This page describes how to enable interactive access to an instance'sserial console to debug boot and networking issues, troubleshoot malfunctioninginstances, interact with the GRand Unified Bootloader (GRUB), and perform othertroubleshooting tasks.
Cartoon Maker With Serial Serial Key Keygen
A virtual machine instance has four virtual serial ports. Interactingwith a serial port is similar to using a terminal window, in that input andoutput is entirely in text mode and there is no graphical interface or mousesupport. The instance's operating system, BIOS, and other system-levelentities often write output to the serial ports, and can accept input suchas commands or answers to prompts. Typically, these system-level entities usethe first serial port (port 1) and serial port 1 is often referred to as theserial console.
If you only need to view serial port output without issuing any commands tothe serial console, you can call thegetSerialPortOutputmethod or use Cloud Logging to read information that your instance haswritten toits serial port; seeViewing serial port logs.However, if you run into problems accessing your instance through SSH or need totroubleshoot an instance that is not fully booted, you can enable interactiveaccess to the serial console, which lets you connect to and interact with any ofyour instance's serial ports. For example, you can directly run commandsand respond to prompts in the serial port.
To perform this task, you must have the following permissions: compute.instances.setMetadata on the VM if enabling interactive access on a specific VM
compute.projects.setCommonInstanceMetadata on the project, if enabling interactive access for all VMs in the project
iam.serviceAccountUser role on the instance's service account
Enabling interactive access on the serial consoleEnable interactive serial console access for individual VM instances or foran entire project.
By default, interactive serial port access is disabled. You can also explicitlydisable it by setting the serial-port-enable key to FALSE. Ineither case, any per-instance setting overrides the project-level setting orthe default setting.
Enable interactive serial console access for a specific instance. A per-instancesetting, if it exists, overrides any project-level setting. You can alsodisable access for a specific instance, even if access is enabled on the projectlevel, by setting serial-port-enable to FALSE, instead of TRUE. Similarly,you can enable access for one or more instances even if it is disabled for theproject, explicitly or by default.
The serial console authenticates users withSSH keys. Specifically, you must add yourpublic SSH key to the project or instance metadata and store your private keyon the local machine from which you want to connect. The gcloud CLIand the Google Cloud console automatically add SSH keys to the project for you.If you are using a third-party client, you might need to add SSH keys manually.
To connect to any other port, provide a different port number using the--port flag. You can provide a port number from 1 through 4, inclusively.To learn more about port numbers, seeUnderstanding serial port numbering.
For example, the following SSH command connects to the default serial port(1) of an instance named example-instance with the username jane in aproject with the project ID myproject. The instance is in zoneus-central1-f. Replace private-ssh-key-file withthe private SSH key file for the instance.
If you are having trouble connecting using a third-party SSH client, you canrun the gcloud compute connect-to-serial-port command with the --dry-runcommand-line option to see the SSH command that it would have run on yourbehalf. Then you can compare the options with the command you are using.
Add the contents of the server SSH key, with ssh-serialport.googleapis.comprepended to the key. For example, if the server key contains the linessh-rsa AAAAB3NzaC1yc..., then /.ssh/known_hosts should have a linelike this:
If, after updating the host key, you continue to receive a hostauthentication error from your client, stop attempts to connect to theserialport and contact Google support. Do not provide any credentials over aconnection wherehost authenticationhas failed.
If you are trying to troubleshoot an issue with a VM that has bootedcompletely or trying to troubleshoot an issue that occurs after VMhas booted past single user mode, you might be prompted for login informationwhen trying to access the serial console.
If your VM is running an image that is preconfigured with serial port logins,you need to set up a local password on the VM so that you can log in to theserial console, if prompted. You can set up a local password after connecting tothe VM or by using a start-up script.
Login prompts are enabled on port 1 by default on most Linux operating systems.However, port 1 can often be overwhelmed by logging data and other informationbeing printed to the port. Instead, you can choose to enable a loginprompt on another port, such as port 2 (ttyS1), by executing one ofthe following commands on your VM. You can see a list of availableports for an VM inUnderstanding serial port numbering.
