Skip to content

Metal Console is responsible to create a secure access to the serial console of a metal machine

License

Notifications You must be signed in to change notification settings

metal-stack/metal-console

Folders and files

NameName
Last commit message
Last commit date

Latest commit

9253550 · Nov 6, 2024
Oct 7, 2024
Nov 6, 2024
Sep 10, 2019
Feb 17, 2020
Aug 21, 2020
Oct 12, 2020
Oct 12, 2020
Nov 6, 2024
Feb 17, 2020
Jun 30, 2022
Jun 30, 2022
Nov 6, 2024
Nov 6, 2024
Jun 12, 2024

Repository files navigation

metal-console

metal-console provides access to the serial console of metal machines. This is achieved by acting as a bridge between ssh and the console protocol of the concrete machine. It will support either libvirt based console access, which is used in the development environment. On real hardware ipmi based lanplus sol (Serial Over LAN) will be used.

To access the console execute:

ssh -i <private key> <uuid of the machine>@<hostname of metal-console server>

The metal-console will then lookup the given username as machine uuid on metal-api, request which console protocol to use. If the machine uuid is a valid machine, it will then use the provided private key to authenticate against the ssh public key stored in the metal-api for this machine. If access is granted, the user will have access to the console.

metal-console figures out in which partition the machine is located and then opens a tls socket connection to metal-bmc running on the management server in this partition. metal-bmc checks if the tls client certificate matches. If this is the case, it looks up the machine ipmi details from metal-api and starts a ipmi sol session to the machine.

TODO

  • If a second console access starts to same machine, kill existing one