From ce5b9273c8f786c834806247b0242099e46180c9 Mon Sep 17 00:00:00 2001 From: Matt Pryor Date: Thu, 8 Sep 2022 11:03:21 +0100 Subject: [PATCH 1/2] Allow guacamole_user to come from metadata --- .../roles/linux-webconsole/defaults/main.yml | 2 +- .../files/guacamole-playbook.yml | 47 ++++++++++++++----- ansible/roles/linux-webconsole/tasks/main.yml | 2 +- .../linux-webconsole/tasks/vnc_server.yml | 23 --------- 4 files changed, 37 insertions(+), 37 deletions(-) diff --git a/ansible/roles/linux-webconsole/defaults/main.yml b/ansible/roles/linux-webconsole/defaults/main.yml index 23e17802..053ef033 100644 --- a/ansible/roles/linux-webconsole/defaults/main.yml +++ b/ansible/roles/linux-webconsole/defaults/main.yml @@ -4,4 +4,4 @@ desktop_enabled: no # By default, use the connecting user to run the guacamole services -guacamole_user: "{{ ansible_user }}" +default_guacamole_user: "{{ ansible_user }}" diff --git a/ansible/roles/linux-webconsole/files/guacamole-playbook.yml b/ansible/roles/linux-webconsole/files/guacamole-playbook.yml index 2618c767..13613612 100644 --- a/ansible/roles/linux-webconsole/files/guacamole-playbook.yml +++ b/ansible/roles/linux-webconsole/files/guacamole-playbook.yml @@ -5,7 +5,16 @@ become: true vars_files: - /etc/ansible-init/vars/guacamole.yml + vars: + os_metadata: "{{ lookup('url', 'http://169.254.169.254/openstack/latest/meta_data.json') | from_json }}" + os_user_metadata: "{{ os_metadata.get('meta', {}) }}" + os_project_id: "{{ os_metadata.project_id }}" tasks: + # Allow the guacamole user to be overridden using metadata + - name: Set Guacamole user fact + set_fact: + guacamole_user: "{{ os_user_metadata.get('guacamole_user', default_guacamole_user) }}" + - name: Generate SSH keypair for Guacamole # Guacamole requires that the key is PEM-formatted # See https://issues.apache.org/jira/browse/GUACAMOLE-745 @@ -48,18 +57,19 @@ # generating ]]>, which will still break XML. Therefore remove ">" from special # characters. special_chars: '!"#$%&()*+,-./:;<=?@[\]^_`{|}~' - - - block: - - name: Get Guacamole user info - getent: - database: passwd - key: "{{ guacamole_user }}" - - name: Set Guacamole user home directory - set_fact: - guacamole_user_home: "{{ ansible_facts.getent_passwd[guacamole_user][4] }}" + - name: Get guacamole user info + user: + name: "{{ guacamole_user }}" + state: present + register: guacamole_user_info - - name: Generate VNC password + - name: Set VNC server user facts for guacamole user + set_fact: + guacamole_user_vnc_config_dir: "{{ guacamole_user_info.home }}/.vnc" + + - block: + - name: Encode VNC password command: vncpasswd -f args: stdin: "{{ guacamole_vnc_password }}" @@ -68,7 +78,7 @@ - name: Create VNC directory file: state: directory - path: "{{ guacamole_user_home }}/.vnc" + path: "{{ guacamole_user_vnc_config_dir }}" owner: "{{ guacamole_user }}" group: "{{ guacamole_user }}" mode: "0775" @@ -76,13 +86,26 @@ - name: Create VNC password file copy: content: "{{ vncpassword.stdout }}" - dest: "{{ guacamole_user_home }}/.vnc/passwd" + dest: "{{ guacamole_user_vnc_config_dir }}/passwd" owner: "{{ guacamole_user }}" group: "{{ guacamole_user }}" mode: "0600" become: yes become_user: "{{ guacamole_user }}" + - name: Ensure systemd overrides directory exists + file: + path: /etc/systemd/system/vncserver@:1.service.d + state: directory + + - name: Configure user for systemd unit + copy: + dest: /etc/systemd/system/vncserver@:1.service.d/user.conf + content: | + [Service] + Environment=VNCSERVER_PASSWD_FILE={{ guacamole_user_vnc_config_dir }}/passwd + User={{ guacamole_user }} + - name: Start and enable VNC server service: name: vncserver@:1.service diff --git a/ansible/roles/linux-webconsole/tasks/main.yml b/ansible/roles/linux-webconsole/tasks/main.yml index f8f597ca..434ece1c 100644 --- a/ansible/roles/linux-webconsole/tasks/main.yml +++ b/ansible/roles/linux-webconsole/tasks/main.yml @@ -73,7 +73,7 @@ vars: guacamole_init_vars: desktop_enabled: "{{ desktop_enabled }}" - guacamole_user: "{{ guacamole_user }}" + default_guacamole_user: "{{ default_guacamole_user }}" - name: Install Guacamole ansible-init playbook copy: diff --git a/ansible/roles/linux-webconsole/tasks/vnc_server.yml b/ansible/roles/linux-webconsole/tasks/vnc_server.yml index d9f1f95e..0d0a8d79 100644 --- a/ansible/roles/linux-webconsole/tasks/vnc_server.yml +++ b/ansible/roles/linux-webconsole/tasks/vnc_server.yml @@ -42,26 +42,3 @@ loop: - start_order.conf - restart.conf - -- name: Get guacamole user info - user: - name: "{{ guacamole_user }}" - state: present - register: guacamole_user_info - -- name: Set VNC server user facts for guacamole user - set_fact: - guacamole_user_vnc_config_dir: "{{ guacamole_user_info.home }}/.vnc" - -- name: Ensure systemd overrides directory exists - file: - path: /etc/systemd/system/vncserver@:1.service.d - state: directory - -- name: Configure user for systemd unit - copy: - dest: /etc/systemd/system/vncserver@:1.service.d/user.conf - content: | - [Service] - Environment=VNCSERVER_PASSWD_FILE={{ guacamole_user_vnc_config_dir }}/passwd - User={{ guacamole_user }} From 4e7a170a05827d30055448c45bfedc0f5216f44b Mon Sep 17 00:00:00 2001 From: Matt Pryor Date: Thu, 8 Sep 2022 11:06:40 +0100 Subject: [PATCH 2/2] Remove unused variable --- ansible/roles/linux-webconsole/files/guacamole-playbook.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles/linux-webconsole/files/guacamole-playbook.yml b/ansible/roles/linux-webconsole/files/guacamole-playbook.yml index 13613612..d41feae1 100644 --- a/ansible/roles/linux-webconsole/files/guacamole-playbook.yml +++ b/ansible/roles/linux-webconsole/files/guacamole-playbook.yml @@ -8,7 +8,6 @@ vars: os_metadata: "{{ lookup('url', 'http://169.254.169.254/openstack/latest/meta_data.json') | from_json }}" os_user_metadata: "{{ os_metadata.get('meta', {}) }}" - os_project_id: "{{ os_metadata.project_id }}" tasks: # Allow the guacamole user to be overridden using metadata - name: Set Guacamole user fact