From 52be4fb65c0e5eafa86a9ca244c57d0725963c72 Mon Sep 17 00:00:00 2001 From: "ryan.kuba" Date: Thu, 11 Aug 2022 14:53:40 -0400 Subject: [PATCH 1/4] KASM-3051 add guac role to multi install --- group_vars/guac.yml | 1 + install_kasm.yml | 1 + inventory | 2 ++ patch_os.yml | 1 + roles/install_common/tasks/db_install.yml | 4 ++-- .../tasks/default_credentials.yml | 7 ++++++- roles/install_common/tasks/guac_install.yml | 17 +++++++++++++++++ roles/install_common/tasks/main.yml | 8 ++++++++ start_kasm.yml | 1 + uninstall_kasm.yml | 1 + 10 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 group_vars/guac.yml create mode 100644 roles/install_common/tasks/guac_install.yml diff --git a/group_vars/guac.yml b/group_vars/guac.yml new file mode 100644 index 0000000..4cdc7df --- /dev/null +++ b/group_vars/guac.yml @@ -0,0 +1 @@ +desired_swap_size: 4g diff --git a/install_kasm.yml b/install_kasm.yml index 54df6c0..b34421d 100644 --- a/install_kasm.yml +++ b/install_kasm.yml @@ -2,6 +2,7 @@ - db - web - agent + - guac roles: - install_common any_errors_fatal: true diff --git a/inventory b/inventory index beed6c0..c82d8f3 100644 --- a/inventory +++ b/inventory @@ -4,3 +4,5 @@ ubuntu18-web ubuntu18-db [agent] ubuntu18-agent +[guac] +ubuntu18-guac diff --git a/patch_os.yml b/patch_os.yml index 78a52af..01d5708 100644 --- a/patch_os.yml +++ b/patch_os.yml @@ -4,6 +4,7 @@ - db - web - agent + - guac roles: - patch_os diff --git a/roles/install_common/tasks/db_install.yml b/roles/install_common/tasks/db_install.yml index 7dad42e..f686d51 100644 --- a/roles/install_common/tasks/db_install.yml +++ b/roles/install_common/tasks/db_install.yml @@ -1,5 +1,5 @@ - name: Install database role - command: "bash {{ tempdir.path }}/kasm_release/install.sh -S db -e -Q {{database_password}} -R {{redis_password}} -U {{user_password}} -P {{admin_password}} -M {{manager_token}} {{ '-s ' ~ service_images_copy.dest if service_images_file }} {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}" + command: "bash {{ tempdir.path }}/kasm_release/install.sh -S db -e -Q {{database_password}} -R {{redis_password}} -U {{user_password}} -P {{admin_password}} -M {{manager_token}} -W {{guac_token}} {{ '-s ' ~ service_images_copy.dest if service_images_file }} {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}" register: install_output become: true retries: 20 @@ -8,7 +8,7 @@ when: test is not defined - name: Install database role - test - command: "bash {{ tempdir.path }}/kasm_release/install.sh -S db -e -I -Q {{database_password}} -R {{redis_password}} -U {{user_password}} -P {{admin_password}} -M {{manager_token}} {{ '-s ' ~ service_images_copy.dest if service_images_file }} {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}" + command: "bash {{ tempdir.path }}/kasm_release/install.sh -S db -e -I -Q {{database_password}} -R {{redis_password}} -U {{user_password}} -P {{admin_password}} -M {{manager_token}} -W {{guac_token}} {{ '-s ' ~ service_images_copy.dest if service_images_file }} {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}" register: install_output become: true retries: 20 diff --git a/roles/install_common/tasks/default_credentials.yml b/roles/install_common/tasks/default_credentials.yml index 402e6d0..2c99e52 100644 --- a/roles/install_common/tasks/default_credentials.yml +++ b/roles/install_common/tasks/default_credentials.yml @@ -29,4 +29,9 @@ when: manager_token is not defined run_once: true delegate_to: localhost - \ No newline at end of file + +- set_fact: + guac_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=22') }}" + when: guac_token is not defined + run_once: true + delegate_to: localhost diff --git a/roles/install_common/tasks/guac_install.yml b/roles/install_common/tasks/guac_install.yml new file mode 100644 index 0000000..0686142 --- /dev/null +++ b/roles/install_common/tasks/guac_install.yml @@ -0,0 +1,17 @@ +- name: Check connection from guac to webserver + uri: + url: "https://{{ web_ip }}/api/__healthcheck" + timeout: 5 + validate_certs: false + register: _result + until: _result.status == 200 + retries: 7 + delay: 5 + +- name: Install guac role + command: "bash {{ tempdir.path }}/kasm_release/install.sh -S guac -e -p {{ web_ip }} -W {{ guac_token }} {{ '-s ' ~ service_images_copy.dest if service_images_file }}" + register: install_output + become: true + retries: 20 + delay: 10 + until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr) diff --git a/roles/install_common/tasks/main.yml b/roles/install_common/tasks/main.yml index ad97645..cc999df 100644 --- a/roles/install_common/tasks/main.yml +++ b/roles/install_common/tasks/main.yml @@ -85,6 +85,13 @@ - "'agent' in group_names" - not kasm_installed +- name: Run Kasm guac install tasks + include_tasks: + file: guac_install.yml + when: + - "'guac' in group_names" + - not kasm_installed + - name: enable the docker service to run at boot service: name: docker @@ -104,6 +111,7 @@ - "Database Password: {{ database_password }}" - "Redis Password: {{ redis_password }}" - "Manager Token: {{ manager_token }}" + - "Guac Token: {{ guac_token }}" - "user@kasm.local password: {{ user_password }}" - "admin@kasm.local password: {{ admin_password }}" run_once: true diff --git a/start_kasm.yml b/start_kasm.yml index 95f1da3..c4be0ba 100644 --- a/start_kasm.yml +++ b/start_kasm.yml @@ -2,6 +2,7 @@ - db - web - agent + - guac serial: 1 gather_facts: no tasks: diff --git a/uninstall_kasm.yml b/uninstall_kasm.yml index d33c2ce..f550a14 100644 --- a/uninstall_kasm.yml +++ b/uninstall_kasm.yml @@ -2,5 +2,6 @@ - db - web - agent + - guac roles: - uninstall From b965f5a63931998f2046a5b835cdb48fe9ae8b3d Mon Sep 17 00:00:00 2001 From: Justin Travis Date: Wed, 16 Nov 2022 17:25:03 -0500 Subject: [PATCH 2/4] KASM-3589 Updates for Guac Registration Token --- roles/install_common/tasks/db_install.yml | 4 ++-- roles/install_common/tasks/default_credentials.yml | 4 ++-- roles/install_common/tasks/guac_install.yml | 2 +- roles/install_common/tasks/main.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/install_common/tasks/db_install.yml b/roles/install_common/tasks/db_install.yml index f686d51..6a7d894 100644 --- a/roles/install_common/tasks/db_install.yml +++ b/roles/install_common/tasks/db_install.yml @@ -1,5 +1,5 @@ - name: Install database role - command: "bash {{ tempdir.path }}/kasm_release/install.sh -S db -e -Q {{database_password}} -R {{redis_password}} -U {{user_password}} -P {{admin_password}} -M {{manager_token}} -W {{guac_token}} {{ '-s ' ~ service_images_copy.dest if service_images_file }} {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}" + command: "bash {{ tempdir.path }}/kasm_release/install.sh -S db -e -Q {{database_password}} -R {{redis_password}} -U {{user_password}} -P {{admin_password}} -M {{manager_token}} --registration-token {{registration_token}} {{ '-s ' ~ service_images_copy.dest if service_images_file }} {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}" register: install_output become: true retries: 20 @@ -8,7 +8,7 @@ when: test is not defined - name: Install database role - test - command: "bash {{ tempdir.path }}/kasm_release/install.sh -S db -e -I -Q {{database_password}} -R {{redis_password}} -U {{user_password}} -P {{admin_password}} -M {{manager_token}} -W {{guac_token}} {{ '-s ' ~ service_images_copy.dest if service_images_file }} {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}" + command: "bash {{ tempdir.path }}/kasm_release/install.sh -S db -e -I -Q {{database_password}} -R {{redis_password}} -U {{user_password}} -P {{admin_password}} -M {{manager_token}} --registration-token {{registration_token}} {{ '-s ' ~ service_images_copy.dest if service_images_file }} {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}" register: install_output become: true retries: 20 diff --git a/roles/install_common/tasks/default_credentials.yml b/roles/install_common/tasks/default_credentials.yml index 2c99e52..fd89399 100644 --- a/roles/install_common/tasks/default_credentials.yml +++ b/roles/install_common/tasks/default_credentials.yml @@ -31,7 +31,7 @@ delegate_to: localhost - set_fact: - guac_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=22') }}" - when: guac_token is not defined + registration_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=22') }}" + when: registration_token is not defined run_once: true delegate_to: localhost diff --git a/roles/install_common/tasks/guac_install.yml b/roles/install_common/tasks/guac_install.yml index 0686142..e168080 100644 --- a/roles/install_common/tasks/guac_install.yml +++ b/roles/install_common/tasks/guac_install.yml @@ -9,7 +9,7 @@ delay: 5 - name: Install guac role - command: "bash {{ tempdir.path }}/kasm_release/install.sh -S guac -e -p {{ web_ip }} -W {{ guac_token }} {{ '-s ' ~ service_images_copy.dest if service_images_file }}" + command: "bash {{ tempdir.path }}/kasm_release/install.sh -S guac -e --api-hostname {{ web_ip }} --registration-token {{ registration_token }} {{ '-s ' ~ service_images_copy.dest if service_images_file }}" register: install_output become: true retries: 20 diff --git a/roles/install_common/tasks/main.yml b/roles/install_common/tasks/main.yml index cc999df..639ef2e 100644 --- a/roles/install_common/tasks/main.yml +++ b/roles/install_common/tasks/main.yml @@ -111,7 +111,7 @@ - "Database Password: {{ database_password }}" - "Redis Password: {{ redis_password }}" - "Manager Token: {{ manager_token }}" - - "Guac Token: {{ guac_token }}" + - "Registration Token: {{ registration_token }}" - "user@kasm.local password: {{ user_password }}" - "admin@kasm.local password: {{ admin_password }}" run_once: true From c8f10542a0a75d5d92f82178d1a33cbcb1275365 Mon Sep 17 00:00:00 2001 From: Justin Travis Date: Wed, 16 Nov 2022 19:32:30 -0500 Subject: [PATCH 3/4] KASM-3589 Specify the guac ip during registration --- roles/install_common/tasks/guac_install.yml | 2 +- roles/install_common/tasks/main.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/install_common/tasks/guac_install.yml b/roles/install_common/tasks/guac_install.yml index e168080..241c4f1 100644 --- a/roles/install_common/tasks/guac_install.yml +++ b/roles/install_common/tasks/guac_install.yml @@ -9,7 +9,7 @@ delay: 5 - name: Install guac role - command: "bash {{ tempdir.path }}/kasm_release/install.sh -S guac -e --api-hostname {{ web_ip }} --registration-token {{ registration_token }} {{ '-s ' ~ service_images_copy.dest if service_images_file }}" + command: "bash {{ tempdir.path }}/kasm_release/install.sh -S guac -e --api-hostname {{ web_ip }} --public-hostname {{ guac_ip }} --registration-token {{ registration_token }} {{ '-s ' ~ service_images_copy.dest if service_images_file }}" register: install_output become: true retries: 20 diff --git a/roles/install_common/tasks/main.yml b/roles/install_common/tasks/main.yml index 639ef2e..272939d 100644 --- a/roles/install_common/tasks/main.yml +++ b/roles/install_common/tasks/main.yml @@ -12,6 +12,7 @@ - set_fact: db_ip: "{{ hostvars[groups['db'][0]]['ansible_default_ipv4']['address'] }}" web_ip: "{{ hostvars[groups['web'][0]]['ansible_default_ipv4']['address'] }}" + guac_ip: "{{ hostvars[groups['guac'][0]]['ansible_default_ipv4']['address'] }}" # IP of the host that ansible is being ran against target_ip: "{{ ansible_default_ipv4.address }}" From 1ce869595a328056dc9de2e0f59b79f7211abd51 Mon Sep 17 00:00:00 2001 From: "ryan.kuba" Date: Mon, 21 Nov 2022 13:51:06 -0500 Subject: [PATCH 4/4] KASM-3623 update docs to reference guac role --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 4837867..cbc6b71 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ It has been tested on CentOS 7.9.2009, CentOS 8.4.2105, Debian 9.13, Debian 10.1 1. Open `roles/install_common/vars/main.yml`, `group_vars/agent.yml` and update variables if desired. -2. