From 87854707bc4b5159a0c319cf239261736938f7d9 Mon Sep 17 00:00:00 2001 From: Kerwin Bryant Date: Wed, 30 Oct 2024 17:51:03 +0800 Subject: [PATCH 1/2] feat(jetbrains-gateway): add releases_base_link/download_base_link variables (#333) --- jetbrains-gateway/README.md | 26 +++++++++++++++++++++---- jetbrains-gateway/main.tf | 38 ++++++++++++++++++++++++++++--------- 2 files changed, 51 insertions(+), 13 deletions(-) diff --git a/jetbrains-gateway/README.md b/jetbrains-gateway/README.md index 0745fa79..00beb83f 100644 --- a/jetbrains-gateway/README.md +++ b/jetbrains-gateway/README.md @@ -14,7 +14,7 @@ This module adds a JetBrains Gateway Button to open any workspace with a single ```tf module "jetbrains_gateway" { source = "registry.coder.com/modules/jetbrains-gateway/coder" - version = "1.0.21" + version = "1.0.23" agent_id = coder_agent.example.id agent_name = "example" folder = "/home/coder/example" @@ -32,7 +32,7 @@ module "jetbrains_gateway" { ```tf module "jetbrains_gateway" { source = "registry.coder.com/modules/jetbrains-gateway/coder" - version = "1.0.21" + version = "1.0.23" agent_id = coder_agent.example.id agent_name = "example" folder = "/home/coder/example" @@ -46,7 +46,7 @@ module "jetbrains_gateway" { ```tf module "jetbrains_gateway" { source = "registry.coder.com/modules/jetbrains-gateway/coder" - version = "1.0.21" + version = "1.0.23" agent_id = coder_agent.example.id agent_name = "example" folder = "/home/coder/example" @@ -61,7 +61,7 @@ module "jetbrains_gateway" { ```tf module "jetbrains_gateway" { source = "registry.coder.com/modules/jetbrains-gateway/coder" - version = "1.0.21" + version = "1.0.23" agent_id = coder_agent.example.id agent_name = "example" folder = "/home/coder/example" @@ -72,6 +72,24 @@ module "jetbrains_gateway" { } ``` +### Custom base link + +Due to the highest priority of the `ide_download_link` parameter in the `(jetbrains-gateway://...` within IDEA, the pre-configured download address will be overridden when using [IDEA's offline mode](https://www.jetbrains.com/help/idea/fully-offline-mode.html). Therefore, it is necessary to configure the `download_base_link` parameter for the `jetbrains_gateway` module to change the value of `ide_download_link`. + +```tf +module "jetbrains_gateway" { + source = "registry.coder.com/modules/jetbrains-gateway/coder" + version = "1.0.23" + agent_id = coder_agent.example.id + agent_name = "example" + folder = "/home/coder/example" + jetbrains_ides = ["GO", "WS"] + releases_base_link = "https://releases.internal.site/" + download_base_link = "https://download.internal.site/" + default = "GO" +} +``` + ## Supported IDEs This module and JetBrains Gateway support the following JetBrains IDEs: diff --git a/jetbrains-gateway/main.tf b/jetbrains-gateway/main.tf index 2bc00d39..24bf4768 100644 --- a/jetbrains-gateway/main.tf +++ b/jetbrains-gateway/main.tf @@ -146,9 +146,29 @@ variable "jetbrains_ides" { } } +variable "releases_base_link" { + type = string + description = "" + default = "https://data.services.jetbrains.com" + validation { + condition = can(regex("^https?://.+$", var.releases_base_link)) + error_message = "The releases_base_link must be a valid HTTP/S address." + } +} + +variable "download_base_link" { + type = string + description = "" + default = "https://download.jetbrains.com" + validation { + condition = can(regex("^https?://.