ReleaseEngineering/How To/Access Machines via VNC: Difference between revisions
ChrisCooper (talk | contribs) No edit summary |
(noted that RealVNC can connect to standard apple vnc now without "legacy VNC" setting.) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 8: | Line 8: | ||
"It should just work."™ | "It should just work."™ | ||
= Linux (Ubuntu) loaners = | == Linux build (CentOS) loaners == | ||
Builders use Xvfb (for PGO) rather than VNC, so VNC isn't even installed be default. The packages are available though via yum: | |||
yum install x11vnc | |||
If you encounter cert errors (because the certs would have been removed when the machine was loaned), you may need to download (wget) the rpm (and dependencies) from the mozilla repo links that yum prints out. | |||
== Linux tester (Ubuntu) loaners == | |||
VNC is not running by default. | VNC is not running by default. | ||
ssh as root and run this: | ssh as root and run this: | ||
Line 19: | Line 25: | ||
=== Connecting from a Linux client === | === Connecting from a Linux client === | ||
Remmina Desktop Client and xtightvncviewer have been tested as a Linux client that managed to connect to Mountain Lion | '''To Mountain-Lion:''' | ||
Remmina Desktop Client and xtightvncviewer have been tested as a Linux client that managed to connect to Mountain Lion. | |||
* [jmaher] - Remmina would connect and then terminate immediately for me, I ended up getting in with xtightvncviewer (the first try had a keychain issue, the second try worked) | * [jmaher] - Remmina would connect and then terminate immediately for me, I ended up getting in with xtightvncviewer (the first try had a keychain issue, the second try worked) | ||
'''To Yosemite+:''' | |||
* [dhouse] - RealVNC is now able to connect to Apple's VNC without turning on the "legacy VNC" password only auth (See https://serverfault.com/a/897156). I was able to connect through the jumphosts (corp and rejh) with RealVNC 6.18, from linux 4.14.57, to OSX yosemite without problems. | |||
For Linux clients, you will have to enable "legacy VNC" instead of | For other Linux clients, you will have to enable "legacy VNC", instead of Apple's authentication, as well as setting the password. See the section "Enable legacy VNC and set the password". Once you run those commands you will be able to VNC and you will have to use your cltbld credentials. You might have to connect a second time for the connection to stick. | ||
See the section "Enable legacy VNC and set the password". | |||
Once you run those commands you will be able to VNC and you will have to use your cltbld credentials. You might have to connect a second time for the connection to stick. | |||
=== Connecting from a Windows client === | === Connecting from a Windows client === |
Latest revision as of 16:25, 6 August 2018
For developers
Windows loaners
"It should just work."™
Linux build (CentOS) loaners
Builders use Xvfb (for PGO) rather than VNC, so VNC isn't even installed be default. The packages are available though via yum:
yum install x11vnc
If you encounter cert errors (because the certs would have been removed when the machine was loaned), you may need to download (wget) the rpm (and dependencies) from the mozilla repo links that yum prints out.
Linux tester (Ubuntu) loaners
VNC is not running by default. ssh as root and run this:
start x11vnc
Mac OS X loaners
Connecting from a Mac client
- Use Chicken of the VNC (CotVNC). This is preferred over other clients (and even over Apple's Remote Desktop) because it's known to work.
- Use the FQDN, e.g: vnc://talos-r4-snow-001.build.mozilla.org
Connecting from a Linux client
To Mountain-Lion: Remmina Desktop Client and xtightvncviewer have been tested as a Linux client that managed to connect to Mountain Lion.
- [jmaher] - Remmina would connect and then terminate immediately for me, I ended up getting in with xtightvncviewer (the first try had a keychain issue, the second try worked)
To Yosemite+:
- [dhouse] - RealVNC is now able to connect to Apple's VNC without turning on the "legacy VNC" password only auth (See https://serverfault.com/a/897156). I was able to connect through the jumphosts (corp and rejh) with RealVNC 6.18, from linux 4.14.57, to OSX yosemite without problems.
For other Linux clients, you will have to enable "legacy VNC", instead of Apple's authentication, as well as setting the password. See the section "Enable legacy VNC and set the password". Once you run those commands you will be able to VNC and you will have to use your cltbld credentials. You might have to connect a second time for the connection to stick.
