tree support in user-mapping.xml

[Joachim Lindenberg <jo...@lindenberg.one>]

Hello,

I do have my extension for Hyper-V, that does authentication and
authorizations for my Hyper-V guests. However I also would like to include
some of my infrastructure (SSH, VNC, etc.) into the solution – and
preferably not as a flat list but with some hierarchy. I do understand that
I can run a database and insert all information, likely in parallel to my
own extension. However I think that´s overkill (with one user, and system
load and backup is an issue) and would prefer if the
<http://guacamole.apache.org/doc/gug/configuring-guacamole.html#user-mapping
> user-mapping.xml could be extended to support a (simple, i.e. one level
totally fine) tree structure.

Anyone else?

Thanks & Best Regards, Joachim

 

 

AW: tree support in user-mapping.xml

[Joachim Lindenberg <jo...@lindenberg.one>]

 

 

Von: Nick Couchman [mailto:nick.e.couchman@gmail.com] 
Gesendet: Montag, 30. April 2018 01:38
An: user@guacamole.apache.org
Betreff: Re: tree support in user-mapping.xml

 

 

On Sun, Apr 29, 2018 at 15:52 Joachim Lindenberg <joachim@lindenberg.one <ma...@lindenberg.one> > wrote:

Hi Nick,

I totally disagree. The delta is not just time, but the need of a full blown database that I need to operate with plenty of cpu, memory, and disk usage.

 

I understand your point, but the Guacamole JDBC schema is very small, and it should be possible to tune parameters on MySQL/MariaDB/PostgreSQL such that it uses minimal system resources.  Furthermore, depending on how many connections your environment grows to, the indexing within the database could make locating and loading those records less resource-intensive than reading through serially through an XML file.  If your environment isn't that large, then I fail to see why you need the organization/tree structure anyway??

 

Both out of curiosity and in order to try to see where you're coming from, what kind of environment are you operating in that requires you be so conservative with resources that you can't afford a small MySQL/MariaDB instance?

 

My primary use case for Guacamole is to run virtual machines out of (Windows) backups and then connect via RDP. For any system backed up, my extension lists the various backups (one group per system) and by clicking on it fires up a VM and connects. For that I am still struggling with the sort order and tree requirements I earlier asked… obviously the most recent backup should go top. I also wanted to provide a group with already running VMs for quick access, but with different internal keys the recently used list becomes pretty confusing…

Then having that running, I also want to leverage Guacamole to connect to my infrastructure (elevating the need to connect using VPN and then start ssh). The number of systems I want to connect to statically is something like 3*VNC, 5*RDP, 6-8*SSH. Plus a dynamic list of Hyper-V guests that I deal with already. Now a flat list within the structured list looks unpleasant to me at least.

My current Guacamole runs also on Hyper-V with less than 1GB of memory.  I also run a mailcow dockerized with MariaDB, and although I have almost no load on that right now it bumps against the 3GB limit I set. Plus an instance with OSticket that uses roughly 2GB. All three VMs are supposed to run on a Hyper-V 2016 with total memory 8GB – I am planning to consolidate the three (potentially a Samba AD as well) on that host which is always on, whereas other systems are usually running only as needed (e.g. backup host and thus VMs for backups will be on another host). I don´t want to buy more memory just because of a database that is not needed.

 

Best Regards, Joachim

 

-Nick

Re: tree support in user-mapping.xml

[Nick Couchman <ni...@gmail.com>]

On Sun, Apr 29, 2018 at 15:52 Joachim Lindenberg <jo...@lindenberg.one>
wrote:

> Hi Nick,
>
> I totally disagree. The delta is not just time, but the need of a full
> blown database that I need to operate with plenty of cpu, memory, and disk
> usage.
>

I understand your point, but the Guacamole JDBC schema is very small, and
it should be possible to tune parameters on MySQL/MariaDB/PostgreSQL such
that it uses minimal system resources.  Furthermore, depending on how many
connections your environment grows to, the indexing within the database
could make locating and loading those records less resource-intensive than
reading through serially through an XML file.  If your environment isn't
that large, then I fail to see why you need the organization/tree structure
anyway??

Both out of curiosity and in order to try to see where you're coming from,
what kind of environment are you operating in that requires you be so
conservative with resources that you can't afford a small MySQL/MariaDB
instance?

-Nick

Re: AW: tree support in user-mapping.xml

[Nick Couchman <ni...@gmail.com>]

On Sun, Apr 29, 2018 at 16:13 Paulo Gonçalves <pa...@ipc.pt> wrote:

> I agree with you about the resources usage just for that.
>
> Maybe you can try to use a H2 database with MySQL Compatibility Mode (I
> don't know if it works, never tried it).
>

I did start working on a SQLite module for the JDBC extension -
unfortunately I ran into a bug with the JDBC SQLite driver that is impeding
progress on that front.  I avoided H2 for some reason - maybe I'll revisit
that.

Re: AW: tree support in user-mapping.xml

[Paulo Gonçalves <pa...@ipc.pt>]

 

I agree with you about the resources usage just for that. 

Maybe you can try to use a H2 database with MySQL Compatibility Mode (I
don't know if it works, never tried it). 