+$", var.download_base_link)) + error_message = "The download_base_link must be a valid HTTP/S address." + } +} + data "http" "jetbrains_ide_versions" { for_each = var.latest ? toset(var.jetbrains_ides) : toset([]) - url = "https://data.services.jetbrains.com/products/releases?code=${each.key}&latest=true&type=${var.channel}" + url = "${var.releases_base_link}/products/releases?code=${each.key}&latest=true&type=${var.channel}" } locals { @@ -158,7 +178,7 @@ locals { name = "GoLand", identifier = "GO", build_number = var.jetbrains_ide_versions["GO"].build_number, - download_link = "https://download.jetbrains.com/go/goland-${var.jetbrains_ide_versions["GO"].version}.tar.gz" + download_link = "${var.download_base_link}/go/goland-${var.jetbrains_ide_versions["GO"].version}.tar.gz" version = var.jetbrains_ide_versions["GO"].version }, "WS" = { @@ -166,7 +186,7 @@ locals { name = "WebStorm", identifier = "WS", build_number = var.jetbrains_ide_versions["WS"].build_number, - download_link = "https://download.jetbrains.com/webstorm/WebStorm-${var.jetbrains_ide_versions["WS"].version}.tar.gz" + download_link = "${var.download_base_link}/webstorm/WebStorm-${var.jetbrains_ide_versions["WS"].version}.tar.gz" version = var.jetbrains_ide_versions["WS"].version }, "IU" = { @@ -174,7 +194,7 @@ locals { name = "IntelliJ IDEA Ultimate", identifier = "IU", build_number = var.jetbrains_ide_versions["IU"].build_number, - download_link = "https://download.jetbrains.com/idea/ideaIU-${var.jetbrains_ide_versions["IU"].version}.tar.gz" + download_link = "${var.download_base_link}/idea/ideaIU-${var.jetbrains_ide_versions["IU"].version}.tar.gz" version = var.jetbrains_ide_versions["IU"].version }, "PY" = { @@ -182,7 +202,7 @@ locals { name = "PyCharm Professional", identifier = "PY", build_number = var.jetbrains_ide_versions["PY"].build_number, - download_link = "https://download.jetbrains.com/python/pycharm-professional-${var.jetbrains_ide_versions["PY"].version}.tar.gz" + download_link = "${var.download_base_link}/python/pycharm-professional-${var.jetbrains_ide_versions["PY"].version}.tar.gz" version = var.jetbrains_ide_versions["PY"].version }, "CL" = { @@ -190,7 +210,7 @@ locals { name = "CLion", identifier = "CL", build_number = var.jetbrains_ide_versions["CL"].build_number, - download_link = "https://download.jetbrains.com/cpp/CLion-${var.jetbrains_ide_versions["CL"].version}.tar.gz" + download_link = "${var.download_base_link}/cpp/CLion-${var.jetbrains_ide_versions["CL"].version}.tar.gz" version = var.jetbrains_ide_versions["CL"].version }, "PS" = { @@ -198,7 +218,7 @@ locals { name = "PhpStorm", identifier = "PS", build_number = var.jetbrains_ide_versions["PS"].build_number, - download_link = "https://download.jetbrains.com/webide/PhpStorm-${var.jetbrains_ide_versions["PS"].version}.tar.gz" + download_link = "${var.download_base_link}/webide/PhpStorm-${var.jetbrains_ide_versions["PS"].version}.tar.gz" version = var.jetbrains_ide_versions["PS"].version }, "RM" = { @@ -206,7 +226,7 @@ locals { name = "RubyMine", identifier = "RM", build_number = var.jetbrains_ide_versions["RM"].build_number, - download_link = "https://download.jetbrains.com/ruby/RubyMine-${var.jetbrains_ide_versions["RM"].version}.tar.gz" + download_link = "${var.download_base_link}/ruby/RubyMine-${var.jetbrains_ide_versions["RM"].version}.tar.gz" version = var.jetbrains_ide_versions["RM"].version } "RD" = { @@ -214,7 +234,7 @@ locals { name = "Rider", identifier = "RD", build_number = var.jetbrains_ide_versions["RD"].build_number, - download_link = "https://download.jetbrains.com/rider/JetBrains.Rider-${var.jetbrains_ide_versions["RD"].version}.tar.gz" + download_link = "${var.download_base_link}/rider/JetBrains.Rider-${var.jetbrains_ide_versions["RD"].version}.tar.gz" version = var.jetbrains_ide_versions["RD"].version } } From 528a8a9fea7069033c02bc0b1a39b807b3b22161 Mon Sep 17 00:00:00 2001 From: djarbz <30350993+djarbz@users.noreply.github.com> Date: Wed, 30 Oct 2024 05:25:41 -0500 Subject: [PATCH 2/2] fix(kasmvnc): optimize KasmVNC deployment script (#329) Co-authored-by: Mathias