Slip-Stream Install Configurations

Administrators may wish to install an instance of Workspaces preloaded with desired configurations. This may be helpful for CI/CD or other programmatically deployed environments such as augmenting terraform projects.

This can be accomplished by swapping out the default_properties.yaml file found in the standard installation package after it is extracted and before install.sh is called.

The format of the default_properties.yaml file, is the same as one generated from the Exporting System Configurations mechanism, allowing administrators to more easily restore an existing deployment to another system.

cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.16.1.98d6fa.tar.gz
tar -xf kasm_release_1.16.1.98d6fa.tar.gz
# Replace default_properties.yaml
cp <custom_config.yaml>  kasm_release/conf/database/seed_data/default_properties.yaml
sudo bash kasm_release/install.sh

Warning

This feature is primarly intended for partners and system integrators that have advanced understanding and experience using Kasm Workspaces. Workspaces contains thousands of interconnected configuration items, many of which are internal-facing elements and thus not fully documented.

Please see Configuration Schema Versioning and Details for important implementation concerns.

Default Properties Pre-Processing

When the installer ingests the default_properites.yaml, it will first pre-process the file to allow values to be templated with special variables. This may be helpful when constructing references between objects via uuids, or templating values that should be randomized between deployments. It is recommended to inspect the default_properites.yaml that is provided with the install package for example usage as it represents the standard configurations for the default install.

UUIDs

UUIDs can be templated by using the string ${uuid:<some string>} e.g ${uuid:example1}. If the same variable is used multiple times in the yaml, it will be replaced with the same UUID.

Templated Config

    group_settings:
    - description: Allows users to see and edit all attributes of the Kasm application.
      group_id: "${uuid:group:1}"
      group_setting_id: "${uuid:group_setting_id:1}"
      name: administrator
      value: 'False'
      value_type: bool
    - description: Allow audio streaming for a Kasm.
      group_id: "${uuid:group:1}"
      group_setting_id: "${uuid:group_setting_id:2}"
      name: allow_kasm_audio
      value: 'False'
      value_type: bool
    groups:
    - description: null
      group_id:  "${uuid:group:1}"
      is_system: false
      name: Intenal Administators
      priority: 1000
      program_data: null

Resultant Config

    group_settings:
    - description: Allows users to see and edit all attributes of the Kasm application.
      group_id: "e2fd5c8e-82c2-4841-8ef0-824e30f16055"
      group_setting_id: "e7173013-fad7-4de8-860b-94ee5a70dcbf"
      name: administrator
      value: 'False'
      value_type: bool
    - description: Allow audio streaming for a Kasm.
      group_id: "e2fd5c8e-82c2-4841-8ef0-824e30f16055"
      group_setting_id: "b1c4efbe-ddc4-4ebc-839b-483b2e190873"
      name: allow_kasm_audio
      value: 'False'
      value_type: bool
    groups:
    - description: null
      group_id:  "e2fd5c8e-82c2-4841-8ef0-824e30f16055"
      is_system: false
      name: Internal Administators
      priority: 1000
      program_data: null

DateTime

Datetime objects can be generated for the current time using the ${datetime:utcnow} variable.

Templated Config

    users:
    - created: '${datetime:utcnow}'
      password_set_date: '${datetime:utcnow}'
      pw_hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      realm: local
      salt: 6614c4ba-6c49-4f50-8d9a-ce82de5ac852
      user_id: 11bf8e0a-e08c-4c1b-81ad-518447d75b49
      username: admin@kasm.local

Resultant Config

    users:
    - created: '2023-02-05 02:41:43.729155'
      password_set_date: '2023-02-05 02:41:43.729155'
      pw_hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      realm: local
      salt: 6614c4ba-6c49-4f50-8d9a-ce82de5ac852
      user_id: 11bf8e0a-e08c-4c1b-81ad-518447d75b49
      username: admin@kasm.local

Random Tokens

Random string tokens can be be generated using a variable ${random_token:<some string>}. E.g ${random_token:manager_token}

Templated Config

    settings:
    - category: manager
      description: An authentication token used in the communication between Kasm Agents and the Manager API server.
      name: token
      sanitize: false
      services_restart: manager
      title: Token
      value: "${random_token:manager_token}"
      value_type: password

Resultant Config

    settings:
    - category: manager
      description: An authentication token used in the communication between Kasm Agents and the Manager API server.
      name: token
      sanitize: false
      services_restart: manager
      title: Token
      value: "2RZGPY1LUPOph4fmU1kU"
      value_type: password

RSA Keys

RSA public and private keys can be be generated using variables: ${rsa:<some string>:private} and ${rsa:<some string>:public}

Templated Config

    settings:
    - category: auth
      description: Private Key used to sign request between Kasm components.
      name: api_private_key
      sanitize: true
      services_restart: null
      title: API Private Key
      value: "${rsa:1:private}"
      value_type: multiline_string
    - category: auth
      description: Public key used by Kasm components to validate internal API calls.
      name: api_public_cert
      sanitize: false
      services_restart: null
      title: API Public Cert
      value: "${rsa:1:public}"
      value_type: multiline_string

Resultant Config

    settings:
    - category: auth
      description: Private Key used to sign request between Kasm components.
      name: api_private_key
      sanitize: true
      services_restart: null
      title: API Private Key
      value: "-----BEGIN PRIVATE KEY-----
        MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDPS/VMFDiHcmYc
        ...
        F0QQggEL0azu+RPZkg2KV2ZqawkFbGeGdhnPbluvmFUZHS0qzs1xbefludeVe9aR
        568UxTAiTOowDRY45zwugW52VdBFASdc3w6z/DzPgD2FfI46ZQPzJD4ariJOMlSY
        ZszdhrNDulOoIsp0Adm/nKtXrT8JJca5
        -----END PRIVATE KEY-----"
      value_type: multiline_string
    - category: auth
      description: Public key used by Kasm components to validate internal API calls.
      name: api_public_cert
      sanitize: false
      services_restart: null
      title: API Public Cert
      value: "-----BEGIN PUBLIC KEY-----
        MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoQu+DCpu6IMVRJBlrxn5
        /SLIzggFi72fkLTuXTi7gGPCtGMV/5QLJnRjcAAYo9zJoFhob268qcK69FMRD3B
        nJ//C3zSW5pWvzh5HdRINrjmdZKgCpudEeXYpd/KpIulHzoWLJuiizEM/jlFpJcB
        ...
        89c22kgSOtyQGFJXQLQeFIqyak3fQ2guJ/ZbdJP6CeNJfjLdKFm9RE4bHuuqr2Bt
        /deSoQfXUXUUZbWf40jqprYTIuaidwBHus8KirY5LAxlDz9RVHvGQHrYq3hRMHcD
        XLnh226+sKxRSxxdXLwFLyMCAwEAAQ==
        -----END PUBLIC KEY-----"
      value_type: multiline_string