14 Replies Latest reply on Jan 9, 2008 4:13 PM by TheDarren

    Access VM Serial Console - Named Pipe TCP Proxy Utility

    shvechkov Lurker

      Hi all!

       

      I’ve created small utility that will ease access to VM’s serial consoles (com ports emulated as named pipes) on Windows.

      Driver developers for Linux/BSD/Solaris will most likely benefit from this utility: number of popular kernel debuggers makes use of serial console – kdb on Linux, kmdb/mdb on Solaris x86 etc. (there was no way to access data from the named pipe by existing terminal clients)

       

      The utility allows QA environment where one runs a farm of virtual machines with easy access to every machine’s serial console (crash -> kernel gets into debugger -> connect vm console using terminal client -> debug session)

       

      What additional functionality is needed here? Is there a need for Linux support?

       

      Ideas and feedback are welcomed.

      Please find below utility description or go to http://shvechkov.tripod.com/nptp.html

       

      \----


       

      The Challenge[/b]

      To date of this writing there was no terminal client capable of connecting to named pipes on Windows (neither locally nor remotely). There may be various reasons for such type of access. In my case I was doing some kernel debugging on Linux/Solaris virtual machines that were running under supervision of VMware(or Virtual PC) software and I needed to access Guest OS serial consoles (virtual com ports emulated as named pipes) from the Host OS or remotely using TCP connection.

       

      Solution[/b]

      Named Pipe TCP Proxy - utility which provides access to named pipes on Windows (special files with names built using the following rule -
      "named pipe" mappings. To access certain named pipe you need to create such a mapping and then connect to assigned tcp port using any terminal client program. For example one may access named pipe locally by issuing the following command:

       

      telnet 127.0.0.1 [/i]

      where TcpPort is the port assigned in the GUI for a given named pipe.

       

      Attention[/b]

      This software is provided as is. Use it at your own risk. Author does not take any responsibility for anything related to aforementioned utility.

       

      If you want to redistribute this software you must provide the link to original developer's site. All of the associated and implied rights reserved.

       

      Feedback and Support[/b]

      However, in spite of paragraph above, I'll be glad to get feedback on the subject. Proposals, ideas and bug reports are highly appreciated. You may contact me at shvechkov@yahoo.com[/b]

      /Alexey Shvechkov/[/b]

       

      Message was edited by:

              shvechkov

        • 1. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility Created
          devzero Master

          hello !

           

          this is great!

           

          i`m searching for the same solution for vmware under linux for some time now.

           

          i just did another search and came across the following tool: SOCAT

          (http://www.dest-unreach.org/socat/) - i didn`t give it a try yet, but this seems to be the linux equivalent of your tool.

           

          furthermore, there seems to be another tool (xcat - http://xcat.org/) which is using socat for exactly that purpose. 

           

          reading into the docs of both, these tools seem to be quite interesting stuff - especially http://xcat.org/doc/vmware-HOWTO.html

           

          excerpt from the changelog:

           

          VMware support.  Read the HOWTO.  IANS xCAT can control VMware sessions

            locally or remotely just like physical nodes.  rpower, getmacs, rreset,

            rinstall, serial console, diskless, rnetboot, etc... all function as expected.

            Turn your 1024 node cluster into 2048, 4096, or 16384 nodes! (or until

            you run out of RAM

           

            Cool tricks:

            Suspend and resume VMs:

            rpower noderange suspend

            Migrate running VMs from physical node to physical node:

            rmigrate vnode pnode

           

          roland

          1 person found this helpful
          • 2. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility Created
            shvechkov Lurker

            hello all,

            Thanks for feedbacks. Updated [i]release[/i][/u] version may be found here:

            http://shvechkov.tripod.com/nptp_setup.zip[/b]

            • 3. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
              jackalope Novice

              Hello,

              After digging around I found a way to get at a serial console on a Linux VM server (GSX or VMware server) running one or more linux VM clients.  It requires a program called socat (http://www.dest-unreach.org/socat/) to communicate to/from the named pipe.

               

              I've used this method and can verify it works.  There are rough edges.  I can't get ctrl-c, ctrl-d or otherwise to work.  The login prompt fails to supress echoing the password.  I don't find these problems to be bad enough to prevent me from doing what I need.

               

              Steps involved:

              Create the serial ports within the VM

              Start the VM

              Connect to the Special File on the VM host

              -


               

              Create the serial ports within the VM[/b]

               

                 1. With your virtual machine stopped and using the GUI vmware console click on the "add hardware" button

                 2. Add a serial port with the following parameters

                         

              • Connect at Power On: checked

                         

              • Use Named Pipe

                         

              • Output file is ./serial1

                         

              • This end is the server

                         

              • The other end is an application

                 3. You may want to add a second serial port now.

               

              Note: At this point you have told vmware to create the file ./serial1 in the directory containing the other files for this VM. This file won't be created until you start the VM the next time.

