ReleaseEngineering/How To/Access Machines via VNC: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
(noted that RealVNC can connect to standard apple vnc now without "legacy VNC" setting.)
 
(2 intermediate revisions by one other user not shown)
Line 8: Line 8:
"It should just work."™
"It should just work."™


= Linux (Ubuntu) loaners =
== Linux build (CentOS) loaners ==
Builders use Xvfb (for PGO) rather than VNC, so VNC isn't even installed be default. The packages are available though via yum:
yum install x11vnc
 
If you encounter cert errors (because the certs would have been removed when the machine was loaned), you may need to download (wget) the rpm (and dependencies) from the mozilla repo links that yum prints out.
 
== Linux tester (Ubuntu) loaners ==
VNC is not running by default.
VNC is not running by default.
ssh as root and run this:
ssh as root and run this:
Line 19: Line 25:


=== Connecting from a Linux client ===
=== Connecting from a Linux client ===
Remmina Desktop Client and xtightvncviewer have been tested as a Linux client that managed to connect to Mountain Lion. Other versions have not been tested.
'''To Mountain-Lion:'''
Remmina Desktop Client and xtightvncviewer have been tested as a Linux client that managed to connect to Mountain Lion.
* [jmaher] - Remmina would connect and then terminate immediately for me, I ended up getting in with xtightvncviewer (the first try had a keychain issue, the second try worked)
* [jmaher] - Remmina would connect and then terminate immediately for me, I ended up getting in with xtightvncviewer (the first try had a keychain issue, the second try worked)
'''To Yosemite+:'''
* [dhouse] - RealVNC is now able to connect to Apple's VNC without turning on the "legacy VNC" password only auth (See https://serverfault.com/a/897156). I was able to connect through the jumphosts (corp and rejh) with RealVNC 6.18, from linux 4.14.57, to OSX yosemite without problems.


For Linux clients, you will have to enable "legacy VNC" instead of Mac's version before you can connect as well as setting the password.
For other Linux clients, you will have to enable "legacy VNC", instead of Apple's authentication, as well as setting the password. See the section "Enable legacy VNC and set the password". Once you run those commands you will be able to VNC and you will have to use your cltbld credentials. You might have to connect a second time for the connection to stick.
See the section "Enable legacy VNC and set the password".
 
Once you run those commands you will be able to VNC and you will have to use your cltbld credentials. You might have to connect a second time for the connection to stick.


=== Connecting from a Windows client ===
=== Connecting from a Windows client ===

Latest revision as of 16:25, 6 August 2018


For developers

Windows loaners

"It should just work."™

Linux build (CentOS) loaners

Builders use Xvfb (for PGO) rather than VNC, so VNC isn't even installed be default. The packages are available though via yum:

yum install x11vnc

If you encounter cert errors (because the certs would have been removed when the machine was loaned), you may need to download (wget) the rpm (and dependencies) from the mozilla repo links that yum prints out.

Linux tester (Ubuntu) loaners

VNC is not running by default. ssh as root and run this:

start x11vnc

Mac OS X loaners

Connecting from a Mac client

  • Use Chicken of the VNC (CotVNC). This is preferred over other clients (and even over Apple's Remote Desktop) because it's known to work.
  • Use the FQDN, e.g: vnc://talos-r4-snow-001.build.mozilla.org

Connecting from a Linux client

To Mountain-Lion: Remmina Desktop Client and xtightvncviewer have been tested as a Linux client that managed to connect to Mountain Lion.

  • [jmaher] - Remmina would connect and then terminate immediately for me, I ended up getting in with xtightvncviewer (the first try had a keychain issue, the second try worked)

To Yosemite+:

  • [dhouse] - RealVNC is now able to connect to Apple's VNC without turning on the "legacy VNC" password only auth (See https://serverfault.com/a/897156). I was able to connect through the jumphosts (corp and rejh) with RealVNC 6.18, from linux 4.14.57, to OSX yosemite without problems.

For other Linux clients, you will have to enable "legacy VNC", instead of Apple's authentication, as well as setting the password. See the section "Enable legacy VNC and set the password". Once you run those commands you will be able to VNC and you will have to use your cltbld credentials. You might have to connect a second time for the connection to stick.

