You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org
SRE/Dc-operations/Platform-specific documentation/Opengear Serial Consoles
< SRE | Dc-operations | Platform-specific documentationJump to navigation Jump to search
Revision as of 09:52, 21 January 2022 by (→External Links)
SRE Data Center Operations
- We use the Opengear CM4148. This is the 48 port version of the serial console server.
- It is just easier to get the maximum port model than juggle various models per datacenter deployment.
- As a matter of course, we attach all network devices, and all power strips to the serial console in each deployment.
- Please note caching deployments don't offer connections to power strips, only full deployment sites.
Using the Serial Console
- SSH into the serial console in question.
- Our naming standard depends on deployment.
- Full deployments are scs-$rack-$site.mgmt.$site.wmnet
- noting the rack location when we have multiple racks is just easier on folks.
- Caching deployments are scs-$site.mgmt.$site.wmnet
- Since caching sites usually are less than 5 racks and won't ever need more than a single serial console.
- Once on opengear CLI, type in pmshell and hit enter.
- All the setup ports with labels of what they are connected to will be listed, and you can enter the number of the port you wish to connect to.
- If you already know the port # you can simply connect with pmshell port##
- All of the actions listed below require the HTTPS web console, not the command line via SSH.
- This is done by the on-site technician for the datacenter deployment.
- Set up your local laptop to use IP addresses within the 192.168.0.X range (leave 192.168.0.1 open, as the opengear defaults to that) with a subnet mask of 255.255.255.0 and no gateway.
- No gateway ensures your wifi connection to internet/irc/whatever remains active and primary for that traffic.
- Plug your laptop's network connection into the LAN port on the serial console server.
- Open the serial console web configuration via 
- You will have to accept the console's self signed certificate.
- Login with the default user name root & the default password default
- Upgrade the OS to the latest recommended version
- System: Firmware
- Update the console's host name under System > Administration.
- Update the console's password to our mgmt password under System > Administration.
- Set the systems network settings under System > IP.
- The information for the network settings should be attached to the setup ticket for the console in RT.
- System: IP
- DNS: 10.3.0.1
- System: time
- Timezone -> UTC
- Enable NTP -> checked
- NTP Server List: ntp.eqiad.wikimedia.org; ntp.codfw.wikimedia.org
- Alerts & Logging: SNMP
- Enable -> check
- Location -> one of: eqiad;codfw;ulsfo;etc;etc
- Contact -> email@example.com
- Read-Only Community -> SNMP secret
- Serial & Network: Users
- Add user:
- description -> rancid
- username -> rancid
- Disable Password Authentication -> check
- Groups -> admin
- Password -> generate long random string
- New ssh key -> rancid SSH pub key
- Serial & Network: Authentication Configuration
- CLI Management Session Timeout -> 60
- Add user:
- Status: Syslog:
- Syslog Server Address -> syslog.anycast.wmnet
- System: services
- Enable Telnet command shell -> uncheck
- Enable LLDP/CDP service -> check
- NTP Server -> verify check
- SNMP daemon -> verify check
- All basic networking and login should now be set. All that is left is to setup individual ports, outlined below.
- Add device to monitoring
- LibreNMS (https://librenms.wikimedia.org/addhost/)
Port / Connection Setup
- The SCS exists on the management network, to connect to it, you must be attached to the mgmt network by physical link, or proxy.
- How to setup a proxy is here: Proxy_access_to_cluster
- Once logged in, click on Serial & Network > Serial Port
- This lists all ports, and their labels.
- Click Edit for the specific port, and set the port details.
- The name must be set (or it won't show in pmshell command from cli), the ports default connection settings (no logging, 9600-8-N-1, no flow control) are appropriate for the majority of our network gear and power strips.
- Apply/Save and the port is now setup.