| 1 |
On Friday 12 November 2004 10:47 am, Richard Yumul wrote: |
| 2 |
|
| 3 |
> > I have seen in different FAQs that running a serial cable to each |
| 4 |
> > server and using a SSH serial console switch is a good idea, but I |
| 5 |
> > am having trouble finding something cheap in this arena. Also, how |
| 6 |
> > much better is it in terms of reliability in case something goes |
| 7 |
> > really wrong with the server? FYI, all the servers are plugged into |
| 8 |
> > a remote APC reboot switch but I almost never use this, as many |
| 9 |
> > times it ends up invalidating the filesystem and therefore |
| 10 |
> > requiring a physical intervention at the keyboard. Anyway around |
| 11 |
> > this problem as well? |
| 12 |
|
| 13 |
> This actually happened to me w/ a recent emerge; What saved me is I |
| 14 |
> had a KVM over IP devices. It was a life saver... |
| 15 |
> |
| 16 |
|
| 17 |
While KVM over IP is handy, I have always seen it is as a hack compared |
| 18 |
to a good serial console, although that is probably because I started |
| 19 |
with Sun boxes in the server room and they are just designed to be used |
| 20 |
over serial console. Either way, to me it seems foolish to run a |
| 21 |
production server with the only remote access being served by ssh. I |
| 22 |
don't mean to imply anyone here is a fool, just that the times I have |
| 23 |
needed a secondary way in, I was very thankful one was available. |
| 24 |
|
| 25 |
Before I get into the serial console discussion, having only used KVM |
| 26 |
over IP a few times I am curious, is it possible to send emergency |
| 27 |
SysReq key sequences through them? |
| 28 |
|
| 29 |
A little background for the original poster: |
| 30 |
With a proper serial console setup one can access and control the bios |
| 31 |
(depending on the class of board), the grub console menu, and the |
| 32 |
entire kernel boot process including login. That includes the ability |
| 33 |
to interact with the system if it gets caught waiting for manual |
| 34 |
intervention as well. |
| 35 |
|
| 36 |
At work I use an external serial console server designed for the task, |
| 37 |
if you go this route, I would recommend one with RJ45 connectors, cat5 |
| 38 |
is much easier to deal with and you just put an adapter on the serial |
| 39 |
port of every box. That way when racks are wired up it is just another |
| 40 |
network cable running to each box. Perle CS9000 series have served me |
| 41 |
well, but I am sure there are better boxes out there. |
| 42 |
|
| 43 |
Since cost was mentioned as a concern, valid considering serial console |
| 44 |
servers can easily top $1k, remember that there is nothing special |
| 45 |
about a serial console. Any *nix box can serve as a serial console for |
| 46 |
another machine, the two boxes just need to be connected over a serial |
| 47 |
port. I have seen this take the form of one old machine that was |
| 48 |
stuffed full of serial ports and used in lieu of purchasing a serial |
| 49 |
console. However, I have also seen this ability used to form a web |
| 50 |
between servers. It was a little tricker and required documentation |
| 51 |
indicating that serverA was the console for serverB and serverB was the |
| 52 |
console for serverC which in turn was serving for serverA (simplified a |
| 53 |
bit), but it was a usable serial console setup for the cost of a few |
| 54 |
cables. |
| 55 |
|
| 56 |
As with any second way in, you need to consider the security |
| 57 |
implications, since compromise of a serial console server provides tty |
| 58 |
access to at least one other machine, although normally sitting at the |
| 59 |
login promt. A properly secured serial console has always been worth |
| 60 |
the risk for me, but your environment may be different. |
| 61 |
|
| 62 |
Be it serial console or KVM over IP, the ability to drop to single user |
| 63 |
or even boot init=/bin/sh to perform those serious operations is |
| 64 |
invaluable. Plus, if you plan ahead and attach a backup drive (usb pen, |
| 65 |
cdrom left in the tray, second HD ... anything), when the system gets |
| 66 |
totally hosed it can be booted off the backup medium and fixed or |
| 67 |
re-installed without ever having to set foot in the server room. That |
| 68 |
is of course if it passes the BIOS post ;) |
| 69 |
|
| 70 |
Justin |
Archives