Fredriksson --- kasmvnc/README.md | 2 +- kasmvnc/main.tf | 2 +- kasmvnc/run.sh | 264 ++++++++++++++++++++++++++++------------------ 3 files changed, 162 insertions(+), 106 deletions(-) diff --git a/kasmvnc/README.md b/kasmvnc/README.md index 3b7fe507..0639bf00 100644 --- a/kasmvnc/README.md +++ b/kasmvnc/README.md @@ -14,7 +14,7 @@ Automatically install [KasmVNC](https://kasmweb.com/kasmvnc) in a workspace, and ```tf module "kasmvnc" { source = "registry.coder.com/modules/kasmvnc/coder" - version = "1.0.22" + version = "1.0.23" agent_id = coder_agent.example.id desktop_environment = "xfce" } diff --git a/kasmvnc/main.tf b/kasmvnc/main.tf index 3a730ff5..4265f3c7 100644 --- a/kasmvnc/main.tf +++ b/kasmvnc/main.tf @@ -42,7 +42,7 @@ resource "coder_script" "kasm_vnc" { script = templatefile("${path.module}/run.sh", { PORT : var.port, DESKTOP_ENVIRONMENT : var.desktop_environment, - VERSION : var.kasm_version + KASM_VERSION : var.kasm_version }) run_on_start = true } diff --git a/kasmvnc/run.sh b/kasmvnc/run.sh index b8315376..c285b050 100644 --- a/kasmvnc/run.sh +++ b/kasmvnc/run.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash -#!/bin/bash +# Exit on error, undefined variables, and pipe failures +set -euo pipefail # Function to check if vncserver is already installed check_installed() { @@ -14,143 +15,167 @@ check_installed() { # Function to download a file using wget, curl, or busybox as a fallback download_file() { - local url=$1 - local output=$2 - if command -v wget &> /dev/null; then - wget $url -O $output - elif command -v curl &> /dev/null; then - curl -fsSL $url -o $output + local url="$1" + local output="$2" + local download_tool + + if command -v curl &> /dev/null; then + # shellcheck disable=SC2034 + download_tool=(curl -fsSL) + elif command -v wget &> /dev/null; then + # shellcheck disable=SC2034 + download_tool=(wget -q -O-) elif command -v busybox &> /dev/null; then - busybox wget -O $output $url + # shellcheck disable=SC2034 + download_tool=(busybox wget -O-) else - echo "Neither wget, curl, nor busybox is installed. Please install one of them to proceed." + echo "ERROR: No download tool available (curl, wget, or busybox required)" exit 1 fi + + # shellcheck disable=SC2288 + "$${download_tool[@]}" "$url" > "$output" || { + echo "ERROR: Failed to download $url" + exit 1 + } } # Function to install kasmvncserver for debian-based distros install_deb() { local url=$1 - download_file $url /tmp/kasmvncserver.deb - sudo apt-get update - DEBIAN_FRONTEND=noninteractive sudo apt-get install --yes -qq --no-install-recommends --no-install-suggests /tmp/kasmvncserver.deb - sudo adduser $USER ssl-cert - rm /tmp/kasmvncserver.deb -} + local kasmdeb="/tmp/kasmvncserver.deb" -# Function to install kasmvncserver for Oracle 8 -install_rpm_oracle8() { - local url=$1 - download_file $url /tmp/kasmvncserver.rpm - sudo dnf config-manager --set-enabled ol8_codeready_builder - sudo dnf install oracle-epel-release-el8 -y - sudo dnf localinstall /tmp/kasmvncserver.rpm -y - sudo usermod -aG kasmvnc-cert $USER - rm /tmp/kasmvncserver.rpm -} + download_file "$url" "$kasmdeb" -# Function to install kasmvncserver for CentOS 7 -install_rpm_centos7() { - local url=$1 - download_file $url /tmp/kasmvncserver.rpm - sudo yum install epel-release -y - sudo yum install /tmp/kasmvncserver.rpm -y - sudo usermod -aG kasmvnc-cert $USER - rm /tmp/kasmvncserver.rpm + CACHE_DIR="/var/lib/apt/lists/partial" + # Check if the directory exists and was modified in the last 60 minutes + if [[ ! -d "$CACHE_DIR" ]] || ! find "$CACHE_DIR" -mmin -60 -print -quit &> /dev/null; then + echo "Stale package cache, updating..." + # Update package cache with a 300-second timeout for dpkg lock + sudo apt-get -o