Connecter au serveur de console

For Clients

In a terminal,

$ TARGET="SESSIONTOATTACH" ssh -o SendEnv=TARGET -v USER@cs0.koumbit.net

Connecting to a PDU

Connections to the PDUs work in a similar manner, using a jumphost.

In a terminal,

$ PDU=pduX.koumbit.net PDU_USER=example ssh -o SendEnv='PDU PDU_USER' USER@cs0.koumbit.net

typical email to send to client for explanations

Dear you,

Here is you're ldap password and username.
User: lamaFantastique
Pass: 

To access the server you should use:
 TARGET="CEREALSESSIONTOATTACH" ssh -o SendEnv=TARGET -v USER@cs0.koumbit.net
 
We use cereal, which is glue around screen, in which escape keys are Ctrl-\ ; 
so to escape you need to type ctrl-\ d . A subset of screen commands are available.

You can change your current password by login in 
https://collectif.koumbit.net with you're current username and password.
Don't worry, they will ask it twice. Then click on the icon "change password" and save it.

Now you can try to log in with you're new password.

Love, rage, and sweat

G for the koumbit team

for koumbit staff

To create accounts see: ConsoleSérieMaintenance#créer_un_user_avec_cereal

Required

Cereal and usb adapters

Connecting

Connect to the console switch using your username, password and port number

  1. Using your SSH client, connect to the desired serial console and port.

    ssh user@cs0.koumbit.net
  2. You need to become root to access cereal

    sudo su
  3. To liste all available connections:

    screen -ls
  4. Connect to the desired console:

    screen -r serial:name

error connecting

Si vous avez l'erreur suivante:

cereal attach <NAME>
There is no screen to be attached matching cereal:<NAME>.
Could not reattach screen.

Vous devez retirer le fichier lock pour la console, on commence par l'identifier.

cereal list | grep <NAME>
-af serveur /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_ST214916-if00-port0 115200 root dialout
rm /var/lock/LCK..serial/by-id/usb-FTDI_FT232R_USB_UART_ST214916-if00-port0

Ensuite, vous allez pouvoir vous connecter avec la commande suivante:

cereal attach <NAME>

You may have to send some input to trigger a response from the console.

You may not be able to use vi properly... If the screen is garbled, try to reset your TERM variable, like this:

export TERM=screen

Cycling through baudrates

Sometimes the baudrate used by agetty might end up mismatching the one that's configured in cereal for the serial console. This means that the screen session you're using to see your serial console will look all garbled up.

Usually, the systemd unit for agetty has a handful of different baudrates configured that you can cycle through. You can try to change the baudrate this way.

To cycle through baudrates, you need to send a break signal. To do this you need to type:

Wait for around 3 to 5 seconds, then try pressing enter or typing text. If you found the right baudrate the console output should start making more sense.

Watch out not to send sysrq commands by typing a letter too quickly aftewards. See next section.

Forcing baudrate throughout reboots

If the console for your machine keeps on using the wrong baudrate, you can force it by adding a systemd override for the specific console port.

You'll also want to make sure that the kernel's console argument is using the right baudrate (but this is out of scope for this document. See your grub configuration. You can determine the baudrate that was used for the kernel's console by running cat /proc/cmdline which should show something like console=ttyS0,115200.

Here, we'll configure an override for port ttyS0 to make it always use the baudrate 115200, which is what Koumbit configures by default in the BIOS for console output.

Create directory /etc/systemd/system/serial-getty@ttyS0.service.d. In that directory, create a file named baudrate.conf and set the follwing configuration:

[Service]
ExecStart=
ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200 %I $TERM

With this in place, run systemctl daemon-reload. The override file should now show up in the output of systemctl status serial-getty@ttyS0. You can now restart the service or try to reboot to see if the console works as expected on boot.

Hard resets

Sending the Skinny Elephants signals can be done by sending a break signal (with C-\ b) to the serial console and then quickly send the desired sysrq character.

Here is an example of serial console output sending h after the magic sysrq (to get a help listing):

testviking login: 
[3544510.087830] sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) 
terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j)
sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n)
poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t)
unmount(u) show-blocked-tasks(w) dump-ftrace-buffer(z)

Debian GNU/Linux 10 testviking ttyS0

testviking login:

See HardReset for the details of the specific signals you can send.

