Slip-Stream Install Configurations
Administrators may wish to install an instance of Workspaces preloaded with desired configurations. This may be helpful for CI/CD or other programmatically deployed environments such as augmenting terraform projects.
This can be accomplished by swapping out the
default_properties.yaml
file found in the standard installation package after it is extracted
and before install.sh
is called.
The format of the default_properties.yaml
file, is the same as one generated from the Exporting System Configurations mechanism,
allowing administrators to more easily restore an existing deployment to another system.
cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.18.0.09f70a.tar.gz
tar -xf kasm_release_1.18.0.09f70a.tar.gz
# Replace default_properties.yaml
cp <custom_config.yaml> kasm_release/conf/database/seed_data/default_properties.yaml
sudo bash kasm_release/install.sh
This feature is primarly intended for partners and system integrators that have advanced understanding and experience using Kasm Workspaces. Workspaces contains thousands of interconnected configuration items, many of which are internal-facing elements and thus not fully documented.
Please see Configuration Schema Versioning and Details for important implementation concerns.
Default Properties Pre-Processing
When the installer ingests the default_properites.yaml
, it will first pre-process the file to allow values
to be templated with special variables. This may be helpful when constructing references between objects via uuids,
or templating values that should be randomized between deployments. It is recommended to inspect the
default_properites.yaml
that is provided with the install package for example usage as it represents the standard
configurations for the default install.
UUIDs
UUIDs can be templated by using the string ${uuid:<some string>}
e.g ${uuid:example1}
. If the same variable is used
multiple times in the yaml, it will be replaced with the same UUID.
group_settings:
- description: Allows users to see and edit all attributes of the Kasm application.
group_id: "${uuid:group:1}"
group_setting_id: "${uuid:group_setting_id:1}"
name: administrator
value: 'False'
value_type: bool
- description: Allow audio streaming for a Kasm.
group_id: "${uuid:group:1}"
group_setting_id: "${uuid:group_setting_id:2}"
name: allow_kasm_audio
value: 'False'
value_type: bool
groups:
- description: null
group_id: "${uuid:group:1}"
is_system: false
name: Intenal Administators
priority: 1000
program_data: null
group_settings:
- description: Allows users to see and edit all attributes of the Kasm application.
group_id: "e2fd5c8e-82c2-4841-8ef0-824e30f16055"
group_setting_id: "e7173013-fad7-4de8-860b-94ee5a70dcbf"
name: administrator
value: 'False'
value_type: bool
- description: Allow audio streaming for a Kasm.
group_id: "e2fd5c8e-82c2-4841-8ef0-824e30f16055"
group_setting_id: "b1c4efbe-ddc4-4ebc-839b-483b2e190873"
name: allow_kasm_audio
value: 'False'
value_type: bool
groups:
- description: null
group_id: "e2fd5c8e-82c2-4841-8ef0-824e30f16055"
is_system: false
name: Internal Administators
priority: 1000
program_data: null
DateTime
Datetime objects can be generated for the current time using the ${datetime:utcnow}
variable.
users:
- created: '${datetime:utcnow}'
password_set_date: '${datetime:utcnow}'
pw_hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
realm: local
salt: 6614c4ba-6c49-4f50-8d9a-ce82de5ac852
user_id: 11bf8e0a-e08c-4c1b-81ad-518447d75b49
username: admin@kasm.local
users:
- created: '2023-02-05 02:41:43.729155'
password_set_date: '2023-02-05 02:41:43.729155'
pw_hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
realm: local
salt: 6614c4ba-6c49-4f50-8d9a-ce82de5ac852
user_id: 11bf8e0a-e08c-4c1b-81ad-518447d75b49
username: admin@kasm.local
Random Tokens
Random string tokens can be be generated using a variable ${random_token:<some string>}
. E.g ${random_token:manager_token}
settings:
- category: manager
description: An authentication token used in the communication between Kasm Agents and the Manager API server.
name: token
sanitize: false
services_restart: manager
title: Token
value: "${random_token:manager_token}"
value_type: password
settings:
- category: manager
description: An authentication token used in the communication between Kasm Agents and the Manager API server.
name: token
sanitize: false
services_restart: manager
title: Token
value: "2RZGPY1LUPOph4fmU1kU"
value_type: password
RSA Keys
RSA public and private keys can be be generated using variables: ${rsa:<some string>:private}
and ${rsa:<some string>:public}
settings:
- category: auth
description: Private Key used to sign request between Kasm components.
name: api_private_key
sanitize: true
services_restart: null
title: API Private Key
value: "${rsa:1:private}"
value_type: multiline_string
- category: auth
description: Public key used by Kasm components to validate internal API calls.
name: api_public_cert
sanitize: false
services_restart: null
title: API Public Cert
value: "${rsa:1:public}"
value_type: multiline_string
settings:
- category: auth
description: Private Key used to sign request between Kasm components.
name: api_private_key
sanitize: true
services_restart: null
title: API Private Key
value: "-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDPS/VMFDiHcmYc
...
F0QQggEL0azu+RPZkg2KV2ZqawkFbGeGdhnPbluvmFUZHS0qzs1xbefludeVe9aR
568UxTAiTOowDRY45zwugW52VdBFASdc3w6z/DzPgD2FfI46ZQPzJD4ariJOMlSY
ZszdhrNDulOoIsp0Adm/nKtXrT8JJca5
-----END PRIVATE KEY-----"
value_type: multiline_string
- category: auth
description: Public key used by Kasm components to validate internal API calls.
name: api_public_cert
sanitize: false
services_restart: null
title: API Public Cert
value: "-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoQu+DCpu6IMVRJBlrxn5
/SLIzggFi72fkLTuXTi7gGPCtGMV/5QLJnRjcAAYo9zJoFhob268qcK69FMRD3B
nJ//C3zSW5pWvzh5HdRINrjmdZKgCpudEeXYpd/KpIulHzoWLJuiizEM/jlFpJcB
...
89c22kgSOtyQGFJXQLQeFIqyak3fQ2guJ/ZbdJP6CeNJfjLdKFm9RE4bHuuqr2Bt
/deSoQfXUXUUZbWf40jqprYTIuaidwBHus8KirY5LAxlDz9RVHvGQHrYq3hRMHcD
XLnh226+sKxRSxxdXLwFLyMCAwEAAQ==
-----END PUBLIC KEY-----"
value_type: multiline_string