Connecting from a Windows client
TightVNC has been tested by Honza to work to connect from Windows to a Mountain Lion releng machine. Honza has determined that real VNC free is faulty.
OS X version-specific notes
Each of our Mac versions have slight differences with regards as to which user to login with once you have VNC'ed into the machine.
This section just documents the current status if you try to VNC to a machine.
You might need to go through the section "Enable legacy VNC and set the password" depending on the version of Mac.
Mac OS X 10.6 - Snow Leopard
Login as the root user with the root password. It will take you to the Builder's session.
Mac OS X 10.7 - Lion
Rarely needed since these are now only used as builders.
Login as the root user with the root password. It will take you to the Builder's session.
Mac OS X 10.8 - Mountain Lion
NOTE: Do not use Apple Remote Desktop
You might be able to VNC to the machine as-is (TODO: Someone from releng check this) Follow the "Enable legacy VNC and set the password" if you can't VNC with a VNC client.
Mac OS X 10.10 - Yosemite
Use the Builder user from the account selection screen. Because of the password change that happens as part of the loaner process, you may see keychain verification dialogs unless the person on buildduty clears these for you before handing over the loan.
For releng
Password
It lives in slave-passwords.txt.gpg
Setup for loaning
NOTE: Please add notes once you figure it out.
Windows
Moving the machine to the loaner OU takes care of everything.
Linux
Just change the connection password in /etc/vnc_passwdfile, as per the slave loan instructions.
Mac OS X 10.6 - Snow Leopard
Instructions cribbed from: http://osxdaily.com/2012/10/10/remote-control-mac-screen-sharing-os-x/
Changing the cltbld password, e.g. for a slave loan, messes up the auto-login (on purpose). To connect via VNC, you'll need to login as root, and then select the "Builder" user to login to the desktop.
Mac OS X 10.7 - Lion
This is valid for a bld-lion-r5 machine.
Follow the steps from "Enable legacy VNC and set the password". If you use Remmina to connect change the colors to 24-bit, otherwise, it will crash.
Mac OS X 10.8 - Mountain Lion
Note: not actually verified
VNC in Mountain Lion is has issues. You need to run these commands on your loaner machine to fix vnc while logged in via ssh
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users cltbld -privs -all -restart -agent -menu
see here for more details https://wiki.mozilla.org/ReferencePlatforms/Test/MountainLion
Mac OS X 10.10 - Yosemite
If you're using a Mac locally, Apple's remote desktop connection works by default. Use Command-K in your local Finder window to initiate a connection.
For other local OSes, follow the legacy VNC instructions below.
Enable legacy VNC and set the password
NOTE: Change the -vncpwd supersecret to something meaningful.
Verified working on: talos-r4-snow-139
We have to enable legacy VNC and set a new password (as I can't figure out what the current password is):
# root@t-yosemite-r5-0001 vncpw=supersecret /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \ -configure -allowAccessFor -allUsers -privs -all /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \ -configure -clientopts -setvnclegacy -vnclegacy yes /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \ -configure -clientopts -setvncpw -vncpw ${vncpw} /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \ -restart -agent -console
This is all based on this article.
More info about the command (for the curious):
-activate: enable service com.apple.screensharing -access -on - included in ARD_AllLocalUsersPrivs, below -privs -all: defaults write ${TargetDisk}Library/Preferences/com.apple.RemoteManagement ARD_AllLocalUsersPrivs -integer 0x400000ff -allowAccessFor -allUsers: defaults write /Library/Preferences/com.apple.RemoteManagement ARD_AllLocalUsers -boolean TRUE
FAQ
Q: I'm trying to connect from Linux with Remmina Desktop to a Mac machine but when I connect I get kicked out immediately (I see a window pop up for a second and then goes away)
A: Try changing the color setings (256 colors was causing this for armenzg)
Tip: xtightvncviewer can first have a keychain issue and the second try would work.
Login in with Apple's Remote Desktop will render this issue:
You can login with the root user, however, you will be starting root's VNC session without being able to see what is happening under Builder/cltbld. You can try the Builder user, however, it will only be a request that will require an authorization and there's no one on the other side to grant you the access. See https://bugzilla.mozilla.org/show_bug.cgi?id=733534 for details.