wiki:telehouse_serial_access

Version 86 (modified by Jamie McClelland, 5 years ago) ( diff )

--

  1. How do I connect to an MF/PL server located at Telehouse via the …
  2. Different systems
    1. IPMI
      1. Connecting via IPMI
        1. Serial Console
        2. Full access
      2. IPMI setup
    2. Serial Console
      1. Serial Console physical setup
      2. How to connect
      3. Setting up a new console user
        1. Overview
        2. Actual steps

How do I connect to an MF/PL server located at Telehouse via the serial port?

Note: if you are trying to connect to a server in our Web Architects colo see Web Architects serial acess page; for Koumbit see Koumbit serial access; for Monkey Brains, see Monkey Brains serial access.

Different systems

At telehouse we have a mix of serial access and ipmi access.

The following servers are handled via ipmi:

  • john

If you want to access one of the servers listed above, follow the ipmi instructions.

Otherwise, follow the serial console instructions

IPMI

Connecting via IPMI

Serial Console

You can connect using serial over lan, however, for some reason the linux kernel output doesn't work so you can't enter the decryption passphrase unless you use the web based method described below.

Nonetheless... you can ssh in as john-console@console.mayfirst.org and execute the ./sol script. The password is in keyringer.

Full access

First, ssh into robideau and enable nginx. This will enable ipmi access via https (via nginx proxy).

Then, connect to https://<servername>.ipmi.mayfirst.org/

You will be prompted for the IPMI password (check keyringer) and remember, the username is case sensitive.

Click Remote Control -> iKVM/HTML5

You can't copy/paste like normal via ipmi, so here's a bash one line for use xdotool to accomplish something similar. 

read -p "Copy password to clipboard then hit any key" && data=$(xclip -o) && printf "Hover mouse over iKVM window and wait 5 seconds.\n" && sleep 5 && xdotool type "$data"

IPMI setup

If you are setting up IPMI on a new server:

  • The default IPMI password is user: ADMIN, pass: ADMIN (case sensitive)
  • The password length is limited to 16 characters. Don't try to create a longer one or you will lock yourself out.
  • You have to connect first over https (and confirm an exception). Then under congiruation -> ports, disable redirect to https and only enable http and ikvm server port
  • Assign an IP address in the range 192.168.56. range
  • Create a new nginx configuration file on robideau (check /etc/nginx/sites-available for a template)

Serial Console

Serial Console physical setup

In the MF/PL Telehouse rack, we have two startech 16-port USB to serial adapters using the FTDI chipset connected to the server robideau.

Run: 

cereal-admin list

To see the layout.

The serial consoles of the attached machines are all remotely accessible (to properly-authenticated people), and they are also logged and time-stamped. We are using cereal to do this cleanly and easily.

How to connect

In order to connect via serial console to one of the servers named above, ssh into console.mayfirst.org as servername-console

For example: 

ssh -t ken-console@console.mayfirst.org cereal attach ken

Would give you full read/write access to the console on ken.

The SSH RSA host key for console.mayfirst.org should have a fingerprint of: 

2048 c5:a7:2a:6e:c2:0e:79:7d:d6:ff:ce:c7:2d:30:e2:f2

We can also setup additional users that have read-only access to the sessions created by each of these usernames, should that be desirable. You can request such access by creating a ticket.

In addition - we have a serial line running from wiwa's /dev/ttyUSB0 that goes to robideau's built-in serial port 1, so that robideau's console itself is remotely accessible, and logged. You can connect to robideau's console with: 

ssh -t robideau-console@wiwa.mayfirst.org cereal attach robideau

Setting up a new console user

Overview

To ensure the proper device is connected to the proper path on reboots, we maintain a udev configuration here:

/etc/udev/rules.d/z25_persistent_usb_serial.rules

A sample entry is: 

SUBSYSTEMS=="usb", ENV{ID_SERIAL}=="FTDI_FT232R_USB_UART_ST161539",SYMLINK+="ttyUSBmalaka"

This means, create a symlink called /dev/ttyUSBmalaka for the device with the serial number "FTDI_FT232R_USB_UART_ST161539"

The first step is to figure out which serial number is used by the cable you are using.

The second step is to create the right rule the creates a consistent symlink based on that serial number.

The third step is to create a cereal-admin entry pointing to the symlink.

Actual steps

First, plug your server or device into an un-used port on one of our USB serial adapters.

Second, as root run cereal-admin list and note all the cereal instance named "test." These are the un-allocated ones.

Next, login with the username pdu-console@console.mayfirst.org. This user has access to all the un-allocated cereal instances.

As pdu-console, run cereal attach <instance> (replace instance with test0, test4, etc.). Run through all the available instances until you find yours.

When you find yours, figure out the mapping. test0 is connected to /dev/ttyUSB0, test4 is /dev/ttyUSB4, etc. Run: ls -l /dev/serial/by-id/ and figure out which id is pointing to the device that is yours.

Then, edit /etc/udev/rules.d/z25_persistent_usb_serial.rules - adding a line with your id and a human name.

Restart udev and re-trigger creation of symlinks with systemctl restart udev && udevadm trigger -s tty.

Lasly, to setup a new console user (this is something only admins can do), do the following as root@robideau: 

adduser --disabled-password --gecos='fred console user,,,' fred-console
cereal-admin create fred /dev/ttyUSBfred 115200 fred-console fred-console
cereal-admin start fred
Note: See TracWiki for help on using the wiki.