You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Michael Niehren <mi...@niehren.de> on 2017/12/22 00:00:36 UTC
guacamole admin utility
Hi together,
first of all, many thank's for guacamole. I've successfully setup it
together with jetty.
I would like to have something like an admin utility, which runs in
an linux shell, where i can can control the guacd.
For example:
- get_active_sessions
- kill session
- history of sessions
How can that be archived ?
best regards,
Michael
--
Michael Niehren __ _ powered by
/ / (_)__ __ ____ __
/ /__/ / _ \/ // /\ \/ /
/____/_/_//_/\_,_/ /_/\_\
Re: guacamole admin utility
Posted by Nick Couchman <vn...@apache.org>.
On Sun, Dec 31, 2017 at 12:13 PM, Nick Couchman <vn...@apache.org> wrote:
> On Sun, Dec 31, 2017 at 11:59 AM, Michael Niehren <mi...@niehren.de>
> wrote:
>
>> am i right, that the rest-api could only be used with
>> Database-Authentication ?
>>
>> I think, the cmdline-cli should work with all authentication
>> possibilities ...
>>
>
> No, the REST API works with any (or no) authentication extensions. There
> are parts of the REST API that only work when using the JDBC authentication
> extension, but this is not because of limitations in the REST API, it's
> because those features are only present in the JDBC authentication
> extension. For example, connection history is only currently tracked in
> the JDBC extensions - none of the other authentication extensions record
> the history of connections anywhere, so trying to retrieve the connection
> history via the REST API without the JDBC extension would fail. Similar
> things are true of functionality like user management and permissions -
> while the LDAP extension implements some of these features, it relies on
> you managing the LDAP directory outside of the Guacamole Client interface,
> and the JDBC extension is the only place where users and permissions are
> managed directly by Guacamole.
>
> Things like active sessions and logged in users should be available no
> matter what authentication extension(s) you are using.
>
> -Nick
>
So, looks like I misspoke a little - it looks like the JDBC module is the
only module that implements connection tracking at this point in time, so,
yes, doing this through the REST API would require use of the JDBC module.
This can be changed - active connection tracking could be added to the LDAP
module and any other authentication module, but JDBC is currently the only
implementation of it.
However, again, doing anything on the guacd level would require matching up
the UUID to something on the Guacamole client side, or trying to guess the
connection based on the parameters. The fact that the LDAP module does not
implement active connection tracking also means that there's not really any
way to correlate the UUID from the guacd log file (or guacd internals) to
anything on the Guacamole Client side, which makes doing anything in guacd
less-than-useful. Unless there's just something I'm missing, but that's my
understanding.
-Nick
Re: guacamole admin utility
Posted by Nick Couchman <vn...@apache.org>.
On Sun, Dec 31, 2017 at 11:59 AM, Michael Niehren <mi...@niehren.de>
wrote:
> am i right, that the rest-api could only be used with
> Database-Authentication ?
>
> I think, the cmdline-cli should work with all authentication possibilities
> ...
>
No, the REST API works with any (or no) authentication extensions. There
are parts of the REST API that only work when using the JDBC authentication
extension, but this is not because of limitations in the REST API, it's
because those features are only present in the JDBC authentication
extension. For example, connection history is only currently tracked in
the JDBC extensions - none of the other authentication extensions record
the history of connections anywhere, so trying to retrieve the connection
history via the REST API without the JDBC extension would fail. Similar
things are true of functionality like user management and permissions -
while the LDAP extension implements some of these features, it relies on
you managing the LDAP directory outside of the Guacamole Client interface,
and the JDBC extension is the only place where users and permissions are
managed directly by Guacamole.
Things like active sessions and logged in users should be available no
matter what authentication extension(s) you are using.
-Nick
Re: guacamole admin utility
Posted by Michael Niehren <mi...@niehren.de>.
am i right, that the rest-api could only be used with Database-Authentication ?
I think, the cmdline-cli should work with all authentication possibilities ...
best regards
Michael
Am 31.12.2017 um 17:26 schrieb Michael Niehren:
> Hi,
>
> i am also no java or web developer, but i will take a look at the rest API ...
>
> By the way, if Mike will implement an "easy change", so that tomcat/jetty logs
> the connection id found in the guacd.log, then we have all informations to
> write a cmdline-cli in any language, see the thread "report of activities on the server"
> on http://mail-archives.apache.org/mod_mbox/guacamole-user/201712.mbox.
