#33 closed task (fixed)
Serial console access
Reported by: | ecprice | Owned by: | broder |
---|---|---|---|
Priority: | major | Milestone: | Demo-able |
Component: | vnc | Version: | |
Keywords: | Cc: |
Description
We should have access to the serial console. One proposed solution is to
- use conserver to allow some VM (e.g. sipb-xen-dev) to access the serial console
- Have this VM run an SSH daemon that connects user <machine-name> to the appropriate console.
Change History (9)
comment:1 Changed 17 years ago by broder
- Owner changed from quentin to broder
- Status changed from new to accepted
comment:2 Changed 17 years ago by anonymous
Oh, also - console.servers.csail.mit.edu is a HVM instead of a ParaVM because Fuse apparently doesn't work with etch's ParaVM kernel.
comment:3 Changed 17 years ago by broder
Weird things start to happen if multiple people try to connect at once. We should disallow that for now. Or look into quentin's conserver thing, which we haven't done yet.
comment:4 Changed 17 years ago by broder
The fuse module doesn't get modprobe'd by default at bootup. I'm not really sure how I'm supposed to do that...
comment:5 Changed 17 years ago by tabbott
The easiest solution is to add "modprobe fuse" to an init script.
I think if you run something newer than etch, fuse gets automatically loaded when you try to fusermount.
comment:6 Changed 17 years ago by price
- Milestone set to Demo-able
comment:7 Changed 17 years ago by price
- Milestone set to Demo-able
comment:8 Changed 17 years ago by broder
- Resolution set to fixed
- Status changed from accepted to closed
The serial console is working. It is using conserver. There are packages to support this both on black-mesa and sipb-xen-console.
All VMs (Para- and H-) have /dev/ttyS0 connected to the serial console. ssh'ing to $MACHINE_NAME@… (or sipb-xen-console.mit.edu) will connect you to your VM's serial console using conserver. I recommend https://help.ubuntu.com/community/SerialConsoleHowto for instructions on how to enable the console on your Debian or Ubuntu VM.
Note that, in particular, this allows VMs to be owned by principals that don't have certs.
comment:9 Changed 17 years ago by price
The autoinstall clone image now supports this too.
This is done short of getting a keytab for the server and installing that.
We are using libnss-pgsql to create a virtual user that corresponds to a database-managed VM.
We use nscd to work around a deadlock in libnss-pgsql We use a Fuse filesystem to create a fake homedir for each of the fake users with a .k5login that has the correct values for a given VM.
Once we get the keytab, we can turn on Kerberos auth for console.servers.csail.mit.edu, and we'll be all set.
On the black-mesa side, we:
The changes to console.servers.csail.mit.edu have been packaged. We believe that installing the sipb-xen-console package will do almost all of the configuration (except for installing trusted secrets). The changes to black-mesa have not been packaged.