fix(kasmvnc): optimize KasmVNC deployment script

kasmvnc/README.md

@@ -14,7 +14,7 @@ Automatically install [KasmVNC](https://kasmweb.com/kasmvnc) in a workspace, and
 ```tf
 module "kasmvnc" {
   source              = "registry.coder.com/modules/kasmvnc/coder"
-  version             = "1.0.22"
+  version             = "1.0.23"
   agent_id            = coder_agent.example.id
   desktop_environment = "xfce"
 }

kasmvnc/main.tf

@@ -42,7 +42,7 @@ resource "coder_script" "kasm_vnc" {
   script = templatefile("${path.module}/run.sh", {
     PORT : var.port,
     DESKTOP_ENVIRONMENT : var.desktop_environment,
-    VERSION : var.kasm_version
+    KASM_VERSION : var.kasm_version
   })
   run_on_start = true
 }

kasmvnc/run.sh

@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 
-#!/bin/bash
+# Exit on error, undefined variables, and pipe failures
+set -euo pipefail
 
 # Function to check if vncserver is already installed
 check_installed() {
@@ -14,166 +15,169 @@ check_installed() {
 
 # Function to download a file using wget, curl, or busybox as a fallback
 download_file() {
-  local url=$1
-  local output=$2
-  if command -v wget &> /dev/null; then
-    wget $url -O $output
-  elif command -v curl &> /dev/null; then
-    curl -fsSL $url -o $output
+  local url="$1"
+  local output="$2"
+  local download_tool
+
+  if command -v curl &> /dev/null; then
+    download_tool="curl -fsSL"
+  elif command -v wget &> /dev/null; then
+    download_tool="wget -q -O-"
   elif command -v busybox &> /dev/null; then
-    busybox wget -O $output $url
+    download_tool="busybox wget -O-"
   else
-    echo "Neither wget, curl, nor busybox is installed. Please install one of them to proceed."
+    echo "ERROR: No download tool available (curl, wget, or busybox required)"
     exit 1
   fi
-}
 
-# Function to install kasmvncserver for debian-based distros
-install_deb() {
-  local url=$1
-  download_file $url /tmp/kasmvncserver.deb
-  sudo apt-get update
-  DEBIAN_FRONTEND=noninteractive sudo apt-get install --yes -qq --no-install-recommends --no-install-suggests /tmp/kasmvncserver.deb
-  sudo adduser $USER ssl-cert
-  rm /tmp/kasmvncserver.deb
+  $download_tool "$url" > "$output" || {
+    echo "ERROR: Failed to download $url"
+    exit 1
+  }
 }
 
-# Function to install kasmvncserver for Oracle 8
-install_rpm_oracle8() {
-  local url=$1
-  download_file $url /tmp/kasmvncserver.rpm
-  sudo dnf config-manager --set-enabled ol8_codeready_builder
-  sudo dnf install oracle-epel-release-el8 -y
-  sudo dnf localinstall /tmp/kasmvncserver.rpm -y
-  sudo usermod -aG kasmvnc-cert $USER
-  rm /tmp/kasmvncserver.rpm
+# Add user to group using available commands
+add_user_to_group() {
+  local user="$1"
+  local group="$2"
+
+  if command -v usermod &> /dev/null; then
+    sudo usermod -aG "$group" "$user"
+  elif command -v adduser &> /dev/null; then
+    sudo adduser "$user" "$group"
+  else
+    echo "ERROR: At least one of 'adduser'(Debian) 'usermod'(RHEL) is required"
+    exit 1
+  fi
 }
 
-# Function to install kasmvncserver for CentOS 7
-install_rpm_centos7() {
+# Function to install kasmvncserver for debian-based distros
+install_deb() {
   local url=$1
-  download_file $url /tmp/kasmvncserver.rpm
-  sudo yum install epel-release -y
-  sudo yum install /tmp/kasmvncserver.rpm -y
-  sudo usermod -aG kasmvnc-cert $USER
-  rm /tmp/kasmvncserver.rpm
+  download_file "$url" /tmp/kasmvncserver.deb
+  # Define the directory to check
+  CACHE_DIR="/var/lib/apt/lists/partial"
+  # Check if the directory exists and was modified in the last 60 minutes
+  if [ ! -d "$CACHE_DIR" ] || ! find "$CACHE_DIR" -mmin -60 -print -quit &> /dev/null; then
+    echo "Stale Package Cache, updating..."