Each virtual machine instance has four serial ports. For consistency with thegetSerialPortOutputAPI, each port is numbered 1 through 4. Linux and other similar systems numbertheir serial ports 0 through 3. For example, on many operating system images,thecorresponding devices are /dev/ttyS0 through /dev/ttyS3. Windows refers toserial ports as COM1 through COM4. To connect to what Windows considersCOM3 and Linux considers ttyS2, you would specify port 3. Usethe table below to help you figure out which port you want to connect to.
Compute Engine provides audit logs to track who has connected anddisconnected from an instance's serial console. To view logs, you must havepermissions for the Logs Vieweror be a project viewer or editor.
resourceNameA string containing the project ID, zone, instance name, and serial port number to indicate which serial console this pertains to. For example, projects/myproject/zones/us-east1-a/instances/example-instance/SerialPort/2 is port number 2, also known as COM2 or /dev/ttyS1, for the instance example-instance.
You can disable interactive serial console access by changing metadata on thespecific instance or project, or by setting anOrganization Policy thatdisables interactive serial console access to all VM instances for one or moreprojects that are part of the organization.
Project owners and editors, as well as users who have been granted thecompute.instanceAdmin.v1 role, can disable access to the serial console bychanging the metadata on the particular instance or project. Similar toenabling serial console access,set the serial-port-enable metadata to FALSE:
If you have been granted the orgpolicy.policyAdmin role on the organization,you can set anorganization policythat prevents interactive access to the serial console, regardless of whetherinteractive serial console access is enabled on the metadata server. After theorganization policy is set, the policy effectively overrides theserial-port-enable metadata key,and no users of the organization or project can enable interactive serialconsole access. By default, this constraint is set to FALSE.
If you are having trouble connecting using a standard SSH client, butgcloud compute connect-to-serial-port connects successfully, it might behelpful to run gcloud compute connect-to-serial-port with the --dry-runcommand-line option to see the SSH command that it would have run on yourbehalf, and compare the options with the command you are using.
Setting the bit rate, also known as baud rate, you can set any bit rate youlike, such asstty 9600, but the feature normally forces the effective rate to115,200 bps (11.5kB/sec). This is because many public images default toslow bitrates, such as 9,600 on the serial console, and would boot slowly.
Some OS images have inconvenient defaults on the serial port. For instance,on CentOS 7, the stty icrnl default for the Enter key on the console is tosend a CR, aka ^M. The bash shell might maskthis until you try to set a password, at which point you might wonder why itseems stuck at the password: prompt.
If, for example, you connect using SSH from machine A to machine B, and thento machine C etc., creating a nested SSH session, and you want to usetilde () commands to disconnect or send a serial break signal, you will needto addenough extra tilde characters to the command to get to the right SSH client. Acommand following a single tilde is interpreted by the SSH client onmachine A; a command following two consecutive tildes (Enter) isinterpreted by the client on machine B, and so forth. You only need to pressEnter one time because thatis passed all the way through to the innermost SSH destination. This is truefor any use of SSH clients that provide the tilde escape feature.
By default, each time you connect to the serial console, you will receivea replay of the last 10 lines of data, regardless of whether the last 10 lineshave been seen by another SSH client. You can change this setting and controlhow many and which lines are returned by setting the following options:
With the Google Cloud CLI, append the following to yourconnect-to-serial-port command, where N is the specified number of lines(or bytes or absolute byte index, depending on which replay option you areselecting):
The most recent 1 MiB of output for each serial port is always available andgenerally, your SSH client should not miss any output from the serial port.If, for some reason, your SSH client stops accepting output for a period oftime but does not disconnect, and more than 1 MiB of new data is produced,your SSH client might miss some output. When your SSHclient is not accepting data fast enough to keep up with the output on theserial console port, you can set the on-dropped-output property to determinehow the console behaves.
The default setting for the on-dtr-low option is none. If you use thedefault setting none, you can reboot your instance without being disconnectedfrom the serial console, but the console will not disconnect through normalmeans such as exit or logout commands, or normal key combinations likeCtrl+D. 2ff7e9595c
Comments