Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Best KVM for a headless server [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
halcon
l33t
l33t


Joined: 15 Dec 2019
Posts: 629

PostPosted: Wed Nov 17, 2021 5:28 pm    Post subject: Best KVM for a headless server [SOLVED] Reply with quote

Hi!

What is the best KVM device for a remote server, which would let manage a server, for example, when ssh is screwed up?

Under "best" I mean "can be used without problems in my minimal Gentoo system without any DE" :)

For example, KVMs from Lantronix, as I see, do not match my criteria, because these devices are using a proprietary (and obsolete?) technology "Oracle Java Web Start"?

EDIT

I read that KVMs from some server vendors have different names:

Intel - ATM
Supermicro - IPMI
DELL - iDRAC
Fujitsu - iRMC
Lenovo - TSM
Hewlett Packard - iLO
_________________
A wife asks her husband, a programmer:
- Could you please go shopping for me and buy one carton of milk, and if they have eggs, get 6?
He comes back with 6 cartons of milk.
- Why did you buy 6 cartons of milk?
- They had eggs.


Last edited by halcon on Tue Nov 23, 2021 9:18 pm; edited 1 time in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54097
Location: 56N 3W

PostPosted: Wed Nov 17, 2021 6:45 pm    Post subject: Reply with quote

halcon,

WIth a remote server, don't screw up ssh. :)

I'm not sure I fully understand the question.
Do you want to rent a KVM instance that has some out of band management interface for when ssh fails you or do you want to rent a whole server which you will divide into KVMs, then you want an out of band management interface to the whole server?

I do the latter with a Hetzner second user system. Hetzner allow you to boot your install in QEMU and provide the console from the boot loader onwards, that can be read in a web browser.

IPMI works. On my Mudan server I get console over LAN and can fiddle with the BIOS settings too. That's with [code]sys-libs/freeipmi[/codeinstalled on the controller end.
HP iLO is the same idea. I have the remote control card for my HP Gen 7 microserver, I can connect with CoL bet it never puts any data there. Its about on/off control only.

IPMI requires its own IP address and there are not enough to go round, so its an extra cost.
Its a fairly standard interface but the implemented features vary enormously.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
pingtoo
l33t
l33t


Joined: 10 Sep 2021
Posts: 887
Location: Richmond Hill, Canada

PostPosted: Wed Nov 17, 2021 7:01 pm    Post subject: Reply with quote

May be a Raspberry Pi :D see PiKVM
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20053

PostPosted: Wed Nov 17, 2021 7:02 pm    Post subject: Reply with quote

NeddySeagoon wrote:
I'm not sure I fully understand the question.
Keyboard Video Mouse Switch (not Kernel Virtual Machine). Essentially your Mudan / IPMI / HP ILO except the "KVM" is a physical device (switch) that connects one console to many servers.

I've not found a good solution that wasn't expensive, and so far I've not found any "ILO" cards that could be used in a consumer PC.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
halcon
l33t
l33t


Joined: 15 Dec 2019
Posts: 629

PostPosted: Wed Nov 17, 2021 7:40 pm    Post subject: Reply with quote

Thanks for your replies,
NeddySeagoon, pingtoo, pjp!

I think I have to clarify the details of what exactly I need...

pjp wrote:
Keyboard Video Mouse Switch (not Kernel Virtual Machine)

Yes, I meant physical hardware devices called KVM Switches.

I am choosing a dedicated server instead of a VPS. One of the main features of a dedicated server - that KVM Switch. I just found that I can't use the KVM from Lantronix because it requires "Oracle Java Web Start".

NeddySeagoon wrote:
WIth a remote server, don't screw up ssh. :)

Yes, but what to do if e.g. I am installing Gentoo over Ubuntu, and suddenly dropped my cup of coffee over my keyboard... ;))

NeddySeagoon wrote:
IPMI works. On my Mudan server I get console over LAN and can fiddle with the BIOS settings too. That's with [code]sys-libs/freeipmi[/codeinstalled on the controller end.
HP iLO is the same idea. I have the remote control card for my HP Gen 7 microserver, I can connect with CoL bet it never puts any data there. Its about on/off control only.

