One thing I love about the Internet, is the ability to bring us closer. You have noticed a post for DJ. DJ asked me, in the comments of one of my blogs to go more in-depth in some of the serial ports to work with VDI, so I did. Come to find out DJ works in Europe for a Sun Reseller, and was on-site at a customer looking for help. With out even knowing it, my blog post helped a customer out and Sun sold the customer on Sun as a company.
All that to say, DJ wanted to return something back to the community, so below is a script he wrong integrating SGD and SRSS. This is what Open Source is all about. People doing some cool things and returning them to the community to make the community stronger!
Thanks DJ for the script, it's been great meeting you, and I am still working on the open LDAP integration.
__________________
Here we go:
I gave my users a new menu option in their SSGD menus: "My Sun Ray Session". When they click on it a new window opens and taaadaaa! they are indeed back into their Sun Ray session which they left at the office.
Here is how it works:
The menu point "My Sun Ray Session" is a script that resides on the Sun Ray server itself, e.g. /usr/bin/my_sunray.sh ... so when a user clicks on this menu entry inside their SSGD webtop then SSGD does a "ssh -X" connection to the Sun Ray server and launches this script:
#! /bin/bash
# set -x
VNCDISPLAY=`grep 'VNCDISPLAY' /tmp/RemoteControl/$LOGNAME.agent.settings.vnc | cut -d'=' -f2`
FCPASS=`grep 'FCPASS' /tmp/RemoteControl/$LOGNAME.agent.settings.vnc | cut -d'=' -f2`
if [ -z $VNCDISPLAY ]
then
# echo "You don't seem to have a Sun Ray session."
/usr/bin/zenity --error --text="You don't seem to have a Sun Ray session."
exit 1
fi
/usr/bin/create_vnc_passwd.sh $FCPASS > /dev/null
/usr/bin/vncviewer -shared -passwd $HOME/.vnc/passwd $VNCDISPLAY > /dev/null
As explained above: My script assumes that the "Remote Control Toolkit" is installed and working in "agent mode". You can get it from here: http://wiki.sun-rays.org/index.php/SRSS_Addon:_Remote_Control_Toolkit
So this explains the first few lines in my script: The "Remote Control Toolkit" stores the information you'd need to access the VNC session in a file called "/tmp/RemoteControl/YourUserNameHere.agent.settings.vnc"
The problem with this file is that there does not seem to be an automatic way how the password that gets randomly generated could be transferred over into a format that is readable for the "vncviewer" program. Hence I need a little "expect" script to help me out with this .... so that explains the "/usr/bin/create_vnc_passwd.sh" script which I am calling in the second-last line:
#! /usr/bin/expect --
spawn /usr/bin/vncpasswd
sleep 1
expect "Password:"
send "$argv\r"
expect "Verify:"
send "$argv\r"
send "\r"
expect "$"
... this script takes the "full-controll password" ($FCPASS) as argument ("$argv") and then calls "vncpasswd" so it generates the VNC-readable "~/.vnc/passwd" file.
Once that file is generated we can call "vncviewer" (last line in the "my_sunray.sh" script) and supply the newly generated "passwd" file as argument. Voila.
Result: even though the password was randomly generated when the Sun Ray session started the user is not prompted to type a password when he connects to his session via SSGD, my quick + dirty scripts do all that automagically.
I had to come up with this stuff for a customer company ... on one hand their users would like to have access to their Sun Ray sessions from home, on the other hand the company's policy-makers don't want to open any additional ports on the outside firewalls, they don't want any VPN or IPSEC solution (because that's exactly why they bought SSGD as a sort of a "VPN-replacement"...) and they don't want to give their users Sun Ray thin-client units for home use ... Voila. With these scripts they can now use SSGD and access their Sun Ray sessions remotely (if they have an open session).
All that to say, DJ wanted to return something back to the community, so below is a script he wrong integrating SGD and SRSS. This is what Open Source is all about. People doing some cool things and returning them to the community to make the community stronger!
Thanks DJ for the script, it's been great meeting you, and I am still working on the open LDAP integration.
__________________
Here we go:
I gave my users a new menu option in their SSGD menus: "My Sun Ray Session". When they click on it a new window opens and taaadaaa! they are indeed back into their Sun Ray session which they left at the office.
Here is how it works:
The menu point "My Sun Ray Session" is a script that resides on the Sun Ray server itself, e.g. /usr/bin/my_sunray.sh ... so when a user clicks on this menu entry inside their SSGD webtop then SSGD does a "ssh -X" connection to the Sun Ray server and launches this script:
#! /bin/bash
# set -x
VNCDISPLAY=`grep 'VNCDISPLAY' /tmp/RemoteControl/$LOGNAME.agent.settings.vnc | cut -d'=' -f2`
FCPASS=`grep 'FCPASS' /tmp/RemoteControl/$LOGNAME.agent.settings.vnc | cut -d'=' -f2`
if [ -z $VNCDISPLAY ]
then
# echo "You don't seem to have a Sun Ray session."
/usr/bin/zenity --error --text="You don't seem to have a Sun Ray session."
exit 1
fi
/usr/bin/create_vnc_passwd.sh $FCPASS > /dev/null
/usr/bin/vncviewer -shared -passwd $HOME/.vnc/passwd $VNCDISPLAY > /dev/null
As explained above: My script assumes that the "Remote Control Toolkit" is installed and working in "agent mode". You can get it from here: http://wiki.sun-rays.org/index.php/SRSS_Addon:_Remote_Control_Toolkit
So this explains the first few lines in my script: The "Remote Control Toolkit" stores the information you'd need to access the VNC session in a file called "/tmp/RemoteControl/YourUserNameHere.agent.settings.vnc"
The problem with this file is that there does not seem to be an automatic way how the password that gets randomly generated could be transferred over into a format that is readable for the "vncviewer" program. Hence I need a little "expect" script to help me out with this .... so that explains the "/usr/bin/create_vnc_passwd.sh" script which I am calling in the second-last line:
#! /usr/bin/expect --
spawn /usr/bin/vncpasswd
sleep 1
expect "Password:"
send "$argv\r"
expect "Verify:"
send "$argv\r"
send "\r"
expect "$"
... this script takes the "full-controll password" ($FCPASS) as argument ("$argv") and then calls "vncpasswd" so it generates the VNC-readable "~/.vnc/passwd" file.
Once that file is generated we can call "vncviewer" (last line in the "my_sunray.sh" script) and supply the newly generated "passwd" file as argument. Voila.
Result: even though the password was randomly generated when the Sun Ray session started the user is not prompted to type a password when he connects to his session via SSGD, my quick + dirty scripts do all that automagically.
I had to come up with this stuff for a customer company ... on one hand their users would like to have access to their Sun Ray sessions from home, on the other hand the company's policy-makers don't want to open any additional ports on the outside firewalls, they don't want any VPN or IPSEC solution (because that's exactly why they bought SSGD as a sort of a "VPN-replacement"...) and they don't want to give their users Sun Ray thin-client units for home use ... Voila. With these scripts they can now use SSGD and access their Sun Ray sessions remotely (if they have an open session).
Posts
1 comment:
Nice work. May I suggest some improvements?
1. You can get rid of the whole grep stuff by simply using the line:
source /tmp/RemoteControl/$LOGNAME.agent.settings.vnc
Because the file is set up like a valid shell script, you can simply refer to the variables by name.
2. Never pass a password on the command line. This is bad practice. Export it in the environment or parse the agent.settings file in create_vnc_password.sh as well. I would recommend to merge the two scripts.
Cheers,
Dominik
Post a Comment