wiki:GENIRacksHome/CiscoGENIRacks/AcceptanceTestStatus/CG-ADM-1

CG-ADM-1 Administrative Tests

This test validates administrative access for NCSU2 and NCSU Cisco racks. Cisco GENI Racks Administrator accounts can be obtained as described at the ExoGENI Rack Operators page where accounts creation and usage is documented.

Test Status

This section captures the status for each step in the acceptance test plan.

Test State Tickets/Comments
NCSU2 Administrative Access Color(green,Pass)? Verified disabled telnet access on both switches;No hostname aliases for rack switches
NCSU Administrative Access Color(green,Pass)? Verified disabled telnet access on both switches;No hostname aliases for rack switches


State Legend Description
Color(green,Pass)? Test completed and met all criteria
Color(#98FB98,Pass: most criteria)? Test completed and met most criteria. Exceptions documented
Color(red,Fail)? Test completed and failed to meet criteria.
Color(yellow,Complete)? Test completed but will require re-execution due to expected changes
Color(orange,Blocked)? Blocked by ticketed issue(s).
Color(#63B8FF,In Progress)? Currently under test.


NCSU2 Administrative Access

With requested account accessed rack head node and verified root access and group membership:

LNM:~$ ssh ncsu2-hn.exogeni.net
The authenticity of host 'ncsu2-hn.exogeni.net (152.48.13.190)' can't be established.
RSA key fingerprint is 73:17:05:21:29:42:71:05:52:e5:fd:16:a1:07:78:be.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ncsu2-hn.exogeni.net,152.48.13.190' (RSA) to the list of known hosts.
lnevers@ncsu2-hn.exogeni.net's password: 
Creating home directory for lnevers.
|-----------------------------------------------------------------|
|		 ____ ____ ____ ____ ____ ____ ____ 		  |
|		||E |||x |||o |||G |||E |||N |||I ||		  |
|		||__|||__|||__|||__|||__|||__|||__||		  |
|		|/__\|/__\|/__\|/__\|/__\|/__\|/__\|		  |
|                                                                 |
|-----------------------------------------------------------------|
[lnevers@ncsu2-hn ~]$ sudo whoami

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for lnevers: 
root
[lnevers@ncsu2-hn ~]$ id
uid=2107(lnevers) gid=2000(nonrenci) groups=2000(nonrenci),2502(ncsuadmins),2508(osfadmins),2509(ucdadmins),2510(sladmins),2512(ncsu2admins),2513(tamuadmins),9510(bbnadmins)
[lnevers@ncsu2-hn ~]$

From head node verified login and administrative access to each of the worker nodes that supply VMs.

[lnevers@ncsu2-hn ~]$ for i in 1 2 3 4 ; do sudo ssh root@ncsu2-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done
Executing on: ncsu2-w1
root
Linux ncsu2-w1 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu2-w2
root
Linux ncsu2-w2 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu2-w3
root
Linux ncsu2-w3 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu2-w4
root
Linux ncsu2-w4 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[lnevers@ncsu2-hn ~]$ 

For each worker node execute the following:

for i in X Y; do sudo ssh root@ncsu2-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done

Note: No Bare Metal Nodes

Connect to the management switch:

[lnevers@ncsu2-hn ~]$  ssh 192.168.107.2 -l admin
Password: 
Password: 