> If the "easy change" is implemented, i will try to write a cmdline-cli in tcl ...
>
> But if anything work's with the rest-API, that would be cleaner.
>
> best regards,
> Michael
>
> Am 31.12.2017 um 16:28 schrieb Nick Couchman:
>> On Sun, Dec 31, 2017 at 9:39 AM, Jonathan Hunter <jmhunter1@gmail.com
>> <ma...@gmail.com>> wrote:
>>
>> Hi Both,
>>
>> For what it's worth, I would also find this kind of functionality extremely helpful.
>>
>>
>> Good to know. Sounds like there are a few folks :-).
>>
>> I am not a skilled Java or web developer, but am using Guacamole in conjunction with HTTP
>> authentication and an LDAP authentication back-end to allow users to connect to VMs. In my
>> use case, one of the VM connections has its logon credentials stored in guacamole, such that
>> any user with sufficient permission to access this connection will be logged into the VM with
>> a specific username/password, as the application being accessed needs to be run in a specific
>> way.
>>
>>
>> The good news is that REST APIs are pretty usable by people even not skilled Java/web developers
>> - if you can do a little scripting, you can write something in Python or JavaScript that will
>> interact with the REST endpoints and accomplish what you need. That said, I'm thinking there may
>> be a larger calling here for a more official CLI tool, but we'll see if the other developers have
>> any input on that.
>>
>>
>> But, if user A connects and starts to use the application, and then later on user B uses the
>> same connection, this new 'user B' connection will disconnect the 'user A' session. So, I
>> would like to make a status page available so that people can see if there is an active
>> connection at the moment. Given my web coding skills, something like this proposed CLI would
>> be much more within my reach, than having to create something in HTML/JS. Yes, this
>> information is available in the Guacamole settings screen, but that is only available for
>> administrators and isn't obvious for a user who is unfamiliar with Guacamole concepts.
>>
>>
>> I would say that, in your scenario, "it depends" on whether this would actually happen or not.
>> For example, if your "application" is an SSH session, then presumably you can have multiple users
>> connect to the same connection without one disconnecting the other, or being blocking by the
>> other. If your "application" is a Windows Terminal Server, again, multiple users can connect.
>> If it is a VNC session or a Windows Workstation (VDI) session, then, yes, either the second user
>> disconnects the first or gets blocked.
>>
>>
>> I would also dearly love to be able to use something like nagios or cacti to monitor active
>> connections, etc.
>>
>>
>> Using the REST API should make this possible, as well. I use Cacti to monitor via SNMP, but
>> Cacti is very extensible and should be able to ingest data from REST endpoints, and I believe
>> that NAGIOS, Zabbix, etc., also make provisions for pulling data from REST interfaces. I
>> definitely see the desire, here, but I think it's all doable using the REST interface already
>> provided in the Guacamole Client.
>>
>> On the monitoring note, though, this does highlight the difference between the Guacamole Client
>> and guacd, so this does depend on what you're looking to monitor. I would venture a guess that
>> most Guacamole users are using the Guacamole Client on the same system as guacd, and just using
>> it in a 1-to-1 relationship - that is, a single guacd instance for the Guacamole Client
>> interface. Guacamole is designed to be scalable, though, such that you could use multiple guacd
>> back-ends for a single Guacamole Client, or point multiple Guacamole Clients as a single guacd
>> backend. So, in more complex setups, while the REST API provides easy ways to monitor the
>> Guacamole Client side, there is not much on the gaucd side that would allow for monitoring of the
>> backend.
>>
>>
>> (Not on this exact same topic.. but if there was a way of having a shared connection by
>> default, so that user A and user B could both view the same RDP/VNC/etc. display at the same
>> time.. then that would be even better for me. But, that is another topic of conversation, I
>> think)
>>
>>
>> I believe this is possible, although you might want to start a separate discussion thread on this
>> and build out a little more what you're trying to accomplish. Guacamole does allow for shared
>> connections, such that a user can connect to one and then someone else can connect in either a
>> R/W or R/O fashion and view/control the same session. I just don't know what you mean when you
>> say "by default" and how that would work out. But, definitely something to open on a separate
>> thread.
