Bureau XFCE et xRDP¶
Installation du bureau XFCE et du serveur xRDP pour l'accès distant. Couche service de session.
Rôle desktop¶
Ce rôle installe et configuré :
- Le bureau XFCE (léger, adapté VDI)
- Le serveur xRDP (protocole RDP standard)
- La locale et la disposition clavier
Variables par défaut¶
Créez roles/desktop/defaults/main.yml :
desktop_enabled: true
desktop_xrdp_port: 3389
desktop_locale: "fr_FR.UTF-8"
desktop_keyboard_layout: "fr"
desktop_test_user: "vdi-user"
desktop_test_password: "changeme"
desktop_run_rdp_test: false
Tâches principales¶
Créez roles/desktop/tasks/main.yml :
---
- name: Installer les paquets desktop
ansible.builtin.package:
name: "{{ desktop_packages }}"
state: present
- name: Configurer la locale
ansible.builtin.command:
cmd: "localectl set-locale LANG={{ desktop_locale }}"
changed_when: true
- name: Configurer le clavier
ansible.builtin.command:
cmd: "localectl set-keymap {{ desktop_keyboard_layout }}"
changed_when: true
when: ansible_os_family == "RedHat"
- name: Configurer le clavier (Ubuntu)
ansible.builtin.debconf:
name: keyboard-configuration
question: keyboard-configuration/layoutcode
value: "{{ desktop_keyboard_layout }}"
vtype: string
when: ansible_os_family == "Debian"
- name: Configurer le port xRDP
ansible.builtin.lineinfile:
path: /etc/xrdp/xrdp.ini
regexp: '^port='
line: "port={{ desktop_xrdp_port }}"
notify: Restart xRDP
- name: Configurer xRDP pour utiliser XFCE
ansible.builtin.copy:
dest: /etc/xrdp/startwm.sh
content: |
#!/bin/sh
unset DBUS_SESSION_BUS_ADDRESS
unset XDG_RUNTIME_DIR
exec startxfce4
mode: '0755'
notify: Restart xRDP
- name: Creer l'utilisateur VDI
ansible.builtin.user:
name: "{{ desktop_test_user }}"
password: "{{ desktop_test_password | password_hash('sha512') }}"
shell: /bin/bash
groups: sudo
append: true
when: ansible_os_family == "Debian"
- name: Creer l'utilisateur VDI (Rocky)
ansible.builtin.user:
name: "{{ desktop_test_user }}"
password: "{{ desktop_test_password | password_hash('sha512') }}"
shell: /bin/bash
groups: wheel
append: true
when: ansible_os_family == "RedHat"
- name: Activer xRDP au demarrage
ansible.builtin.systemd:
name: "{{ desktop_xrdp_service }}"
enabled: true
state: started
- name: Validation du role
ansible.builtin.include_tasks: validate.yml
tags: [validate]
Handlers¶
Créez roles/desktop/handlers/main.yml :
---
- name: Restart xRDP
ansible.builtin.systemd:
name: "{{ desktop_xrdp_service }}"
state: restarted
Assertions¶
Créez roles/desktop/tasks/validate.yml :
---
# --- Niveau 1 : technique ---
- name: "Assert : XFCE installe"
ansible.builtin.command: which xfce4-session
changed_when: false
- name: "Assert : xRDP actif"
ansible.builtin.systemd:
name: "{{ desktop_xrdp_service }}"
register: xrdp_status
failed_when: xrdp_status.status.ActiveState != "active"
# --- Niveau 2 : cas d'usage ---
- name: "Assert : xRDP ecoute sur le port configure"
ansible.builtin.wait_for:
port: "{{ desktop_xrdp_port }}"
timeout: 10
- name: "Assert : La locale configuree est active"
ansible.builtin.command: localectl status
register: locale_result
changed_when: false
failed_when: "desktop_locale not in locale_result.stdout"
- name: "Assert : L'utilisateur VDI existe et peut se connecter"
ansible.builtin.command: "id {{ desktop_test_user }}"
changed_when: false
- name: "Assert : Un utilisateur peut ouvrir une session xRDP"
ansible.builtin.shell: |
xfreerdp /v:localhost /port:{{ desktop_xrdp_port }} \
/u:{{ desktop_test_user }} /p:{{ desktop_test_password }} \
/cert:ignore +auth-only
changed_when: false
when: desktop_run_rdp_test | default(false)
Test de connexion RDP
L'assertion de connexion xRDP est désactivée par défaut (desktop_run_rdp_test: false) car elle nécessité xfreerdp sur la machine de build. Activez-la pour un test complet.