Aller au contenu

Bureau XFCE et xRDP

Installation du bureau XFCE et du serveur xRDP pour l'accès distant. Couche service de session.


Rôle desktop

Ce rôle installe et configuré :

  • Le bureau XFCE (léger, adapté VDI)
  • Le serveur xRDP (protocole RDP standard)
  • La locale et la disposition clavier

Variables par défaut

Créez roles/desktop/defaults/main.yml :

desktop_enabled: true
desktop_xrdp_port: 3389
desktop_locale: "fr_FR.UTF-8"
desktop_keyboard_layout: "fr"
desktop_test_user: "vdi-user"
desktop_test_password: "changeme"
desktop_run_rdp_test: false

Tâches principales

Créez roles/desktop/tasks/main.yml :

---
- name: Installer les paquets desktop
  ansible.builtin.package:
    name: "{{ desktop_packages }}"
    state: present

- name: Configurer la locale
  ansible.builtin.command:
    cmd: "localectl set-locale LANG={{ desktop_locale }}"
  changed_when: true

- name: Configurer le clavier
  ansible.builtin.command:
    cmd: "localectl set-keymap {{ desktop_keyboard_layout }}"
  changed_when: true
  when: ansible_os_family == "RedHat"

- name: Configurer le clavier (Ubuntu)
  ansible.builtin.debconf:
    name: keyboard-configuration
    question: keyboard-configuration/layoutcode
    value: "{{ desktop_keyboard_layout }}"
    vtype: string
  when: ansible_os_family == "Debian"

- name: Configurer le port xRDP
  ansible.builtin.lineinfile:
    path: /etc/xrdp/xrdp.ini
    regexp: '^port='
    line: "port={{ desktop_xrdp_port }}"
  notify: Restart xRDP

- name: Configurer xRDP pour utiliser XFCE
  ansible.builtin.copy:
    dest: /etc/xrdp/startwm.sh
    content: |
      #!/bin/sh
      unset DBUS_SESSION_BUS_ADDRESS
      unset XDG_RUNTIME_DIR
      exec startxfce4
    mode: '0755'
  notify: Restart xRDP

- name: Creer l'utilisateur VDI
  ansible.builtin.user:
    name: "{{ desktop_test_user }}"
    password: "{{ desktop_test_password | password_hash('sha512') }}"
    shell: /bin/bash
    groups: sudo
    append: true
  when: ansible_os_family == "Debian"

- name: Creer l'utilisateur VDI (Rocky)
  ansible.builtin.user:
    name: "{{ desktop_test_user }}"
    password: "{{ desktop_test_password | password_hash('sha512') }}"
    shell: /bin/bash
    groups: wheel
    append: true
  when: ansible_os_family == "RedHat"

- name: Activer xRDP au demarrage
  ansible.builtin.systemd:
    name: "{{ desktop_xrdp_service }}"
    enabled: true
    state: started

- name: Validation du role
  ansible.builtin.include_tasks: validate.yml
  tags: [validate]

Handlers

Créez roles/desktop/handlers/main.yml :

---
- name: Restart xRDP
  ansible.builtin.systemd:
    name: "{{ desktop_xrdp_service }}"
    state: restarted

Assertions

Créez roles/desktop/tasks/validate.yml :

---
# --- Niveau 1 : technique ---
- name: "Assert : XFCE installe"
  ansible.builtin.command: which xfce4-session
  changed_when: false

- name: "Assert : xRDP actif"
  ansible.builtin.systemd:
    name: "{{ desktop_xrdp_service }}"
  register: xrdp_status
  failed_when: xrdp_status.status.ActiveState != "active"

# --- Niveau 2 : cas d'usage ---
- name: "Assert : xRDP ecoute sur le port configure"
  ansible.builtin.wait_for:
    port: "{{ desktop_xrdp_port }}"
    timeout: 10

- name: "Assert : La locale configuree est active"
  ansible.builtin.command: localectl status
  register: locale_result
  changed_when: false
  failed_when: "desktop_locale not in locale_result.stdout"

- name: "Assert : L'utilisateur VDI existe et peut se connecter"
  ansible.builtin.command: "id {{ desktop_test_user }}"
  changed_when: false

- name: "Assert : Un utilisateur peut ouvrir une session xRDP"
  ansible.builtin.shell: |
    xfreerdp /v:localhost /port:{{ desktop_xrdp_port }} \
      /u:{{ desktop_test_user }} /p:{{ desktop_test_password }} \
      /cert:ignore +auth-only
  changed_when: false
  when: desktop_run_rdp_test | default(false)

Test de connexion RDP

L'assertion de connexion xRDP est désactivée par défaut (desktop_run_rdp_test: false) car elle nécessité xfreerdp sur la machine de build. Activez-la pour un test complet.