Solution Verified in:
- OpenNebula: 6.10
This step-by-step tutorial will help users to set up a VDI solution based on the integration of OpenNebula with Guacamole.
Requirements
- A KVM-based Windows image is required. The following guide explains how to build a Windows Image.
- The machine hosting the guacd server must have network connectivity to the network assigned to the Windows VMs. A virtual router can be used with NAT to avoid public IP's on the machines.
Step 1: OpenNebula Installation
You can skip this step if you already have a working OpenNebula installation.
If the above is not the case, to setup quickly an OpenNebula environment we will use miniONE, an easy-to-use tool for deploying an evaluation OpenNebula cloud based. To setup a KVM-based environment (OpenNebula frontend plus a KVM hypervisor node) you need a physical host (x86-64 Intel or AMD processor) with virtualization capabilities and with one of these supported Operating Systems. Then you can run the following commands:
wget 'https://github.com/OpenNebula/minione/releases/latest/download/minione'
Once the download is completed, you can proceed to install the OpenNebula cloud on your server by running:
sudo bash minione --yes
After few minutes the frontend and the kvm hypervisor will be installed on the host and you will get the IP and username and password to connect to Sunstone.
Step 2: Guacamole Installation and configuration
To install Guacamole, you can use docker as reported in Guacamole User's Guide Chapter 3. This is the recommended installation method, but any correctly configured guacamole installation should work. Refer to the User's Guide for extra information.
docker run --name guacd --restart unless-stopped -d guacamole/guacd
mkdir -p script
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > script/initdb.sql
docker run --name guac-postgres -e POSTGRES_PASSWORD=guacamole_password -e POSTGRES_DB=guacamole_db -e POSTGRES_USER=guacamole_user -v $PWD/script:/docker-entrypoint-initdb.d --restart unless-stopped -d postgres:9.6.23
docker run --name guacamole --link guacd:guacd --link guac-postgres:postgres -e POSTGRES_DATABASE=guacamole_db -e POSTGRES_USER=guacamole_user -e POSTGRES_PASSWORD=guacamole_password --restart unless-stopped -d -p 8080:8080 guacamole/guacamole
Please, make sure to modify the Postgres username and password from the commands above.
At this point, the server should be listening on port 8080 and navigating to http://<server_ip>:8080/guacamole should prompt for a username and password. The default username and password here is guacadmin/guacadmin. Refer to the Admin guide for configuration on this.
Step 3: Define OpenNebula Hooks for Guacamole
- On the OpenNebula server you need to install two python packages(guacapy, pyone) that will be used in the hook scripts to automatically add/delete connections in Guacamole when a VM is created/deleted. The packages must be installed as oneadmin user:
pip install guacapy pyone
- Create a file called
add_guac_conn.hook
with the following content to add a connection once the VM has been started:
NAME = add-guac-conn
TYPE = state
COMMAND = guacamole/add_conn.py
ARGUMENTS = $TEMPLATE
ON = CUSTOM
RESOURCE = VM
STATE = ACTIVE
LCM_STATE = RUNNING
- Create a files called
del_guac_conn.hook
with the following content to remove the connection when the machine has been powered off. Adjust this hook template according to the documentation if you'll be undeploying or terminating the virtual machine pool. A list of all VM States can be found here:
NAME = del-guac-conn
TYPE = state
COMMAND = guacamole/del_conn.py
ARGUMENTS = $TEMPLATE
ON = CUSTOM
RESOURCE = VM
STATE = POWEROFF
LCM_STATE = LCM_INIT
- Create the two hooks for adding and deleting Guacamole connections as in the follows:
onehook create add_guac_conn.hook
onehook create del_guac_conn.hook
- In the oneadmin user folder
remotes/hooks
create a new folderguacamole
. From the attachments on this article, download the scriptadd_conn.py
and edit the file to properly configure the credentials for both guacamole and opennebula. - For auto-login, you'll need to uncomment the lines for the username and password, and the user accounts created in guacamole will have to have the same username and password combination as the Windows account. Leave the values as '${GUAC_USERNAME}' and '${GUAC_PASSWORD}'.
- To prompt for credentials on connection, leave the lines commented.
- To use a specific Windows account, you can provide the exact username and password in the script. This will cause every connection to log in to the same account every time.
- If you need to define a Domain, uncomment the line just after the Username and Password
- Also, download the file
del_conn.py
from the attachment on this article and save that in the same folder. Edit this file to ensure the credentials are correct here as well.
At this point, the VDI Admin Guide should be followed to finish configuring Guacamole and the Windows Templates.
Note
Make the two scripts executable and replace any username/password in the scripts according to your OpenNebula and Guacamole installations.
Practical Tip
In a production environment, Guacamole and Windows images can be configured using the same company users' directory
Comments
Please sign in to leave a comment.