How do I connect to an MF/PL server located at Telehouse via the serial port?
Note: if you are trying to connect to a server in our Web Architects colo see Web Architects serial acess page; for Koumbit see Koumbit serial access; for Monkey Brains, see Monkey Brains serial access.
Different systems
At telehouse we have a mix of serial access and ipmi access.
The following servers are handled via ipmi:
- john
- ali
If you want to access one of the servers listed above, follow the ipmi instructions.
Otherwise, follow the serial console instructions
To setup a new ipmi server, see the ipmi setup directions.
IPMI
Connecting via IPMI
Serial Console
You can ssh in as john-console@console.mayfirst.org
and execute the ./sol
script. The password is in keyringer.
Full access
First, ssh into robideau and enable nginx. This will enable ipmi access via https (via nginx proxy).
Then, connect to https://<servername>.ipmi.mayfirst.org/
You will be prompted for the IPMI password (check keyringer) and remember, the username is case sensitive.
Click Remote Control -> iKVM/HTML5
You can't copy/paste like normal via ipmi, so here's a bash one line for use xdotool to accomplish something similar.
read -p "Copy password to clipboard then hit any key" && data=$(xclip -o) && printf "Hover mouse over iKVM window and wait 5 seconds.\n" && sleep 5 && xdotool type "$data"
Serial Console
Serial Console physical setup
In the MF/PL Telehouse rack, we have two startech 16-port USB to serial adapters using the FTDI chipset connected to the server clr
.
Run:
cereal-admin list
To see the layout.
The serial consoles of the attached machines are all remotely accessible (to properly-authenticated people), and they are also logged and time-stamped. We are using cereal to do this cleanly and easily.
How to connect
In order to connect via serial console to one of the servers named above, ssh into console.mayfirst.org
as servername-console
For example:
ssh -t ken-console@console.mayfirst.org cereal attach ken
Would give you full read/write access to the console on ken
.
The SSH RSA host key for console.mayfirst.org
should have a fingerprint of:
SHA256:cQQvJoxRTkKZbXPjyS1nzw/aqJC2oOSQSWLdWkDVnHo
The ECDSA is:
SHA256:ZUa7I8E9xAbPZb0yMiJf1HFFlcdLfdSgfYrX4SaYvN0
Or, add VerifyHostKeyDNS yes
to your ~/.ssh/config
file to get these fingerprints via DNS.
We can also setup additional users that have read-only access to the sessions created by each of these usernames, should that be desirable. You can request such access by creating a ticket.
In addition - we have a serial line running from wiwa
's /dev/ttyUSB0
that goes to clr
's built-in serial port 1, so that clr
's console itself is remotely accessible, and logged. You can connect to clr's console with:
ssh -t clr-console@wiwa.mayfirst.org cereal attach robideau
Setting up a new console user
This is now handled via ansible! Docs comming.