Le Wiki Koumbit
Contents
Connecter au serveur de console
For Clients
In a terminal,
$ TARGET="SESSIONTOATTACH" ssh -o SendEnv=TARGET -v USER@cs0.koumbit.net
Connecting to a PDU
Connections to the PDUs work in a similar manner, using a jumphost.
In a terminal,
$ PDU=pduX.koumbit.net PDU_USER=example ssh -o SendEnv='PDU PDU_USER' USER@cs0.koumbit.net
typical email to send to client for explanations
Dear you, Here is you're ldap password and username. User: lamaFantastique Pass: To access the server you should use: TARGET="CEREALSESSIONTOATTACH" ssh -o SendEnv=TARGET -v USER@cs0.koumbit.net We use cereal, which is glue around screen, in which escape keys are Ctrl-\ ; so to escape you need to type ctrl-\ d . A subset of screen commands are available. You can change your current password by login in https://collectif.koumbit.net with you're current username and password. Don't worry, they will ask it twice. Then click on the icon "change password" and save it. Now you can try to log in with you're new password. Love, rage, and sweat G for the koumbit team
for koumbit staff
To create accounts see: ConsoleSérieMaintenance#créer_un_user_avec_cereal
Required
- SSH Client
- Access Credentials
Cereal and usb adapters
Connecting
Connect to the console switch using your username, password and port number
Using your SSH client, connect to the desired serial console and port.
ssh user@cs0.koumbit.net
You need to become root to access cereal
sudo su
To liste all available connections:
screen -ls
Connect to the desired console:
screen -r serial:name
error connecting
Si vous avez l'erreur suivante:
cereal attach <NAME> There is no screen to be attached matching cereal:<NAME>. Could not reattach screen.
Vous devez retirer le fichier lock pour la console, on commence par l'identifier.
cereal list | grep <NAME> -af serveur /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_ST214916-if00-port0 115200 root dialout rm /var/lock/LCK..serial/by-id/usb-FTDI_FT232R_USB_UART_ST214916-if00-port0
Ensuite, vous allez pouvoir vous connecter avec la commande suivante:
cereal attach <NAME>
You may have to send some input to trigger a response from the console.
You may not be able to use vi properly... If the screen is garbled, try to reset your TERM variable, like this:
export TERM=screen
Cycling through baudrates
Sometimes the baudrate used by agetty might end up mismatching the one that's configured in cereal for the serial console. This means that the screen session you're using to see your serial console will look all garbled up.
Usually, the systemd unit for agetty has a handful of different baudrates configured that you can cycle through. You can try to change the baudrate this way.
To cycle through baudrates, you need to send a break signal. To do this you need to type:
C-\ b
Wait for around 3 to 5 seconds, then try pressing enter or typing text. If you found the right baudrate the console output should start making more sense.
Watch out not to send sysrq commands by typing a letter too quickly aftewards. See next section.
Forcing baudrate throughout reboots
If the console for your machine keeps on using the wrong baudrate, you can force it by adding a systemd override for the specific console port.
You'll also want to make sure that the kernel's console argument is using the right baudrate (but this is out of scope for this document. See your grub configuration. You can determine the baudrate that was used for the kernel's console by running cat /proc/cmdline which should show something like console=ttyS0,115200.
Here, we'll configure an override for port ttyS0 to make it always use the baudrate 115200, which is what Koumbit configures by default in the BIOS for console output.
Create directory /etc/systemd/system/serial-getty@ttyS0.service.d. In that directory, create a file named baudrate.conf and set the follwing configuration:
[Service]
ExecStart=
ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200 %I $TERM
With this in place, run systemctl daemon-reload. The override file should now show up in the output of systemctl status serial-getty@ttyS0. You can now restart the service or try to reboot to see if the console works as expected on boot.
Hard resets
Sending the Skinny Elephants signals can be done by sending a break signal (with C-\ b) to the serial console and then quickly send the desired sysrq character.
C-\ b h
- This should show the help menu if sysrq is enabled, so you can confirm that you're on the right path.
Here is an example of serial console output sending h after the magic sysrq (to get a help listing):
testviking login: [3544510.087830] sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) show-blocked-tasks(w) dump-ftrace-buffer(z) Debian GNU/Linux 10 testviking ttyS0 testviking login:
See HardReset for the details of the specific signals you can send.
