kasmtech · vpiserchia · Dec 2, 2024 · Dec 3, 2024 · Dec 3, 2024 · Dec 3, 2024
diff --git a/README.md b/README.md
@@ -93,12 +93,12 @@ Before running the installation against a modified inventory file please ensure
 ```
     ## Credentials ##
     # If left commented secure passwords will be generated during the installation and substituted in upon completion
-    user_password: PASSWORD
-    admin_password: PASSWORD
-    database_password: PASSWORD
-    redis_password: PASSWORD
-    manager_token: PASSWORD
-    registration_token: PASSWORD
+    kasm_user_password: PASSWORD
+    kasm_admin_password: PASSWORD
+    kasm_database_password: PASSWORD
+    kasm_redis_password: PASSWORD
+    kasm_manager_token: PASSWORD
+    kasm_registration_token: PASSWORD
 ```
 
 #### Scaling examples

diff --git a/roles/backup_db/defaults/main.yml b/roles/backup_db/defaults/main.yml
@@ -0,0 +1,9 @@
+## Database Backup settings ##
+# This does not support remote database type installations
+# Directory where backups are placed on db server
+kasm_remote_backup_dir: /srv/backup/kasm/
+# Number of days that logs backups are retained on db host
+kasm_retention_days: 10
+# If this is uncommented, backups will be copied from remote server to the local ansible host
+kasm_local_backup_dir: backup/
+
diff --git a/roles/backup_db/tasks/main.yml b/roles/backup_db/tasks/main.yml
@@ -1,11 +1,11 @@
 - name: Ensure backup directory exists
   file:
-    path: "{{ remote_backup_dir }}"
+    path: "{{ kasm_remote_backup_dir }}"
     state: directory
   become: true
 
 - name: Backup database
-  script: "files/backup.sh {{ remote_backup_dir }} {{ retention_days }}"
+  script: "files/backup.sh {{ kasm_remote_backup_dir }} {{ kasm_retention_days }}"
   register: backup_output
   become: true
 
@@ -16,6 +16,7 @@
 - name: Copy database backup to ansible host
   fetch:
     src: "{{ remote_backup }}"
-    dest: "{{ local_backup_dir }}"
+    dest: "{{ kasm_local_backup_dir }}"
     flat: true
-  when: local_backup_dir is defined
+  when:
+    - kasm_local_backup_dir is defined
diff --git a/roles/install_common/defaults/main.yml b/roles/install_common/defaults/main.yml
@@ -0,0 +1,74 @@
+---
+
+# Allow for single or multi mode installation
+# see: https://kasmweb.com/docs/latest/install/multi_server_install.htm
+# and https://kasmweb.com/docs/latest/install/single_server_install.html
+kasm_mode: multi
+
+# when in single mode we can define role
+kasm_agent: true
+kasm_db: true
+kasm_web: true
+kasm_proxy: true
+kasm_guac: true
+
+# This allows reusage of the role
+kasm_agent_group_name: kasm_agent
+kasm_db_group_name: kasm_db
+kasm_web_group_name: kasm_web
+kasm_proxy_group_name: kasm_proxy
+kasm_guac_group_name: kasm_guac
+
+##############################
+# Installation configuration #
+##############################
+
+## Credentials ##
+# If left empty secure passwords will be generated
+# during the installation and substituted in upon completion
+kasm_user_password: ''
+kasm_admin_password: ''
+kasm_database_password: ''
+kasm_redis_password: ''
+kasm_manager_token: ''
+kasm_registration_token: ''
+
+## Scaling Configuration ##
+
+# Stick scaled agents/guacs/proxys to a default web server
+# IE when set to 1 all additional hosts in that zone will use zone1_web_1 as their webserver
+# Set to false to scale out as a linked group IE zone1_web_1/zone1_agent_1/zone1_guac_1/zone1_proxy_1
+kasm_default_web: 1
+kasm_default_db: "{{ kasm_default_web }}"
+
+## Zone configuration ##
+# Define multiple zones here if defined in inventory above
+kasm_zones:
+  - zone1
+
+## General settings ##
+kasm_proxy_port: 443
+kasm_start_docker_on_boot: true
+kasm_desired_swap_size: 5g # Default agent swap size for all agents
+
+## PostgreSQL settings ##
+
+##############################################
+# PostgreSQL remote DB connection parameters #
+##############################################
+# The following parameters need to be set only once on database initialization
+kasm_init_remote_db: false # swap to true to activate
+database_master_user: postgres
+database_master_password: changeme
+
+database_hostname: false # swap to a string to activate
+
+# The remaining variables can be modified to suite your needs or left as is in a normal deployment
+kasm_database_user: kasmapp
+kasm_database_name: kasm
+kasm_database_port: 5432
+kasm_database_ssl: true
+
+## redis settings ##
+# redis connection parameters if hostname is set the web role will use a remote redis server
+kasm_redis_hostname: false
diff --git a/roles/install_common/tasks/add_zones.yml b/roles/install_common/tasks/add_zones.yml
@@ -1,6 +1,6 @@
 - name: Add additional zones
   when: i != 0
-  loop: "{{ zones }}"
+  loop: "{{ kasm_zones }}"
   loop_control:
     index_var: i
   blockinfile:
@@ -16,7 +16,7 @@
           proxy_connections: true
           proxy_hostname: $request_host$
           proxy_path: desktop
-          proxy_port: {{ proxy_port }}
+          proxy_port: {{ kasm_proxy_port }}
           search_alternate_zones: true
           upstream_auth_address: $request_host$
           zone_id: "${uuid:zone_id:{{ i + 1 }}}"