               

              Start the VM[/b]

               

                 1. Start the VM. As soon as the VM reaches the BIOS prompt it will have created the special file ./serial1 on the VMware host machine.

               

              Connect to the Special File[/b]

               

              VMWare calls this a "Named Pipe", but it's actually a Unix Domain Socket. A named pipe can be opened as a file, but a UDS cannot. Instead, I use this hackish command to get to the UDS.

               

              socat -d -d -d /var/lib/vmware/Virtual\ Machines/vmtestcli5/serial2tcp4-listen:9988

               

              This links the Unix Domain Socket to port 9988 on the local machine.

               

                 1. Using telnet open port 9988 on the vmware host machine. You will be able to communicate into and out of the serial port.

                         

              • Rather than "tcp4-listen:9988" you can use "stdio" to go directly to/from a shell on the vmware host server.

                         

              • Any control characters do not get passed through appropriately.

               

              • 4. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                jackalope Novice

                As a follow-up to my last post, I'm also using this application to help set up new Linux VM machines. 

                On the first boot I run a script that tries to pull info from /dev/ttyS3 and put it into shell variables.  These variables contain the IP address, netmask and other such info the machine needs to set itself up.  I could address this with a combo of DHCP and tftp, but I didn't want to.

                 

                Once I get a script I'm less ashamed of I'll post all the details.

                • 5. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                  mjrichters Lurker

                  I've set up a virtual machine on a Linux host, and connected the virtual machine's serial port to the network with socat as described above, but it's not particularly usable; everything gets echoed on my terminal twice.  I've tried dozens of options for socat with no success (it either doesn't work at all, or this strange double echo appears).

                  • 6. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                    yumenohikari Lurker

                    I recently started using socat for serial console as well.  Here's the command that worked for me to kill local echo and send each character individually instead of a line at a time (guest OS is OpenBSD 3.8, so I named the socket com0 after what it's called in OpenBSD):

                     

                    socat unix-connect:com0 stdio,echo=0,raw[/code]

                     

                    The one caveat to this that I've found is that ^C and ^D are both passed to the socket rather than to socat, so in order to shut down the console connection you either have to exit the VM or kill socat explicitly ('pkill socat' does just fine on machines with pcre installed).  It's probably also a good idea to pay attention to the terminal type (presumably xterm) so you can deal with the guest OS accordingly.

                     

                    Edit:[/b] I dug through the man page a little, looking for a way to replicate the TCP method described above, but I couldn't find a way to suppress the echo or use per-character transmission on a TCP socket (using the tcp4-listen: transport).  If anyone can find a way to do this, it does offer the advantage of being able to detach using the telnet escape (^]) sequence.

                     

                    Message was edited by:

                            yumenohikari

                    • 7. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                      chjohnst Novice

                      has anyone figured out how to hide the echo in tcp mode?  Seeing the root passwd on the screen and every command I try to type is not helpful at all.

                       

                      If I were to use the stdio approach is there a way at least to exit socat?

                      • 8. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                        OCGLTD Novice

                        I'm trying to solve a VM-MultiIO card incompatability that socat might solve.  What do you think:

                         

                        I have a multi-io card (9 serial ports) called ttyQ1a1 - ttyQ1a8 which work great on the linux host, BUT, the Windows VM's will not recognize the serial ports.  Would it be possible to attach a serial port to a named pipe in the Windows VM, and then attach the named pipe to the linux tty using socat?

                         

                        If so, can you suggest the parameters?  (I'm lost in the socat documentation)

                         

                        Thanks!

                        • 9. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                          Michael Shiloh Novice

                          I wonder if this will help me.

                           

                          I'm running a Vista virtual machine on a Linux host. I'd like to debug with windbg. Of course windbg won't run on my Linux host, but I do have another computer running Windows.

                           

                          I'm trying to figure out if I can connect from windbug running on my Windows computer via Ethernet to my Linux computer running the Vista VM. I think I can use your utility (or socat) to provide access to the VM virtual com port, and then get windbg to connect to your utility via Ethernet, possibly via a Windows-based utility to provide a TCP bridge to the named pipe that windb will want.

                           

                          Thoughts?

                          • 10. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                            Spamkit Lurker

                            Wow!

                             

                            Thank you all very much for the idea of using socat! It did work like a magic. Thank you all once more!

                            • 12. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                              alvserversupportteam Novice

                              I want to send all RH4/5 Linux guest console output to a log file. I don't care if this file is on the Linux guest itself or a centralized linux monitoring server. I don't want the file to be on the host. Ttylog says it can't do consoles. I've tried ttywatch for a while now and nothing ever gets sent to its own logfile. I've tried to compile ttywatch myself and dag's precompiled RPM for my specific linux versions. I'm starting to think that ttywatch should not be run on the linux guest and cannot monitor/intercept outbound serial traffic, just inbound. Correct me if I'm wrong. I can't find much help on ttywatch and most of it says to use a null-modem cable. Screw that, this is a virtual world, and I'm not hooking up any null-modem cables!

