On Mon, Mar 29, 2021 at 2:51 PM Matthieu Courtois < [email protected]> wrote:
> I’ve made a PowerShell module for that use case > https://github.com/UpperM/guacamole-powershell > > > > *De :* J. Christopher Little <[email protected]> > *Envoyé :* lundi 29 mars 2021 20:13 > *À :* [email protected] > *Objet :* guacamole batch add users and workstations > > > > I have about 50 users and their associated workstations that I need to add > to guacamole. > > > Are you using any SSO and/or LDAP integration for login? Users can be created automatically in the DB after a successful login, so you don't necessarily need to create those manually: http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-auto-create > Is there a way to do this in batch and not just through the web gui? I > couldn't find documentation in the user/admin manual on how to do this. > > > I use Ansible for most of my automation, and doing these operations is relatively easy using the URI module. I should probably try to write a full-on Ansible module for it, but I haven't taken a stab at it. In any case, below is a quick example of the Ansible playbook that I've used to automate it in my case. It'd be run by doing something like this: ansible-playbook guacamole.yml -e '{"new_connections": ["host1","host2","host3","host4"]}' Obviously it would need a little adaptation to your use-case - you'd probably want to loop through some sort of map of user to workstation in order to assign the permissions, but shouldn't be too difficult. One of the nice things about this is that Ansible's YAML syntax lets you very easily spell out the parameters that you want to set when you actually create the connection. You could make it into a variable that you pass in if you want to make the parameters configurable. In my case, I set the same overall parameters for every connection, so all I have to do is set them up in the playbook. -Nick ==guacamole.yml== --- - name: Create a connection and assign permissions hosts: localhost become: false connection: local vars: guacurl: https://1.2.3.4/guacamole guacuser: ansible guacpass: $uper$secretP@ssw0rd guacdb: postgresql tasks: - name: Log in to Guacamole uri: url: "{{ guacurl }}/api/tokens" method: POST headers: Accept: application/json body_format: form-urlencoded body: username: "{{ guacuser }}" password: "{{ guacpass }}" register: _guaclogin failed_when: _guaclogin.status > 299 - name: Create Guacamole Connections uri: url: "{{ guacurl }}/api/session/data/{{ guacdb }}/connections?token={{ _guaclogin['json']['authToken'] }}" method: POST body_format: json body: activeConnections: "0" attributes: max-connections: "2" max-connections-per-user: "1" name: "{{ item }}" parameters: create-drive-path: "true" drive-name: "xfer" drive-path: "/xfer/guacamole/${GUAC_USERNAME}/" enable-drive: "true" hostname: "{{ item }}.domain.local" port: "3389" security: "nla" parentIdentifier: "1" protocol: "rdp" ignore_errors: true register: _guaccreate failed_when: _guaccreate.status > 299 with_items: "{{ new_connections }}" - name: Add permissions for Infra Management Team uri: url: "{{ guacurl }}/api/session/data/{{ guacdb }}/userGroups/Infra_Management/permissions?token={{ _guaclogin['json']['authToken'] }}" method: PATCH body_format: json body: - op: "add" path: "/connectionPermissions/{{ item['json']['identifier'] }}" value: "READ" validate_certs: no ignore_errors: true register: _guacperms failed_when: _guacperms.status > 299 with_items: "{{ _guaccreate }}" - name: Log out of Guacamole uri: url: "{{ guacurl }}/api/tokens/{{ _guaclogin['json']['authToken'] }}" method: DELETE validate_certs: no register: _guaclogout failed_when: _guaclogout.status > 299
