You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by "J. Christopher Little" <jc...@gmail.com> on 2021/03/29 18:12:30 UTC

guacamole batch add users and workstations

I have about 50 users and their associated workstations that I need to add
to guacamole.

Is there a way to do this in batch and not just through the web gui? I
couldn't find documentation in the user/admin manual on how to do this.

-- 
J. Christopher Little
Phone: (405)229-7822
Email: jcl@jchristopherlittle.com
WWW:   http://www.jchristopherlittle.com

Re: guacamole batch add users and workstations

Posted by Nick Couchman <vn...@apache.org>.

On Mon, Mar 29, 2021 at 2:51 PM Matthieu Courtois <
courtois.matthieu.92@gmail.com> wrote:

> I’ve made a PowerShell module for that use case
> https://github.com/UpperM/guacamole-powershell
>
>
>
> *De :* J. Christopher Little <jc...@gmail.com>
> *Envoyé :* lundi 29 mars 2021 20:13
> *À :* user@guacamole.apache.org
> *Objet :* guacamole batch add users and workstations
>
>
>
> I have about 50 users and their associated workstations that I need to add
> to guacamole.
>
>
>

Are you using any SSO and/or LDAP integration for login? Users can be
created automatically in the DB after a successful login, so you don't
necessarily need to create those manually:

http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-auto-create


> Is there a way to do this in batch and not just through the web gui? I
> couldn't find documentation in the user/admin manual on how to do this.
>
>
>
I use Ansible for most of my automation, and doing these operations is
relatively easy using the URI module. I should probably try to write a
full-on Ansible module for it, but I haven't taken a stab at it. In any
case, below is a quick example of the Ansible playbook that I've used to
automate it in my case. It'd be run by doing something like this:

ansible-playbook guacamole.yml -e '{"new_connections":
["host1","host2","host3","host4"]}'

Obviously it would need a little adaptation to your use-case - you'd
probably want to loop through some sort of map of user to workstation in
order to assign the permissions, but shouldn't be too difficult. One of the
nice things about this is that Ansible's YAML syntax lets you very easily
spell out the parameters that you want to set when you actually create the
connection. You could make it into a variable that you pass in if you want
to make the parameters configurable. In my case, I set the same overall
parameters for every connection, so all I have to do is set them up in the
playbook.

-Nick

==guacamole.yml==
---
- name: Create a connection and assign permissions
  hosts: localhost
  become: false
  connection: local
  vars:
    guacurl: https://1.2.3.4/guacamole
    guacuser: ansible
    guacpass: $uper$secretP@ssw0rd
    guacdb: postgresql
  tasks:
    - name: Log in to Guacamole
      uri:
        url: "{{ guacurl }}/api/tokens"
        method: POST
        headers:
          Accept: application/json
        body_format: form-urlencoded
        body:
          username: "{{ guacuser }}"
          password: "{{ guacpass }}"
      register: _guaclogin
      failed_when: _guaclogin.status > 299
    - name: Create Guacamole Connections
      uri:
        url: "{{ guacurl }}/api/session/data/{{ guacdb
}}/connections?token={{ _guaclogin['json']['authToken'] }}"
        method: POST
        body_format: json
        body:
          activeConnections: "0"
          attributes:
            max-connections: "2"
            max-connections-per-user: "1"
          name: "{{ item }}"
          parameters:
            create-drive-path: "true"
            drive-name: "xfer"
            drive-path: "/xfer/guacamole/${GUAC_USERNAME}/"
            enable-drive: "true"
            hostname: "{{ item }}.domain.local"
            port: "3389"
            security: "nla"
          parentIdentifier: "1"
          protocol: "rdp"
      ignore_errors: true
      register: _guaccreate
      failed_when: _guaccreate.status > 299
      with_items: "{{ new_connections }}"
    - name: Add permissions for Infra Management Team
      uri:
        url: "{{ guacurl }}/api/session/data/{{ guacdb
}}/userGroups/Infra_Management/permissions?token={{
_guaclogin['json']['authToken'] }}"
        method: PATCH
        body_format: json
        body:
          - op: "add"
            path: "/connectionPermissions/{{ item['json']['identifier'] }}"
            value: "READ"
        validate_certs: no
      ignore_errors: true
      register: _guacperms
      failed_when: _guacperms.status > 299
      with_items: "{{ _guaccreate }}"
    - name: Log out of Guacamole
      uri:
        url: "{{ guacurl }}/api/tokens/{{ _guaclogin['json']['authToken']
}}"
        method: DELETE
        validate_certs: no
      register: _guaclogout
      failed_when: _guaclogout.status > 299

RE: guacamole batch add users and workstations

Posted by Matthieu Courtois <co...@gmail.com>.

I’ve made a PowerShell module for that use case https://github.com/UpperM/guacamole-powershell

 

De : J. Christopher Little <jc...@gmail.com> 
Envoyé : lundi 29 mars 2021 20:13
À : user@guacamole.apache.org
Objet : guacamole batch add users and workstations

 

I have about 50 users and their associated workstations that I need to add to guacamole.

 

Is there a way to do this in batch and not just through the web gui? I couldn't find documentation in the user/admin manual on how to do this.


-- 

J. Christopher Little
Phone: (405)229-7822
Email: jcl@jchristopherlittle.com <ma...@jchristopherlittle.com> 
WWW:   http://www.jchristopherlittle.com