Using KCM with a PostgreSQL Database
Instructions for integrating Keeper Connection Manager and Guacamole with PostgreSQL
If you haven’t already done so, a database specific to Guacamole needs to be created within PostgreSQL. The database can be called anything you like; all that matters is that the database be dedicated to Guacamole, and not shared by different applications:
CREATE DATABASE guacamole_db;
Guacamole will not automatically initialize the database with the required schema. You will need to do this yourself using the SQL scripts provided with the kcm-guacamole-auth-jdbc-postgresql package, which are located within the
The above scripts must be run in sequence, as it is the first script which actually creates the database schema. The second script, which defines a default administrative user, can only successfully run if the tables created by the first script exist. The simplest way to run both scripts in sequence is to concatenate them:
$ cat /opt/keeper/share/guacamole-auth-jdbc-postgresql/schema/*.sql | psql -d guacamole_db -f -
Alternatively, the scripts can be run individually, as long as the order is correct:
$ psql -d guacamole_db -f /opt/keeper/share/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
$ psql -d guacamole_db -f /opt/keeper/share/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
To execute queries against the database, Guacamole will need its own database user with sufficient privileges. Because Guacamole does not automatically apply or update its own schema, the required privileges are minimal, dealing only with creation and maintenance of data within already-defined tables and indexes:
CREATE USER guacamole_user WITH PASSWORD 'some_password';
GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA public TO guacamole_user;
GRANT SELECT,USAGE ON ALL SEQUENCES IN SCHEMA public TO guacamole_user;
If KCM was installed using the auto docker method, or the docker compose method, use these steps to connect to Postgres.
Using the simple or custom docker method requires modification of docker-compose.yml file. As root, edit your
docker-compose.ymlfile and find the "
guacamole"section. Here, add the Postgres parameters shown below.
To apply the configuration changes, the docker container must be restarted:
sudo ./kcm-setup.run stop
sudo ./kcm-setup.run upgrade
The containers should restart after the upgrade. If not run:
sudo ./kcm-setup.run start
Docker Compose Install:
docker-compose up -d
Keeper Connection Manager packages Guacamole’s PostgreSQL support within the kcm-guacamole-auth-jdbc-postgresql package. This package must be installed before creating Guacamole’s database within PostgreSQL, as it includes the SQL scripts necessary for doing so:
$ sudo yum install kcm-guacamole-auth-jdbc-postgresql
Guacamole’s main configuration file,
/etc/guacamole/guacamole.properties, must now be modified to specify the credentials of the PostgreSQL user and to point the PostgreSQL database:
$ sudo vi /etc/guacamole/guacamole.properties
guacamole.propertiesfile provided with Keeper Connection Manager is organized into sections documented with blocks of comments and example properties. The first section which must be modified is marked “JDBC-1” and defines the TCP connection information for the database in use. Uncomment the postgresql-hostname and postgresql-port properties, modifying their values to point to your PostgreSQL server:
## [JDBC-1] Database TCP connection information
## The TCP connection details for the PostgreSQL, MySQL / MariaDB, or SQL
## Server database.
The “JDBC-2” section, which defines the database name and associated credentials, must also be modified to specify the correct database name, username, and password. These values are given with the postgresql-database, postgresql-username, and postgresql-password properties respectively:
## [JDBC-2] Database name and credentials
## The name of the database to use, as well as the credentials to use when
## connecting to the database. THESE PROPERTIES ARE REQUIRED if one of the
## database authentication extensions will be used.
Guacamole will generally only load new extensions and reread
guacamole.propertiesduring the startup process.
$ sudo systemctl restart guacamole
To make sure everything is working as expected, you should also visit your Guacamole instance with a web browser (most likely at
http://HOSTNAME:8080/guacamole/, where “HOSTNAME” is the hostname or IP address of your server). If all is working correctly, you should see a login screen with a username/password prompt, and you will be able to log in using the default account created with the