wiki:telehouse_serial_access

  1. How do I connect to an MF/PL server located at Telehouse via the …
  2. Different systems
    1. IPMI
      1. Connecting via IPMI
        1. Serial Console
        2. Full access
    2. Serial Console
      1. Serial Console physical setup
      2. How to connect
      3. Setting up a new console user
        1. Overview
        2. Actual steps

How do I connect to an MF/PL server located at Telehouse via the serial port?

Note: if you are trying to connect to a server in our Web Architects colo see Web Architects serial acess page; for Koumbit see Koumbit serial access; for Monkey Brains, see Monkey Brains serial access.

Different systems

At telehouse we have a mix of serial access and ipmi access.

The following servers are handled via ipmi:

  • john

If you want to access one of the servers listed above, follow the ipmi instructions.

Otherwise, follow the serial console instructions

To setup a new ipmi server, see the ipmi setup directions.

IPMI

Connecting via IPMI

Serial Console

You can ssh in as john-console@console.mayfirst.org and execute the ./sol script. The password is in keyringer.

Full access

First, ssh into robideau and enable nginx. This will enable ipmi access via https (via nginx proxy).

Then, connect to https://<servername>.ipmi.mayfirst.org/

You will be prompted for the IPMI password (check keyringer) and remember, the username is case sensitive.

Click Remote Control -> iKVM/HTML5

You can't copy/paste like normal via ipmi, so here's a bash one line for use xdotool to accomplish something similar. 

read -p "Copy password to clipboard then hit any key" && data=$(xclip -o) && printf "Hover mouse over iKVM window and wait 5 seconds.\n" && sleep 5 && xdotool type "$data"

Serial Console

Serial Console physical setup

In the MF/PL Telehouse rack, we have two startech 16-port USB to serial adapters using the FTDI chipset connected to the server robideau.

Run: 

cereal-admin list

To see the layout.

The serial consoles of the attached machines are all remotely accessible (to properly-authenticated people), and they are also logged and time-stamped. We are using cereal to do this cleanly and easily.

How to connect

In order to connect via serial console to one of the servers named above, ssh into console.mayfirst.org as servername-console

For example: 

ssh -t ken-console@console.mayfirst.org cereal attach ken

Would give you full read/write access to the console on ken.

The SSH RSA host key for console.mayfirst.org should have a fingerprint of: 

2048 c5:a7:2a:6e:c2:0e:79:7d:d6:ff:ce:c7:2d:30:e2:f2

We can also setup additional users that have read-only access to the sessions created by each of these usernames, should that be desirable. You can request such access by creating a ticket.

In addition - we have a serial line running from wiwa's /dev/ttyUSB0 that goes to robideau's built-in serial port 1, so that robideau's console itself is remotely accessible, and logged. You can connect to robideau's console with: 

ssh -t robideau-console@wiwa.mayfirst.org cereal attach robideau

Setting up a new console user

Overview

To ensure the proper device is connected to the proper path on reboots, we maintain a udev configuration here:

/etc/udev/rules.d/z25_persistent_usb_serial.rules

A sample entry is: 

SUBSYSTEMS=="usb", ENV{ID_SERIAL}=="FTDI_FT232R_USB_UART_ST161539",SYMLINK+="ttyUSBmalaka"

This means, create a symlink called /dev/ttyUSBmalaka for the device with the serial number "FTDI_FT232R_USB_UART_ST161539"

The first step is to figure out which serial number is used by the cable you are using.

The second step is to create the right rule the creates a consistent symlink based on that serial number.

The third step is to create a cereal-admin entry pointing to the symlink.

Actual steps

First, plug your server or device into an un-used port on one of our USB serial adapters.

Second, as root run cereal-admin list and note all the cereal instance named "test." These are the un-allocated ones.

Next, login with the username pdu-console@console.mayfirst.org. This user has access to all the un-allocated cereal instances.

As pdu-console, run cereal attach <instance> (replace instance with test0, test4, etc.). Run through all the available instances until you find yours.

When you find yours, figure out the mapping. test0 is connected to /dev/ttyUSB0, test4 is /dev/ttyUSB4, etc. Run: ls -l /dev/serial/by-id/ and figure out which id is pointing to the device that is yours.

Then, edit /etc/udev/rules.d/z25_persistent_usb_serial.rules - adding a line with your id and a human name.

Restart udev and re-trigger creation of symlinks with systemctl restart udev && udevadm trigger -s tty.

Lasly, to setup a new console user (this is something only admins can do), do the following as root@robideau: 

adduser --disabled-password --gecos='fred console user,,,' fred-console
cereal-admin create fred /dev/ttyUSBfred 115200 fred-console fred-console
cereal-admin start fred
Last modified 5 months ago Last modified on Feb 8, 2019, 8:45:12 AM