[[PageOutline]] = How do I connect to an MF/PL server located at Telehouse via the serial port? = Note: if you are trying to connect to a server in our Web Architects colo see [wiki:webarchitects-serial-access Web Architects serial acess page]; for Koumbit see [wiki:koumbit_serial_access Koumbit serial access]; for Monkey Brains, see [wiki:monkeybrains-serial-access Monkey Brains serial access]. = Different systems = At telehouse we have a mix of serial access and ipmi access. The following servers are handled via ipmi: * john If you want to access one of the servers listed above, follow the ipmi instructions. Otherwise, follow the serial console instructions == IPMI == === Connecting via IPMI === ==== Serial Console ==== You can connect using serial over lan, however, for some reason the linux kernel output doesn't work so you can't enter the decryption passphrase unless you use the web based method described below. Nonetheless... you can ssh in as `john-console@console.mayfirst.org` and execute the `./sol` script. The password is in keyringer. ==== Full access ==== First, ssh into robideau and enable nginx. This will enable ipmi access via https (via nginx proxy). Then, connect to https://.ipmi.mayfirst.org/ You will be prompted for the IPMI password (check [wiki:keyringer]) and remember, the username is case sensitive. Click Remote Control -> iKVM/HTML5 You can't copy/paste like normal via ipmi, so here's a bash one line for use xdotool to accomplish something similar. {{{ read -p "Copy password to clipboard then hit any key" && data=$(xclip -o) && printf "Hover mouse over iKVM window and wait 5 seconds.\n" && sleep 5 && xdotool type "$data" }}} === IPMI setup === If you are setting up IPMI on a new server: * The default IPMI password is user: ADMIN, pass: ADMIN (case sensitive) * The password length is limited to 16 characters. Don't try to create a longer one or you will lock yourself out. * You have to connect first over https (and confirm an exception). Then under congiruation -> ports, disable redirect to https and only enable http and ikvm server port * Assign an IP address in the range 192.168.56. range * Create a new nginx configuration file on robideau (check /etc/nginx/sites-available for a template) == Serial Console == === Serial Console physical setup === In the MF/PL Telehouse rack, we have two startech 16-port USB to serial adapters using the FTDI chipset connected to the server `robideau`. Run: {{{ cereal-admin list }}} To see the layout. The serial consoles of the attached machines are all remotely accessible (to properly-authenticated people), and they are also logged and time-stamped. We are using [http://cmrg.fithhorseman.net/wiki/cereal cereal] to do this cleanly and easily. === How to connect === In order to connect via serial console to one of the servers named above, ssh into `console.mayfirst.org` as ''servername''`-console` For example: {{{ ssh -t ken-console@console.mayfirst.org cereal attach ken }}} Would give you full read/write access to the console on `ken`. The SSH RSA host key for `console.mayfirst.org` should have a fingerprint of: {{{ 2048 c5:a7:2a:6e:c2:0e:79:7d:d6:ff:ce:c7:2d:30:e2:f2 }}} We can also setup additional users that have read-only access to the sessions created by each of these usernames, should that be desirable. You can request such access by creating a [/newticket ticket]. In addition - we have a serial line running from `wiwa`'s `/dev/ttyUSB0` that goes to `robideau`'s built-in serial port 1, so that `robideau`'s console itself is remotely accessible, and logged. You can connect to robideau's console with: {{{ ssh -t robideau-console@wiwa.mayfirst.org cereal attach robideau }}} === Setting up a new console user === ==== Overview ==== To ensure the proper device is connected to the proper path on reboots, we maintain a udev configuration here: /etc/udev/rules.d/z25_persistent_usb_serial.rules A sample entry is: {{{ SUBSYSTEMS=="usb", ENV{ID_SERIAL}=="FTDI_FT232R_USB_UART_ST161539",SYMLINK+="ttyUSBmalaka" }}} This means, create a symlink called /dev/ttyUSBmalaka for the device with the serial number "FTDI_FT232R_USB_UART_ST161539" The first step is to figure out which serial number is used by the cable you are using. The second step is to create the right rule the creates a consistent symlink based on that serial number. The third step is to create a cereal-admin entry pointing to the symlink. ==== Actual steps ==== First, plug your server or device into an un-used port on one of our USB serial adapters. Second, as root run `cereal-admin list` and note all the cereal instance named "test." These are the un-allocated ones. Next, login with the username `pdu-console@console.mayfirst.org`. This user has access to all the un-allocated cereal instances. As `pdu-console`, run `cereal attach ` (replace instance with test0, test4, etc.). Run through all the available instances until you find yours. When you find yours, figure out the mapping. test0 is connected to /dev/ttyUSB0, test4 is /dev/ttyUSB4, etc. Run: `ls -l /dev/serial/by-id/` and figure out which id is pointing to the device that is yours. Then, edit `/etc/udev/rules.d/z25_persistent_usb_serial.rules` - adding a line with your id and a human name. Restart udev and re-trigger creation of symlinks with `systemctl restart udev && udevadm trigger -s tty`. Lasly, to setup a new console user (this is something only admins can do), do the following as `root@robideau`: {{{ adduser --disabled-password --gecos='fred console user,,,' fred-console cereal-admin create fred /dev/ttyUSBfred 115200 fred-console fred-console cereal-admin start fred }}}