>>
>> -Nick
>
>
> --
> Michael Niehren __ _ powered by
> / / (_)__ __ ____ __
> / /__/ / _ \/ // /\ \/ /
> /____/_/_//_/\_,_/ /_/\_\
--
Michael Niehren __ _ powered by
/ / (_)__ __ ____ __
/ /__/ / _ \/ // /\ \/ /
/____/_/_//_/\_,_/ /_/\_\
Re: guacamole admin utility
Posted by Michael Niehren <mi...@niehren.de>.
Hi,
i am also no java or web developer, but i will take a look at the rest API ...
By the way, if Mike will implement an "easy change", so that tomcat/jetty logs
the connection id found in the guacd.log, then we have all informations to
write a cmdline-cli in any language, see the thread "report of activities on the server"
on http://mail-archives.apache.org/mod_mbox/guacamole-user/201712.mbox.
If the "easy change" is implemented, i will try to write a cmdline-cli in tcl ...
But if anything work's with the rest-API, that would be cleaner.
best regards,
Michael
Am 31.12.2017 um 16:28 schrieb Nick Couchman:
> On Sun, Dec 31, 2017 at 9:39 AM, Jonathan Hunter <jmhunter1@gmail.com
> <ma...@gmail.com>> wrote:
>
> Hi Both,
>
> For what it's worth, I would also find this kind of functionality extremely helpful.
>
>
> Good to know. Sounds like there are a few folks :-).
>
> I am not a skilled Java or web developer, but am using Guacamole in conjunction with HTTP
> authentication and an LDAP authentication back-end to allow users to connect to VMs. In my use
> case, one of the VM connections has its logon credentials stored in guacamole, such that any
> user with sufficient permission to access this connection will be logged into the VM with a
> specific username/password, as the application being accessed needs to be run in a specific way.
>
>
> The good news is that REST APIs are pretty usable by people even not skilled Java/web developers -
> if you can do a little scripting, you can write something in Python or JavaScript that will
> interact with the REST endpoints and accomplish what you need. That said, I'm thinking there may
> be a larger calling here for a more official CLI tool, but we'll see if the other developers have
> any input on that.
>
>
> But, if user A connects and starts to use the application, and then later on user B uses the
> same connection, this new 'user B' connection will disconnect the 'user A' session. So, I
> would like to make a status page available so that people can see if there is an active
> connection at the moment. Given my web coding skills, something like this proposed CLI would
> be much more within my reach, than having to create something in HTML/JS. Yes, this
> information is available in the Guacamole settings screen, but that is only available for
> administrators and isn't obvious for a user who is unfamiliar with Guacamole concepts.
>
>
> I would say that, in your scenario, "it depends" on whether this would actually happen or not.
> For example, if your "application" is an SSH session, then presumably you can have multiple users
> connect to the same connection without one disconnecting the other, or being blocking by the
> other. If your "application" is a Windows Terminal Server, again, multiple users can connect. If
> it is a VNC session or a Windows Workstation (VDI) session, then, yes, either the second user
> disconnects the first or gets blocked.
>
>
> I would also dearly love to be able to use something like nagios or cacti to monitor active
> connections, etc.
>
>
> Using the REST API should make this possible, as well. I use Cacti to monitor via SNMP, but Cacti
> is very extensible and should be able to ingest data from REST endpoints, and I believe that
> NAGIOS, Zabbix, etc., also make provisions for pulling data from REST interfaces. I definitely
> see the desire, here, but I think it's all doable using the REST interface already provided in the
> Guacamole Client.
>
> On the monitoring note, though, this does highlight the difference between the Guacamole Client
> and guacd, so this does depend on what you're looking to monitor. I would venture a guess that
> most Guacamole users are using the Guacamole Client on the same system as guacd, and just using it
> in a 1-to-1 relationship - that is, a single guacd instance for the Guacamole Client interface.
> Guacamole is designed to be scalable, though, such that you could use multiple guacd back-ends for
> a single Guacamole Client, or point multiple Guacamole Clients as a single guacd backend. So, in
> more complex setups, while the REST API provides easy ways to monitor the Guacamole Client side,
> there is not much on the gaucd side that would allow for monitoring of the backend.
