If you try to connect to a mini via Apple's "Screen Sharing", it will prompt onscreen for permission - which defeats the purpose, since nobody is there to click "OK". Presumably there's a setting we can adjust somewhere to remove this prompt. And presumably we can tweak that setting with puppet.
Talking with a consultant friend of mine who does a lot of apple work for schools, he said what you want to do is turn on remote management and turn off screen sharing. This is also the facility that ARD uses, so setting this up is probably a good thing all around. This link seems to say pretty much the same thing: http://how2s.org/index.php/How_to_enable_screen-sharing_on_Mac_OS_X_via_SSH/Terminal/CLI So likely, we want to run: /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users admin -restart -agent (maybe admin,cltblt) And: rm -f /etc/ScreenSharing.launchd Will someone who's actually used mac screen sharing (Dustin?) verify that this works?
For reference, this is what we do in the password changing script: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -activate -access -on -clientopts -setvnclegacy -vnclegacy yes -setvncpw -vncpw $vnc_password -restart -agent http://hg.mozilla.org/build/tools/file/default/buildfarm/maintenance/update_remote_creds.pl#l341 We use this for Tiger, Leopard, and Snow Leopard, but only care that the latter two keep working.
Zandr, is the VNC stuff good enough for you, ro do you want to be able to use screen sharing, too (at least I presume this means you can only use vnc and not screen sharing)?
Screen Sharing is a win over VNC for performance reasons (and security, but that's not a big issue internally). Having said that, enabling the right bits for ARD is going to pay off in the long term, so we should figure out what those should be, test in a lab, and deploy that instead.
Assigned to me to verify per amy's request in comment 1.
Assignee: server-ops-releng → dustin
So on talos-r3-snow-002 and -030, /Library/Preferences/com.apple.ScreenSharing.launchd does not exist. Running kickstart -activate -configure -access -on -privs -all -users cltbld -restart -agent on talos-r3-snow-002 doesn't allow me to login using screen sharing. I ran cd /Library/Preferences echo -n enabled > com.apple.ScreenSharing.launchd and ran the same kickstart command, with the same result. All this time, I can connect using cotvnc without any trouble. So, verified in the negative :(
Assignee: dustin → server-ops-releng
Summary: fix screen-sharing permission on minis → correctly configure ARD on minis
These changes should also be applied to the 'bootcamp' ref image, so if a Windows Mini boots into OSX, we can recover remotely.
Currently I am setting up an ARD lab at my desk with one of the mac mini servers and a mac mini r5. Will report back on status updates.
I've got ARD working on pxe1 and install, and we likely are not going to use it on the talos machines.
Assignee: mlarrain → arich
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.