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp and db roles. +2. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp, db, and guac roles. 3. Download the Kasm Workspaces installer from https://www.kasmweb.com/downloads.html and copy it to `roles/install_common/files`. @@ -69,9 +69,9 @@ It has been tested on CentOS 7.9.2009, CentOS 8.4.2105, Debian 9.13, Debian 10.1 6. Navigate to the Agents tab, and enable each Agent after it checks in. (May take a few minutes) -### Adding Additional Agent / Webapp hosts to an existing installation +### Adding Additional Agent / Webapp / Guac hosts to an existing installation -The installation can be "scaled up" after being installed by adding additional hosts to the agent or db roles in the inventory file and rerunning the playbook. +The installation can be "scaled up" after being installed by adding additional hosts to the agent, app, or guac roles in the inventory file and rerunning the playbook. Please ensure that redis_password, manager_token and database_password is set in `install_common/vars/main.yml` @@ -94,13 +94,13 @@ If you did not save the redis_password, manager_token or database_password for y ## Kasm Uninstall playbook -This playbook uninstalls Kasm workspaces from DB, WebApp and Agent servers specified in the `inventory` file. +This playbook uninstalls Kasm workspaces from DB, WebApp, Agent, and Guac servers specified in the `inventory` file. -It has been tested on CentOS 7.9.2009, CentOS 8.4.2105, Debian 9.13, Debian 10.10, Ubuntu 18.04.5, and Ubuntu 20.04.3 +It has been tested on CentOS 7.9.2009, CentOS 8.4.2105, Debian 9.13, Debian 10.10, Ubuntu 18.04.5, Ubuntu 20.04.3, and Ubuntu 22.04.1 ### Ansible Configuration -1. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp and db roles. +1. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp, db, and guac roles. 3. Run the deployment. @@ -114,15 +114,15 @@ It has been tested on CentOS 7.9.2009, CentOS 8.4.2105, Debian 9.13, Debian 10.1 ## Kasm Stop/Start/Restart playbooks -These playbooks can be used to start, stop or restart Kasm workspaces services on the DB, WebApp and Agent servers specified in the `inventory` file. +These playbooks can be used to start, stop or restart Kasm workspaces services on the DB, WebApp, Agent, and Guac servers specified in the `inventory` file. -It can be limited to run only on hosts in specific groups by passing `-l [db, web, or agent]` flag. +It can be limited to run only on hosts in specific groups by passing `-l [db, web, agent, or guac]` flag. In the examples `restart_kasm.yml` can be substituted for `start_kasm.yml` or `stop_kasm.yml` for starting or stopping the kasm services respectively. ### Ansible Configuration -1. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp and db roles. +1. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp, db, and guac roles. 2. Run the playbook. @@ -146,7 +146,7 @@ This playbook can be used to backup the Kasm Workspaces database to a location o 1. Open `roles/backup_db/vars/main.yml` and update variables if desired. -2. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp and db roles. +2. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp, db, and guac roles. 3. Run the playbook. @@ -166,7 +166,7 @@ This playbook is used for patching the underlying OSes on the Kasm Workspace ser 1. Open `roles/patch_os/vars/main.yml` and update variables if desired. -2. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp and db roles. +2. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp, db, and guac roles. 3. Run the playbook.