ncsu-3560>ena
Password: 
ncsu-3560#
ncsu-3560#show interface status 

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1     to SSG5            connected    1006       a-full  a-100 10/100/1000BaseTX
Gi0/2     To_N3K             connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi0/3     Fabric_Interconnec connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/4                        connected    1006       a-full  a-100 10/100/1000BaseTX
Gi0/5                        notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/6     Fabric Interconnec connected    1006       a-full  a-100 10/100/1000BaseTX
Gi0/7     to 4948 for Commod connected    1010       a-full a-1000 10/100/1000BaseTX
Gi0/8     to N3064           disabled     1006         auto   auto 10/100/1000BaseTX
Gi0/9     connection to FI(A disabled     1            auto   auto 10/100/1000BaseTX
Gi0/10    connection to FI(A disabled     1            auto   auto 10/100/1000BaseTX
Gi0/11                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/12    N3548 Mgmt0 (192.1 connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/13    to UCS-C-1         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/14    to UCS-C-2         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/15    to UCS-C-3         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/16    to UCS-C-4         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/17    to UCS-C-5         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/18    UCS-C HN Public IP connected    1010       a-full a-1000 10/100/1000BaseTX
Gi0/19                       notconnect   1006         auto   auto 10/100/1000BaseTX
Gi0/20                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/21                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/22                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/23                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/24                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/25                       notconnect   1            auto   auto Not Present
Gi0/26                       notconnect   1            auto   auto Not Present
Gi0/27                       notconnect   1            auto   auto Not Present
Gi0/28                       notconnect   1            auto   auto Not Present
ncsu-3560# show version
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:17 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02F00000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

ncsu-3560 uptime is 1 year, 3 weeks, 5 days, 2 hours, 49 minutes
System returned to ROM by power-on
System image file is "flash:c3560-ipservicesk9-mz.122-55.SE1"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560G-24PS (PowerPC405) processor (revision D0) with 131072K bytes of memory.
Processor board ID FOC1022Y0HY
Last reset from power-on
2 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:18:19:29:16:00
Motherboard assembly number     : 73-9707-04
Power supply part number        : 341-0108-03
Motherboard serial number       : FOC10221C8M
Power supply serial number      : DCA102019DZ
Model revision number           : D0
Motherboard revision number     : A0
Model number                    : WS-C3560G-24PS-S
System serial number            : FOC1022Y0HY
SFP Module assembly part number : 73-7757-03
SFP Module revision Number      : A0
SFP Module serial number        : CAT10171FZX
Top Assembly Part Number        : 800-25863-03
Top Assembly Revision Number    : A0
Version ID                      : V03
CLEI Code Number                : COM5H00ARA
Hardware Board Revision Number  : 0x05


Switch Ports Model              SW Version            SW Image                 
------ ----- -----              ----------            ----------               
*    1 28    WS-C3560G-24PS     12.2(55)SE1           C3560-IPSERVICESK9-M     


Configuration register is 0xF

ncsu-3560#show vlan summary
Number of existing VLANs               : 11
 Number of existing VTP VLANs          : 5
 Number of existing extended VLANS     : 6

ncsu-3560#show running-config 
Building configuration...

Current configuration : 5164 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ncsu-3560

<<<Many lines deleted>>>
line con 0
line vty 0 4
 password 7 14141B180F0B
 login local
 transport input ssh
line vty 5 15
 login local
 transport input ssh
!
end       

ncsu-3560#        

Connect to the OpenFlow switch:

[lnevers@ncsu2-hn ~]$ ssh 192.168.107.4 -l admin
Nexus 3500 Switch
Password: 
Bad terminal type: "xterm-256color". Will assume vt100.
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
GENI3548# 
GENI3548# show interface status