DPkg::Lock::Timeout=300 -qq update + fi + + DEBIAN_FRONTEND=noninteractive sudo apt-get -o DPkg::Lock::Timeout=300 install --yes -qq --no-install-recommends --no-install-suggests "$kasmdeb" + rm "$kasmdeb" } # Function to install kasmvncserver for rpm-based distros install_rpm() { local url=$1 - download_file $url /tmp/kasmvncserver.rpm - sudo rpm -i /tmp/kasmvncserver.rpm - rm /tmp/kasmvncserver.rpm + local kasmrpm="/tmp/kasmvncserver.rpm" + local package_manager + + if command -v dnf &> /dev/null; then + # shellcheck disable=SC2034 + package_manager=(dnf localinstall -y) + elif command -v zypper &> /dev/null; then + # shellcheck disable=SC2034 + package_manager=(zypper install -y) + elif command -v yum &> /dev/null; then + # shellcheck disable=SC2034 + package_manager=(yum localinstall -y) + elif command -v rpm &> /dev/null; then + # Do we need to manually handle missing dependencies? + # shellcheck disable=SC2034 + package_manager=(rpm -i) + else + echo "ERROR: No supported package manager available (dnf, zypper, yum, or rpm required)" + exit 1 + fi + + download_file "$url" "$kasmrpm" + + # shellcheck disable=SC2288 + sudo "$${package_manager[@]}" "$kasmrpm" || { + echo "ERROR: Failed to install $kasmrpm" + exit 1 + } + + rm "$kasmrpm" } # Function to install kasmvncserver for Alpine Linux install_alpine() { local url=$1 - download_file $url /tmp/kasmvncserver.tgz - tar -xzf /tmp/kasmvncserver.tgz -C /usr/local/bin/ - rm /tmp/kasmvncserver.tgz + local kasmtgz="/tmp/kasmvncserver.tgz" + + download_file "$url" "$kasmtgz" + + tar -xzf "$kasmtgz" -C /usr/local/bin/ + rm "$kasmtgz" } # Detect system information -distro=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}') -version=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') -arch=$(uname -m) +if [[ ! -f /etc/os-release ]]; then + echo "ERROR: Cannot detect OS: /etc/os-release not found" + exit 1 +fi + +# shellcheck disable=SC1091 +source /etc/os-release +distro="$ID" +distro_version="$VERSION_ID" +codename="$VERSION_CODENAME" +arch="$(uname -m)" +if [[ "$ID" == "ol" ]]; then + distro="oracle" + distro_version="$${distro_version%%.*}" +elif [[ "$ID" == "fedora" ]]; then + distro_version="$(grep -oP '\(\K[\w ]+' /etc/fedora-release | tr '[:upper:]' '[:lower:]' | tr -d ' ')" +fi echo "Detected Distribution: $distro" -echo "Detected Version: $version" +echo "Detected Version: $distro_version" +echo "Detected Codename: $codename" echo "Detected Architecture: $arch" # Map arch to package arch -if [[ "$arch" == "x86_64" ]]; then - if [[ "$distro" == "ubuntu" || "$distro" == "debian" || "$distro" == "kali" ]]; then - arch="amd64" - else - arch="x86_64" - fi -elif [[ "$arch" == "aarch64" || "$arch" == "arm64" ]]; then - if [[ "$distro" == "ubuntu" || "$distro" == "debian" || "$distro" == "kali" ]]; then - arch="arm64" - else - arch="aarch64" - fi -else - echo "Unsupported architecture: $arch" - exit 1 -fi +case "$arch" in + x86_64) + if [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]]; then + arch="amd64" + fi + ;; + aarch64) + if [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]]; then + arch="arm64" + fi + ;; + arm64) + : # This is effectively a noop + ;; + *) + echo "ERROR: Unsupported architecture: $arch" + exit 1 + ;; +esac # Check if vncserver is installed, and install if not if ! check_installed; then - echo "Installing KASM version: ${VERSION}" + # Check for NOPASSWD sudo (required) + if ! command -v sudo &> /dev/null || ! sudo -n true 2> /dev/null; then + echo "ERROR: sudo NOPASSWD access required!" + exit 1 + fi + + base_url="https://github.com/kasmtech/KasmVNC/releases/download/v${KASM_VERSION}" + + echo "Installing KASM version: ${KASM_VERSION}" case $distro in ubuntu | debian | kali) - case $version in - "20.04") - install_deb "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_focal_${VERSION}_$${arch}.deb" - ;; - "22.04") - install_deb "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_jammy_${VERSION}_$${arch}.deb" - ;; - "24.04") - install_deb "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_noble_${VERSION}_$${arch}.deb" - ;; - *) - echo "Unsupported Ubuntu/Debian/Kali version: $${version}" - exit 1 - ;; - esac + bin_name="kasmvncserver_$${codename}_${KASM_VERSION}_$${arch}.deb" + install_deb "$base_url/$bin_name" ;; - oracle) - if [[ "$version" == "8" ]]; then - install_rpm_oracle8 "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_oracle_8_${VERSION}_$${arch}.rpm" - else - echo "Unsupported Oracle version: $${version}" - exit 1 - fi - ;; - centos) - if [[ "$version" == "7" ]]; then - install_rpm_centos7 "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_centos_core_${VERSION}_$${arch}.rpm" - else - install_rpm "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_centos_core_${VERSION}_$${arch}.rpm" - fi + oracle | fedora | opensuse) + bin_name="kasmvncserver_$${distro}_$${distro_version}_${KASM_VERSION}_$${arch}.rpm" + install_rpm "$base_url/$bin_name" ;; alpine) - if [[ "$version" == "3.17" || "$version" == "3.18" || "$version" == "3.19" || "$version" == "3.20" ]]; then - install_alpine "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvnc.alpine_$${version}_$${arch}.tgz" - else - echo "Unsupported Alpine version: $${version}" - exit 1 - fi - ;; - fedora | opensuse) - install_rpm "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_$${distro}_$${version}_${VERSION}_$${arch}.rpm" + bin_name="kasmvnc.alpine_$${distro_version//./}_$${arch}.tgz" + install_alpine "$base_url/$bin_name" ;; *) - echo "Unsupported distribution: $${distro}" + echo "Unsupported distribution: $distro" exit 1 ;; esac @@ -158,22 +183,53 @@ else echo "vncserver already installed. Skipping installation." fi -# Coder port-forwarding from dashboard only supports HTTP -sudo bash -c "cat > /etc/kasmvnc/kasmvnc.yaml < /dev/null && sudo -n true 2> /dev/null; then + kasm_config_file="/etc/kasmvnc/kasmvnc.yaml" + SUDO=sudo +else + kasm_config_file="$HOME/.vnc/kasmvnc.yaml" + SUDO= + + echo "WARNING: Sudo access not available, using user config dir!" + + if [[ -f "$kasm_config_file" ]]; then + echo "WARNING: Custom user KasmVNC config exists, not overwriting!" + echo "WARNING: Ensure that you manually configure the appropriate settings." + kasm_config_file="/dev/stderr" + else + echo "WARNING: This may prevent custom user KasmVNC settings from applying!" + mkdir -p "$HOME/.vnc" + fi +fi + +echo "Writing KasmVNC config to $kasm_config_file" +$SUDO tee "$kasm_config_file" > /dev/null << EOF network: protocol: http websocket_port: ${PORT} ssl: require_ssl: false + pem_certificate: + pem_key: udp: public_ip: 127.0.0.1 -EOF" +EOF # This password is not used since we start the server without auth. # The server is protected via the Coder session token / tunnel # and does not listen publicly -echo -e "password\npassword\n" | vncpasswd -wo -u $USER +echo -e "password\npassword\n" | vncpasswd -wo -u "$USER" # Start the server printf "🚀 Starting KasmVNC server...\n" -sudo -u $USER bash -c "vncserver -select-de ${DESKTOP_ENVIRONMENT} -disableBasicAuth" > /tmp/kasmvncserver.log 2>&1 & +vncserver -select-de "${DESKTOP_ENVIRONMENT}" -disableBasicAuth > /tmp/kasmvncserver.log 2>&1 & +pid=$! + +# Wait for server to start +sleep 5 +grep -v '^[[:space:]]*$' /tmp/kasmvncserver.log | tail -n 10 +if ps -p $pid | grep -q "^$pid"; then + echo "ERROR: Failed to start KasmVNC server. Check full logs at /tmp/kasmvncserver.log" + exit 1 +fi +printf "🚀 KasmVNC server started successfully!\n"