correctly configure ARD on minis

RESOLVED FIXED

Status

--
enhancement
RESOLVED FIXED
8 years ago
5 years ago

People

(Reporter: dustin, Assigned: arich)

Tracking

Details

(Whiteboard: [puppet][buildslaves])

If you try to connect to a mini via Apple's "Screen Sharing", it will prompt onscreen for permission - which defeats the purpose, since nobody is there to click "OK".

Presumably there's a setting we can adjust somewhere to remove this prompt.  And presumably we can tweak that setting with puppet.
(Assignee)

Comment 1

8 years ago
Talking with a consultant friend of mine who does a lot of apple work for schools, he said what you want to do is turn on remote management and turn off screen sharing.  This is also the facility that ARD uses, so setting this up is probably a good thing all around.  This link seems to say pretty much the same thing:

http://how2s.org/index.php/How_to_enable_screen-sharing_on_Mac_OS_X_via_SSH/Terminal/CLI


So likely, we want to run:

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users admin  -restart -agent

(maybe admin,cltblt)

And:

rm -f /etc/ScreenSharing.launchd

Will someone who's actually used mac screen sharing (Dustin?) verify that this works?
For reference, this is what we do in the password changing script:
 sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -activate -access -on -clientopts -setvnclegacy -vnclegacy yes -setvncpw -vncpw $vnc_password -restart -agent

http://hg.mozilla.org/build/tools/file/default/buildfarm/maintenance/update_remote_creds.pl#l341

We use this for Tiger, Leopard, and Snow Leopard, but only care that the latter two keep working.
(Assignee)

Comment 3

8 years ago
Zandr, is the VNC stuff good enough for you, ro do you want to be able to use screen sharing, too (at least I presume this means you can only use vnc and not screen sharing)?
Screen Sharing is a win over VNC for performance reasons (and security, but that's not a big issue internally).

Having said that, enabling the right bits for ARD is going to pay off in the long term, so we should figure out what those should be, test in a lab, and deploy that instead.
Assigned to me to verify per amy's request in comment 1.
Assignee: server-ops-releng → dustin
So on talos-r3-snow-002 and -030,
 /Library/Preferences/com.apple.ScreenSharing.launchd
does not exist.

Running
  kickstart -activate -configure -access -on -privs -all -users cltbld -restart -agent

on talos-r3-snow-002 doesn't allow me to login using screen sharing.  I ran

cd /Library/Preferences
echo -n enabled > com.apple.ScreenSharing.launchd

and ran the same kickstart command, with the same result.  All this time, I can connect using cotvnc without any trouble.

So, verified in the negative :(
Assignee: dustin → server-ops-releng
(Assignee)

Updated

7 years ago
Summary: fix screen-sharing permission on minis → correctly configure ARD on minis
These changes should also be applied to the 'bootcamp' ref image, so if a Windows Mini boots into OSX, we can recover remotely.
(Assignee)

Updated

7 years ago
Assignee: server-ops-releng → mlarrain
Currently I am setting up an ARD lab at my desk with one of the mac mini servers and a mac mini r5. Will report back on status updates.
(Assignee)

Updated

7 years ago
Severity: normal → major
(Assignee)

Updated

7 years ago
Severity: major → enhancement
(Assignee)

Comment 9

7 years ago
I've got ARD working on pxe1 and install, and we likely are not going to use it on the talos machines.
Assignee: mlarrain → arich
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.