Forge Home

vnc

Manage tigervnc with systemd-logind support

3,524 downloads

68 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 3.0.0 (latest)
  • 2.3.7
  • 2.3.6
  • 2.3.5
  • 2.3.4
  • 2.3.3 (deleted)
  • 2.3.2
  • 2.3.1
  • 2.3.0
  • 2.2.0
  • 2.1.0
  • 2.0.2
  • 2.0.1
  • 2.0.0
  • 1.2.0
  • 1.1.0
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.4.0
  • 0.3.3
  • 0.3.2
  • 0.3.1
  • 0.3.0
  • 0.2.1
  • 0.2.0
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Oct 22nd 2024
This version is compatible with:
  • Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'jcpunk-vnc', '3.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jcpunk-vnc
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jcpunk-vnc --version 3.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: vnc, tigervnc, novnc

Documentation

jcpunk/vnc — version 3.0.0 Oct 22nd 2024

vnc

Manage tigervnc now that it expects systemd-logind support.

Table of Contents

  1. Description
  2. Setup - The basics of getting started with vnc
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module

Description

This module manages VNC servers utilizing the new tigervnc scripts from tigervnc 1.11 and later.

Users can optionally be given rights to restart their own servers.

Setup

What vnc affects

This will impact your VNC sessions, configs in /etc/tigervnc (parameter), and PolicyKit for systemd (if user restart is granted via the params).

If requested the vnc::client::novnc will try to setup the non-webserver parts of a noVNC site.

Setup Requirements OPTIONAL

If you wish to use the novnc client, you must setup a webserver to point at the websocket.

Beginning with vnc

Usage

Server

If the defaults are workable for you, basic usage is:

class { 'vnc::server':
  manage_services => true,
  vnc_servers => {
    'userA' => {
       'comment' => 'Optional comment',
       'displaynumber' => 1,
       'user_can_manage' =>  true,
    }
}

Or via hiera

vnc::server::manage_services: true
vnc::server::vnc_servers:
  userA:
    comment: Optional comment
    displaynumber: 1
    user_can_manage: true

The most interesting parameter is vnc::server::vnc_servers.

It has a structure of:

username:
  comment: (optional) comment
  displaynumber: The VNC screen, like 1, 2, 3, etc
  ensure: service ensure, default is 'running'
  enable: service enable, default is 'true'
  seed_home_vnc: make ~${username}/.vnc/config, default is `vnc::server::seed_user_vnc_config`
  extra_users_can_manage: [ usera, userb]
  user_can_manage: Boolean value to permit a user to run `systemctl restart vncserver@:#.service`
                   where the `#` is their listed displaynumber.
                   default value is from $vnc::server::user_can_manage

For hosts where a users's home is on a kerberos protected volume, you'll probably want to set seed_home_vnc = false as the puppet process will not have access. Or globally via vnc::server::seed_home_vnc.

The extra_users_can_manage grants systemctl restart vncserver@:#.service to these users too. The user_can_manage boolean must be true for this to work.

Similarly, when "user home" is not accessible to unauthenticated systemd, you'll probably want to set vnc::server::manage_services = false.

You can directly export these sessions to noVNC via include vnc::server::export::novnc.

Client

Similarly, VNC clients can be loaded with:

class { 'vnc::client::gui': }

or

class { 'vnc::client::novnc': }

The noVNC client takes a parameter vnc_sessions with a format of:

vnc::client::novnc::vnc_servers:
  session_name: server:port
  other_session_name: server:otherport

By default token based configuration is used to let the webserver multiplex to a single websockify instance. An example HTML list of configured sessions is written out to vnc::client::novnc::webserver_vnc_index.

Limitations

This requires the systemd units from tigervnc 1.11+.

You must manage you own firewall settings.

There are too may ways folks may want to setup the webserver, so no attempt is made here to provide hooks for the websockets proxy via httpd or nginx.

If you want to use the SSL wrapper for websockify you are responsible to depoy the cert, key, CA, and set the parameters you need.

Development

See the linked repo in metadata.json