So, IPMI client should work "out of the box" in Gentoo? It's a good news!
_________________
A wife asks her husband, a programmer:
- Could you please go shopping for me and buy one carton of milk, and if they have eggs, get 6?
He comes back with 6 cartons of milk.
- Why did you buy 6 cartons of milk?
- They had eggs.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20053

PostPosted: Wed Nov 17, 2021 8:45 pm    Post subject: Reply with quote

halcon wrote:
So, IPMI client should work "out of the box" in Gentoo? It's a good news!
Be aware that in general, IPMI is or might only be part of the equation. The hardware ILO (or its software) may or may not work completely with the client. That is, you may not have all of the capabilities via IPMI from the host OS as you would if you connected directly to the ILO hardware (network or direct console). I suspect that may partially be related to the age of hardware, but I never tried to quantify the different results. For the record, I believe that is only using HP and Oracle hardware.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54097
Location: 56N 3W

PostPosted: Wed Nov 17, 2021 8:47 pm    Post subject: Reply with quote

halcon,

My Hetzner server has a remote control to reboot to rescue mode.
The rescue mode is like a liveCD, you can ssh into the rescue mode, mount your gentoo install and fix it.

The remote control is a web interface but that's only needed to push the rescue mode reboot button.
I've never tried that from a text browser.

Once the box is up for real, with ssh, I use app-emulation/libvirt over ssh to manage guests, so its like a two stage get you going thing.
Fixing the initrd, to get it to boot at all, was exciting with no console. I eventually did that in a KVM locally, so it worked, then put it back on the server.
However, my initrds are user space tools only, no kernel modules, so they end up like firmware.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
halcon
l33t
l33t


Joined: 15 Dec 2019
Posts: 629

PostPosted: Wed Nov 17, 2021 9:08 pm    Post subject: Reply with quote

pjp wrote:
Be aware that in general, IPMI is or might only be part of the equation. The hardware ILO (or its software) may or may not work completely with the client. That is, you may not have all of the capabilities via IPMI from the host OS as you would if you connected directly to the ILO hardware (network or direct console). I suspect that may partially be related to the age of hardware, but I never tried to quantify the different results. For the record, I believe that is only using HP and Oracle hardware.

Interesting... I guess, things like these are very complex, which I usually avoid...

NeddySeagoon wrote:
My Hetzner server has a remote control to reboot to rescue mode.
The rescue mode is like a liveCD, you can ssh into the rescue mode, mount your gentoo install and fix it.

Oh, it is very useful. Just all I would need. Worth to look at it.
_________________
A wife asks her husband, a programmer:
- Could you please go shopping for me and buy one carton of milk, and if they have eggs, get 6?
He comes back with 6 cartons of milk.
- Why did you buy 6 cartons of milk?
- They had eggs.
Back to top
View user's profile Send private message
pingtoo
l33t
l33t


Joined: 10 Sep 2021
Posts: 887
Location: Richmond Hill, Canada

PostPosted: Wed Nov 17, 2021 11:09 pm    Post subject: Reply with quote

halcon,

I think your usage scenario are,
  1. Damn I messed up sshd setting, no longer able connect over ssh, but I am sure can login via console,
  2. ping the remote machine is not working, but I still have network to other machine on same net,
  3. as above, but the remote machine just sit beside me,
  4. the remote just die, the remote machine is far away and I need it reboot
For a, your KVM need to have USB/Bluetooth/Rf and VGA/html into your remote at same time you can net connect to the KVM.
For b. same as a.
For c. it could be just as easy to connect screen and keyboard to the remote.
For d, your KVM need have control to your dead machine's power in order to reboot.

