Kasm template / module

Hi I was trying to the kasm module and desktop enterprise container within envbox template. I can get the kasmvnc screen to come up but it always says cannot connect to server. Also I am trying to do this with subdomain = false
Solution:
I updated the host machine to Ubuntu 24.04. When I do this, kasmVNC works as expected without the security_opts option.
Jump to solution
15 Replies
Codercord
Codercord2mo ago
<#1303027009617920010>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
Spiked_Grape
Spiked_GrapeOP2mo ago
Also I am running in azure aks
Phorcys
Phorcys2mo ago
hey @Spiked_Grape, could you send a screenshot of the issue?
Spiked_Grape
Spiked_GrapeOP2mo ago
There is just a red banner at the top of kasm that says failed to connect to server. What should the settings in kasm be under websocket drop down?
MrPeacock
MrPeacock2mo ago
Hi @Spiked_Grape , we are facing the same issue when we try to open the KASM connection. We are behind WAP + WAF Kombi so access is protected. But if I use VPN then everything works as excepted. While KASM over WAP + WAF is currently not working we switched to novnc as an alternative solution. I could remember that with a lower version of KASM this was working once a time. Maybe give a try to downgrade KASM.
Spiked_Grape
Spiked_GrapeOP2mo ago
I said TUN and FUSE to true on envbox. Could that be a problem? * I set
Phorcys
Phorcys2mo ago
I don't think so, the issue is likely coming from the fact that you're using subdomain = false is there no way for you to switch to subdomains?
Spiked_Grape
Spiked_GrapeOP2mo ago
We have coder enterprise licenses but our environment's cybersecurity team won't let us use wildcards. I can get to the kasmvnc ui on the path based like /apps/kasm or whatever but kasm isn't connected to the xfce desktop part We are following the enterprise desktop image and the kasm module etc. I say following because we just ripped out portions of the module due to airgapped environment. However, I am thinking that maybe for values need to added to this than are in the module https://www.kasmweb.com/kasmvnc/docs/latest/configuration.html
Phorcys
Phorcys2mo ago
I see, path-based proxying is insecure due to the fact you can access the cookies from the Coder instance and other coder_apps inside any web-based coder_app, maybe let them know yes, for noVNC a workaround is needed to make path-based proxying work, I assume KasmVNC has the same issue given it's a fork let me find it https://github.com/uwu/basic-env/blob/59d7e8d9b0328ffa59654eb8de79f200a930fcd6/main.tf#L247-L257 try visiting the KasmVNC app and append ?path=<KasmVNC app path>/websockify
BigCheeZ
BigCheeZ2mo ago
Just an FYI, I was having the same issue where everytime I loaded the kasmVNC window, it would show the "Cound not connect to server" error. I had also modififed subdomain to be "false". I do have the option of enabling subdomains, so I did so. kasmVNC now can connect to the VNC server it seems, but the window is entirely black. The only thing I can see is the kasmVNC controls on the left. I'm guessing this is an issue with xfce4, but I'm not sure what.
Atif
Atif2mo ago
Hi @BigCheeZ what is your base image? It could be an issue with the DE installed.
BigCheeZ
BigCheeZ2mo ago
HI @Atif , thanks for the reply. I started off with the 'base' and 'desktop' images from here: https://github.com/coder/images/tree/main/images. I did modify the base image by removing the docker packages. I then use the desktop image as the base for my team's development image. This image's dockerfile installs tools needed by the team. This image has been used previously with xfce and noVNC based on a deprecated image from the repo above. That image has been working fine, but I wanted to test out moving to kasmVNC for moving forward. In the VNC log file I can see these warnings/messages when the vncserver is started.
Running /home/coder/.vnc/xstartup
+ exec xfce4-session
2024-11-19 14:24:40,901 [DEBUG] Selection: Selection owner change for _DBUS_SESSION_BUS_SELECTION_coder_dae41af03ba14667a7c6dc4999b94cb0
MESA: error: ZINK: vkCreateInstance failed (VK_ERROR_INCOMPATIBLE_DRIVER)
glx: failed to create drisw screen

(xfce4-session:729): dbind-WARNING **: 14:24:40.942: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
_IceTransmkdir: ERROR: euid != 0,directory /tmp/.ICE-unix will not be created.

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.960: No GPG agent found

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.962: Failed to spawn ssh-agent: Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.963: failed to call dbus-update-activation-environment. Output was (null), error was Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.965: Unable to launch "xfwm4": Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.966: Unable to launch "xfsettingsd": Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.967: Unable to launch "xfce4-panel": Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.968: Unable to launch "Thunar": Failed to close file descriptor for child process (Operation not permitted)
Running /home/coder/.vnc/xstartup
+ exec xfce4-session
2024-11-19 14:24:40,901 [DEBUG] Selection: Selection owner change for _DBUS_SESSION_BUS_SELECTION_coder_dae41af03ba14667a7c6dc4999b94cb0
MESA: error: ZINK: vkCreateInstance failed (VK_ERROR_INCOMPATIBLE_DRIVER)
glx: failed to create drisw screen

(xfce4-session:729): dbind-WARNING **: 14:24:40.942: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
_IceTransmkdir: ERROR: euid != 0,directory /tmp/.ICE-unix will not be created.

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.960: No GPG agent found

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.962: Failed to spawn ssh-agent: Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.963: failed to call dbus-update-activation-environment. Output was (null), error was Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.965: Unable to launch "xfwm4": Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.966: Unable to launch "xfsettingsd": Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.967: Unable to launch "xfce4-panel": Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.968: Unable to launch "Thunar": Failed to close file descriptor for child process (Operation not permitted)
(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.969: Unable to launch "xfdesktop": Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.970: Unable to launch "sh -c "systemctl --user start xfce4-notifyd.service 2>/dev/null || exec /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd"" (specified by autostart/xfce4-notifyd.desktop): Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.971: Unable to launch "xfsettingsd" (specified by autostart/xfsettingsd.desktop): Failed to close file descriptor for child process (Operation not permitted)
(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.969: Unable to launch "xfdesktop": Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.970: Unable to launch "sh -c "systemctl --user start xfce4-notifyd.service 2>/dev/null || exec /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd"" (specified by autostart/xfce4-notifyd.desktop): Failed to close file descriptor for child process (Operation not permitted)

(xfce4-session:729): xfce4-session-WARNING **: 14:24:40.971: Unable to launch "xfsettingsd" (specified by autostart/xfsettingsd.desktop): Failed to close file descriptor for child process (Operation not permitted)
The server I am running this on does not have a GPU. I wonder if this is causing the issue. I've got it working now. I think the issue is that the host system I am using is still on Ubuntu 20.04 and there may be a kernel mismatch. As a temporary workaround, I added security_opts = [ "seccomp:unconfined" ] to my docker_container resource in TF and now it works. It seems I need to look into upgrading the base OS soon.
Solution
BigCheeZ
BigCheeZ2mo ago
I updated the host machine to Ubuntu 24.04. When I do this, kasmVNC works as expected without the security_opts option.
Atif
Atif2mo ago
This is great to know
Codercord
Codercord2mo ago
@Phorcys closed the thread.

Did you find this page helpful?