lost and found ( for me ? )

iLO4 : access to an iLO VSP(virtual serial port) over SSH

Reference
http://blog.chrysocome.net/2013/05/proliant-virtual-serial-port.html
http://balazsdeak.blogspot.jp/2015/02/hp-dl380-serial-console-with-red-hat.html

OS : CentOS 6.7
iLO 4

  • BIOS settings ( default settings )

Set ‘BIOS Serial Console Port’ to COM2
Set ‘BIOS Serial Console Baud Rate’ to 115200

  • OS

When ttyS1(ttyS1 is for COM2) is not configured on your OS, you will see nothing when connecting to VSP as below.

Access to an iLO over SSH and enter VSP.
$ ssh 192.168.10.10 -l user

</>hpiLO-> VSP

Virtual Serial Port Active: COM2

Starting virtual serial port.
Press 'ESC (' to return to the CLI Session.

*** blank ***

</>hpiLO->

Configure ttyS1.
Create a file named “ttyS1.conf” under /etc/init directory.
$ sudo vi /etc/init/ttyS1.conf

$ sudo cat /etc/init/ttyS1.conf
stop on runlevel [S016]
start on runlevel [235]

respawn
instance /dev/ttyS1
exec /sbin/agetty 115200 ttyS1 vt100

Add ttyS1 in securetty file.
$ sudo tail -1 /etc/securetty
ttyS1

enable ttyS1.
$ sudo initctl start ttyS1
ttyS1 (/dev/ttyS1) start/running, process 8406

Access to the VSP over SSH.
</>hpiLO-> VSP

Virtual Serial Port Active: COM2

Starting virtual serial port.
Press 'ESC (' to return to the CLI Session.

localhost.localdomain login:
CentOS release 6.7 (Final)
Kernel 2.6.32-573.7.1.el6.x86_64 on an x86_64

In CentOS6, init daemon uses upstart, not Sys V init, so ‘telinit q’ does not work.
You need to create a file under /etc/init directory instead of editing /etc/inittab file.

edit /etc/grub.conf so that you can see boot messages.
timeout=5
# unit=0 for COM1, unit=1 for COM2
serial --unit=1 --speed=115200 --word=8 --parity=no --stop=1
terminal --timeout=5 serial console
#splashimage=(hd0,1)/grub/splash.xpm.gz
hiddenmenu

title CentOS (2.6.32-573.7.1.el6.x86_64)
       root (hd0,1)
       kernel /boot/vmlinuz-2.6.32-573.7.1.el6.x86_64 ro root=UUID=aaa rd_NO_LUKS rd_NO_MD crashkernel=auto  rhgb quiet console=tty0 consle=ttyS1,115200n8

LXC, dnsmasq : How to configure dnsmasq to have dnsmasq add MAC address of containers when dnsmasq sends DNS queries to other DNS servers.

hattori@ubuntu:~$ tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 14.04.3 LTS"
hattori@ubuntu:~$

hattori@ubuntu:~$ dnsmasq --version
Dnsmasq version 2.68  Copyright (c) 2000-2013 Simon Kelley

By adding MAC address in DNS queries, DNS servers could identify devices even though those devices are behind NAT environment by looking at MAC address in DNS queries. ( If DNS servers can recognize that. )

dnsmasq can add MAC address in DNS queries in EDNS0.

man dnsmasq

      --add-mac
             Add the MAC address of the requestor to DNS  queries  which  are
             forwarded  upstream.  This  may  be used to DNS filtering by the
             upstream server. The MAC  address  can  only  be  added  if  the
             requestor is on the same subnet as the dnsmasq server. Note that
             the mechanism used to achieve this (an EDNS0 option) is not  yet
             standardised,  so  this  should be considered experimental. Also
             note that exposing MAC addresses in this way may  have  security
             and  privacy  implications.  The warning about caching given for
             --add-subnet applies to --add-mac too.