How to configure your server to be accessible through the a serial console
Linux servers
There is an excellent howto about remote serial consoles, however it covers more stuff than what we actually need. The breakdown is actually quite simple. there are three different parts (ignoring the BIOS here): the console (the login prompt you usually see when you boot your OS), the kernel (linux here) and the boot loader (grub).
Debian Jessie is using systemd to manage services, it also changes how to enable the serial console!
There is a bug in the jessie installer, when the install is done from the serial console, the parameter to enable stoutput to serial console is not activated... Debian bug 769406
Operating system with systemd
If the serial port connected is ttyS0, you can run the following commands, but make sure that the kernel has already been configure to output to the serial console.
# systemctl enable serial-getty@ttyS0.service # systemctl start serial-getty@ttyS0.service
To get the status on the port:
# systemctl status serial-getty@ttyS0.service
We can specified the speed of the port in this file
/etc/systemd/system/getty.target.wants/serial-getty\@ttyS0.service
Console with systemd gives out garbage with proprietary console server
This is because the proprietary console servers don't like terminal type vt102, which is set by default by systemd and require type vt100.
In order to change that you need to create a "drop-in". In this example the terminal port that's used is ttyS1, you should adapt to the device that's right for your setup.
First create a directory:
mkdir /etc/systemd/system/serial-getty@ttyS1.service.d
then create file /etc/systemd/system/serial-getty@ttyS1.service.d/force-term-type.conf set its contents to the following:
# Redefine service call to force terminal speed. [Service] Environment=TERM=vt100
Finally to make that effective, run systemctl daemon-reload. Then when running systemctl status serial-getty@ttyS1.service the output should tell you that there is an effective drop-in at the path where you just created the file. Restart the service and the console should be showing getty's output correctly.
Operating system without systemd
Configure the console tty
This configures a login terminal to popup on the serial console port.
Add this line (or uncomment) in /etc/inittab:
T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100
Then use the traditionnal kill -1 1 to tell init to reload inittab.
Vérifier avec la commande :
# ps -ax | grep getty
Here you should already have your login console on the serial console, this allows you to quickly test without rebooting
Configure the kernel
Then you configure the kernel to also show up on the serial console. The argument to pass the kernel is console=tty0 console=ttyS0,115200n8, for the console to appear both on the serial console and regular VGA console.
Make sure those lines are present in /etc/default/grub:
The order of the console= arguments is important! the last one on the kernel command line gets all the important stuff, so if your system doesn't boot and you get dropped in an initramfs shell, or if you're expecting a crypto password prompt, it's all going to go to that last console!
That's why we generally want to make sure that the serial console is the last argument on the resulting command line (see the result in /boot/grub/grub.cfg)!
On the servers that the console works on ttyS0, like vandales, there is:
# next line for single user mode (recovery) GRUB_CMDLINE_LINUX="console=ttyS0,115200n8" # for normal boot GRUB_CMDLINE_LINUX_DEFAULT="console=hvc0 console=tty0 earlyprintk=xen" # for normal boot GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=1024M,max:1024M com1=115200,8n1 console=com1,vga"
Then rerun update-grub2.
Archive: In grub 1
grub 1 is now deprecated and hasn't been used on machines for a while.
In /boot/grub/menu.list, you need to add console=tty0 console=ttyS0,115200n8 on the kernel line:
kernel /vmlinuz-2.4.9-21 ro root=/dev/hda6 console=tty0 console=ttyS0,115200n8
For this to survive Debian kernel upgrades, you also need to add those to the kopt line in /boot/grub/menu.list:
# kopt=root=/dev/mapper/ceres-root ro console=tty0 console=ttyS0,115200n8
Then run update-grub to apply the new parameters to the current kernel installed in the grub menu.lst
Configure the bootloader
To configure grub to show up on the serial console, add this to /etc/default/grub:
# Uncomment to disable graphical terminal (grub-pc only) GRUB_TERMINAL="serial console" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
Les options pour GRUB_TERMINAL
serial pour avoir le menu de grub sur le port serie
console pour avoir le menu de grub AUSSI sur l'écran
Si c'est le COM2 qu'on utilise, changez pour --unit=1:
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"
après ça, n'oubliez pas d'exécuter update-grub à nouveau
Archive: Grub 1
grub 1 is now deprecated and hasn't been used on machines for a while.