How to configure your server to be accessible through the a serial console

Linux servers

There is an excellent howto about remote serial consoles, however it covers more stuff than what we actually need. The breakdown is actually quite simple. there are three different parts (ignoring the BIOS here): the console (the login prompt you usually see when you boot your OS), the kernel (linux here) and the boot loader (grub).

Debian Jessie is using systemd to manage services, it also changes how to enable the serial console!

There is a bug in the jessie installer, when the install is done from the serial console, the parameter to enable stoutput to serial console is not activated... Debian bug 769406

Operating system with systemd

If the serial port connected is ttyS0, you can run the following commands, but make sure that the kernel has already been configure to output to the serial console.

# systemctl enable serial-getty@ttyS0.service
# systemctl start serial-getty@ttyS0.service

To get the status on the port:

# systemctl status serial-getty@ttyS0.service

We can specified the speed of the port in this file

/etc/systemd/system/getty.target.wants/serial-getty\@ttyS0.service
Ref

http://0pointer.de/blog/projects/serial-console.html

Console with systemd gives out garbage with proprietary console server

This is because the proprietary console servers don't like terminal type vt102, which is set by default by systemd and require type vt100.

In order to change that you need to create a "drop-in". In this example the terminal port that's used is ttyS1, you should adapt to the device that's right for your setup.

First create a directory:

mkdir /etc/systemd/system/serial-getty@ttyS1.service.d

then create file /etc/systemd/system/serial-getty@ttyS1.service.d/force-term-type.conf set its contents to the following:

# Redefine service call to force terminal speed.
[Service]
Environment=TERM=vt100

Finally to make that effective, run systemctl daemon-reload. Then when running systemctl status serial-getty@ttyS1.service the output should tell you that there is an effective drop-in at the path where you just created the file. Restart the service and the console should be showing getty's output correctly.

Operating system without systemd

Configure the console tty

This configures a login terminal to popup on the serial console port.

Add this line (or uncomment) in /etc/inittab:

T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100

Ajoutez plutôt cette ligne dans Xen:

T2:23:respawn:/sbin/getty -L hvc0 115200 vt100

source

Then use the traditionnal kill -1 1 to tell init to reload inittab.

Vérifier avec la commande :

# ps -ax | grep getty

Here you should already have your login console on the serial console, this allows you to quickly test without rebooting

Full article

Configure the kernel

Then you configure the kernel to also show up on the serial console. The argument to pass the kernel is console=tty0 console=ttyS0,115200n8, for the console to appear both on the serial console and regular VGA console.

Make sure those lines are present in /etc/default/grub:

The order of the console= arguments is important! the last one on the kernel command line gets all the important stuff, so if your system doesn't boot and you get dropped in an initramfs shell, or if you're expecting a crypto password prompt, it's all going to go to that last console!

That's why we generally want to make sure that the serial console is the last argument on the resulting command line (see the result in /boot/grub/grub.cfg)!

On the servers that the console works on ttyS0, like vandales, there is:

# next line for single user mode (recovery)
GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"
# for normal boot
GRUB_CMDLINE_LINUX_DEFAULT="console=hvc0 console=tty0 earlyprintk=xen"
# for normal boot
GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=1024M,max:1024M com1=115200,8n1 console=com1,vga"

Then rerun update-grub2.

Archive: In grub 1

grub 1 is now deprecated and hasn't been used on machines for a while.

In /boot/grub/menu.list, you need to add console=tty0 console=ttyS0,115200n8 on the kernel line:

  kernel /vmlinuz-2.4.9-21 ro root=/dev/hda6 console=tty0 console=ttyS0,115200n8

For this to survive Debian kernel upgrades, you also need to add those to the kopt line in /boot/grub/menu.list:

# kopt=root=/dev/mapper/ceres-root ro console=tty0 console=ttyS0,115200n8

Then run update-grub to apply the new parameters to the current kernel installed in the grub menu.lst

Full article

Configure the bootloader

To configure grub to show up on the serial console, add this to /etc/default/grub:

# Uncomment to disable graphical terminal (grub-pc only)
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

Si c'est le COM2 qu'on utilise, changez pour --unit=1:

GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"

après ça, n'oubliez pas d'exécuter update-grub à nouveau

Archive: Grub 1

grub 1 is now deprecated and hasn't been used on machines for a while.

