diff --git a/ansible/roles/linux-webconsole/files/guacamole-playbook.yml b/ansible/roles/linux-webconsole/files/guacamole-playbook.yml index 2618c767..f134b1c9 100644 --- a/ansible/roles/linux-webconsole/files/guacamole-playbook.yml +++ b/ansible/roles/linux-webconsole/files/guacamole-playbook.yml @@ -40,54 +40,23 @@ key: "{{ guacamole_ssh_public_key }}" - block: - - name: Generate VNC password for Guacamole + - name: Generate password for Guacamole set_fact: - guacamole_vnc_password: "{{ lookup('community.general.random_string', length = 16, override_special = special_chars) }}" + guacamole_password: "{{ lookup('community.general.random_string', length = 16, override_special = special_chars) }}" vars: # Even though this string is within a CDATA tag, there's very small chance of # generating ]]>, which will still break XML. Therefore remove ">" from special # characters. special_chars: '!"#$%&()*+,-./:;<=?@[\]^_`{|}~' - - block: - - name: Get Guacamole user info - getent: - database: passwd - key: "{{ guacamole_user }}" - - - name: Set Guacamole user home directory - set_fact: - guacamole_user_home: "{{ ansible_facts.getent_passwd[guacamole_user][4] }}" - - - name: Generate VNC password - command: vncpasswd -f - args: - stdin: "{{ guacamole_vnc_password }}" - register: vncpassword - - - name: Create VNC directory - file: - state: directory - path: "{{ guacamole_user_home }}/.vnc" - owner: "{{ guacamole_user }}" - group: "{{ guacamole_user }}" - mode: "0775" - - - name: Create VNC password file - copy: - content: "{{ vncpassword.stdout }}" - dest: "{{ guacamole_user_home }}/.vnc/passwd" - owner: "{{ guacamole_user }}" - group: "{{ guacamole_user }}" - mode: "0600" - become: yes - become_user: "{{ guacamole_user }}" - - - name: Start and enable VNC server - service: - name: vncserver@:1.service - state: started - enabled: yes + - name: Configure default user + ansible.builtin.user: + name: "{{ guacamole_user }}" + state: present + password: "{{ guacamole_password | password_hash('sha512') }}" + append: true + groups: ssl-cert + become: true when: desktop_enabled - name: Write Guacamole user mapping file @@ -105,12 +74,11 @@ {% if desktop_enabled %} - vnc + rdp {{ ansible_default_ipv4.address }} - 5901 - 3 + 3389 {{ guacamole_user }} - + {% endif %} diff --git a/ansible/roles/linux-webconsole/files/vnc_server/restart.conf b/ansible/roles/linux-webconsole/files/vnc_server/restart.conf deleted file mode 100644 index 6e6f9b52..00000000 --- a/ansible/roles/linux-webconsole/files/vnc_server/restart.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Override the restart policy so that the VNC server is restarted if it exits -# We want this to happen if the server exits with an error or if the user logs out -[Service] -Restart=always -RestartSec=30s diff --git a/ansible/roles/linux-webconsole/files/vnc_server/start_order.conf b/ansible/roles/linux-webconsole/files/vnc_server/start_order.conf deleted file mode 100644 index f22a7684..00000000 --- a/ansible/roles/linux-webconsole/files/vnc_server/start_order.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Override the start order so that the VNC server starts correctly -[Unit] -After=syslog.target network.target gdm.service -Requires=gdm.service - -[Install] -WantedBy=graphical.target diff --git a/ansible/roles/linux-webconsole/files/vnc_server/vncserver@.service b/ansible/roles/linux-webconsole/files/vnc_server/vncserver@.service deleted file mode 100644 index d97a2a0c..00000000 --- a/ansible/roles/linux-webconsole/files/vnc_server/vncserver@.