Connecting from a Windows client

TightVNC has been tested by Honza to work to connect from Windows to a Mountain Lion releng machine. Honza has determined that real VNC free is faulty.

OS X version-specific notes

Each of our Mac versions have slight differences with regards as to which user to login with once you have VNC'ed into the machine.

This section just documents the current status if you try to VNC to a machine.

You might need to go through the section "Enable legacy VNC and set the password" depending on the version of Mac.

Mac OS X 10.6 - Snow Leopard

Login as the root user with the root password. It will take you to the Builder's session.

Mac OS X 10.7 - Lion

Rarely needed since these are now only used as builders.

Login as the root user with the root password. It will take you to the Builder's session.

Mac OS X 10.8 - Mountain Lion

NOTE: Do not use Apple Remote Desktop

You might be able to VNC to the machine as-is (TODO: Someone from releng check this) Follow the "Enable legacy VNC and set the password" if you can't VNC with a VNC client.

Mac OS X 10.10 - Yosemite

Use the Builder user from the account selection screen. Because of the password change that happens as part of the loaner process, you may see keychain verification dialogs unless the person on buildduty clears these for you before handing over the loan.

For releng

Password

It lives in slave-passwords.txt.gpg

Setup for loaning

NOTE: Please add notes once you figure it out.

Windows

Moving the machine to the loaner OU takes care of everything.

Linux

Just change the connection password in /etc/vnc_passwdfile, as per the slave loan instructions.

Mac OS X 10.6 - Snow Leopard

Instructions cribbed from: http://osxdaily.com/2012/10/10/remote-control-mac-screen-sharing-os-x/

Changing the cltbld password, e.g. for a slave loan, messes up the auto-login (on purpose). To connect via VNC, you'll need to login as root, and then select the "Builder" user to login to the desktop.

Mac OS X 10.7 - Lion

This is valid for a bld-lion-r5 machine.

Follow the steps from "Enable legacy VNC and set the password". If you use Remmina to connect change the colors to 24-bit, otherwise, it will crash.

Mac OS X 10.8 - Mountain Lion

Note: not actually verified


VNC in Mountain Lion is has issues. You need to run these commands on your loaner machine to fix vnc while logged in via ssh

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users cltbld -privs -all -restart -agent -menu

see here for more details https://wiki.mozilla.org/ReferencePlatforms/Test/MountainLion


Mac OS X 10.10 - Yosemite

If you're using a Mac locally, Apple's remote desktop connection works by default. Use Command-K in your local Finder window to initiate a connection.

For other local OSes, follow the legacy VNC instructions below.

Enable legacy VNC and set the password

NOTE: Change the -vncpwd supersecret to something meaningful.

Verified working on: talos-r4-snow-139

We have to enable legacy VNC and set a new password (as I can't figure out what the current password is):

# root@t-yosemite-r5-0001
vncpw=supersecret
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
 -configure -allowAccessFor -allUsers -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
 -configure -clientopts -setvnclegacy -vnclegacy yes
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
 -configure -clientopts -setvncpw -vncpw ${vncpw}
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
 -restart -agent -console

This is all based on this article.

More info about the command (for the curious):

-activate:
 enable service com.apple.screensharing

-access -on - included in ARD_AllLocalUsersPrivs, below

-privs -all:
 defaults write ${TargetDisk}Library/Preferences/com.apple.RemoteManagement ARD_AllLocalUsersPrivs -integer 0x400000ff

-allowAccessFor -allUsers:
 defaults write /Library/Preferences/com.apple.RemoteManagement ARD_AllLocalUsers -boolean TRUE

FAQ

Q: I'm trying to connect from Linux with Remmina Desktop to a Mac machine but when I connect I get kicked out immediately (I see a window pop up for a second and then goes away)
A: Try changing the color setings (256 colors was causing this for armenzg)

Tip: xtightvncviewer can first have a keychain issue and the second try would work.

Login in with Apple's Remote Desktop will render this issue:

You can login with the root user, however, you will be starting root's VNC
session without being able to see what is happening under Builder/cltbld.
You can try the Builder user, however, it will only be a request that will
require an authorization and there's no one on the other side to grant you the access.
See https://bugzilla.mozilla.org/show_bug.cgi?id=733534 for details.