Add this on top of /boot/grub/menu.list:
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 terminal --timeout=10 serial console
Configure the BIOS
Configuring the BIOS and other operating systems is not covered here yet.
Ensuite, certains serveurs offrent la possibilité d'envoyer le output du bios vers le port série, c'est a vérifier cas par cas dans le bios de chaque machine.
FreeBSD
As documented in the advanced guide, we can easily configure FreeBSD to boot from the serial console, which will just show up in the terminal in qemu, very handy.
Enable serial console in /etc/ttys by editing the ttyu0 entry. The ttyu0 line should appear like the following;
ttyu0 "/usr/libexec/getty std.115200" vt100 on secure
Be sure to disable the other tty's listed by changing the value on to off otherwise you'll see errors when booting.
Edit /boot/loader.conf (It may be empty) and add the following;
boot_multicons="YES" boot_serial="YES" comconsole_speed="115200" console="comconsole,vidconsole"
add the following line to /boot.config (you may need to create the file):
-D -S115200
- reboot. the new console will not start automatically, plus you want to test the bootloader options.
memtest86
To run memtest86+ on the serial console, you need to add this parameter: console=ttyS0,115200n8, for example, in grub:
menuentry "Memory test (memtest86+, serial console 115200)" {
linux16 /boot/memtest86+.bin console=ttyS0,115200n8
}
Troubleshooting
Loosing console after loading initdr or grub
If you have console access during bios loading and have a PXE menu, but then loose all output (and keyboard response) after initdr is loaded by a live system or after grub's welcoming message, it probably means that the serial console is configure on another COM port than ttyS0.
First, check if the hypothesis is right by entering BIOS menu and checking which COM port is used. If it's not COM1 (or 'A'), bingo, we found our problem.
To keep the console during a live system boot (through PXE), you'll need to change the kernel parameters. In order to do that, press tab on the option you're about to select. That will allow you to edit kernel parameters (please note that the del key usually doesn't work, but the backspace acts as a del key. By default, the console kernel parameters are console=tty0 console=ttyS0,115200n8 (for COM1). You'll have to change that to
console=tty0 console=ttyS1,115200n8
Adjust the baud rate (115200n8) accordingly to what is set in the bios. Usually, no change is needed, but some server use 38400 or 9600.
How to access a console using the USB port
With cereal, you need to set an environment variable to your ssh connection in order to chose which session (e.g. which machine) to connect to:
TARGET="SERVERNAME" ssh -o SendEnv=TARGET USERNAME@cs0.koumbit.net
The SERVERNAME, USERNAME and password will need to be given to you by a sysadmin who has done the creation of a cereal session for your server.
The password for this ssh login is managed through your account at collectif.koumbit.net
Access denied
Si c'est une console de client-e, vous allez pogner access denied:
su -s /bin/bash - client-user cereal attach 96-17
connexion avec screen (ancienne methode)
Cette section détail l'ancienne méthode de connexion pré-cereal. On veut pouvoir accéder aux consoles via cereal dans tout les cas, mais il se peut qu'une session soit inaccessible et qu'on ai besoin de contourner cereal.
D'abord vérifier s'il y a une session entamé avec cereal et prendre en note le path du tty si présent:
cereal-admin list
Fermer et détruire la session cereal:
cereal-admin stop SESSION ; cereal-admin destroy SESSION
se connecter avec screen:
screen /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_ST162110-if00-port0 115200
un autre exemple à partir du serveur de console:
screen /dev/ttyUSB0 115200
Pour détacher et détruire la session screen:
<CTRL+a> <k>
Having two screen sessions connected to the same serial console device creates weird conflits that break screen feedback and keyboard interactivity. In order to avoid those issues you can use the following command, which will create a screen session only if there's none, otherwise you'll be reconnected to the current screen session:
devnum=2; if fuser -s /dev/ttyUSB$devnum; then screen -x; else screen /dev/ttyUSB$devnum 115200; fi
expérimentale
TESTER avec Virtualbox le output sur port serie
voici comment faire : virtualbox et port série
Older HP serial consoles
- Voir les révisions de cette page...
For additional information, refer to ConsoleSérieService/hp-scs-users-guide.pdf