+    # Update package cache with a 300-second timeout for dpkg lock
+    sudo apt-get -o DPkg::Lock::Timeout=300 -qq update
+  fi
+  DEBIAN_FRONTEND=noninteractive sudo apt-get -o DPkg::Lock::Timeout=300 install --yes -qq --no-install-recommends --no-install-suggests /tmp/kasmvncserver.deb
+  add_user_to_group "$USER" ssl-cert
+  rm /tmp/kasmvncserver.deb
 }
 
 # Function to install kasmvncserver for rpm-based distros
 install_rpm() {
   local url=$1
-  download_file $url /tmp/kasmvncserver.rpm
+  download_file "$url" /tmp/kasmvncserver.rpm
   sudo rpm -i /tmp/kasmvncserver.rpm
   rm /tmp/kasmvncserver.rpm
 }
 
 # Function to install kasmvncserver for Alpine Linux
 install_alpine() {
   local url=$1
-  download_file $url /tmp/kasmvncserver.tgz
+  download_file "$url" /tmp/kasmvncserver.tgz
   tar -xzf /tmp/kasmvncserver.tgz -C /usr/local/bin/
   rm /tmp/kasmvncserver.tgz
 }
 
 # Detect system information
-distro=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}')
-version=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
-arch=$(uname -m)
+if [[ ! -f /etc/os-release ]]; then
+  echo "ERROR: Cannot detect OS: /etc/os-release not found"
+  exit 1
+fi
+
+# shellcheck disable=SC1091
+source /etc/os-release
+distro="$ID"
+distro_version="$VERSION_ID"
+codename="$VERSION_CODENAME"
+arch="$(uname -m)"
+if [[ "$ID" == "ol" ]]; then
+  distro="oracle"
+  distro_version="$${distro_version%%.*}"
+fi
 
 echo "Detected Distribution: $distro"
-echo "Detected Version: $version"
+echo "Detected Version: $distro_version"
+echo "Detected Codename: $codename"
 echo "Detected Architecture: $arch"
 
 # Map arch to package arch
-if [[ "$arch" == "x86_64" ]]; then
-  if [[ "$distro" == "ubuntu" || "$distro" == "debian" || "$distro" == "kali" ]]; then
-    arch="amd64"
-  else
-    arch="x86_64"
-  fi
-elif [[ "$arch" == "aarch64" || "$arch" == "arm64" ]]; then
-  if [[ "$distro" == "ubuntu" || "$distro" == "debian" || "$distro" == "kali" ]]; then
-    arch="arm64"
-  else
-    arch="aarch64"
-  fi
-else
-  echo "Unsupported architecture: $arch"
-  exit 1
-fi
+case "$arch" in
+  x86_64)
+    [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]] && arch="amd64" || arch="x86_64"
+    ;;
+  aarch64 | arm64)
+    [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]] && arch="arm64" || arch="aarch64"
+    ;;
+  *)
+    echo "ERROR: Unsupported architecture: $arch"
+    exit 1
+    ;;
+esac
 
 # Check if vncserver is installed, and install if not
 if ! check_installed; then
-  echo "Installing KASM version: ${VERSION}"
+  # Check for sudo (required)
+  if ! command -v sudo &> /dev/null; then
+    echo "ERROR: Required command 'sudo' not found"
+    exit 1
+  fi
+
+  base_url="https://github.com/kasmtech/KasmVNC/releases/download/v${KASM_VERSION}"
+
+  echo "Installing KASM version: ${KASM_VERSION}"
   case $distro in
     ubuntu | debian | kali)
-      case $version in
-        "20.04")
-          install_deb "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_focal_${VERSION}_$${arch}.deb"
-          ;;
-        "22.04")
-          install_deb "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_jammy_${VERSION}_$${arch}.deb"
