Guacamole 1.2.0

Andy_Wismer · April 16, 2020, 12:43pm

Hi

I see this in the logs:

Apr 16 14:33:29 sazg-nethserver server: Apr 16, 2020 2:33:29 PM org.apache.catalina.startup.TldConfig execute
Apr 16 14:33:29 sazg-nethserver server: INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Apr 16 14:33:29 sazg-nethserver server: Apr 16, 2020 2:33:29 PM org.apache.catalina.startup.HostConfig deployDirectory
Apr 16 14:33:29 sazg-nethserver server: INFO: Deployment of web application directory /var/lib/tomcat/webapps/manager has finished in 226 ms
Apr 16 14:33:29 sazg-nethserver server: Apr 16, 2020 2:33:29 PM org.apache.coyote.AbstractProtocol start
Apr 16 14:33:29 sazg-nethserver server: INFO: Starting ProtocolHandler [“http-bio-8080”]
Apr 16 14:33:29 sazg-nethserver server: Apr 16, 2020 2:33:29 PM org.apache.coyote.AbstractProtocol start
Apr 16 14:33:29 sazg-nethserver server: INFO: Starting ProtocolHandler [“ajp-bio-8009”]
Apr 16 14:33:29 sazg-nethserver server: Apr 16, 2020 2:33:29 PM org.apache.catalina.startup.Catalina start
Apr 16 14:33:29 sazg-nethserver server: INFO: Server startup in 4514 ms
Apr 16 14:33:32 sazg-nethserver systemd: Started Session c15 of user root.
Apr 16 14:33:34 sazg-nethserver systemd: Started Session c16 of user root.
Apr 16 14:33:37 sazg-nethserver systemd: Started Session c17 of user root.
Apr 16 14:33:40 sazg-nethserver systemd: Started Session c18 of user root.
Apr 16 14:33:50 sazg-nethserver sshd[8752]: Failed password for root from 92.222.92.114 port 54948 ssh2
Apr 16 14:33:50 sazg-nethserver sshd[8752]: Received disconnect from 92.222.92.114 port 54948:11: Bye Bye [preauth]
Apr 16 14:33:50 sazg-nethserver sshd[8752]: Disconnected from 92.222.92.114 port 54948 [preauth]
Apr 16 14:33:50 sazg-nethserver server: 14:33:50.824 [http-bio-8080-exec-4] WARN o.a.g.e.AuthenticationProviderFacade - The “mysql” authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set “skip-if-unavailable: mysql” within your guacamole.properties.
Apr 16 14:33:50 sazg-nethserver server: 14:33:50.824 [http-bio-8080-exec-4] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Apr 16 14:33:50 sazg-nethserver server: ### Error querying database. Cause: java.sql.SQLException: Access denied for user ‘guacamole’@‘localhost’ (using password: YES)
Apr 16 14:33:50 sazg-nethserver server: ### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml
Apr 16 14:33:50 sazg-nethserver server: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
Apr 16 14:33:50 sazg-nethserver server: ### The error occurred while executing a query
Apr 16 14:33:50 sazg-nethserver server: ### Cause: java.sql.SQLException: Access denied for user ‘guacamole’@‘localhost’ (using password: YES)

Logging to MySQL with the guacamole user works:

[root@sazg-nethserver ~]# mysql -u guacamole -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 75
Server version: 5.5.64-MariaDB MariaDB Server

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]>

Any ideas?

Thx
Andy

mrmarkuz · April 16, 2020, 1:01pm

Thanks for testing!

It seems mysql makes problems:

Reset mysql password for guacamole:

mysql -e "GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'localhost' IDENTIFIED BY '`cat /var/lib/nethserver/secrets/guacamole`';"

You need to restart tomcat after changes with

systemctl restart tomcat

or

signal-event nethserver-guacamole-update

Andy_Wismer · April 16, 2020, 1:08pm

OK, i’ve reset the MySQL password as per command above.

