Virtual Desktop Infrastructure (VDI) with OpenNebula and Guacamole - Deployment Guide

Solution Verified in:

  • OpenNebula: 6.4

This step-by-step tutorial will help users to set up a VDI solution based on the integration of OpenNebula with Guacamole.


  • A KVM-based Windows image is required. The following guide explains how to build a Windows Image.
  • The machine hosting the guacd server must have network connectivity to the network assigned to the Windows VMs.  A virtual router can be used with NAT to avoid public IP's on the machines.

Step 1: OpenNebula Installation 

You can skip this step if you already have a working OpenNebula installation.

If the above is not the case, to setup quickly an OpenNebula environment we will use miniONE, an easy-to-use tool for deploying an evaluation OpenNebula cloud based. To setup a KVM-based environment (OpenNebula frontend plus a KVM hypervisor node) you need a physical host (x86-64 Intel or AMD processor) with virtualization capabilities and with one of these supported Operating Systems. Then you can run the following commands:

wget ''

Once the download is completed, you can proceed to install the OpenNebula cloud on your server by running:

sudo bash minione --yes

After few minutes the frontend and the kvm hypervisor will be installed on the host and you will get the IP and username and password to connect to Sunstone.

Step 2: Guacamole Installation and configuration 

To install Guacamole, you can use docker as reported in Guacamole User's Guide Chapter 3.  This is the recommended installation method, but any correctly configured guacamole installation should work.  Refer to the User's Guide for extra information.

docker run --name guacd -d guacamole/guacd
docker run --rm guacamole/guacamole /opt/guacamole/bin/ --postgres > script/initdb.sql
docker run --name guac-postgres -e POSTGRES_PASSWORD=guacamole_password -e POSTGRES_DB=guacamole_db -e POSTGRES_USER=guacamole_user -v $PWD/script:/docker-entrypoint-initdb.d -d postgres:9.6.23
docker run --name guacamole --link guacd:guacd --link guac-postgres:postgres -e POSTGRES_DATABASE=guacamole_db -e POSTGRES_USER=guacamole_user -e POSTGRES_PASSWORD=guacamole_password -d -p 8080:8080 guacamole/guacamole

At this point, the server should be listening on port 8080 and navigating to http://<server_ip>:8080/guacamole should prompt for a username and password.  The default username and password here is guacadmin/guacadmin.  Refer to the Admin guide for configuration on this.

Step 3: Define OpenNebula Hooks for Guacamole 

  • On the OpenNebula server you need to install two python packages(guacapy, pyone) that will be used in the hook scripts to automatically add/delete connections in Guacamole when a VM is created/deleted. The packages must be installed as oneadmin user:
pip install guacapy pyone
  • Create a file called add_guac_conn.hook with the following content to add a connection once the VM has been started:
NAME = add-guac-conn
TYPE = state
COMMAND = guacamole/
  • Create a files called del_guac_conn.hook with the following content to remove the connection when the machine has been powered off. Adjust this hook template according to the documentation if you'll be undeploying or terminating the virtual machine pool.  A list of all VM States can be found here:
NAME = del-guac-conn
TYPE = state
COMMAND = guacamole/
  • Create the two hooks for adding and deleting Guacamole connections as in the follows:
onehook create add_guac_conn.hook
onehook create del_guac_conn.hook
  • In the oneadmin user folder remotes/hooks create a new folder guacamole.  From the attachments on this article, download the script and edit the file to properly configure the credentials for both guacamole and opennebula.
  • For auto-login, you'll need to uncomment the lines for the username and password, and the user accounts created in guacamole will have to have the same username and password combination as the Windows account.  Leave the values as '${GUAC_USERNAME}' and '${GUAC_PASSWORD}'.
  • To prompt for credentials on connection, leave the lines commented.
  • To use a specific Windows account, you can provide the exact username and password in the script.  This will cause every connection to log in to the same account every time.
  • If you need to define a Domain, uncomment the line just after the Username and Password
  • Also, download the file from the attachment on this article and save that in the same folder.  Edit this file to ensure the credentials are correct here as well.

At this point, the VDI Admin Guide should be followed to finish configuring Guacamole and the Windows Templates. 


Make the two scripts executable and replace any username/password in the scripts according to your OpenNebula and Guacamole installations.


Practical Tip

In a production environment, Guacamole and Windows images can be configured using the same company users' directory

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.