------------------------------------------------------------------------------------
Port          Name               Status    Vlan      Duplex  Speed   Type
------------------------------------------------------------------------------------
Eth1/1        to FI-A            connected trunk     full    10G     SFP-H10GB-CU3M 
Eth1/2        TO-FI-A-32-InterRa connected trunk     full    10G     SFP-H10GB-CU3M 
Eth1/3        to FI-B            connected trunk     full    10G     SFP-H10GB-CU3M 
Eth1/4        TO-FI-B-32-InterRa connected trunk     full    10G     SFP-H10GB-CU3M 
Eth1/5        --                 notconnec 1         full    10G     10Gbase-SR     
Eth1/6        FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/7        FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/8        FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/9        FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/10       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/11       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/12       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/13       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/14       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/15       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/16       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/17       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/18       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/19       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/20       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/21       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/22       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/23       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/24       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/25       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/26       --                 connected 1         full    10G     SFP-H10GB-CU1M 
Eth1/27       ncsu2-hn 1G eth fo disabled  trunk     full    1000    1000base-T     
Eth1/28       UCS-C mgmt 1007, 1 connected trunk     full    1000    1000base-T     
Eth1/29       UCS-C mgmt 1007, 1 connected trunk     full    1000    1000base-T     
Eth1/30       UCS-C mgmt 1007, 1 connected trunk     full    1000    1000base-T     
Eth1/31       UCS-C mgmt 1007, 1 connected trunk     full    1000    1000base-T     
Eth1/32       C-Series NCSU2-W1  connected trunk     full    10G     10Gbase-SR     
Eth1/33       C-Series NCSU2-W2  connected trunk     full    10G     10Gbase-SR     
Eth1/34       C-Series NCSU2-W3  connected trunk     full    10G     10Gbase-SR     
Eth1/35       C-Series NCSU2-W4  connected trunk     full    10G     10Gbase-SR     
Eth1/36       to UCS-C-1         connected trunk     full    10G     SFP-H10GB-CU5M 
Eth1/37       to UCS-C-1         connected trunk     full    10G     10Gbase-SR     
Eth1/38       to UCS-C-2 OF      connected trunk     full    10G     10Gbase-SR     
Eth1/39       to UCS-C-3 OF      connected trunk     full    10G     10Gbase-SR     
Eth1/40       to UCS-C-4 OF      connected trunk     full    10G     10Gbase-SR     
Eth1/41       to UCS-C-5 OF      connected trunk     full    10G     10Gbase-SR     
Eth1/42       --                 notconnec 1         full    1000    1000base-T     
Eth1/43       from e1/43-OF-Port connected trunk     full    10G     SFP-H10GB-CU1M 
Eth1/44       OF Port to forward connected trunk     full    10G     SFP-H10GB-CU1M 
Eth1/45       TO_3560            connected trunk     full    1000    1000base-T     
Eth1/46       to AL2S via RENCI  connected trunk     full    10G     10Gbase-LR     
Eth1/47       to Netapp          notconnec trunk     full    10G     10Gbase-SR     
Eth1/48       to Netapp          connected trunk     full    10G     10Gbase-SR     
Po1           LACP link to UCS-C noOperMem 1         Full    10G     --             
mgmt0         --                 connected routed    full    a-1000  --             
GENI3548# 
GENI3548# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
  BIOS:      version 1.9.0
  loader:    version N/A
  kickstart: version 6.0(2)A4(1) [build 6.0(2)A4(0.862)]
  system:    version 6.0(2)A4(1) [build 6.0(2)A4(0.862)]
  Power Sequencer Firmware: 
             Module 1: version v3.1
  BIOS compile time:       10/13/2012
  kickstart image file is: bootflash:///n3500-uk9-kickstart.6.0.2.A4.0.862.bin
  kickstart compile time:  8/14/2014 11:00:00 [08/14/2014 15:06:01]
  system image file is:    bootflash:///n3500-uk9.6.0.2.A4.0.862.bin
  system compile time:     8/14/2014 11:00:00 [08/14/2014 16:28:13]


Hardware
  cisco Nexus 3548 Chassis ("48x10GE Supervisor")
  Intel(R) Pentium(R) CPU  @ 1.50GHz
 with 3805876 kB of memory.
  Processor Board ID FOC18231ETM

  Device name: GENI3548
  bootflash:    2007040 kB

Kernel uptime is 14 day(s), 2 hour(s), 44 minute(s), 14 second(s)

Last reset at 217361 usecs after  Mon Nov 24 19:31:59 2014

  Reason: Power down due to temperature sensor policy trigger
  System version: 6.0(2)A4(1)
  Service: 

plugin
  Core Plugin, Ethernet Plugin
GENI3548#
GENI3548# show vlan summary

Number of existing VLANs           : 127
Number of existing user VLANs      : 112
Number of existing extended VLANs  : 15

