YOU ARE HERE: HOMEQuickstart Guide (CentOS 7)

Quickstart Guide (CentOS 7)

Step 1: Set up the YUM repository

If you have not already done so, the Glyptodon Enterprise YUM repository needs to be defined, such that the “yum” utility can find the various RPM packages which make up Glyptodon Enterprise.

The necessary repository definition file can be viewed or downloaded from your account information on the Glyptodon Enterprise website. Once you have the file (or its contents), copy the file to /etc/yum.repos.d, or use a text editor to paste the contents into a new file:

$ sudo vi /etc/yum.repos.d/glyptodon.repo

This file should ultimately look like:

[glyptodon]
name=Glyptodon Enterprise
baseurl=https://USERNAME:PASSWORD@enterprise.glyptodon.org/release/1/el7/$basearch/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://enterprise.glyptodon.org/release/RPM-GPG-KEY-glyptodon-release

where “USERNAME” and “PASSWORD” are the repository credentials which were generated for you when your organization’s Glyptodon Enterprise account was created.

Step 2: Install the @glyptodon-guacamole package group

Glyptodon Enterprise provides a @glyptodon-guacamole package group for convenience which installs all of the packages typically required for an Apache Guacamole deployment, and includes support for VNC, RDP, and SSH:

$ sudo yum install @glyptodon-guacamole

This will install the following key packages:

Package nameDescription
glyptodon-guacamoleThe Apache Guacamole web application
glyptodon-guacdThe Apache Guacamole proxy daemon
glyptodon-libguac-client-vncVNC support for guacd
glyptodon-libguac-client-rdpRDP support for guacd
glyptodon-libguac-client-sshSSH support for guacd

Step 3: Deploy Guacamole under Tomcat

Apache Guacamole is a web application which is served through the Apache Tomcat application server. If you have not already installed Tomcat, you must do so prior to deploying Guacamole:

$ sudo yum install tomcat

Once Tomcat is installed, the “tomcat” system user must be added to the “guacamole” group, such that the Guacamole web application running under Tomcat will be able to read its own configuration files:

$ sudo usermod -aG guacamole tomcat

To deploy Guacamole to Tomcat, create a symbolic link from the web application’s “guacamole.war” file, located in /usr/share/guacamole, within “/var/lib/tomcat/webapps”:

$ sudo ln -s /usr/share/guacamole/guacamole.war /var/lib/tomcat/webapps/

Step 4: Start Tomcat and guacd

Apache Guacamole requires its proxy daemon service, “guacd”, in order to connect to remote desktops. This service must be started for Guacamole to function, and should be configured to start automatically on boot:

$ sudo systemctl start guacd 
$ sudo systemctl enable guacd 

The same must be done for Tomcat, such that the web application itself will be running and available:

$ sudo systemctl start tomcat
$ sudo systemctl enable tomcat

At this point, Apache Guacamole should be working, and a login screen should be visible if you visit http://HOSTNAME:8080/guacamole/ with a web browser, where “HOSTNAME” is the hostname or IP address of your server.

Step 5: Add a test user and connection

Apache Guacamole comes with a built-in, simplified, XML-driven authentication mechanism for the sake of testing. You can verify that your Guacamole installation is functional by editing the “user-mapping.xml” configuration file used by this mechanism to add a user and a few connections:

$ sudo vi /etc/guacamole/user-mapping.xml

The “user-mapping.xml” file consists of a main <user-mapping> element and any number of <authorize> blocks describing users, their passwords, and the connections they can access. For example, to add a user named “test-user” with password “test-password” and access to a single SSH connection to the Guacamole server itself, you would add an <authorize> block like:

<authorize username="test-user" password="test-password">
    <connection name="Test Connection">
        <protocol>ssh</protocol>
        <param name="hostname">localhost</param>
    </connection>
</authorize>

This file is automatically reread when modified, so you should be able to immediately log in when you define a new user in this way. Changes to an active user’s connections defined within “user-mapping.xml” will not be available to that user until they logout, however.