>
>
> (Not on this exact same topic.. but if there was a way of having a shared connection by
> default, so that user A and user B could both view the same RDP/VNC/etc. display at the same
> time.. then that would be even better for me. But, that is another topic of conversation, I think)
>
>
> I believe this is possible, although you might want to start a separate discussion thread on this
> and build out a little more what you're trying to accomplish. Guacamole does allow for shared
> connections, such that a user can connect to one and then someone else can connect in either a R/W
> or R/O fashion and view/control the same session. I just don't know what you mean when you say
> "by default" and how that would work out. But, definitely something to open on a separate thread.
>
> -Nick
--
Michael Niehren __ _ powered by
/ / (_)__ __ ____ __
/ /__/ / _ \/ // /\ \/ /
/____/_/_//_/\_,_/ /_/\_\
Re: guacamole admin utility
Posted by Nick Couchman <vn...@apache.org>.
On Sun, Dec 31, 2017 at 9:39 AM, Jonathan Hunter <jm...@gmail.com>
wrote:
> Hi Both,
>
> For what it's worth, I would also find this kind of functionality
> extremely helpful.
>
>
Good to know. Sounds like there are a few folks :-).
> I am not a skilled Java or web developer, but am using Guacamole in
> conjunction with HTTP authentication and an LDAP authentication back-end to
> allow users to connect to VMs. In my use case, one of the VM connections
> has its logon credentials stored in guacamole, such that any user with
> sufficient permission to access this connection will be logged into the VM
> with a specific username/password, as the application being accessed needs
> to be run in a specific way.
>
The good news is that REST APIs are pretty usable by people even not
skilled Java/web developers - if you can do a little scripting, you can
write something in Python or JavaScript that will interact with the REST
endpoints and accomplish what you need. That said, I'm thinking there may
be a larger calling here for a more official CLI tool, but we'll see if the
other developers have any input on that.
>
> But, if user A connects and starts to use the application, and then later
> on user B uses the same connection, this new 'user B' connection will
> disconnect the 'user A' session. So, I would like to make a status page
> available so that people can see if there is an active connection at the
> moment. Given my web coding skills, something like this proposed CLI would
> be much more within my reach, than having to create something in HTML/JS.
> Yes, this information is available in the Guacamole settings screen, but
> that is only available for administrators and isn't obvious for a user who
> is unfamiliar with Guacamole concepts.
>
I would say that, in your scenario, "it depends" on whether this would
actually happen or not. For example, if your "application" is an SSH
session, then presumably you can have multiple users connect to the same
connection without one disconnecting the other, or being blocking by the
other. If your "application" is a Windows Terminal Server, again, multiple
users can connect. If it is a VNC session or a Windows Workstation (VDI)
session, then, yes, either the second user disconnects the first or gets
blocked.
>
> I would also dearly love to be able to use something like nagios or cacti
> to monitor active connections, etc.
>
Using the REST API should make this possible, as well. I use Cacti to
monitor via SNMP, but Cacti is very extensible and should be able to ingest
data from REST endpoints, and I believe that NAGIOS, Zabbix, etc., also
make provisions for pulling data from REST interfaces. I definitely see
the desire, here, but I think it's all doable using the REST interface
already provided in the Guacamole Client.
On the monitoring note, though, this does highlight the difference between
the Guacamole Client and guacd, so this does depend on what you're looking
to monitor. I would venture a guess that most Guacamole users are using
the Guacamole Client on the same system as guacd, and just using it in a
1-to-1 relationship - that is, a single guacd instance for the Guacamole
Client interface. Guacamole is designed to be scalable, though, such that
you could use multiple guacd back-ends for a single Guacamole Client, or
point multiple Guacamole Clients as a single guacd backend. So, in more
complex setups, while the REST API provides easy ways to monitor the
Guacamole Client side, there is not much on the gaucd side that would allow
for monitoring of the backend.
>
> (Not on this exact same topic.. but if there was a way of having a shared
> connection by default, so that user A and user B could both view the same
> RDP/VNC/etc. display at the same time.. then that would be even better for
> me. But, that is another topic of conversation, I think)
>
>
I believe this is possible, although you might want to start a separate
discussion thread on this and build out a little more what you're trying to
accomplish. Guacamole does allow for shared connections, such that a user
can connect to one and then someone else can connect in either a R/W or R/O
fashion and view/control the same session. I just don't know what you mean
when you say "by default" and how that would work out. But, definitely
something to open on a separate thread.