diff --git a/roles/install_common/tasks/agent.yml b/roles/install_common/tasks/agent.yml
@@ -0,0 +1,17 @@
+---
+
+- set_fact:
+    # We only want to make a swapfile large enough to make up the difference between
+    # the current swapsize and our desired size.
+    new_swap_size: "{{ kasm_desired_swap_size | human_to_bytes - current_swap_size.stdout | int }}"
+
+- debug:
+    var: new_swap_size
+
+- name: Run swap tasks
+  include_tasks:
+    file: mkswap.yml
+  when:
+    - new_swap_size | int > 0
+    - not kasm_swapfile.stat.exists
+
diff --git a/roles/install_common/tasks/agent_install.yml b/roles/install_common/tasks/agent_install.yml
@@ -1,6 +1,6 @@
 - name: Check connection from agent to webserver
   uri:
-    url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck"
+    url: "https://{{ web_ip }}:{{ kasm_proxy_port }}/api/__healthcheck"
     timeout: 5
     validate_certs: false
   register: _result
@@ -13,10 +13,10 @@
     bash {{ tempdir.path }}/kasm_release/install.sh 
       --role agent 
       --accept-eula 
-      --proxy-port {{ proxy_port }} 
+      --proxy-port {{ kasm_proxy_port }} 
       --public-hostname {{ target_ip }} 
       --manager-hostname {{ web_ip }} 
-      --manager-token {{ manager_token }} 
+      --manager-token {{ kasm_manager_token }} 
       {{ '-s ' ~ service_images_copy.dest if service_images_file }} 
       {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}
       {{ '-x ' ~ network_plugin_copy.dest if network_plugin_file }}