By default, dnsmasq does not add MAC address in DNS queries.

dnsmasq configuration file for LXC(lxc-net) is /etc/init/lxc-net.conf.
So I modified that so that dnsmasq can add MAC address into DNS queries.

Copy a current config file.

hattori@ubuntu:~$ sudo cp /etc/init/lxc-net.conf ./lxc-net.conf.20151024

Edit lxc-net.conf.
Add  '--add-mac' option in that file.

$ diff /etc/init/lxc-net.conf lxc-net.conf.20151024
65c65
< dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative --add-mac || cleanup
---
> dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup


stop and start lxc-net to reflect that change.


check current PID of dnsmasq.

hattori@ubuntu:~$ cat /var/run/lxc/dnsmasq.pid
1480


Here are current options.

hattori@ubuntu:~$ ps aux | grep 1480 | grep -v grep
lxc-dns+  1480  0.0  0.0  28204   968 ?        S    10月23   0:00 dnsmasq -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --conf-file= --listen-address 10.0.3.1 --dhcp-range 10.0.3.2,10.0.3.254 --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative
root      1533  0.0  0.0 450312 14808 ?        Sl   10月23   0:00 /usr/sbin/libvirtd -d


stop and start lxc-net.

hattori@ubuntu:~$ sudo stop lxc-net
lxc-net stop/waiting

hattori@ubuntu:~$ sudo start lxc-net
lxc-net start/running


hattori@ubuntu:~$ cat /var/run/lxc/dnsmasq.pid
6558

dnsmasq has started with --add-mac option.

hattori@ubuntu:~$ ps aux | grep 6558 | grep -v grep
lxc-dns+  6558  0.0  0.0  28204   960 ?        S    00:59   0:00 dnsmasq -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --conf-file= --listen-address 10.0.3.1 --dhcp-range 10.0.3.2,10.0.3.254 --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative --add-mac


Start a container.

hattori@ubuntu:~$ sudo lxc-start -n ubuntu01 -d


Connect to the container and check MAC address of that container.

hattori@ubuntu:~$ sudo lxc-ls -f
NAME             STATE    IPV4       IPV6  AUTOSTART  
----------------------------------------------------
ubuntu-original  STOPPED  -          -     NO         
ubuntu01         RUNNING  10.0.3.47  -     NO         
ubuntu02         STOPPED  -          -     NO         
ubuntu03         STOPPED  -          -     NO         
ubuntu04         STOPPED  -          -     NO         
hattori@ubuntu:~$

hattori@ubuntu:~$ ssh 10.0.3.47 -l ubuntu
ubuntu@10.0.3.47's password:
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-66-generic x86_64)

* Documentation:  https://help.ubuntu.com/
Last login: Sat Oct 24 00:26:17 2015 from 10.0.3.1
ubuntu@ubuntu01:~$


Here is a resolv.conf of the container.
This container sends DNS queries to dnsmasq(10.0.3.1).

root@ubuntu01:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.0.3.1
root@ubuntu01:~#


Here is a MAC address of the container.

root@ubuntu01:~# ip addr show eth0 | grep 'link/ether'
   link/ether 00:16:3e:09:dc:c2 brd ff:ff:ff:ff:ff:ff


Here is a capture data collected on LXC host when dnsmasq sent DNS queries to other DNS servers.
Having looked at the capture data, you can see MAC address in DNS queries which was added by dnsmasq.

    Queries
       www.google.com: type A, class IN
           Name: www.google.com
           Type: A (Host address)
           Class: IN (0x0001)
   Additional records
       <Root>: type OPT
           Name: <Root>
           Type: OPT (EDNS0 option)
           UDP payload size: 4096
           Higher bits in extended RCODE: 0x0
           EDNS0 version: 0
           Z: 0x0
           Data length: 10
           Option: Unknown (65001)
               Option Code: Unknown (65001)
               Option Length: 6
               Option Data: 00163e09dcc2