Also restarted with:
systemctl restart tomcat guacd

but this still appears in the log:

Apr 16 15:05:41 sazg-nethserver server: Apr 16, 2020 3:05:41 PM org.apache.catalina.startup.HostConfig deployDirectory
Apr 16 15:05:41 sazg-nethserver server: INFO: Deploying web application directory /var/lib/tomcat/webapps/manager
Apr 16 15:05:41 sazg-nethserver server: Apr 16, 2020 3:05:41 PM org.apache.catalina.startup.TldConfig execute
Apr 16 15:05:41 sazg-nethserver server: INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Apr 16 15:05:41 sazg-nethserver server: Apr 16, 2020 3:05:41 PM org.apache.catalina.startup.HostConfig deployDirectory
Apr 16 15:05:41 sazg-nethserver server: INFO: Deployment of web application directory /var/lib/tomcat/webapps/manager has finished in 170 ms
Apr 16 15:05:41 sazg-nethserver server: Apr 16, 2020 3:05:41 PM org.apache.coyote.AbstractProtocol start
Apr 16 15:05:41 sazg-nethserver server: INFO: Starting ProtocolHandler [“http-bio-8080”]
Apr 16 15:05:41 sazg-nethserver server: Apr 16, 2020 3:05:41 PM org.apache.coyote.AbstractProtocol start
Apr 16 15:05:41 sazg-nethserver server: INFO: Starting ProtocolHandler [“ajp-bio-8009”]
Apr 16 15:05:41 sazg-nethserver server: Apr 16, 2020 3:05:41 PM org.apache.catalina.startup.Catalina start
Apr 16 15:05:41 sazg-nethserver server: INFO: Server startup in 4737 ms
Apr 16 15:05:47 sazg-nethserver server: 15:05:47.940 [http-bio-8080-exec-1] WARN o.a.g.e.AuthenticationProviderFacade - The “mysql” authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set “skip-if-unavailable: mysql” within your guacamole.properties.
Apr 16 15:05:47 sazg-nethserver server: 15:05:47.940 [http-bio-8080-exec-1] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Apr 16 15:05:47 sazg-nethserver server: ### Error querying database. Cause: java.sql.SQLException: Access denied for user ‘guacamole’@‘localhost’ (using password: YES)
Apr 16 15:05:47 sazg-nethserver server: ### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml
Apr 16 15:05:47 sazg-nethserver server: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
Apr 16 15:05:47 sazg-nethserver server: ### The error occurred while executing a query
Apr 16 15:05:47 sazg-nethserver server: ### Cause: java.sql.SQLException: Access denied for user ‘guacamole’@‘localhost’ (using password: YES)
Apr 16 15:07:09 sazg-nethserver systemd: Started Session c432 of user root.

mrmarkuz · April 16, 2020, 1:22pm

but still

Can you login with guacamole user to mysql now?

Is the password for mysql in /etc/guacamole/guacamole.properties the same as in /var/lib/nethserver/secrets/guacamole?

Please do a

signal-event nethserver-guacamole-update

after changes as it does not only restart tomcat and guacd. It expands templates and cares about the database too.

Check /etc/e-smith/events/actions/nethserver-guacamole-conf to see what the preconfiguration does.

Maybe because of wrong pw the database wasn’t updated. This one updates the database to version 1.0.0:

cat /opt/guacamole/upgrade/upgrade-pre-0.9.14.sql /opt/guacamole/upgrade/upgrade-pre-1.0.0.sql | mysql -Dguacamole

If there’s no important data in the database just drop it and do a

signal-event nethserver-guacamole-update

to recreate everything.

Andy_Wismer · April 16, 2020, 1:36pm

Hi

This seems to be the problem:

Found it! (I think…)

mrmarkuz · April 16, 2020, 1:39pm

It seems not expanded. Please try

expand-template /etc/guacamole/guacamole.properties

This is the used template fragment, it should get the password from /var/lib/nethserver/secrets:

/etc/e-smith/templates/etc/guacamole/guacamole.properties/10base

Do you use a custom template that overwrites the new one? I assume yes, as there are comments that are not there in the original fragment.

Andy_Wismer · April 16, 2020, 1:43pm

@mrmarkuz

I found the problem. Somehow an old template dated summer 2019 was in /etc/e-smith/templates-custom/etc/guacamole/

That was working til this morning, but somehow was screwed after the update this morning.