Add this on top of /boot/grub/menu.list:

serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
terminal --timeout=10 serial console

Full article

Configure the BIOS

Configuring the BIOS and other operating systems is not covered here yet.

Ensuite, certains serveurs offrent la possibilité d'envoyer le output du bios vers le port série, c'est a vérifier cas par cas dans le bios de chaque machine.

FreeBSD

As documented in the advanced guide, we can easily configure FreeBSD to boot from the serial console, which will just show up in the terminal in qemu, very handy.

  1. Enable serial console in /etc/ttys by editing the ttyu0 entry. The ttyu0 line should appear like the following;

    • ttyu0   "/usr/libexec/getty std.115200"   vt100   on secure
    • Be sure to disable the other tty's listed by changing the value on to off otherwise you'll see errors when booting.

  2. Edit /boot/loader.conf (It may be empty) and add the following;

    • boot_multicons="YES"
      boot_serial="YES"
      comconsole_speed="115200"
      console="comconsole,vidconsole"
  3. add the following line to /boot.config (you may need to create the file):

    • -D -S115200
  4. reboot. the new console will not start automatically, plus you want to test the bootloader options.

memtest86

To run memtest86+ on the serial console, you need to add this parameter: console=ttyS0,115200n8, for example, in grub:

menuentry "Memory test (memtest86+, serial console 115200)" {
    linux16 /boot/memtest86+.bin console=ttyS0,115200n8
}

Troubleshooting

Loosing console after loading initdr or grub

If you have console access during bios loading and have a PXE menu, but then loose all output (and keyboard response) after initdr is loaded by a live system or after grub's welcoming message, it probably means that the serial console is configure on another COM port than ttyS0.

First, check if the hypothesis is right by entering BIOS menu and checking which COM port is used. If it's not COM1 (or 'A'), bingo, we found our problem.

To keep the console during a live system boot (through PXE), you'll need to change the kernel parameters. In order to do that, press tab on the option you're about to select. That will allow you to edit kernel parameters (please note that the del key usually doesn't work, but the backspace acts as a del key. By default, the console kernel parameters are console=tty0 console=ttyS0,115200n8 (for COM1). You'll have to change that to

console=tty0 console=ttyS1,115200n8

Adjust the baud rate (115200n8) accordingly to what is set in the bios. Usually, no change is needed, but some server use 38400 or 9600.

How to access a console using the USB port

With cereal, you need to set an environment variable to your ssh connection in order to chose which session (e.g. which machine) to connect to:

TARGET="SERVERNAME" ssh -o SendEnv=TARGET USERNAME@cs0.koumbit.net 

The SERVERNAME, USERNAME and password will need to be given to you by a sysadmin who has done the creation of a cereal session for your server.

The password for this ssh login is managed through your account at collectif.koumbit.net

Access denied

Si c'est une console de client-e, vous allez pogner access denied:

su -s /bin/bash - client-user
cereal attach 96-17

connexion avec screen (ancienne methode)

Cette section détail l'ancienne méthode de connexion pré-cereal. On veut pouvoir accéder aux consoles via cereal dans tout les cas, mais il se peut qu'une session soit inaccessible et qu'on ai besoin de contourner cereal.

  1. D'abord vérifier s'il y a une session entamé avec cereal et prendre en note le path du tty si présent:

    cereal-admin list
  2. Fermer et détruire la session cereal:

    cereal-admin stop SESSION ; cereal-admin destroy SESSION
  3. se connecter avec screen:

    screen /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_ST162110-if00-port0 115200

un autre exemple à partir du serveur de console:

screen /dev/ttyUSB0 115200

Pour détacher et détruire la session screen:

<CTRL+a> <k>


Having two screen sessions connected to the same serial console device creates weird conflits that break screen feedback and keyboard interactivity. In order to avoid those issues you can use the following command, which will create a screen session only if there's none, otherwise you'll be reconnected to the current screen session:

devnum=2; if fuser -s /dev/ttyUSB$devnum; then screen -x; else screen /dev/ttyUSB$devnum 115200; fi

expérimentale

TESTER avec Virtualbox le output sur port serie

Older HP serial consoles


CategoryGuide CategoryConsoleServer

ConsoleSérieGuide (last edited 2023-06-28 10:31:54 by hubide)