wiki:telehouse_serial_access

  1. How do I connect to an MF/PL server located at Telehouse via the …
  2. Different systems
    1. IPMI
      1. Connecting via IPMI
        1. Serial Console
        2. Full access
    2. Serial Console
      1. Serial Console physical setup
      2. How to connect
      3. Setting up a new console user

How do I connect to an MF/PL server located at Telehouse via the serial port?

Note: if you are trying to connect to a server in our Web Architects colo see Web Architects serial acess page; for Koumbit see Koumbit serial access; for Monkey Brains, see Monkey Brains serial access.

Different systems

At telehouse we have a mix of serial access and ipmi access.

The following servers are handled via ipmi:

  • john
  • ali

If you want to access one of the servers listed above, follow the ipmi instructions.

Otherwise, follow the serial console instructions

To setup a new ipmi server, see the ipmi setup directions.

IPMI

Connecting via IPMI

Serial Console

You can ssh in as john-console@console.mayfirst.org and execute the ./sol script. The password is in keyringer.

Full access

First, ssh into robideau and enable nginx. This will enable ipmi access via https (via nginx proxy).

Then, connect to https://<servername>.ipmi.mayfirst.org/

You will be prompted for the IPMI password (check keyringer) and remember, the username is case sensitive.

Click Remote Control -> iKVM/HTML5

You can't copy/paste like normal via ipmi, so here's a bash one line for use xdotool to accomplish something similar. 

read -p "Copy password to clipboard then hit any key" && data=$(xclip -o) && printf "Hover mouse over iKVM window and wait 5 seconds.\n" && sleep 5 && xdotool type "$data"

Serial Console

Serial Console physical setup

In the MF/PL Telehouse rack, we have two startech 16-port USB to serial adapters using the FTDI chipset connected to the server clr.

Run: 

cereal-admin list

To see the layout.

The serial consoles of the attached machines are all remotely accessible (to properly-authenticated people), and they are also logged and time-stamped. We are using cereal to do this cleanly and easily.

How to connect

In order to connect via serial console to one of the servers named above, ssh into console.mayfirst.org as servername-console

For example: 

ssh -t ken-console@console.mayfirst.org cereal attach ken

Would give you full read/write access to the console on ken.

The SSH RSA host key for console.mayfirst.org should have a fingerprint of: 

SHA256:cQQvJoxRTkKZbXPjyS1nzw/aqJC2oOSQSWLdWkDVnHo

The ECDSA is: 

SHA256:ZUa7I8E9xAbPZb0yMiJf1HFFlcdLfdSgfYrX4SaYvN0

Or, add VerifyHostKeyDNS yes to your ~/.ssh/config file to get these fingerprints via DNS.

We can also setup additional users that have read-only access to the sessions created by each of these usernames, should that be desirable. You can request such access by creating a ticket.

In addition - we have a serial line running from wiwa's /dev/ttyUSB0 that goes to clr's built-in serial port 1, so that clr's console itself is remotely accessible, and logged. You can connect to clr's console with: 

ssh -t clr-console@wiwa.mayfirst.org cereal attach robideau

Setting up a new console user

This is now handled via ansible! Docs comming.

Last modified 5 months ago Last modified on Mar 13, 2020, 12:32:54 PM