re: Connect user to runtime created instances.

[Mike Jumper <mj...@apache.org>]

On Sat, Feb 2, 2019 at 6:37 AM Nick Couchman <vn...@apache.org> wrote:
> On Sat, Feb 2, 2019 at 6:54 AM Mr X0rcist <mr...@gmail.com> wrote:
>>
>> Hi ,
>>
>> I am trying to achieve the following:
>>
>> When a user authenticates to the Guacamole I need to spin up new docker image running VNC and connect user to it.
>>
>> Note, all users are accessing same application hence one docker image . However, no image is running before user logs on.
>>
>> 1)What I am trying to figure it out is how to run trigger starting new docker image as soon as user successfully authenticated by Guacamole's local database.
>> 2)and connect authenticated user to that newly created instance (don't want it to connect it to other users's instance)
>>
>> Last, docker instance will be killed/removed once user logs off
>>
>> Would appreciate if one can give me some hints being n00b to it.
>
>
> There's not a currently implemented method for this, but off the bat I would say that implementing an Event Listener extension is probably the best way to go.  These allow you to act on and even intercept the following events:
> - User Logon
> - User Logoff
> - Tunnel Connect
> - Tunnel Close
>
> Based on your use case, you might actually need to implement an extension that does both event listening/handling, and authentication - you'll probably need to do something like this:
> - Catch User Logon event
> - Determine parameters for the connection (port, IP, etc.)
> - Start Docker instance with the determined parameters
> - Determine that the instance is running/ready
> - Create/start a connection to the instance
>
> All of this should be doable, but, again, it is not currently implemented, so it will take some Java programming to get it done.  You can find documentation on the Event Listeners, including an example implementation, here:
>
> http://guacamole.apache.org/doc/gug/event-listeners.html
>

Extensions are definitely the way to achieve this. Rather than event
listeners, I'd suggest writing an AuthenticationProvider which
provides a UserContext (via getUserContext()) which provides a single
connection, generated dynamically, and handles spinning up / tearing
down the instance internally, either through the lifecycle of the
UserContext or of the connection. Your AuthenticationProvider can
delegate authentication to any other extension, including the
database, as long as it accepts the AuthenticatedUser received by
getUserContext().

- Mike

Re: Connect user to runtime created instances.

[Nick Couchman <vn...@apache.org>]

On Sat, Feb 2, 2019 at 6:54 AM Mr X0rcist <mr...@gmail.com> wrote:

> Hi ,
>
> I am trying to achieve the following:
>
> When a user authenticates to the Guacamole I need to spin up new docker
> image running VNC and connect user to it.
>
> Note, all users are accessing same application hence one docker image .
> However, no image is running before user logs on.
>
> 1)What I am trying to figure it out is how to run trigger starting new
> docker image as soon as user successfully authenticated by Guacamole's
> local database.
> 2)and connect authenticated user to that newly created instance (don't
> want it to connect it to other users's instance)
>
> Last, docker instance will be killed/removed once user logs off
>
> Would appreciate if one can give me some hints being n00b to it.
>

There's not a currently implemented method for this, but off the bat I
would say that implementing an Event Listener extension is probably the
best way to go.  These allow you to act on and even intercept the following
events:
- User Logon
- User Logoff
- Tunnel Connect
- Tunnel Close

Based on your use case, you might actually need to implement an extension
that does both event listening/handling, and authentication - you'll
probably need to do something like this:
- Catch User Logon event
- Determine parameters for the connection (port, IP, etc.)
- Start Docker instance with the determined parameters
- Determine that the instance is running/ready
- Create/start a connection to the instance

All of this should be doable, but, again, it is not currently implemented,
so it will take some Java programming to get it done.  You can find
documentation on the Event Listeners, including an example implementation,
here:

http://guacamole.apache.org/doc/gug/event-listeners.html

-Nick

>