Version 84 (modified by 5 years ago) ( diff ) | ,
---|
How do I connect to an MF/PL server located at Telehouse via the serial port?
Note: if you are trying to connect to a server in our Web Architects colo see Web Architects serial acess page; for Koumbit see Koumbit serial access; for Monkey Brains, see Monkey Brains serial access.
Different systems
At telehouse we have a mix of serial access and ipmi access.
The following servers are handled via ipmi:
- john
If you want to access one of the servers listed above, follow the ipmi instructions.
Otherwise, follow the serial console instructions
IPMI
Connecting via IPMI
First, ssh into robideau and enable nginx. This will enable ipmi access via https (via nginx proxy).
Then, connect to https://<servername>.ipmi.mayfirst.org/
You will be prompted for the IPMI password (check keyringer) and remember, the username is case sensitive.
Click Remote Control -> iKVM/HTML5
You can't copy/paste like normal via ipmi, so here's a bash one line for use xdotool to accomplish something similar.
read -p "Copy password to clipboard then hit any key" && data=$(xclip -o) && printf "Hover mouse over iKVM window and wait 5 seconds.\n" && sleep 5 && xdotool type "$data"
IPMI setup
If you are setting up IPMI on a new server:
- The default IPMI password is user: ADMIN, pass: ADMIN (case sensitive)
- The password length is limited to 16 characters. Don't try to create a longer one or you will lock yourself out.
- You have to connect first over https (and confirm an exception). Then under congiruation -> ports, disable redirect to https and only enable http and ikvm server port
- Assign an IP address in the range 192.168.56. range
- Create a new nginx configuration file on robideau (check /etc/nginx/sites-available for a template)
Serial Console
Serial Console physical setup
In the MF/PL Telehouse rack, we have two startech 16-port USB to serial adapters using the FTDI chipset connected to the server robideau
.
Run:
cereal-admin list
To see the layout.
The serial consoles of the attached machines are all remotely accessible (to properly-authenticated people), and they are also logged and time-stamped. We are using cereal to do this cleanly and easily.
How to connect
In order to connect via serial console to one of the servers named above, ssh into console.mayfirst.org
as servername-console
For example:
ssh -t ken-console@console.mayfirst.org cereal attach ken
Would give you full read/write access to the console on ken
.
The SSH RSA host key for console.mayfirst.org
should have a fingerprint of:
2048 c5:a7:2a:6e:c2:0e:79:7d:d6:ff:ce:c7:2d:30:e2:f2
We can also setup additional users that have read-only access to the sessions created by each of these usernames, should that be desirable. You can request such access by creating a ticket.
In addition - we have a serial line running from wiwa
's /dev/ttyUSB0
that goes to robideau
's built-in serial port 1, so that robideau
's console itself is remotely accessible, and logged. You can connect to robideau's console with:
ssh -t robideau-console@wiwa.mayfirst.org cereal attach robideau
Setting up a new console user
Overview
To ensure the proper device is connected to the proper path on reboots, we maintain a udev configuration here:
/etc/udev/rules.d/z25_persistent_usb_serial.rules
A sample entry is:
SUBSYSTEMS=="usb", ENV{ID_SERIAL}=="FTDI_FT232R_USB_UART_ST161539",SYMLINK+="ttyUSBmalaka"
This means, create a symlink called /dev/ttyUSBmalaka for the device with the serial number "FTDI_FT232R_USB_UART_ST161539"
The first step is to figure out which serial number is used by the cable you are using.
The second step is to create the right rule the creates a consistent symlink based on that serial number.
The third step is to create a cereal-admin entry pointing to the symlink.
Actual steps
First, plug your server or device into an un-used port on one of our USB serial adapters.
Second, as root run cereal-admin list
and note all the cereal instance named "test." These are the un-allocated ones.
Next, login with the username pdu-console@console.mayfirst.org
. This user has access to all the un-allocated cereal instances.
As pdu-console
, run cereal attach <instance>
(replace instance with test0, test4, etc.). Run through all the available instances until you find yours.
When you find yours, figure out the mapping. test0 is connected to /dev/ttyUSB0, test4 is /dev/ttyUSB4, etc. Run: ls -l /dev/serial/by-id/
and figure out which id is pointing to the device that is yours.
Then, edit /etc/udev/rules.d/z25_persistent_usb_serial.rules
- adding a line with your id and a human name.
Restart udev and re-trigger creation of symlinks with systemctl restart udev && udevadm trigger -s tty
.
Lasly, to setup a new console user (this is something only admins can do), do the following as root@robideau
:
adduser --disabled-password --gecos='fred console user,,,' fred-console cereal-admin create fred /dev/ttyUSBfred 115200 fred-console fred-console cereal-admin start fred