GENI3548# 
GENI3548# show running-config 

!Command: show running-config
!Time: Tue Dec  9 10:38:34 2014

version 6.0(2)A4(1)
hostname GENI3548

<<<Many lines deleted>>>>

line console
line vty
boot kickstart bootflash:/n3500-uk9-kickstart.6.0.2.A4.0.862.bin 
boot system bootflash:/n3500-uk9.6.0.2.A4.0.862.bin 
openflow
  switch 1
    protocol-version 1.0
    default-miss cascade controller
    logging flow-mod
    rate-limit packet_in 1 burst 4
    pipeline 203
    controller ipv4 192.168.107.20 port 6633 vrf default security XXX
    of-port interface ethernet1/32
    of-port interface ethernet1/33
    of-port interface ethernet1/34
    of-port interface ethernet1/35
    of-port interface ethernet1/44
ip dhcp snooping vlan 1007
mac address-table guard-vpc-peergw-mac
virtual-service OF
  activate
GENI3548#       

Verify FOAM and FlowVisor configuration files ownership and paths:

[lnevers@ncsu2-hn ~]$ ls -l /etc/foam.passwd  /etc/flowvisor.passwd /etc/flowvisor/fvpasswd /opt/foam/etc/foampasswd
lrwxrwxrwx 1 root      flowvisor   21 Feb 10  2014 /etc/flowvisor/fvpasswd -> /etc/flowvisor.passwd
-r--r----- 1 flowvisor ncsu2admins 25 Feb  9  2014 /etc/flowvisor.passwd
-r--r----- 1 root      ncsu2admins 25 Feb  9  2014 /etc/foam.passwd
lrwxrwxrwx 1 root      root        16 Feb 10  2014 /opt/foam/etc/foampasswd -> /etc/foam.passwd
[lnevers@ncsu2-hn ~]$ 

Check FOAM version and FOAM configuration for site.admin.email, geni.site-tag, email.from settings on the NCSU2 head node:

[lnevers@ncsu2-hn ~]$ foamctl admin:get-version  --passwd-file=/etc/foam.passwd
{
 "version": "0.14.0"
}
[lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="site.admin.email"  --passwd-file=/opt/foam/etc/foampasswd
{
 "value": "foam-admin@gpolab.bbn.com"
}
[lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="geni.site-tag"  --passwd-file=/opt/foam/etc/foampasswd

{
 "value": "ncsu2-hn.exogeni.net"
}
[lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="email.from"  --passwd-file=/opt/foam/etc/foampasswd
{
 "value": null
}
[lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="geni.approval.approve-on-creation"  --passwd-file=/opt/foam/etc/foampasswd
{
 "value": 0
}
[lnevers@ncsu2-hn ~]$

Show FOAM slivers details:

[lnevers@ncsu2-hn ~]$ foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd 
{
 "slivers": [
  {
   "status": "pending", 
   "flowvisor_slice": "dd2e77e8-02d0-45b8-8053-32c65960a88c", 
   "slice_urn": "urn:publicid:IDN+ch.geni.net:ln-test+slice+IG-CT-4", 
   "pend_reason": [], 
   "deleted": "False", 
   "user": "urn:publicid:IDN+ch.geni.net+user+lnevers", 
   "creation": "2014-12-04 19:42:24.569232+00:00", 
   "enabled": false, 
   "uuid": "dd2e77e8-02d0-45b8-8053-32c65960a88c", 
   "id": 3, 
   "expiration": "2014-12-10 00:00:00+00:00", 
   "sliver_urn": "urn:publicid:IDN+ch.geni.net:ln-test+slice+IG-CT-4:dd2e77e8-02d0-45b8-8053-32c65960a88c", 
   "ref": null, 
   "email": "lnevers@bbn.com", 
   "desc": "IG-CT-4 over 3716 "
  }
 ]
}
[lnevers@ncsu2-hn ~]$ 

Check the FlowVisor version, list of devices, get details for a device, list of active slices, and details for one of the slices on the NCSU2 Head node:

[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd ping hello
Got reply:
PONG(fvadmin): FV version=flowvisor-0.8.1::hello
[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listDevices
Device 0: 00:01:18:e7:28:07:bf:c0
[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd getDeviceInfo 00:01:18:e7:28:07:bf:c0
nPorts=5
portList=32,35,44,33,34
dpid=00:01:18:e7:28:07:bf:c0
remote=/192.168.107.20:6633-->/192.168.107.4:13369
portNames=Eth1/32(32),Eth1/35(35),Eth1/44(44),Eth1/33(33),Eth1/34(34)
[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices
Slice 0: fvadmin
Slice 1: orca-141
Slice 2: orca-142
Slice 3: orca-140
Slice 4: orca-143
Slice 5: orca-136
Slice 6: orca-137
Slice 7: orca-138
Slice 8: orca-128
Slice 9: orca-139
Slice 10: orca-158
Slice 11: orca-129
Slice 12: orca-159
Slice 13: orca-154
Slice 14: orca-155
Slice 15: orca-130
Slice 16: orca-156
Slice 17: orca-131
Slice 18: orca-157
Slice 19: orca-132
Slice 20: orca-133
Slice 21: orca-134
Slice 22: orca-152
Slice 23: orca-135
Slice 24: orca-153
[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo orca-153
Got reply:
connection_1=00:01:18:e7:28:07:bf:c0-->/152.48.13.190:24503-->ncsu2-hn.exogeni.net/152.48.13.190:54423
contact_email=exogeni-ops@renci.org
controller_hostname=ncsu2-hn.exogeni.net
controller_port=54423
creator=fvadmin
[lnevers@ncsu2-hn ~]$

NCSU Administrative Access

With requested account accessed rack head node and verified root access and group membership:

LNM:~$ ssh ncsu-hn.exogeni.net
The authenticity of host 'ncsu-hn.exogeni.net (152.48.13.3)' can't be established.
RSA key fingerprint is e0:ad:3d:c7:33:02:84:66:1e:44:7d:30:4d:20:5b:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ncsu-hn.exogeni.net,152.48.13.3' (RSA) to the list of known hosts.
lnevers@ncsu-hn.exogeni.net's password: 
|-----------------------------------------------------------------|
|		 ____ ____ ____ ____ ____ ____ ____ 		  |
|		||E |||x |||o |||G |||E |||N |||I ||		  |
|		||__|||__|||__|||__|||__|||__|||__||		  |
|		|/__\|/__\|/__\|/__\|/__\|/__\|/__\|		  |
|                                                                 |
|-----------------------------------------------------------------|
[lnevers@ncsu-hn ~]$ sudo whoami

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for lnevers: 
root
[lnevers@ncsu-hn ~]$ id
uid=2107(lnevers) gid=2000(nonrenci) groups=2000(nonrenci),2502(ncsuadmins),2508(osfadmins),2509(ucdadmins),2510(sladmins),2512(ncsu2admins),2513(tamuadmins),9510(bbnadmins)
[lnevers@ncsu-hn ~]$

From head node verified login and administrative access to each of the worker nodes that supply VMs.

[lnevers@ncsu-hn ~]$ for i in {1..13}; do sudo ssh root@ncsu-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done
Executing on: ncsu-w1
root
Linux ncsu-w1 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w2
root
Linux ncsu-w2 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w3
root
Linux ncsu-w3 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w4
root
Linux ncsu-w4 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w5
root
Linux ncsu-w5 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w6
root
Linux ncsu-w6 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w7
root
Linux ncsu-w7 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w8
root
Linux ncsu-w8 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w9
root
Linux ncsu-w9 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w10
root
Linux ncsu-w10 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w11
root
Linux ncsu-w11 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w12
root
Linux ncsu-w12 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w13
root
Linux ncsu-w13 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[lnevers@ncsu-hn ~]$

For each Bare Metal node execute the following:

for i in 14 15; do sudo ssh root@ncsu-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done

Connect to the management switch:

[lnevers@ncsu-hn ~]$ ssh 192.168.107.2 -l admin
Password: 
Password: 

ncsu-3560>ena
Password: 
ncsu-3560#show interface status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1     to SSG5            connected    1006       a-full  a-100 10/100/1000BaseTX
Gi0/2     To_N3K             connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi0/3     Fabric_Interconnec connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/4                        connected    1006       a-full  a-100 10/100/1000BaseTX
Gi0/5                        notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/6     Fabric Interconnec connected    1006       a-full  a-100 10/100/1000BaseTX
Gi0/7     to 4948 for Commod connected    1010       a-full a-1000 10/100/1000BaseTX
Gi0/8     to N3064           disabled     1006         auto   auto 10/100/1000BaseTX
Gi0/9     connection to FI(A disabled     1            auto   auto 10/100/1000BaseTX
Gi0/10    connection to FI(A disabled     1            auto   auto 10/100/1000BaseTX
Gi0/11                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/12    N3548 Mgmt0 (192.1 connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/13    to UCS-C-1         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/14    to UCS-C-2         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/15    to UCS-C-3         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/16    to UCS-C-4         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/17    to UCS-C-5         connected    1006       a-full a-1000 10/100/1000BaseTX
Gi0/18    UCS-C HN Public IP connected    1010       a-full a-1000 10/100/1000BaseTX
Gi0/19                       notconnect   1006         auto   auto 10/100/1000BaseTX
Gi0/20                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/21                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/22                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/23                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/24                       notconnect   1            auto   auto 10/100/1000BaseTX
Gi0/25                       notconnect   1            auto   auto Not Present
Gi0/26                       notconnect   1            auto   auto Not Present
Gi0/27                       notconnect   1            auto   auto Not Present
Gi0/28                       notconnect   1            auto   auto Not Present
ncsu-3560# 
ncsu-3560#show version
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:17 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02F00000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

ncsu-3560 uptime is 1 year, 3 weeks, 5 days, 2 hours, 54 minutes
System returned to ROM by power-on
System image file is "flash:c3560-ipservicesk9-mz.122-55.SE1"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560G-24PS (PowerPC405) processor (revision D0) with 131072K bytes of memory.
Processor board ID FOC1022Y0HY
Last reset from power-on
2 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:18:19:29:16:00
Motherboard assembly number     : 73-9707-04
Power supply part number        : 341-0108-03
Motherboard serial number       : FOC10221C8M
Power supply serial number      : DCA102019DZ
Model revision number           : D0
Motherboard revision number     : A0
Model number                    : WS-C3560G-24PS-S
System serial number            : FOC1022Y0HY
SFP Module assembly part number : 73-7757-03
SFP Module revision Number      : A0
SFP Module serial number        : CAT10171FZX
Top Assembly Part Number        : 800-25863-03
Top Assembly Revision Number    : A0
Version ID                      : V03
CLEI Code Number                : COM5H00ARA
Hardware Board Revision Number  : 0x05


Switch Ports Model              SW Version            SW Image                 
------ ----- -----              ----------            ----------               
*    1 28    WS-C3560G-24PS     12.2(55)SE1           C3560-IPSERVICESK9-M     


Configuration register is 0xF

ncsu-3560# 
ncsu-3560#show vlan summary
Number of existing VLANs               : 11
 Number of existing VTP VLANs          : 5
 Number of existing extended VLANS     : 6

ncsu-3560#show run
ncsu-3560#show running-config 
Building configuration...

Current configuration : 5164 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ncsu-3560

<<<Many lines deleted>>>
line con 0
line vty 0 4
 password 7 14141B180F0B
 login local
 transport input ssh
line vty 5 15
 login local
 transport input ssh
!
end       

ncsu-3560#     

Connect to the OpenFlow switch:

[lnevers@ncsu-hn ~]$ ssh  192.168.107.4 -l admin
Nexus 3500 Switch
Password: 
Bad terminal type: "xterm-256color". Will assume vt100.
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
GENI3548# 
GENI3548# show interface status