-Nick
Re: guacamole admin utility
Posted by Jonathan Hunter <jm...@gmail.com>.
Hi Both,
For what it's worth, I would also find this kind of functionality extremely
helpful.
I am not a skilled Java or web developer, but am using Guacamole in
conjunction with HTTP authentication and an LDAP authentication back-end to
allow users to connect to VMs. In my use case, one of the VM connections
has its logon credentials stored in guacamole, such that any user with
sufficient permission to access this connection will be logged into the VM
with a specific username/password, as the application being accessed needs
to be run in a specific way.
But, if user A connects and starts to use the application, and then later
on user B uses the same connection, this new 'user B' connection will
disconnect the 'user A' session. So, I would like to make a status page
available so that people can see if there is an active connection at the
moment. Given my web coding skills, something like this proposed CLI would
be much more within my reach, than having to create something in HTML/JS.
Yes, this information is available in the Guacamole settings screen, but
that is only available for administrators and isn't obvious for a user who
is unfamiliar with Guacamole concepts.
I would also dearly love to be able to use something like nagios or cacti
to monitor active connections, etc.
(Not on this exact same topic.. but if there was a way of having a shared
connection by default, so that user A and user B could both view the same
RDP/VNC/etc. display at the same time.. then that would be even better for
me. But, that is another topic of conversation, I think)
Cheers,
Jonathan
On 31 December 2017 at 10:24, Michael Niehren <mi...@niehren.de> wrote:
> Hi Nick,
>
> my intention was to administrate guacamole without using the client
> interface. With an console utility you can do much more things like
> - monitoring the usage in realtime (Nagios)
> - automatically kill a session running longer than x minutes ...
> - showing the current login's in another application
> - ...
>
> you are more flexible to implement such things, with such an console
> program.
>
> best regards,
> Michael
>
>
>
> Am 30.12.2017 um 23:04 schrieb Nick Couchman:
>
> On Thu, Dec 21, 2017 at 7:00 PM, Michael Niehren <mi...@niehren.de>
> wrote:
>
>> Hi together,
>>
>> first of all, many thank's for guacamole. I've successfully setup it
>> together with jetty.
>>
>> I would like to have something like an admin utility, which runs in
>> an linux shell, where i can can control the guacd.
>> For example:
>> - get_active_sessions
>> - kill session
>> - history of sessions
>>
>
> Michael,
> This is an interesting idea, but I have a couple of questions:
> - Most of this functionality is already available in the Guacamole Client
> interface, if you're using that (instead of a custom-built one on top of
> the Guacamole API). I believe you need to be using the JDBC authentication
> module, as you have to be able to define administrative users, but the
> Settings menu area provides the Active Connections tab, which shows current
> sessions and allows you to kill existing ones, and then the history tab,
> which shows past sessions. This seems to cover your list of items.
> - You asked about this functionality as it relates to guacd, but I'm not
> sure why you're trying to get this functionality at the guacd level instead
> of the Guacamole Client (or API) level? Doing it at the guacd level is
> certainly something that could be implemented; however, it seems like the
> value would be limited, as identifiers for sessions in guacd are just
> UUIDs, which makes it difficult to attribute sessions to certain users or
> connections. Also, if you can track and kill the sessions on the Guacamole
> Client (servlet) side, why do you need to do it for the guacd componenet?
>
> -Nick
>
>
> --
> Michael Niehren __ _ powered by
> / / (_)__ __ ____ __
> / /__/ / _ \/ // /\ \/ /
> /____/_/_//_/\_,_/ /_/\_\
>
>
--
"If we knew what it was we were doing, it would not be called research,
would it?"
- Albert Einstein
Re: guacamole admin utility
Posted by Nick Couchman <vn...@apache.org>.
>
>
>> Thanks Nick - that's fantastic; I hadn't realised that the REST API was
> callable in this way.
>
> The example is extremely helpful and works for me to determine active and
> historical connections (even though I had to stand up a new ubuntu docker
> container to run it, as my CentOS 6 host didn't want to run the pandas
> python package :) )
>
> Much appreciated,
>
> Jonathan
>
>
Yeah, no problem. The easiest way I've found to look up the REST API calls
is to open the Chrome Developer Console and go to the Network tab while
working in Guacamole. You can see the endpoints that are called, what
parameters are passed to them, and the responses that are given for those
calls.
