Changes between Version 87 and Version 88 of telehouse_serial_access


Ignore:
Timestamp:
Mar 13, 2020, 12:32:54 PM (4 months ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • telehouse_serial_access

    v87 v88  
    1212
    1313 * john
     14 * ali
    1415
    1516If you want to access one of the servers listed above, follow the ipmi instructions.
     
    4748=== Serial Console physical setup ===
    4849
    49 In the MF/PL Telehouse rack, we have two startech 16-port USB to serial adapters using the FTDI chipset connected to the server `robideau`.
     50In the MF/PL Telehouse rack, we have two startech 16-port USB to serial adapters using the FTDI chipset connected to the server `clr`.
    5051
    5152Run:
     
    7374The SSH RSA host key for `console.mayfirst.org` should have a fingerprint of:
    7475{{{
    75 2048 c5:a7:2a:6e:c2:0e:79:7d:d6:ff:ce:c7:2d:30:e2:f2
     76SHA256:cQQvJoxRTkKZbXPjyS1nzw/aqJC2oOSQSWLdWkDVnHo
    7677}}}
     78
     79The ECDSA is:
     80
     81{{{
     82SHA256:ZUa7I8E9xAbPZb0yMiJf1HFFlcdLfdSgfYrX4SaYvN0
     83}}}
     84
     85Or, add `VerifyHostKeyDNS yes` to your `~/.ssh/config` file to get these fingerprints via DNS.
    7786
    7887We can also setup additional users that have read-only access to the sessions created by each of these usernames, should that be desirable.  You can request such access by creating a [/newticket ticket].
    7988
    80 In addition - we have a serial line running from `wiwa`'s `/dev/ttyUSB0` that goes to `robideau`'s built-in serial port 1, so that `robideau`'s console itself is remotely accessible, and logged.  You can connect to robideau's console with:
     89In addition - we have a serial line running from `wiwa`'s `/dev/ttyUSB0` that goes to `clr`'s built-in serial port 1, so that `clr`'s console itself is remotely accessible, and logged.  You can connect to clr's console with:
    8190
    8291{{{
    83 ssh -t robideau-console@wiwa.mayfirst.org cereal attach robideau
     92ssh -t clr-console@wiwa.mayfirst.org cereal attach robideau
    8493}}}
    8594
    8695=== Setting up a new console user ===
    8796
    88 ==== Overview ====
     97This is now handled via ansible! Docs comming.
    8998
    90 To ensure the proper device is connected to the proper path on reboots, we maintain a udev configuration here:
    91 
    92 /etc/udev/rules.d/z25_persistent_usb_serial.rules
    93 
    94 A sample entry is:
    95 
    96 {{{
    97 SUBSYSTEMS=="usb", ENV{ID_SERIAL}=="FTDI_FT232R_USB_UART_ST161539",SYMLINK+="ttyUSBmalaka"
    98 }}}
    99 
    100 This means, create a symlink called /dev/ttyUSBmalaka for the device with the serial number "FTDI_FT232R_USB_UART_ST161539"
    101 
    102 The first step is to figure out which serial number is used by the cable you are using.
    103 
    104 The second step is to create the right rule the creates a consistent symlink based on that serial number.
    105 
    106 The third step is to create a cereal-admin entry pointing to the symlink.
    107 
    108 ==== Actual steps ====
    109 
    110 First, plug your server or device into an un-used port on one of our USB serial adapters.
    111 
    112 Second, as root run `cereal-admin list` and note all the cereal instance named "test." These are the un-allocated ones.
    113 
    114 Next, login with the username `pdu-console@console.mayfirst.org`. This user has access to all the un-allocated cereal instances.
    115 
    116 As `pdu-console`, run `cereal attach <instance>` (replace instance with test0, test4, etc.). Run through all the available instances until you find yours.
    117 
    118 When you find yours, figure out the mapping. test0 is connected to /dev/ttyUSB0, test4 is /dev/ttyUSB4, etc. Run: `ls -l /dev/serial/by-id/` and figure out which id is pointing to the device that is yours.
    119 
    120 Then, edit `/etc/udev/rules.d/z25_persistent_usb_serial.rules` - adding a line with your id and a human name.
    121 
    122 Restart udev and re-trigger creation of symlinks with `systemctl restart udev && udevadm trigger -s tty`.
    123 
    124 Lasly, to setup a new console user (this is something only admins can do), do the following as `root@robideau`:
    125 
    126 {{{
    127 adduser --disabled-password --gecos='fred console user,,,' fred-console
    128 cereal-admin create fred /dev/ttyUSBfred 115200 fred-console fred-console
    129 cereal-admin start fred
    130 }}}
    131