[Template] SSH Linux - Add support for deploying Coder on existing Linux systems (bare-metal installation) #605
Conversation
IamTaoChen
changed the title
|
I'm not sure if this is needed by others and suitable, so it's just a draft |
|
Thanks for the contribution @IamTaoChen. Please move this to your own namespace. Follow the instructions here: https://coder.com/docs/about/contributing/templates |
There was a problem hiding this comment.
Pull request overview
This PR introduces a new Coder template that enables provisioning of existing Linux systems as Coder workspaces via SSH. The template supports both password and SSH key authentication methods, allowing users to deploy the Coder agent on bare-metal or pre-existing Linux installations without creating new infrastructure.
Key Changes
- SSH-based deployment template with configurable authentication (password or SSH key)
- Dynamic application selection (VS Code Desktop, VS Code Web, Cursor)
- Automated agent lifecycle management with startup/stop provisioners
Reviewed changes
Copilot reviewed 3 out of 5 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| registry/IamTaoChen/templates/ssh-linux/main.tf | Terraform configuration defining SSH connection, agent deployment, and application modules |
| registry/IamTaoChen/templates/ssh-linux/README.md | Template documentation covering prerequisites, architecture, parameters, and usage |
| registry/IamTaoChen/README.md | Author profile and template registry metadata |
| registry/IamTaoChen/.images/avatar.png | Author avatar image (binary) |
| .icons/linux.svg | Linux/Tux icon for template display |
| @@ -0,0 +1,66 @@ | |||
| --- | |||
| display_name: Deploy Coder on existing Linux System | |||
| description: Provision an existing Linux system as a by deploying the Coder agent via SSH with this example template. | |||
There was a problem hiding this comment.
Grammatical error: "as a by deploying" should be "as a workspace by deploying" or simply "by deploying".
|
|
||
| 1. Create a new workspace in Coder using this template. | ||
| 2. Fill in the parameters with your Linux system's details. | ||
| 3. Start the workspace—Coden will connect via SSH and deploy the agent. |
There was a problem hiding this comment.
Typo: "Coden" should be "Coder".
| connection { | ||
| type = "ssh" | ||
| host = data.coder_parameter.host.value | ||
| user = data.coder_parameter.username.value | ||
| port = data.coder_parameter.port.value | ||
| password = local.ssh_password | ||
| private_key = local.ssh_private_key | ||
| timeout = "5m" |
There was a problem hiding this comment.
Security concern: SSH credentials (password or private key) are stored in Terraform state and passed as environment variables. Consider adding documentation warning users about this security implication, especially for production use. Users should be aware that these credentials will be stored in the Terraform state file.
There was a problem hiding this comment.
I want to use the ssh-key pair which generate by coder but I don't know how to read the private_key
There was a problem hiding this comment.
You should be able to access this from data "coder_workspace_owner" "me" {}
Here are the docs related: https://registry.terraform.io/providers/coder/coder/latest/docs/data-sources/workspace_owner
The only thing is you would need to be able to put this key from coder on the target machine before actually making the connection which would require password auth to begin with so unless we had a way to source it from the target machine it might be moot
There was a problem hiding this comment.
I agree. But we may not wanna save the password into coder. So the solution is that the user login the system and add the public key(which is shown in coder) into ~/.ssh/authorized_keys manually.
|
After #606 merge, can add KasmVNC into apps 
|
| " kill -TERM \"$PID\" || true", | ||
| " sleep 5", | ||
| " kill -KILL \"$PID\" || true", |
There was a problem hiding this comment.
The kill command sequence may fail silently if the process doesn't exist or has already exited. The kill -0 check is good, but between the check and the actual kill, the process could exit. Additionally, kill -KILL after a 5-second sleep may be too aggressive. Consider adding error handling and potentially increasing the grace period, or checking if the process is still running before sending SIGKILL.
| " kill -TERM \"$PID\" || true", | |
| " sleep 5", | |
| " kill -KILL \"$PID\" || true", | |
| " kill -TERM \"$PID\" 2>/dev/null || echo \"Warning: failed to send SIGTERM to process $PID\" >&2", | |
| " for i in $(seq 1 10); do", | |
| " if ! kill -0 \"$PID\" 2>/dev/null; then", | |
| " break", | |
| " fi", | |
| " sleep 1", | |
| " done", | |
| " if kill -0 \"$PID\" 2>/dev/null; then", | |
| " kill -KILL \"$PID\" 2>/dev/null || echo \"Warning: failed to send SIGKILL to process $PID\" >&2", | |
| " fi", |
There was a problem hiding this comment.
Adding error handling here is a good idea.
3 participants
Description
A draft that allow user connect existing linux system though coder by ssh
Type of Change
Template Information
Path:
registry/IamTaoChen/templates/ssh-linuxTesting & Validation
bun test)bun fmt)Related Issues