Finally, the Azure Environment has released a critical feature missing since inception—the Serial Console. I frequently use this feature with physical and virtual servers alike. So, what exactly is it? Think of the Serial Console as a KVM (keyboard, video, mouse) connection to your VMs in Azure that lets you connect to the console of the VM as if you were in Microsoft’s datacenter, but without the giant air conditioner fans running in the background.
Previously, if your system was hung or unresponsive, you either restarted the VM or contacted Microsoft Support for help. Unfortunately, neither of these actions diagnosed system issues. Yeah, you could look through the logs, but that was cumbersome. But now you can watch the VM boot into the OS and identify apparent problems in your system.
Linux users can determine if any services are failing during the boot process, and can diagnose the issue without calling Microsoft or searching through logs. But the Serial Console is especially excellent for Windows (yes, I am a Windows person), as you can now boot into safe mode, see which services are failing, and evaluate what’s going on with your VM to fix the problems.
So, what are the most common reasons to use the Serial Console in Azure?
- You changed network settings and can’t connect to the system via RDP (remote desktop) or SSH.
- As mentioned above, you want to boot in Windows safe mode and watch for errors.
- You changed a firewall and need to change network settings so the VMs can reconnect.
Many other situations would require this type of access. For example, perhaps a code update is crashing the system. With a physical server, you’d merely plug a monitor in to see what’s going on. Or let’s say a user powered-off the systems because he got confused by a restart request, but now the server is actually powered off. I could go on forever. The good news is that, moving forward, all new VMs built will include this feature. This means if you are deploying a server today, you’re covered. However, if you have an old server and still want this functionality you will need to do a little work. But don’t worry, nothing’s too hard.
So, what do you need to enable this blessed magic on your VMs in Azure? This could be its own blog post, so please find the info on using boot diagnostics to troubleshoot Linux VM’s in Azure here. First, you need to have BOOT DIAGNOSTICS enabled. Second, the account using the Serial Console must have CONTRIBUTOR role privileges for the VM and the BOOT DIAGNOSTIC storage account. Linux VMs also require additional settings for each distro. The following Microsoft Docs info will help with Linux distros:
Access for RedHat
RedHat Images available on Azure have console access enabled by default. Single user mode in Red Hat requires root user to be enabled, which is disabled by default. If you have a need to enable single user mode, use the following instructions:
Log in to the Red Hat system via SSH
Enable password for root user
passwd root (set a strong root password)
Ensure root user can only log in via ttyS0
edit /etc/ssh/sshd_config and ensure PermitRootLog in is set to no
edit /etc/securetty file to only allow log in via ttyS0
Now if the system boots into single user mode you can log in via root password.
Alternatively, for RHEL 7.4+ or 6.9+ you can enable single user mode in the GRUB prompts, see instructions here
Access for Ubuntu
Ubuntu images available on Azure have console access enabled by default. If the system boots into Single User Mode, you can access without additional credentials.
Access for CoreOS
CoreOS images available on Azure have console access enabled by default. If necessary system can be booted into Single User Mode via changing GRUB parameters and adding coreos.autologin=ttyS0 would enable core user to log in and available in serial console.
Access for SUSE
SLES images available on Azure have console access enabled by default. If you are using older versions of SLES on Azure, follow the KB article to enable serial console. Newer Images of SLES 12 SP3+ also allows access via the serial console in case the system boots into emergency mode.
Access for CentOS
CentOS images available on Azure have console access enabled by default. For Single User Mode, follow instructions similar to Red Hat Images above.
Access for Oracle Linux
Oracle Linux images available on Azure have console access enabled by default. For Single User Mode, follow instructions similar to Red Hat Images above.
Access for custom Linux image
To enable serial console for your custom Linux VM image, enable console access in /etc/inittab to run a terminal on ttyS0. Below is an example to add this in the inittab file
S0:12345:respawn:/sbin/agetty -L 115200 console vt102
Serial Console access personally saved my hide many times while working with physical servers. Presently, Serial Console is still in Preview, and no release date has been announced, but I’m confident it will be a favorite feature once it becomes available.
I hope you found this post helpful. Microsoft Azure is a diverse and wide-ranging technology and our blog has covered many related topics. Please check out some additional Azure posts and podcasts from Anexinet here. Or for a personal answer to any of your burning Azure questions, please don’t hesitate to contact us. We’d love to help you out.