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=TigerVNC Server -After=syslog.target network.target - -[Service] -Type=simple -PAMName=login -ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' -ExecStart=/usr/bin/vncserver %i \ - -fg \ - -localhost no \ - -rfbauth ${VNCSERVER_PASSWD_FILE} \ - -MaxCutText 99999999 \ - -xstartup /etc/vnc/xstartup -ExecStop=/usr/bin/vncserver -kill %i - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/linux-webconsole/files/vnc_server/xstartup b/ansible/roles/linux-webconsole/files/vnc_server/xstartup deleted file mode 100644 index 527011d1..00000000 --- a/ansible/roles/linux-webconsole/files/vnc_server/xstartup +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -test x"$SHELL" = x"" && SHELL=/bin/bash -test x"$1" = x"" && set -- default - -vncconfig -iconic & -"$SHELL" -l << EOF -export XDG_SESSION_TYPE=x11 -export GNOME_SHELL_SESSION_MODE=ubuntu -dbus-launch --exit-with-session gnome-session --session=ubuntu -EOF -vncserver -kill $DISPLAY diff --git a/ansible/roles/linux-webconsole/tasks/main.yml b/ansible/roles/linux-webconsole/tasks/main.yml index 5dee6866..82b5e4f6 100644 --- a/ansible/roles/linux-webconsole/tasks/main.yml +++ b/ansible/roles/linux-webconsole/tasks/main.yml @@ -38,9 +38,20 @@ - block: - include_tasks: desktop.yml - - include_tasks: vnc_server.yml when: desktop_enabled is defined and desktop_enabled +- name: Install xrdp + apt: + name: xrdp + state: present + when: ansible_os_family == "Debian" + +- name: Install dbus-x11 package + apt: + name: dbus-x11 + state: present + when: ansible_os_family == "Debian" + - include_role: name: linux-ansible-init diff --git a/ansible/roles/linux-webconsole/tasks/vnc_server.yml b/ansible/roles/linux-webconsole/tasks/vnc_server.yml deleted file mode 100644 index d9f1f95e..00000000 --- a/ansible/roles/linux-webconsole/tasks/vnc_server.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- - -##### -## These tasks install TigerVNC server and perform global configuration -##### - -- name: Install VNC server - package: - name: "{{ tigervnc_server_packages }}" - state: present - -# CentOS includes a systemd unit and default startup script that work -# Ubuntu does not -- name: Configure VNC server - block: - - name: Ensure VNC config directory exists - file: - path: /etc/vnc - state: directory - - - name: Install VNC startup script - copy: - src: vnc_server/xstartup - dest: /etc/vnc/xstartup - mode: +x - - - name: Install vncserver systemd unit file - copy: - src: vnc_server/vncserver@.service - dest: /etc/systemd/system/ - when: ansible_distribution == 'Ubuntu' - -- name: Ensure systemd override directory exists - file: - path: /etc/systemd/system/vncserver@.service.d - state: directory - -- name: Install systemd overrides - copy: - src: "vnc_server/{{ item }}" - dest: /etc/systemd/system/vncserver@.service.d/ - loop: - - start_order.conf - - restart.conf - -- name: Get guacamole user info - user: - name: "{{ guacamole_user }}" - state: present - register: guacamole_user_info - -- name: Set VNC server user facts for guacamole user - set_fact: - guacamole_user_vnc_config_dir: "{{ guacamole_user_info.home }}/.vnc" - -- name: Ensure systemd overrides directory exists - file: - path: /etc/systemd/system/vncserver@:1.service.d - state: directory - -- name: Configure user for systemd unit - copy: - dest: /etc/systemd/system/vncserver@:1.service.d/user.conf - content: | - [Service] - Environment=VNCSERVER_PASSWD_FILE={{ guacamole_user_vnc_config_dir }}/passwd - User={{ guacamole_user }} diff --git a/ansible/roles/linux-webconsole/vars/Ubuntu.yml b/ansible/roles/linux-webconsole/vars/Ubuntu.yml index d78950c3..fafa6f20 100644 --- a/ansible/roles/linux-webconsole/vars/Ubuntu.yml +++ b/ansible/roles/linux-webconsole/vars/Ubuntu.yml @@ -1,5 +1,3 @@ --- desktop_environment_package: ubuntu-desktop-minimal - -tigervnc_server_packages: [tigervnc-standalone-server, tigervnc-xorg-extension, dbus-x11]