-          ;;
-        "24.04")
-          install_deb "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_noble_${VERSION}_$${arch}.deb"
-          ;;
-        *)
-          echo "Unsupported Ubuntu/Debian/Kali version: $${version}"
-          exit 1
-          ;;
-      esac
+      bin_name="kasmvncserver_$${codename}_${KASM_VERSION}_$${arch}.deb"
+      install_deb "$base_url/$bin_name"
       ;;
-    oracle)
-      if [[ "$version" == "8" ]]; then
-        install_rpm_oracle8 "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_oracle_8_${VERSION}_$${arch}.rpm"
-      else
-        echo "Unsupported Oracle version: $${version}"
-        exit 1
-      fi
-      ;;
-    centos)
-      if [[ "$version" == "7" ]]; then
-        install_rpm_centos7 "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_centos_core_${VERSION}_$${arch}.rpm"
-      else
-        install_rpm "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_centos_core_${VERSION}_$${arch}.rpm"
-      fi
+    oracle | fedora | opensuse)
+      bin_name="kasmvncserver_$${distro}_$${distro_version}_${KASM_VERSION}_$${arch}.rpm"
+      install_rpm "$base_url/$bin_name"
       ;;
     alpine)
-      if [[ "$version" == "3.17" || "$version" == "3.18" || "$version" == "3.19" || "$version" == "3.20" ]]; then
-        install_alpine "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvnc.alpine_$${version}_$${arch}.tgz"
-      else
-        echo "Unsupported Alpine version: $${version}"
-        exit 1
-      fi
-      ;;
-    fedora | opensuse)
-      install_rpm "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_$${distro}_$${version}_${VERSION}_$${arch}.rpm"
+      bin_name="kasmvnc.alpine_$${distro_version//./}_$${arch}.tgz"
+      install_alpine "$base_url/$bin_name"
       ;;
     *)
-      echo "Unsupported distribution: $${distro}"
+      echo "Unsupported distribution: $distro"
       exit 1
       ;;
   esac
 else
   echo "vncserver already installed. Skipping installation."
 fi
 
-# Coder port-forwarding from dashboard only supports HTTP
-sudo bash -c "cat > /etc/kasmvnc/kasmvnc.yaml <<EOF
+tee "$HOME/.vnc/kasmvnc.yaml" > /dev/null << EOF
 network:
   protocol: http
   websocket_port: ${PORT}
   ssl:
     require_ssl: false
+    pem_certificate:
+    pem_key:
   udp:
     public_ip: 127.0.0.1
-EOF"
+EOF
 
 # This password is not used since we start the server without auth.
 # The server is protected via the Coder session token / tunnel
 # and does not listen publicly
-echo -e "password\npassword\n" | vncpasswd -wo -u $USER
+echo -e "password\npassword\n" | vncpasswd -wo -u "$USER"
 
 # Start the server
 printf "🚀 Starting KasmVNC server...\n"
-sudo -u $USER bash -c "vncserver -select-de ${DESKTOP_ENVIRONMENT} -disableBasicAuth" > /tmp/kasmvncserver.log 2>&1 &
+vncserver -select-de "${DESKTOP_ENVIRONMENT}" -disableBasicAuth > /tmp/kasmvncserver.log 2>&1 &
+
+# Wait for server to start
+sleep 5
+if ! pgrep -f vncserver > /dev/null; then
+  echo "ERROR: Failed to start KasmVNC server. Check logs at /tmp/kasmvncserver.log"
+  exit 1
+fi
+printf "🚀 Starting KasmVNC server started successfully!\n"