It could still be a relict from last year, when we both tried to get the SG keyboard working for Guacamole.

Thx for all your pointers…

It’s working now

Andy

mrmarkuz · April 16, 2020, 1:51pm

The smartest way for custom templates is to create new fragments instead of copying.
That’s not always possible so you have to copy a fragment.
Then you forget about it and the next update hits you, this was a typical example.
Glad it works now.

oneitonitram · April 16, 2020, 1:57pm

my ldap server is different from the one where guacamole is installed on, even though the nethserver instance is paired to it.
Do i need to change any parameters or what, i still am not able to login with Ldap users.

mrmarkuz · April 16, 2020, 2:11pm

Thanks for testing.

You can change port and encryption:

config setprop guacd ldapPort 636
config setprop guacd Encryption ssl
expand-template /etc/guacamole/guacamole.properties

Please check /etc/guacamole/guacamole.properties if the values are correct.

Maybe you need to change ldap-hostname?

ldap-hostname: YOURLDAPSERVER

After editing please restart tomcat (systemctl restart tomcat) and check if it works. If yes I am going to apply it to the module.

Andy_Wismer · April 16, 2020, 2:23pm

@mrmarkuz

I also sometimes forget to “clean up” after testing - especially if no immediate negative effects are noticed. That was a test for Guacamole 1.1 at the time.

I realized the template after the custom-template changed the file when i did a
signal-event nethserver-guacamole-update

Then I started looking and found the “forgotten” template…

Sh*t happens…
(still better tha diorea… )

Andy

oneitonitram · April 16, 2020, 3:04pm

Yes, the values are correct. i think it imported the correct values from the linked Nethserver.

I am now a happy LAD, it works great.

Thank you @mrmarkuz

oneitonitram · April 16, 2020, 3:10pm

2 issues i am Facing. The users tab takes ages to load with the wheel spinning

Second challenge
i have assigned this setting to a group.

but the connections are not appearing on the users panel.

mrmarkuz · April 16, 2020, 5:01pm

From your screenshots there seems to be missing languages, I’ve never seen it like that. Looks like something is corrupted. Did you install or update?

I am afraid it’s not working well in this version but I have to test with remote LDAP…

From the guacamole release notes:

Bug fixes

Group permission behavior

Issues with the new support for user groups were identified following the 1.0.0 release which resulted in permissions not taking effect if granted via user groups from different authentication extensions. These issues have now been fixed. User group permissions should be inherited as expected, regardless of whether user group membership is dictated by a different extension than the permissions granted to that group.

oneitonitram · April 16, 2020, 6:11pm

i had installed initially, then updated from the instructions

oneitonitram · April 16, 2020, 6:12pm

do we need to update again?

mrmarkuz · April 16, 2020, 6:29pm

Not now but when a new version is working I’ll provide an update.

I still wonder why you have missing languages in the screenshots, did you change language?

I am going to test remote LDAP again, maybe I can reproduce your issue.

oneitonitram · April 16, 2020, 6:42pm

i also dont understand how the language issue appeared. it came out of the blues

royceb · April 16, 2020, 7:36pm

I have an odd duck going on.

Steps - Created new VM with1 Green Nic Static IP from fresh 7.7 updated install

From Cockpit Terminal:

After the successful install and reboot after navigating to https://10.0.99.193/guacamole/ I get a blank screen.

Not sure what logs you’d like me to pull from. Oddly enough this looks similar to a problem I had with NethServer’s reverse proxy working with web sockets properly.

mrmarkuz · April 16, 2020, 7:46pm

Thanks for testing!

It logs to /var/log/messages and /var/log/tomcat/*, please share relevant entries.

Does it work if you restart tomcat

systemctl restart tomcat

or reconfigure guacamole

signal-event nethserver-guacamole-update

or reinstall?

yum reinstall https://mrmarkuz.dynu.net/mirror/devtest/nethserver-guacamole-0.0.1-1.ns7.noarch.rpm

EDIT:

@royceb I think you found a bug. Please try:

mkdir -p /etc/fail2ban/jail.d/
signal-event nethserver-guacamole-update