diff --git a/roles/install_common/tasks/db_install.yml b/roles/install_common/tasks/db_install.yml
@@ -3,17 +3,17 @@
     bash {{ tempdir.path }}/kasm_release/install.sh 
       --role db 
       --accept-eula 
-      --proxy-port {{ proxy_port }} 
-      --database-user {{ database_user }} 
-      --database-name {{ database_name }}
-      --db-password {{ database_password }} 
-      --redis-password {{ redis_password }} 
-      --user-password {{ user_password }} 
-      --admin-password {{ admin_password }} 
-      --manager-token {{ manager_token }} 
-      --registration-token {{ registration_token }}
-      --server-zone {{ zones[0] }}
-      {{ '--no-db-ssl ' if not database_ssl }} 
+      --proxy-port {{ kasm_proxy_port }} 
+      --database-user {{ kasm_database_user }} 
+      --database-name {{ kasm_database_name }}
+      --db-password {{ kasm_database_password }} 
+      --redis-password {{ kasm_redis_password }} 
+      --user-password {{ kasm_user_password }} 
+      --admin-password {{ kasm_admin_password }} 
+      --manager-token {{ kasm_manager_token }} 
+      --registration-token {{ kasm_registration_token }}
+      --server-zone {{ kasm_zone }}
+      {{ '--no-db-ssl ' if not kasm_database_ssl }} 
       {{ '--offline-service ' ~ service_images_copy.dest if service_images_file }} 
       {{ '--offline-workspaces ' ~ workspace_images_copy.dest if workspace_images_file }}
   register: install_output

diff --git a/roles/install_common/tasks/default_credentials.yml b/roles/install_common/tasks/default_credentials.yml
@@ -1,37 +1,43 @@
 # Setup default creds if users don't set them in the inventory
 
 - set_fact:
-    database_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
-  when: database_password is not defined
+    kasm_database_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
+  when:
+    - kasm_database_password | d('', true) | trim == ''
   run_once: true
   delegate_to: localhost
 
 - set_fact:
-    redis_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
-  when: redis_password is not defined
+    kasm_redis_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
+  when:
+    - kasm_redis_password | d('', true) | trim == ''
   run_once: true
   delegate_to: localhost
 
 - set_fact:
-    user_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
-  when: user_password is not defined
+    kasm_user_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
+  when:
+    - kasm_user_password | d('', true) | trim == ''
   run_once: true
   delegate_to: localhost
 
 - set_fact:
-    admin_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
-  when: admin_password is not defined
+    kasm_admin_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
+  when:
+    - kasm_admin_password | d('', true) | trim == ''
   run_once: true
   delegate_to: localhost
 
 - set_fact:
-    manager_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
-  when: manager_token is not defined
+    kasm_manager_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
+  when:
+    - kasm_manager_token | d('', true) | trim == ''
   run_once: true
   delegate_to: localhost
 
 - set_fact:
-    registration_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=22') }}"
-  when: registration_token is not defined
+    kasm_registration_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=22') }}"
+  when:
+    - kasm_registration_token | d('', true) | trim == ''
   run_once: true
-  delegate_to: localhost 
+  delegate_to: localhost
diff --git a/roles/install_common/tasks/guac_install.yml b/roles/install_common/tasks/guac_install.yml
@@ -1,6 +1,6 @@
 - name: Check connection from guac to webserver
   uri:
-    url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck"
+    url: "https://{{ web_ip }}:{{ kasm_proxy_port }}/api/__healthcheck"
     timeout: 5
     validate_certs: false
   register: _result
@@ -13,10 +13,10 @@
     bash {{ tempdir.path }}/kasm_release/install.sh 
       --role guac 
       --accept-eula 
-      --proxy-port {{ proxy_port }} 
+      --proxy-port {{ kasm_proxy_port }} 
       --api-hostname {{ web_ip }} 
       --public-hostname {{ target_ip }} 
-      --registration-token {{ registration_token }} 
+      --registration-token {{ kasm_registration_token }} 
       {{ '-s ' ~ service_images_copy.dest if service_images_file }}
   register: install_output
   become: true

diff --git a/roles/install_common/tasks/install.yml b/roles/install_common/tasks/install.yml
@@ -0,0 +1,16 @@
+---
+
+- name: Run multi server install tasks
+  include_tasks:
+    file: multi_server.yml
+  when:
+    - kasm_mode == 'multi'
+
+- name: Run single install tasks
+  include_tasks:
+    file: single_server.yml
+  when:
+    - kasm_mode == 'single'
+
+
+