1 |
On Friday 12 November 2004 10:47 am, Richard Yumul wrote: |
2 |
|
3 |
> > I have seen in different FAQs that running a serial cable to each |
4 |
> > server and using a SSH serial console switch is a good idea, but I |
5 |
> > am having trouble finding something cheap in this arena. Also, how |
6 |
> > much better is it in terms of reliability in case something goes |
7 |
> > really wrong with the server? FYI, all the servers are plugged into |
8 |
> > a remote APC reboot switch but I almost never use this, as many |
9 |
> > times it ends up invalidating the filesystem and therefore |
10 |
> > requiring a physical intervention at the keyboard. Anyway around |
11 |
> > this problem as well? |
12 |
|
13 |
> This actually happened to me w/ a recent emerge; What saved me is I |
14 |
> had a KVM over IP devices. It was a life saver... |
15 |
> |
16 |
|
17 |
While KVM over IP is handy, I have always seen it is as a hack compared |
18 |
to a good serial console, although that is probably because I started |
19 |
with Sun boxes in the server room and they are just designed to be used |
20 |
over serial console. Either way, to me it seems foolish to run a |
21 |
production server with the only remote access being served by ssh. I |
22 |
don't mean to imply anyone here is a fool, just that the times I have |
23 |
needed a secondary way in, I was very thankful one was available. |
24 |
|
25 |
Before I get into the serial console discussion, having only used KVM |
26 |
over IP a few times I am curious, is it possible to send emergency |
27 |
SysReq key sequences through them? |
28 |
|
29 |
A little background for the original poster: |
30 |
With a proper serial console setup one can access and control the bios |
31 |
(depending on the class of board), the grub console menu, and the |
32 |
entire kernel boot process including login. That includes the ability |
33 |
to interact with the system if it gets caught waiting for manual |
34 |
intervention as well. |
35 |
|
36 |
At work I use an external serial console server designed for the task, |
37 |
if you go this route, I would recommend one with RJ45 connectors, cat5 |
38 |
is much easier to deal with and you just put an adapter on the serial |
39 |
port of every box. That way when racks are wired up it is just another |
40 |
network cable running to each box. Perle CS9000 series have served me |
41 |
well, but I am sure there are better boxes out there. |
42 |
|
43 |
Since cost was mentioned as a concern, valid considering serial console |
44 |
servers can easily top $1k, remember that there is nothing special |
45 |
about a serial console. Any *nix box can serve as a serial console for |
46 |
another machine, the two boxes just need to be connected over a serial |
47 |
port. I have seen this take the form of one old machine that was |
48 |
stuffed full of serial ports and used in lieu of purchasing a serial |
49 |
console. However, I have also seen this ability used to form a web |
50 |
between servers. It was a little tricker and required documentation |
51 |
indicating that serverA was the console for serverB and serverB was the |
52 |
console for serverC which in turn was serving for serverA (simplified a |
53 |
bit), but it was a usable serial console setup for the cost of a few |
54 |
cables. |
55 |
|
56 |
As with any second way in, you need to consider the security |
57 |
implications, since compromise of a serial console server provides tty |
58 |
access to at least one other machine, although normally sitting at the |
59 |
login promt. A properly secured serial console has always been worth |
60 |
the risk for me, but your environment may be different. |
61 |
|
62 |
Be it serial console or KVM over IP, the ability to drop to single user |
63 |
or even boot init=/bin/sh to perform those serious operations is |
64 |
invaluable. Plus, if you plan ahead and attach a backup drive (usb pen, |
65 |
cdrom left in the tray, second HD ... anything), when the system gets |
66 |
totally hosed it can be booted off the backup medium and fixed or |
67 |
re-installed without ever having to set foot in the server room. That |
68 |
is of course if it passes the BIOS post ;) |
69 |
|
70 |
Justin |