[[PageOutline]]

= How do I connect to an MF/PL server located at Telehouse via the serial port? =

Note: if you are trying to connect to a server in our Web Architects colo see [wiki:webarchitects-serial-access Web Architects serial acess page]; for Koumbit see [wiki:koumbit_serial_access Koumbit serial access]; for Monkey Brains, see [wiki:monkeybrains-serial-access Monkey Brains serial access].

= Different systems =

At telehouse we have a mix of serial access and ipmi access.

The following servers are handled via ipmi:

 * john

If you want to access one of the servers listed above, follow the ipmi instructions.

Otherwise, follow the serial console instructions

== IPMI ==

=== Connecting via IPMI ===

First, ssh into robideau and enable nginx. This will enable ipmi access via https (via nginx proxy).

Then, connect to https://<servername>.ipmi.mayfirst.org/

You will be prompted for the IPMI password (check [wiki:keyringer]) and remember, the username is case sensitive.

You can't copy/paste like normal via ipmi, so here's a bash one line for use xdotool to accomplish something similar.

{{{
read -p "Copy password to clipboard then hit any key" && data=$(xclip -o) && printf "Hover mouse over iKVM window and wait 5 seconds.\n" && sleep 5 && xdotool type "$data"
}}}

=== IPMI setup ===

If you are setting up IPMI on a new server:

 * The default IPMI password is user: ADMIN, pass: ADMIN (case sensitive)
 * The password length is limited to 16 characters. Don't try to create a longer one or you will lock yourself out.
 * You have to connect first over https (and confirm an exception). Then under congiruation -> ports, disable redirect to https and only enable http
 * Assign an IP address in the range 192.168.56. range 
 * Create a new nginx configuration file on robideau (check /etc/nginx/sites-available for a template)

== Serial Console ==

=== Serial Console physical setup ===

In the MF/PL Telehouse rack, we have two startech 16-port USB to serial adapters using the FTDI chipset connected to the server `robideau`. 

Run:

{{{
cereal-admin list
}}}

To see the layout.

The serial consoles of the attached machines are all remotely accessible (to properly-authenticated people), and they are also logged and time-stamped.  We are using [http://cmrg.fithhorseman.net/wiki/cereal cereal] to do this cleanly and easily.

=== How to connect ===

In order to connect via serial console to one of the servers named above, ssh into `console.mayfirst.org` as ''servername''`-console`

For example:

{{{
ssh -t ken-console@console.mayfirst.org cereal attach ken 
}}}

Would give you full read/write access to the console on `ken`.

The SSH RSA host key for `console.mayfirst.org` should have a fingerprint of:
{{{
2048 c5:a7:2a:6e:c2:0e:79:7d:d6:ff:ce:c7:2d:30:e2:f2
}}}

We can also setup additional users that have read-only access to the sessions created by each of these usernames, should that be desirable.  You can request such access by creating a [/newticket ticket].

In addition - we have a serial line running from `wiwa`'s `/dev/ttyUSB0` that goes to `robideau`'s built-in serial port 1, so that `robideau`'s console itself is remotely accessible, and logged.  You can connect to robideau's console with:

{{{
ssh -t robideau-console@wiwa.mayfirst.org cereal attach robideau 
}}}

=== Setting up a new console user ===

==== Overview ====

To ensure the proper device is connected to the proper path on reboots, we maintain a udev configuration here:

/etc/udev/rules.d/z25_persistent_usb_serial.rules

A sample entry is:

{{{
SUBSYSTEMS=="usb", ENV{ID_SERIAL}=="FTDI_FT232R_USB_UART_ST161539",SYMLINK+="ttyUSBmalaka"
}}}

This means, create a symlink called /dev/ttyUSBmalaka for the device with the serial number "FTDI_FT232R_USB_UART_ST161539"

The first step is to figure out which serial number is used by the cable you are using.

The second step is to create the right rule the creates a consistent symlink based on that serial number.

The third step is to create a cereal-admin entry pointing to the symlink.

==== Actual steps ====

First, plug your server or device into an un-used port on one of our USB serial adapters.

Second, as root run `cereal-admin list` and note all the cereal instance named "test." These are the un-allocated ones.

Next, login with the username `pdu-console@console.mayfirst.org`. This user has access to all the un-allocated cereal instances. 

As `pdu-console`, run `cereal attach <instance>` (replace instance with test0, test4, etc.). Run through all the available instances until you find yours.

When you find yours, figure out the mapping. test0 is connected to /dev/ttyUSB0, test4 is /dev/ttyUSB4, etc. Run: `ls -l /dev/serial/by-id/` and figure out which id is pointing to the device that is yours.

Then, edit `/etc/udev/rules.d/z25_persistent_usb_serial.rules` - adding a line with your id and a human name.

Restart udev and re-trigger creation of symlinks with `systemctl restart udev && udevadm trigger -s tty`.

Lasly, to setup a new console user (this is something only admins can do), do the following as `root@robideau`:

{{{
adduser --disabled-password --gecos='fred console user,,,' fred-console
cereal-admin create fred /dev/ttyUSBfred 115200 fred-console fred-console
cereal-admin start fred
}}}