So there are complexity in select KVM to support different usages.
Back to top
View user's profile Send private message
halcon
l33t
l33t


Joined: 15 Dec 2019
Posts: 629

PostPosted: Thu Nov 18, 2021 12:04 am    Post subject: Reply with quote

Hi pingtoo,

Thanks for your analysis. As far as I understand, it may be especially useful for locating an own server somewhere?

My usage scenario is choosing between hosters offerings (not colocation, not my own server). A button to reboot - all hosters have it even without KVM; "beside me" - correspondingly, false.

pingtoo wrote:
VGA/html

I guess, you mistyped hdmi here?

EDIT

Or didn't mistype :) ... Just found "html5 KVM" in the web...
_________________
A wife asks her husband, a programmer:
- Could you please go shopping for me and buy one carton of milk, and if they have eggs, get 6?
He comes back with 6 cartons of milk.
- Why did you buy 6 cartons of milk?
- They had eggs.


Last edited by halcon on Thu Nov 18, 2021 12:29 am; edited 1 time in total
Back to top
View user's profile Send private message
halcon
l33t
l33t


Joined: 15 Dec 2019
Posts: 629

PostPosted: Thu Nov 18, 2021 12:16 am    Post subject: Re: Best KVM for a headless server Reply with quote

halcon wrote:
a proprietary (and obsolete?) technology "Oracle Java Web Start"?
halcon wrote:
I just found that I can't use the KVM from Lantronix because it requires "Oracle Java Web Start".

In fairness, I should say that there is a newer, open-sourced version:

https://bugs.gentoo.org/673050#c5
https://github.com/karakun/OpenWebStart

Did anybody here use it? Reviews? Experience?
_________________
A wife asks her husband, a programmer:
- Could you please go shopping for me and buy one carton of milk, and if they have eggs, get 6?
He comes back with 6 cartons of milk.
- Why did you buy 6 cartons of milk?
- They had eggs.
Back to top
View user's profile Send private message
figueroa
Advocate
Advocate


Joined: 14 Aug 2005
Posts: 2913
Location: Edge of marsh USA

PostPosted: Thu Nov 18, 2021 3:44 am    Post subject: Reply with quote

Run two ssh servers. On a remote server I run OpenSSH on one port and DropBear on another. Only one is open to the outside, but I have multiple servers on Desktop machines at the destination location, therefore multiple paths to the server in question.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/17.1/desktop (stable), OpenRC, -systemd -pulseaudio -uefi
Back to top
View user's profile Send private message
halcon
l33t
l33t


Joined: 15 Dec 2019
Posts: 629

PostPosted: Thu Nov 18, 2021 12:34 pm    Post subject: Reply with quote

Hi figueroa,

An advanced setup!..

figueroa wrote:
I have multiple servers on Desktop machines at the destination location

Sorry... What do you mean under "destination location" here?

The last time when I successfully screwed up ssh, I just commented out a wrong line in the firewall script :) So, the ssh port was just closed in iptables for new connections. Please correct me if I am wrong: In this setup, connections establshed earlier could work for a while (as "conntrack established")? For how long?
_________________
A wife asks her husband, a programmer:
- Could you please go shopping for me and buy one carton of milk, and if they have eggs, get 6?
He comes back with 6 cartons of milk.
- Why did you buy 6 cartons of milk?
- They had eggs.
Back to top
View user's profile Send private message
pingtoo
l33t
l33t


Joined: 10 Sep 2021
Posts: 887
Location: Richmond Hill, Canada

PostPosted: Thu Nov 18, 2021 2:49 pm    Post subject: Reply with quote

halcon wrote:
Hi pingtoo,

Thanks for your analysis. As far as I understand, it may be especially useful for locating an own server somewhere?

My usage scenario is choosing between hosters offerings (not colocation, not my own server). A button to reboot - all hosters have it even without KVM; "beside me" - correspondingly, false.

pingtoo wrote:
VGA/html

I guess, you mistyped hdmi here?
Yes, I meant hdmi. Thanks for correction.
Back to top
View user's profile Send private message
figueroa
Advocate
Advocate


Joined: 14 Aug 2005
Posts: 2913
Location: Edge of marsh USA

PostPosted: Thu Nov 18, 2021 4:33 pm    Post subject: Reply with quote

halcon wrote:
...
figueroa wrote:
I have multiple servers on Desktop machines at the destination location

Sorry... What do you mean under "destination location" here?