--- 

 		Paulo Alexandre Figueiredo Gonçalves

 		Departamento de Tecnologias de Informação e Comunicação (DTIC)

 		Email: pafgoncalves@ipc.pt / Voip: 301103

 		 Serviços Centrais

 		Av. Dr. Marnoco e Sousa, nº 30, 3000-271 Coimbra

 		Tel.: +351 239 791 250

 		Site:www.ipc.pt [2] | E-mail:ipc@ipc.pt

Em 2018-04-29 20:51, Joachim Lindenberg escreveu: 

> Hi Nick, 
> 
> I totally disagree. The delta is not just time, but the need of a full blown database that I need to operate with plenty of cpu, memory, and disk usage. 
> 
> Best Regards, Joachim 
> 
> VON: Nick Couchman [mailto:vnick@apache.org] 
> GESENDET: Sonntag, 29. April 2018 21:41
> AN: user@guacamole.apache.org
> BETREFF: Re: tree support in user-mapping.xml 
> 
> On Sun, Apr 29, 2018 at 3:10 PM, Joachim Lindenberg <jo...@lindenberg.one> wrote: 
> 
>> Hello, 
>> 
>> I do have my extension for Hyper-V, that does authentication and authorizations for my Hyper-V guests. However I also would like to include some of my infrastructure (SSH, VNC, etc.) into the solution - and preferably not as a flat list but with some hierarchy. I do understand that I can run a database and insert all information, likely in parallel to my own extension. However I think that´s overkill (with one user, and system load and backup is an issue) and would prefer if the user-mapping.xml [1] could be extended to support a (simple, i.e. one level totally fine) tree structure.
> 
> No, the basic file authentication (user-mapping.xml) extension does not support any organization to the connections. The JDBC module is actually the only module that does - all of the other modules that support connections (LDAP, upcoming QuickConnect, and Basic File Authentication) simply put the connections in a single, flat root group with no ability to organize them. If you need this functionality, you need to use the JDBC module - it's worth the very slight overhead and additional 10 minutes of work to get it set up. 
> 
> -Nick
 

Links:
------
[1]
http://guacamole.apache.org/doc/gug/configuring-guacamole.html#user-mapping
[2] http://www.ipc.pt

AW: tree support in user-mapping.xml

[Joachim Lindenberg <jo...@lindenberg.one>]

Hi Nick,

I totally disagree. The delta is not just time, but the need of a full blown database that I need to operate with plenty of cpu, memory, and disk usage.

Best Regards, Joachim

 

 

Von: Nick Couchman [mailto:vnick@apache.org] 
Gesendet: Sonntag, 29. April 2018 21:41
An: user@guacamole.apache.org
Betreff: Re: tree support in user-mapping.xml

 

 

 

On Sun, Apr 29, 2018 at 3:10 PM, Joachim Lindenberg <joachim@lindenberg.one <ma...@lindenberg.one> > wrote:

Hello,

I do have my extension for Hyper-V, that does authentication and authorizations for my Hyper-V guests. However I also would like to include some of my infrastructure (SSH, VNC, etc.) into the solution – and preferably not as a flat list but with some hierarchy. I do understand that I can run a database and insert all information, likely in parallel to my own extension. However I think that´s overkill (with one user, and system load and backup is an issue) and would prefer if the  <http://guacamole.apache.org/doc/gug/configuring-guacamole.html#user-mapping> user-mapping.xml could be extended to support a (simple, i.e. one level totally fine) tree structure.

 

 

No, the basic file authentication (user-mapping.xml) extension does not support any organization to the connections.  The JDBC module is actually the only module that does - all of the other modules that support connections (LDAP, upcoming QuickConnect, and Basic File Authentication) simply put the connections in a single, flat root group with no ability to organize them.  If you need this functionality, you need to use the JDBC module - it's worth the very slight overhead and additional 10 minutes of work to get it set up.

 

-Nick 

Re: tree support in user-mapping.xml

[Nick Couchman <vn...@apache.org>]

On Sun, Apr 29, 2018 at 3:10 PM, Joachim Lindenberg <jo...@lindenberg.one>
wrote:

> Hello,
>
> I do have my extension for Hyper-V, that does authentication and
> authorizations for my Hyper-V guests. However I also would like to include
> some of my infrastructure (SSH, VNC, etc.) into the solution – and
> preferably not as a flat list but with some hierarchy. I do understand that
> I can run a database and insert all information, likely in parallel to my
> own extension. However I think that´s overkill (with one user, and system
> load and backup is an issue) and would prefer if the user-mapping.xml
> <http://guacamole.apache.org/doc/gug/configuring-guacamole.html#user-mapping>
> could be extended to support a (simple, i.e. one level totally fine) tree
> structure.
>
>
>
No, the basic file authentication (user-mapping.xml) extension does not
support any organization to the connections.  The JDBC module is actually
the only module that does - all of the other modules that support
connections (LDAP, upcoming QuickConnect, and Basic File Authentication)
simply put the connections in a single, flat root group with no ability to
organize them.  If you need this functionality, you need to use the JDBC
module - it's worth the very slight overhead and additional 10 minutes of
work to get it set up.

-Nick