From d382cefa0f34afc5341b1a99bdc8065276c4cb03 Mon Sep 17 00:00:00 2001
From: Malte Poll <1780588+malt3@users.noreply.github.com>
Date: Mon, 4 Mar 2024 17:02:58 +0100
Subject: [PATCH] dev-docs: document method for obtaining serial console on
 CoCo AKS

---
 dev-docs/aks/serial-console.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 dev-docs/aks/serial-console.md

diff --git a/dev-docs/aks/serial-console.md b/dev-docs/aks/serial-console.md
new file mode 100644
index 0000000000..6afb6b0ddb
--- /dev/null
+++ b/dev-docs/aks/serial-console.md
@@ -0,0 +1,33 @@
+# Obtain a serial console inside the podvm
+
+Get a shell on the AKS node. If in doubt, use [nsenter-node.sh](https://github.com/alexei-led/nsenter/blob/master/nsenter-node.sh).
+Now run the following commands to use a debug igvm and enable debugging for the kata runtime.
+
+```sh
+sed -i -e 's#^igvm = "\(.*\)"#igvm = "/opt/confidential-containers/share/kata-containers/kata-containers-igvm-debug.img"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-clh-snp.toml
+sed -i -e 's/^#enable_debug = true/enable_debug = true/g' /opt/confidential-containers/share/defaults/kata-containers/configuration-clh-snp.toml
+systemctl restart containerd
+```
+
+Now you need to reconnect to the host. Use the following commands to print the sandbox ids of kata VMs:
+
+```shell-session
+$ ctr --namespace k8s.io container ls
+$ find / -name clh.sock
+$ sandbox_id=ENTER_SANDBOX_ID_HERE
+```
+
+And attach to the serial console using socat. You need to type `CONNECT 1026<ENTER>` to get a shell.
+
+```shell-session
+$ cd /var/run/vc/vm/${sandbox_id}/ && socat stdin unix-connect:clh.sock
+CONNECT 1026
+```
+
+If you are done, use the following commands to go back to a release igvm.
+
+```sh
+sed -i -e 's#^igvm = "\(.*\)"#igvm = "/opt/confidential-containers/share/kata-containers/kata-containers-igvm.img"#g' /opt/confidential-containers/share/defaults/kata-containers/configuration-clh-snp.toml
+sed -i -e 's/^enable_debug = true/#enable_debug = true/g' /opt/confidential-containers/share/defaults/kata-containers/configuration-clh-snp.toml
+systemctl restart containerd
+```