                              I added the options: console=tty1 console=ttyS0 to the end of my kernel line in /boot/grub/grub.conf and when I boot up the output does go to a file I specify on the host that I configured using the second option in guest serial port creation (Use output file). Unforntunately, this file can't be viewed while the guest is running (tail/cat's fail) contrary to the suggestion in this link ("tail -f foo"):

                              http://blackmagic02881.wordpress.com/

                              So now I'm thinking socat, but I can't find any help/examples on sending socat output to a file. I don't even understand the examples above.

                              For example "socat unix-connect"? What is unix-connect?

                              And then "socat -d -d -d /var/lib/vmware/Virtual\ Machines/vmtestcli5/serial2tcp4-listen:9988", what is with the "/Virtual\"

                              and "Machines"? Where are these files/directories? I'm using ESX and I can't find them. Under /var/lib/vmware is the hostd directory. I tried creating a named pipe called "serial1" and if I drop down to "/" on both my host and guest, and do a find, I can't find it. So, if anybody can provide some basic, step by step help on how I can accomplish this with ttywatch or socat, that would be great.

                              There was too much "VMware host machine", "vmware host server", "local machine" in jackalope's post. So please make sure each command you specify clearly describes from where it is supposed to run.

                              We are running ESX 3.0.1 & 3.0.2. So let's say the ESX server is called Fred and the Linux Guest is called Bob, and a third Linux monitoring server is called Sarah. Sarah is where I want the logfile of Bob's console output. I'm guessing socat needs to run on Fred as a pass-through and then another socat on Sarah to receive the incoming data and send (fork?) to a file?

                              I'm guessing esxcfg-firewall needs to be run to allow some of this port writing.

                              Finally, how exactly does the serial port need to be setup in ESX for the Linux Guest. The post above says to name the file ./serial1 (why the ./?), and "this end is the server" "the other end is an application". Well in ESX it is called the near end and the far end (which end is my linux guest, the near or the far end??? very confusing) and there is no "application" option, the "Far end:" options are "A process" and "A virtual machine". So I'm really not following the difference or how each would be useful?

                               

                              Sorry for the lengthy post, but I just can't find any information out there on anybody doing this. Isn't it frustrating when some boot-up script fails and only sends its failure to the screen (not the boot.log file) and then it scrolls by too fast. I think vmware should allow us to scroll back in their console that would be very helpful as well (shouldn't be too hard for them to detect that it is only text and not a GUI screen). I'll create a new topic if this doesn't get too much visibility as I'm not really wanting Serial Console Access, but it was the only discussion close and talking about socat.

                               

                              Can socat running on the linux guest intercept outbound ttyS0 traffic and send it straight to a file on the linux guest file system?

                              • 13. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                                setha Novice

                                I'm also trying to run Linux guests on top of ESX.

                                 

                                I was able to virtually power of my Linux guest.  Then, I followed

                                jackalope's instructions to create the named pipe.  Jackalope's

                                instructions don't quite match what you see with an ESX host because

                                Jackalope's instructions were written for a VMware Server or GSX

                                host.  ESX is similar to Server/GSX, but it's not the same.

                                 

                                Anyway, I told it to call the pipe something really unique

                                that I was sure would not already exist in the ESX filesystem,

                                "sethapipe".  I told ESX that the near end was a server, and

                                the far end was a process.  I did this in the virtualcenter

                                interface, which is how most interactions with ESX are supposed

                                to happen.  I told virtualcenter to make the change.  Then I

                                logged in to ESX.  I did a find from /, looking for sethapipe:

                                 

                                find / -name sethapipe -print

                                 

                                It was in /var/log/vmware/sethapipe

                                 

                                I'm guessing that the socat command has to reference

                                the named pipe.

                                 

                                alvserversupportteam, did you recompile ttywatch on ESX

                                itself?  Were you able to get socat to recompile on ESX?

                                (For all I know, it compiles just fine; I just haven't tried

                                it yet.)  If you got socat to recompile, did it work?

                                 

                                I'm reluctant to start modifying ESX itself, by adding programs

                                to it, and so on.  Someday I may want to run ESX 3.5i.

                                The "i" versions are built into the firmware.  So there's

                                no opportunity, I'm guessing, to do modifications to ESX

                                itself.  So, another question for alvserversupportteam,

                                are you worried about the "i" versions of ESX?

                                 

                                Thanks,

                                 

                                --Seth Alford

                                • 14. Re: Access VM Serial Console - Named Pipe TCP Proxy Utility
                                  TheDarren Lurker

                                   

                                  Use a version of socat compiled for EL3.  I'm just testing this now and I haven't been able to disconnect and reconnect cleanly (yet).  After the first connection is dropped, subsequent attempts to use the "named pipe" yield errors such as:

                                   

                                   

                                  socat[5153] E connect(3, AF=1 "mypipe", 17): Connection refused