The pandas package was just a quick attempt to format the output - I'm sure
there are other frameworks out there for taking JSON data into tables :-).
-Nick
Re: guacamole admin utility
Posted by Jonathan Hunter <jm...@gmail.com>.
On 31 December 2017 at 18:15, Nick Couchman <vn...@apache.org> wrote:
>
> Here's a quick/simple example of a Python-based utility that logs in to
> Guacamole, gets active connections, and logs out:
>
> https://pastebin.com/6LdWCwdm
>
Thanks Nick - that's fantastic; I hadn't realised that the REST API was
callable in this way.
The example is extremely helpful and works for me to determine active and
historical connections (even though I had to stand up a new ubuntu docker
container to run it, as my CentOS 6 host didn't want to run the pandas
python package :) )
Much appreciated,
Jonathan
--
"If we knew what it was we were doing, it would not be called research,
would it?"
- Albert Einstein
Re: guacamole admin utility
Posted by Nick Couchman <vn...@apache.org>.
On Sun, Dec 31, 2017 at 10:05 AM, Nick Couchman <vn...@apache.org> wrote:
> On Sun, Dec 31, 2017 at 5:24 AM, Michael Niehren <mi...@niehren.de>
> wrote:
>
>> Hi Nick,
>>
>> my intention was to administrate guacamole without using the client
>> interface. With an console utility you can do much more things like
>> - monitoring the usage in realtime (Nagios)
>> - automatically kill a session running longer than x minutes ...
>> - showing the current login's in another application
>> - ...
>>
>
> As a lifelong proponent of using the command line over GUIs whenever
> possible, I definitely understand the desire to have a utility that would
> allow this. A couple of things I would point out in this regard:
> - You still probably want to do this on the Guacamole Client side, not on
> the guacd side. guacd does not keep track of Guacamole Client usernames -
> the sessions are tracked by UUID - so you'd have to interface with the
> client, anyway, or try to determine which UUID to manipulate based on the
> parameters of the connection, which seems sketchy at best.
> - Doing this on the client side ought to be pretty straight-forward,
> though, because you can make use of the wonderful REST API that the web
> interface already uses. Everything that is done on the Guacamole Client
> web UI, with the exception of the tunnel itself, is handled via REST API
> calls that returns JSON-formatted data. So, it should be pretty
> easy/straightforward to create a command line utility, written in C,
> Python, Java, NodeJS, or even just using bash + curl, to login to the API
> and get the TOKEN, and then perform whatever administrative tasks you want
> to do, which would be pretty much anything you can do on the web side,
> including the things you mentioned above, but also things like user
> management, connection management, permissions, etc.
>
> I do really like the idea of creating a command-line utility to go along
> with the Guacamole Client package - maybe some of the other developers
> could weigh in on whether they think this would be something worth rolling
> into the overall Guacamole Client package, at which point we could create a
> JIRA issue to track the request. If you're at all familiar with REST APIs
> and programming languages, you could start implementing one on your own :-).
>
> -Nick
>
Here's a quick/simple example of a Python-based utility that logs in to
Guacamole, gets active connections, and logs out:
https://pastebin.com/6LdWCwdm
-Nick
Re: guacamole admin utility
Posted by Nick Couchman <vn...@apache.org>.
On Sun, Dec 31, 2017 at 5:24 AM, Michael Niehren <mi...@niehren.de> wrote:
> Hi Nick,
>
> my intention was to administrate guacamole without using the client
> interface. With an console utility you can do much more things like
> - monitoring the usage in realtime (Nagios)
> - automatically kill a session running longer than x minutes ...
> - showing the current login's in another application
> - ...
>
As a lifelong proponent of using the command line over GUIs whenever
possible, I definitely understand the desire to have a utility that would
allow this. A couple of things I would point out in this regard:
- You still probably want to do this on the Guacamole Client side, not on
the guacd side. guacd does not keep track of Guacamole Client usernames -
the sessions are tracked by UUID - so you'd have to interface with the
client, anyway, or try to determine which UUID to manipulate based on the
parameters of the connection, which seems sketchy at best.
- Doing this on the client side ought to be pretty straight-forward,
though, because you can make use of the wonderful REST API that the web
interface already uses. Everything that is done on the Guacamole Client
web UI, with the exception of the tunnel itself, is handled via REST API
calls that returns JSON-formatted data. So, it should be pretty
easy/straightforward to create a command line utility, written in C,
Python, Java, NodeJS, or even just using bash + curl, to login to the API
and get the TOKEN, and then perform whatever administrative tasks you want
to do, which would be pretty much anything you can do on the web side,
including the things you mentioned above, but also things like user
management, connection management, permissions, etc.
I do really like the idea of creating a command-line utility to go along
with the Guacamole Client package - maybe some of the other developers
could weigh in on whether they think this would be something worth rolling
into the overall Guacamole Client package, at which point we could create a
JIRA issue to track the request. If you're at all familiar with REST APIs
and programming languages, you could start implementing one on your own :-).
-Nick
Re: guacamole admin utility
Posted by Michael Niehren <mi...@niehren.de>.
Hi Nick,
my intention was to administrate guacamole without using the client
interface. With an console utility you can do much more things like
- monitoring the usage in realtime (Nagios)
- automatically kill a session running longer than x minutes ...
- showing the current login's in another application
- ...
you are more flexible to implement such things, with such an console program.
best regards,
Michael
Am 30.12.2017 um 23:04 schrieb Nick Couchman:
> On Thu, Dec 21, 2017 at 7:00 PM, Michael Niehren <michael@niehren.de <ma...@niehren.de>>
> wrote:
>
> Hi together,
>
> first of all, many thank's for guacamole. I've successfully setup it
> together with jetty.
>
> I would like to have something like an admin utility, which runs in
> an linux shell, where i can can control the guacd.
> For example:
> - get_active_sessions
> - kill session
> - history of sessions
>
>
> Michael,
> This is an interesting idea, but I have a couple of questions:
> - Most of this functionality is already available in the Guacamole Client interface, if you're
> using that (instead of a custom-built one on top of the Guacamole API). I believe you need to be
> using the JDBC authentication module, as you have to be able to define administrative users, but
> the Settings menu area provides the Active Connections tab, which shows current sessions and
> allows you to kill existing ones, and then the history tab, which shows past sessions. This seems
> to cover your list of items.
> - You asked about this functionality as it relates to guacd, but I'm not sure why you're trying to
> get this functionality at the guacd level instead of the Guacamole Client (or API) level? Doing
> it at the guacd level is certainly something that could be implemented; however, it seems like the
> value would be limited, as identifiers for sessions in guacd are just UUIDs, which makes it
> difficult to attribute sessions to certain users or connections. Also, if you can track and kill
> the sessions on the Guacamole Client (servlet) side, why do you need to do it for the guacd
> componenet?
>
> -Nick
--
Michael Niehren __ _ powered by
/ / (_)__ __ ____ __
/ /__/ / _ \/ // /\ \/ /
/____/_/_//_/\_,_/ /_/\_\
Re: guacamole admin utility
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Dec 21, 2017 at 7:00 PM, Michael Niehren <mi...@niehren.de> wrote:
> Hi together,
>
> first of all, many thank's for guacamole. I've successfully setup it
> together with jetty.
>
> I would like to have something like an admin utility, which runs in
> an linux shell, where i can can control the guacd.
> For example:
> - get_active_sessions
> - kill session
> - history of sessions
>
Michael,
This is an interesting idea, but I have a couple of questions:
- Most of this functionality is already available in the Guacamole Client
interface, if you're using that (instead of a custom-built one on top of
the Guacamole API). I believe you need to be using the JDBC authentication
module, as you have to be able to define administrative users, but the
Settings menu area provides the Active Connections tab, which shows current
sessions and allows you to kill existing ones, and then the history tab,
which shows past sessions. This seems to cover your list of items.
- You asked about this functionality as it relates to guacd, but I'm not
sure why you're trying to get this functionality at the guacd level instead
of the Guacamole Client (or API) level? Doing it at the guacd level is
certainly something that could be implemented; however, it seems like the
value would be limited, as identifiers for sessions in guacd are just
UUIDs, which makes it difficult to attribute sessions to certain users or
connections. Also, if you can track and kill the sessions on the Guacamole
Client (servlet) side, why do you need to do it for the guacd componenet?
-Nick