------------------------------------------------------------------------------------
Port          Name               Status    Vlan      Duplex  Speed   Type
------------------------------------------------------------------------------------
Eth1/1        to FI-A            connected trunk     full    10G     SFP-H10GB-CU3M 
Eth1/2        TO-FI-A-32-InterRa connected trunk     full    10G     SFP-H10GB-CU3M 
Eth1/3        to FI-B            connected trunk     full    10G     SFP-H10GB-CU3M 
Eth1/4        TO-FI-B-32-InterRa connected trunk     full    10G     SFP-H10GB-CU3M 
Eth1/5        --                 notconnec 1         full    10G     10Gbase-SR     
Eth1/6        FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/7        FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/8        FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/9        FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/10       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/11       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/12       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/13       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/14       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/15       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/16       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/17       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/18       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/19       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/20       FI-A 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/21       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/22       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/23       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/24       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/25       FI-B 16-30 for Ope disabled  trunk     full    10G     SFP-H10GB-CU1M 
Eth1/26       --                 connected 1         full    10G     SFP-H10GB-CU1M 
Eth1/27       ncsu2-hn 1G eth fo disabled  trunk     full    1000    1000base-T     
Eth1/28       UCS-C mgmt 1007, 1 connected trunk     full    1000    1000base-T     
Eth1/29       UCS-C mgmt 1007, 1 connected trunk     full    1000    1000base-T     
Eth1/30       UCS-C mgmt 1007, 1 connected trunk     full    1000    1000base-T     
Eth1/31       UCS-C mgmt 1007, 1 connected trunk     full    1000    1000base-T     
Eth1/32       C-Series NCSU2-W1  connected trunk     full    10G     10Gbase-SR     
Eth1/33       C-Series NCSU2-W2  connected trunk     full    10G     10Gbase-SR     
Eth1/34       C-Series NCSU2-W3  connected trunk     full    10G     10Gbase-SR     
Eth1/35       C-Series NCSU2-W4  connected trunk     full    10G     10Gbase-SR     
Eth1/36       to UCS-C-1         connected trunk     full    10G     SFP-H10GB-CU5M 
Eth1/37       to UCS-C-1         connected trunk     full    10G     10Gbase-SR     
Eth1/38       to UCS-C-2 OF      connected trunk     full    10G     10Gbase-SR     
Eth1/39       to UCS-C-3 OF      connected trunk     full    10G     10Gbase-SR     
Eth1/40       to UCS-C-4 OF      connected trunk     full    10G     10Gbase-SR     
Eth1/41       to UCS-C-5 OF      connected trunk     full    10G     10Gbase-SR     
Eth1/42       --                 notconnec 1         full    1000    1000base-T     
Eth1/43       from e1/43-OF-Port connected trunk     full    10G     SFP-H10GB-CU1M 
Eth1/44       OF Port to forward connected trunk     full    10G     SFP-H10GB-CU1M 
Eth1/45       TO_3560            connected trunk     full    1000    1000base-T     
Eth1/46       to AL2S via RENCI  connected trunk     full    10G     10Gbase-LR     
Eth1/47       to Netapp          notconnec trunk     full    10G     10Gbase-SR     
Eth1/48       to Netapp          connected trunk     full    10G     10Gbase-SR     
Po1           LACP link to UCS-C noOperMem 1         Full    10G     --             
mgmt0         --                 connected routed    full    a-1000  --             
GENI3548# 
GENI3548# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
  BIOS:      version 1.9.0
  loader:    version N/A
  kickstart: version 6.0(2)A4(1) [build 6.0(2)A4(0.862)]
  system:    version 6.0(2)A4(1) [build 6.0(2)A4(0.862)]
  Power Sequencer Firmware: 
             Module 1: version v3.1
  BIOS compile time:       10/13/2012
  kickstart image file is: bootflash:///n3500-uk9-kickstart.6.0.2.A4.0.862.bin
  kickstart compile time:  8/14/2014 11:00:00 [08/14/2014 15:06:01]
  system image file is:    bootflash:///n3500-uk9.6.0.2.A4.0.862.bin
  system compile time:     8/14/2014 11:00:00 [08/14/2014 16:28:13]


Hardware
  cisco Nexus 3548 Chassis ("48x10GE Supervisor")
  Intel(R) Pentium(R) CPU  @ 1.50GHz
 with 3805876 kB of memory.
  Processor Board ID FOC18231ETM