The 10 machines, 1 server and 9 used as staff and student desktops, at the remote destination (the LOCATION; a school 600 miles to the north on real local-to-them hardware) are all on the same local net and each can be access via ssh via it's own local IP and SSH port. None of them have software updates installed automatically. The server runs Gentoo; the desktops are running MX-Linux.

I can access the server directly only through a single port forward to OpenSSH server. DropBear is also running on its own port on the server but that cannot be accessed directly from outside the LAN. Should I mess up, and find the sshd port not accessible on the server, I can ssh into any one of the desktop machines and access the DropBear ssh port on the server in order to fix its OpenSSH instance of sshd. It's just a back door. (Push comes to shove, a local helper can boot the server from a flash-drive with a live-usb running sshd, and I can get in that way, also by first accessing one of the desktop machines.)

Each machine is protected with Fail2Ban running with extremely stringent settings. Nothing runs on port 22. Still, we used to get a lot of probes, but after putting a couple of select alternate ports into non-use, we just don't get found anymore -- knock on wood.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/17.1/desktop (stable), OpenRC, -systemd -pulseaudio -uefi
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21490

PostPosted: Thu Nov 18, 2021 4:41 pm    Post subject: Reply with quote

halcon wrote:
The last time when I successfully screwed up ssh, I just commented out a wrong line in the firewall script :) So, the ssh port was just closed in iptables for new connections. Please correct me if I am wrong: In this setup, connections establshed earlier could work for a while (as "conntrack established")? For how long?
A conntrack established state will persist until a certain amount of time elapses with no activity on the connection. If you kept the ssh connection active by using it, you can keep it in the established state indefinitely.
Back to top
View user's profile Send private message
halcon
l33t
l33t


Joined: 15 Dec 2019
Posts: 629

PostPosted: Thu Nov 18, 2021 5:20 pm    Post subject: Reply with quote

@figueroa: Thanks for clarification! Very educational.

@Hu: Thanks. "indefinitely" is long...
_________________
A wife asks her husband, a programmer:
- Could you please go shopping for me and buy one carton of milk, and if they have eggs, get 6?
He comes back with 6 cartons of milk.
- Why did you buy 6 cartons of milk?
- They had eggs.
Back to top
View user's profile Send private message
halcon
l33t
l33t


Joined: 15 Dec 2019
Posts: 629

PostPosted: Tue Nov 23, 2021 9:17 pm    Post subject: Reply with quote

halcon wrote:
NeddySeagoon wrote:
My Hetzner server has a remote control to reboot to rescue mode.
The rescue mode is like a liveCD, you can ssh into the rescue mode, mount your gentoo install and fix it.

Oh, it is very useful. Just all I would need. Worth to look at it.

I looked. Indeed, the rescue mode is useful enough. I noticed a few small details* that were not very convenient, but in general I liked it!
* - Changes made to this system do not last for long as the system is periodically refreshed; ssh sessions hang periodically for the same reason; there is no iptables available - for the time of using the rescue mode it is necessary to configure the "external" firewall in the Hetzner web panel.

Also, I've found Lantronix KVM in the Hetzner web panel, but with HTML5 instead of Java Web Start (upgraded one), and successfully used it. It can be ordered pushing the button "Remote Console" in the bottom left corner of the "Support" block.

So, I can say: for my purposes, the Best KVM is one with HTML5.
Marking as solved. Thanks again to everybody who participated!
_________________
A wife asks her husband, a programmer:
- Could you please go shopping for me and buy one carton of milk, and if they have eggs, get 6?
He comes back with 6 cartons of milk.
- Why did you buy 6 cartons of milk?
- They had eggs.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum