Alpine Linux - User contributions [en]

Talk:Enable Serial Console on Boot

2022-07-30T02:56:43Z

Yjftsjthsd-a: note working alpine version

Is this information obsolete? The last susbtantive edit was in 20 October 2010 and the page says it applies to Alpine 1.10.x. I'm not sure what a "serial console" is---different from a normal tty? In practice when are they used?
-- [[User:Dubiousjim|Dubiousjim]] 10:01, 25 March 2012 (UTC)

This still works fine with Alpine 2.3.6. It's used in practice if a KVM is not available for a given server/router running Alpine. In that case, connecting a set of Alpine boxes and other devices (such as switches or routers) to a serial console server can be a practical way to maintain console access.
[[User:Jbilyk|Jbilyk]] 22:45, 13 April 2012 (EST)

If someone has more insight to serial & extlinux magic:
What I'd love to have is something similar to the way AIX or Oracle VM had it:
At bootloader time, issue a "press a key to activate this console" on vga and serial.
Whatever is then used, gets the menu, and will then be the kernel console.

[[User:Darkfader|Darkfader]] ([[User talk:Darkfader|talk]]) 13:12, 24 November 2012 (UTC)

we also need to extend it to reflect xen console stuff, so one sees the xen boot and also gets dom0 on the right tty.
I'll add it if I manage to configure it ;))
[[User:Darkfader|Darkfader]] ([[User talk:Darkfader|talk]]) 13:50, 24 November 2012 (UTC)

This all still works as of 2022 with Alpine 3.16. In fact, the current generation of "virt" ISOs from the download page ship with the serial configuration enabled by default, so you can just boot them and log in over serial and everything works.
[[User:Yjftsjthsd-a|Yjftsjthsd-a]] ([[User talk:Yjftsjthsd-a|talk]]) 02:56, 30 July 2022 (UTC)

Talk:Enable Serial Console on Boot

2022-07-30T02:56:17Z

Yjftsjthsd-a: note that this is still live in 2022

Is this information obsolete? The last susbtantive edit was in 20 October 2010 and the page says it applies to Alpine 1.10.x. I'm not sure what a "serial console" is---different from a normal tty? In practice when are they used?
-- [[User:Dubiousjim|Dubiousjim]] 10:01, 25 March 2012 (UTC)

This still works fine with Alpine 2.3.6. It's used in practice if a KVM is not available for a given server/router running Alpine. In that case, connecting a set of Alpine boxes and other devices (such as switches or routers) to a serial console server can be a practical way to maintain console access.
[[User:Jbilyk|Jbilyk]] 22:45, 13 April 2012 (EST)

If someone has more insight to serial & extlinux magic:
What I'd love to have is something similar to the way AIX or Oracle VM had it:
At bootloader time, issue a "press a key to activate this console" on vga and serial.
Whatever is then used, gets the menu, and will then be the kernel console.

[[User:Darkfader|Darkfader]] ([[User talk:Darkfader|talk]]) 13:12, 24 November 2012 (UTC)

we also need to extend it to reflect xen console stuff, so one sees the xen boot and also gets dom0 on the right tty.
I'll add it if I manage to configure it ;))
[[User:Darkfader|Darkfader]] ([[User talk:Darkfader|talk]]) 13:50, 24 November 2012 (UTC)

This all still works as of 2022. In fact, the current generation of "virt" ISOs from the download page ship with the serial configuration enabled by default, so you can just boot them and log in over serial and everything works.
[[User:Yjftsjthsd-a|Yjftsjthsd-a]] ([[User talk:Yjftsjthsd-a|talk]]) 02:56, 30 July 2022 (UTC)

Enable Serial Console on Boot

2022-07-30T02:53:46Z

Yjftsjthsd-a: document using serial console with qemu

==Syslinux / Extlinux==
=== How to Enable the Serial Console on Boot (1.10.x)===

When using syslinux to boot, you'll need to modify the syslinux.cfg file in the root directory of the boot device. If using a disk-based Alpine, modify the /boot/extlinux.cfg file.

Add the following:
* <tt>serial 0 9600</tt>
* add <tt>console=ttyS0,9600</tt> to the <tt>append</tt> parameter
* optionally, remove <tt>quiet</tt> from the <tt>append </tt> parameter

==== Example syslinux.cfg ====

<pre>
serial 0 9600
timeout 20
prompt 1
default grsec
label grsec
kernel /boot/grsec
append initrd=/boot/grsec.gz alpine_dev=sda1:vfat modules=sd-mod,usb-storage console=ttyS0,9600
</pre>

=== extlinux.conf (3.0+)===

The /etc/update-extlinux.conf is read by the update-extlinux utility.

To do so, change the default entry:
<pre>default_kernel_opts="quiet"</pre>
to read like this:
<pre>default_kernel_opts="console=ttyS0,9600 quiet"</pre>

Set the serial port and baud rate to match the default_kernel_opts line above:
<pre>serial_port=0
serial_baud=9600</pre>

==== Xen ====

Notice, if you want to use this for a Xen VM,
you need to configure the speed at '''115200''' bps and enable the
<pre>serial="pty"</pre>
setting in the VM config file.

----

Xen can be configured to use and log to a serial console by editing /etc/update-extlinux.conf to include the following lines:
<pre>
default_kernel_opts="console=hvc0 earlyprintk=xen nomodeset"
xen_opts="dom0_mem=256M com1=115200,8n1 console=com1"
</pre>

See the [http://wiki.xen.org/wiki/Xen_Serial_Console Xen wiki] for more details.

==== qemu ====

Like Xen, qemu should run at speed 115200.

Conveniently, the alpine "virt" image (but not the "standard" image) comes with this all configured on the default ISO.

Sample command to run qemu on alpine-virt with a serial console:
<pre>
qemu-system-x86_64 -accel kvm -cdrom alpine-virt-3.16.0-x86_64.iso -display none -chardev stdio,id=char0,logfile=serial.log,signal=off -serial chardev:char0
</pre>
Note that this example command uses the logfile option to log the output of the serial console; you can remove this if you don't need it.

==== Example /boot/extlinux.conf ====

This is a complete file, written by the update-extlinux command.

<pre>
DEFAULT menu.c32
PROMPT 0
MENU TITLE Alpine/Linux Boot Menu
MENU AUTOBOOT Alpine will be booted automatically in # seconds.
SERIAL 0 9600
TIMEOUT 100
LABEL grsec
MENU DEFAULT
MENU LABEL Linux 3.10.33-0-grsec
LINUX vmlinuz-3.10.33-0-grsec
INITRD initramfs-3.10.33-0-grsec
APPEND root=UUID=re-mov-ed-uu-id modules=sd-mod,usb-storage,ext4 console=ttyS0,9600

MENU SEPARATOR
</pre>

Please: adjust the tty speed to 115200 if needed (Xen/qemu!!).

The timeout is given in deciseconds, so this would be a 10 second timeout.[https://wiki.syslinux.org/wiki/index.php?title=Config#TIMEOUT] A timeout of 0 does not boot without delay, but rather waits indefinitely for the user.

If the file is read by pygrub, the same value is interpreted as seconds, resulting in a 100s bootup delay per VM.

==Grub==
If you're using Grub as your bootloader, follow this section.
Edit <tt>/etc/default/grub</tt> and add the following lines (assuming you're using the first serial port at 115200 baud rate):

<pre>
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --unit=0 --word=8 --parity=no --speed 115200 --stop=1"
</pre>

Also add <tt>console=ttyS0,115200n8d</tt> to the <tt>GRUB_CMDLINE_LINUX_DEFAULT</tt> variable

Your <tt>/etc/default/grub</tt> should now look something like this:

<pre>
GRUB_TIMEOUT=2
GRUB_DISABLE_SUBMENU=y
GRUB_DISABLE_RECOVERY=true
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,115200n8d modules=sd-mod,usb-storage,xfs quiet rootfstype=xfs"
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --unit=0 --word=8 --parity=no --speed 115200 --stop=1"
</pre>

Now, regenerate your grub.cfg with the following command:
<pre>
grub-mkconfig -o /boot/grub/grub.cfg
</pre>

Follow the final 2 steps below: <tt>Enabling a login console</tt> and <tt>Add your serial console to the trusted local terminal list</tt>

== Enabling a login console ==

This is done in /etc/inittab. There is commented entry for ttyS0. Just enable it.
<pre>
# Put a getty on the serial port
ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100
</pre>

To start the getty, restart init:
<pre>
kill -HUP 1
</pre>

== Enabling two consoles during boot ==

It's possible to output to both the serial and vga console during the system boot.

<PRE>
append "quiet console=ttyS0,9600 console=tty0"
</PRE>

Not known how to do the same thing in the extlinux menu.
You might find a starting point in this thread: http://patchwork.openembedded.org/patch/45175/

== Add your serial console to the trusted local terminal list ==
If you face the problem that the login prompt always refuses your password when you use serial console, you missed this entry.

Add this to the <tt>/etc/securetty</tt> file:
<PRE>
ttyS0
</PRE>

[[Category:Booting]]
[[Category:Installation]]

Ansible

2020-01-26T02:05:06Z

Yjftsjthsd-a: /* First test */

[http://ansible.com/ ansible] is a simple configuration management, deployment, task-execution, and multinode orchestration framework. It uses SSH for the communication between the involved systems, no server or client daemons are needed, and no additional software beside Python on client boxes is required.

= Installation of ansible =
ansible is available in ''main''.

{{Cmd|apk add ansible}}

== Create a SSH key ==
Generate a SSH key for the managed node. It's recommended to use a key which is protected with a password.

{{Cmd|ssh-keygen -t ed25519}}

= Managed nodes =
There are only minimal requirements for the clients. For every system you want to manage, you need to have the client's SSH key in the <code>authorized_keys</code> file of the management system and Python.

Install the Python package.

{{Cmd|apk add python3}}

== Transfer the SSH key ==
There are two ways to do it. From a default Alpine installation you can use ssh and cat to do it.

{{Cmd|<nowiki>ssh root@[IP of the management system] 'cat ~/.ssh/id_ed25519.pub' | cat - >> ~/.ssh/authorized_keys</nowiki>}}

If you are planning to use additional features of SSH. <code>ssh-copy-id</code>, which is provided by the <code>openssh-client</code> package, can help you with the key setup.

{{Cmd|ssh-copy-id -i ~/.ssh/id_ed25519.pub root@[IP of the management system]}}

= Setup hosts =
Add all your remote systems to <code>/etc/ansible/hosts</code>. For details, please refer to [https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#hosts-and-groups Hosts and Groups] in the ansible documentation.

{{Cat|/etc/ansible/hosts|
192.168.1.50
10.0.0.12
webserver.example.org
mail.example.org}}

= First test =

{{Cmd|$ ansible all -m ping -u you}}

Another test is check all variables.

{{Cmd|# ansible [IP of your Alpine Linux box] -m setup}}

= Playbooks =
When writing playbooks for Alpine Linux there are modules to keep in mind:

<ol>
<li>There is support for OpenRC, the [[Alpine_Linux_Init_System|Init System]], in the service module.
<pre>
- service:
name: lighttpd
enabled: yes
state: started
</pre>
<li>There is support for [[Alpine_Linux_package_management|APK]] as of Ansible 2.0.
<pre>
- apk:
name: lighttpd
state: present
update_cache: yes
</pre>
<li>There is support for the [[Alpine_Wall|Awall]] firewall as of Ansible 2.4.
<pre>
- awall:
name: policyfile
state: enabled
activate: yes
</pre>
<li>If you are going to re-use playbooks from other Linux distribution, please keep in mind that Alpine Linux uses different paths for the binaries. <code>/bin/rm</code>
</ol>

The [http://git.alpinelinux.org/cgit/fab/alpine-ansible/ alpine-ansible git repository] contain some example playbooks.

=See Also=
*[[Ansible APK Module]]

[[Category:Installation]]

Ansible

2020-01-26T02:04:04Z

Yjftsjthsd-a: /* Managed nodes */

[http://ansible.com/ ansible] is a simple configuration management, deployment, task-execution, and multinode orchestration framework. It uses SSH for the communication between the involved systems, no server or client daemons are needed, and no additional software beside Python on client boxes is required.

= Installation of ansible =
ansible is available in ''main''.

{{Cmd|apk add ansible}}

== Create a SSH key ==
Generate a SSH key for the managed node. It's recommended to use a key which is protected with a password.

{{Cmd|ssh-keygen -t ed25519}}

= Managed nodes =
There are only minimal requirements for the clients. For every system you want to manage, you need to have the client's SSH key in the <code>authorized_keys</code> file of the management system and Python.

Install the Python package.

{{Cmd|apk add python3}}

== Transfer the SSH key ==
There are two ways to do it. From a default Alpine installation you can use ssh and cat to do it.

{{Cmd|<nowiki>ssh root@[IP of the management system] 'cat ~/.ssh/id_ed25519.pub' | cat - >> ~/.ssh/authorized_keys</nowiki>}}

If you are planning to use additional features of SSH. <code>ssh-copy-id</code>, which is provided by the <code>openssh-client</code> package, can help you with the key setup.

{{Cmd|ssh-copy-id -i ~/.ssh/id_ed25519.pub root@[IP of the management system]}}

= Setup hosts =
Add all your remote systems to <code>/etc/ansible/hosts</code>. For details, please refer to [https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#hosts-and-groups Hosts and Groups] in the ansible documentation.

{{Cat|/etc/ansible/hosts|
192.168.1.50
10.0.0.12
webserver.example.org
mail.example.org}}

= First test =

{{Cmd|$ ansible all -m ping -u you --sudo}}

Another test is check all variables.

{{Cmd|# ansible [IP of your Alpine Linux box] -m setup}}

= Playbooks =
When writing playbooks for Alpine Linux there are modules to keep in mind:

<ol>
<li>There is support for OpenRC, the [[Alpine_Linux_Init_System|Init System]], in the service module.
<pre>
- service:
name: lighttpd
enabled: yes
state: started
</pre>
<li>There is support for [[Alpine_Linux_package_management|APK]] as of Ansible 2.0.
<pre>
- apk:
name: lighttpd
state: present
update_cache: yes
</pre>
<li>There is support for the [[Alpine_Wall|Awall]] firewall as of Ansible 2.4.
<pre>
- awall:
name: policyfile
state: enabled
activate: yes
</pre>
<li>If you are going to re-use playbooks from other Linux distribution, please keep in mind that Alpine Linux uses different paths for the binaries. <code>/bin/rm</code>
</ol>

The [http://git.alpinelinux.org/cgit/fab/alpine-ansible/ alpine-ansible git repository] contain some example playbooks.

=See Also=
*[[Ansible APK Module]]

[[Category:Installation]]

Ansible

2020-01-26T02:02:30Z

Yjftsjthsd-a: /* Installation of ansible */

[http://ansible.com/ ansible] is a simple configuration management, deployment, task-execution, and multinode orchestration framework. It uses SSH for the communication between the involved systems, no server or client daemons are needed, and no additional software beside Python on client boxes is required.

= Installation of ansible =
ansible is available in ''main''.

{{Cmd|apk add ansible}}

== Create a SSH key ==
Generate a SSH key for the managed node. It's recommended to use a key which is protected with a password.

{{Cmd|ssh-keygen -t ed25519}}

= Managed nodes =
There are only minimal requirements for the clients. For every system you want to manage, you need to have the client's SSH key in the <code>authorized_keys</code> file of the management system and Python.

Install the Python package.

{{Cmd|apk add python}}

== Transfer the SSH key ==
There are two ways to do it. From a default Alpine installation you can use ssh and cat to do it.

{{Cmd|<nowiki>ssh root@[IP of the management system] 'cat ~/.ssh/id_rsa.pub' | cat - >> ~/.ssh/authorized_keys</nowiki>}}

If you are planning to use additional features of SSH. <code>ssh-copy-id</code>, which is provided by the <code>openssh-client</code> package, can help you with the key setup.

{{Cmd|ssh-copy-id -i ~/.ssh/id_rsa.pub root@[IP of the management system]}}

= Setup hosts =
Add all your remote systems to <code>/etc/ansible/hosts</code>. For details, please refer to [https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#hosts-and-groups Hosts and Groups] in the ansible documentation.

{{Cat|/etc/ansible/hosts|
192.168.1.50
10.0.0.12
webserver.example.org
mail.example.org}}

= First test =

{{Cmd|$ ansible all -m ping -u you --sudo}}

Another test is check all variables.

{{Cmd|# ansible [IP of your Alpine Linux box] -m setup}}

= Playbooks =
When writing playbooks for Alpine Linux there are modules to keep in mind:

<ol>
<li>There is support for OpenRC, the [[Alpine_Linux_Init_System|Init System]], in the service module.
<pre>
- service:
name: lighttpd
enabled: yes
state: started
</pre>
<li>There is support for [[Alpine_Linux_package_management|APK]] as of Ansible 2.0.
<pre>
- apk:
name: lighttpd
state: present
update_cache: yes
</pre>
<li>There is support for the [[Alpine_Wall|Awall]] firewall as of Ansible 2.4.
<pre>
- awall:
name: policyfile
state: enabled
activate: yes
</pre>
<li>If you are going to re-use playbooks from other Linux distribution, please keep in mind that Alpine Linux uses different paths for the binaries. <code>/bin/rm</code>
</ol>

The [http://git.alpinelinux.org/cgit/fab/alpine-ansible/ alpine-ansible git repository] contain some example playbooks.

=See Also=
*[[Ansible APK Module]]

[[Category:Installation]]