  Device name: GENI3548
  bootflash:    2007040 kB

Kernel uptime is 14 day(s), 2 hour(s), 51 minute(s), 44 second(s)

Last reset at 217361 usecs after  Mon Nov 24 19:31:59 2014

  Reason: Power down due to temperature sensor policy trigger
  System version: 6.0(2)A4(1)
  Service: 

plugin
  Core Plugin, Ethernet Plugin
GENI3548#
GENI3548# show vlan summary

Number of existing VLANs           : 127
Number of existing user VLANs      : 112
Number of existing extended VLANs  : 15


GENI3548# GENI3548# show running-config 

!Command: show running-config
!Time: Tue Dec  9 10:35:20 2014

version 6.0(2)A4(1)
hostname GENI3548

<<<Many lines deleted>>>>

line console
line vty
boot kickstart bootflash:/n3500-uk9-kickstart.6.0.2.A4.0.862.bin 
boot system bootflash:/n3500-uk9.6.0.2.A4.0.862.bin 
openflow
  switch 1
    protocol-version 1.0
    default-miss cascade controller
    logging flow-mod
    rate-limit packet_in 1 burst 4
    pipeline 203
    controller ipv4 192.168.107.20 port 6633 vrf default security XXXXX
    of-port interface ethernet1/32
    of-port interface ethernet1/33
    of-port interface ethernet1/34
    of-port interface ethernet1/35
    of-port interface ethernet1/44
ip dhcp snooping vlan 1007
mac address-table guard-vpc-peergw-mac
virtual-service OF
  activate

Verify FOAM and FlowVisor configuration files ownership and paths:

[lnevers@ncsu-hn ~]$ ls -l /etc/foam.passwd  /etc/flowvisor.passwd /etc/flowvisor/fvpasswd /opt/foam/etc/foampasswd
lrwxrwxrwx  1 root      flowvisor  21 Feb 21  2013 /etc/flowvisor/fvpasswd -> /etc/flowvisor.passwd
-r--r-----  1 flowvisor ncsuadmins 25 Feb 20  2013 /etc/flowvisor.passwd
-r--r-----+ 1 root      ncsuadmins 25 Feb 20  2013 /etc/foam.passwd
lrwxrwxrwx  1 root      root       16 Feb 21  2013 /opt/foam/etc/foampasswd -> /etc/foam.passwd
[lnevers@ncsu-hn ~]$ 

Check FOAM version and FOAM configuration for site.admin.email, geni.site-tag, email.from settings on the NCSU head node:

[lnevers@ncsu-hn ~]$ foamctl admin:get-version  --passwd-file=/etc/foam.passwd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ foamctl config:get-value --key="site.admin.email"  --passwd-file=/opt/foam/etc/foampasswd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ foamctl config:get-value --key="geni.site-tag"  --passwd-file=/opt/foam/etc/foampasswd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ foamctl config:get-value --key="email.from"  --passwd-file=/opt/foam/etc/foampasswd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ foamctl config:get-value --key="geni.approval.approve-on-creation"  --passwd-file=/opt/foam/etc/foampasswd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ 

Note: Fails as expected, no OpenFlow for NCSU rack.

Show FOAM slivers details:

[lnevers@ncsu-hn ~]$ foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd 
Basic auth failed: invalid password

Note: Fails as expected, no OpenFlow for NCSU rack.

Check the FlowVisor version, list of devices, get details for a device, list of active slices, and details for one of the slices on the NCSU Head node:

[lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd ping hello
Got reply:
PONG(fvadmin): FV version=flowvisor-0.8.1::hello
[lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listDevices
[lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices
Slice 0: fvadmin
Slice 1: N3K-Test
[lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo  N3K-Test
Got reply:
contact_email=slice=tester@renci.org
controller_hostname=127.0.0.1
controller_port=60635
creator=fvadmin
[lnevers@ncsu-hn ~]$ 

Note: No Device present as expected, no OpenFlow at NCSU

Last modified 9 years ago Last modified on 12/10/14 14:47:56