Changes between Version 2 and Version 3 of GENIRacksHome/InstageniRacks/AcceptanceTestStatus/IG-ADM-2
- Timestamp:
- 05/12/12 09:05:43 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GENIRacksHome/InstageniRacks/AcceptanceTestStatus/IG-ADM-2
v2 v3 5 5 ''This page is GPO's working page for performing IG-ADM-2. It is public for informational purposes, but it is not an official status report. See [wiki:GENIRacksHome/InstageniRacks/AcceptanceTestStatus] for the current status of InstaGENI acceptance tests.'' 6 6 7 ''Last substantive edit of this page: 2012-05- 08''7 ''Last substantive edit of this page: 2012-05-12'' 8 8 9 9 == Page format == … … 35 35 || 3B || [[Color(orange,Blocked)]] || || || blocked on 3A || 36 36 || 3C || [[Color(orange,Blocked)]] || || || blocked on 3A || 37 || 4A || [[Color(orange,Blocked)]] || || || blocked on access to infrastructure VM server||37 || 4A || [[Color(orange,Blocked)]] || || || blocked on access to FlowVisor VM || 38 38 || 4B || [[Color(orange,Blocked)]] || || || blocked on 4A || 39 39 || 4C || [[Color(orange,Blocked)]] || || || blocked on 4A || 40 || 5A || [[Color(orange,Blocked)]] || || || blocked on sudo access to boss; allocation of OpenVZ node ||40 || 5A || [[Color(orange,Blocked)]] || || || blocked on access to infrastructure VM server || 41 41 || 5B || [[Color(orange,Blocked)]] || || || blocked on 5A || 42 42 || 5C || [[Color(orange,Blocked)]] || || || blocked on 5A || 43 || 6A || [[Color(orange,Blocked)]] || || || blocked on access to switches || 44 || 6B || [[Color(orange,Blocked)]] || || || blocked on 6A || 45 || 6C || [[Color(orange,Blocked)]] || || || blocked on 6A || 46 || 6D || [[Color(orange,Blocked)]] || || || blocked on serial access to switches || 43 || 6A || [[Color(orange,Blocked)]] || || || blocked on sudo access to boss; allocation of OpenVZ node || 44 || 6B || [[Color(orange,Blocked)]] || || || blocked on 6A || 45 || 6C || [[Color(orange,Blocked)]] || || || blocked on 6A || 47 46 || 7A || [[Color(orange,Blocked)]] || || || blocked on access to switches || 48 47 || 7B || [[Color(orange,Blocked)]] || || || blocked on 7A || 49 48 || 7C || [[Color(orange,Blocked)]] || || || blocked on 7A || 50 49 || 7D || [[Color(orange,Blocked)]] || || || blocked on serial access to switches || 51 || 8 || [[Color(orange,Blocked)]] || || || blocked on access to rack iLO || 50 || 8A || [[Color(orange,Blocked)]] || || || blocked on access to switches || 51 || 8B || [[Color(orange,Blocked)]] || || || blocked on 8A || 52 || 8C || [[Color(orange,Blocked)]] || || || blocked on 8A || 53 || 8D || [[Color(orange,Blocked)]] || || || blocked on serial access to switches || 54 || 9 || [[Color(orange,Blocked)]] || || || blocked on access to rack iLO || 52 55 53 56 == High-level description from test plan == … … 178 181 * The command which was run should be recorded in a log 179 182 180 == Step 4: verify access to rack infrastructure VM server host == 181 182 === Step 4A: verify that SSH to foam succeeds and allows public keys only === 183 == Step 4: verify access to rack FlowVisor node == 184 185 === Step 4A: verify that SSH to FlowVisor succeeds and allows public keys only === 186 187 '''Using:''' 188 * SSH to `chaos@flowvisor.instageni.gpolab.bbn.com` from outside of the rack using public-key SSH 189 * SSH to `chaos@flowvisor.instageni.gpolab.bbn.com` from outside of the rack using password-based SSH 190 191 '''Verify:''' 192 * Public-key SSH succeeds 193 * Password-based SSH does not succeed 194 195 === Step 3B: verify the absence of common unencrypted login protocols === 196 197 '''Using:''' 198 * Use netstat to enumerate the network-listening processes running on foam 199 * Identify each process and determine whether it is a common unencrypted login protocol 200 * For any unencrypted login protocols found to be listening, try to access the relevant port remotely and determine whether login is possible 201 202 '''Verify:''' 203 * No unencrypted login protocols are listening on accessible networks 204 * Login does not succeed via any unencrypted login protocol 205 206 === Step 4C: verify sudo and sudo logging === 207 208 '''Using:''' 209 * On flowvisor, run: `sudo whoami` 210 * Look for a syslog file containing a record of the sudo command which was run 211 212 '''Verify:''' 213 * The sudo command should succeed 214 * The command which was run should be recorded in a log 215 216 == Step 5: verify access to rack infrastructure VM server host == 217 218 === Step 5A: verify that SSH to foam succeeds and allows public keys only === 183 219 184 220 '''Using:''' … … 190 226 * Password-based SSH does not succeed 191 227 192 === Step 4B: verify the absence of common unencrypted login protocols ===228 === Step 5B: verify the absence of common unencrypted login protocols === 193 229 194 230 '''Using:''' … … 201 237 * Login does not succeed via any unencrypted login protocol 202 238 203 === Step 4C: verify sudo and sudo logging ===239 === Step 5C: verify sudo and sudo logging === 204 240 205 241 '''Using:''' … … 211 247 * The command which was run should be recorded in a log 212 248 213 == Step 5: verify access to experimental OpenVZ node ==214 215 === Step 5A: verify that SSH to experimental OpenVZ node succeeds and allows public keys only on public IPs ===249 == Step 6: verify access to experimental OpenVZ node == 250 251 === Step 6A: verify that SSH to experimental OpenVZ node succeeds and allows public keys only on public IPs === 216 252 217 253 '''Using:''' … … 223 259 * Password-based SSH does not succeed from outside of the rack 224 260 225 === Step 5B: verify the absence of common unencrypted login protocols ===261 === Step 6B: verify the absence of common unencrypted login protocols === 226 262 227 263 '''Using:''' … … 234 270 * Login does not succeed via any unencrypted login protocol 235 271 236 === Step 5C: verify sudo and sudo logging ===272 === Step 6C: verify sudo and sudo logging === 237 273 238 274 '''Using:''' … … 244 280 * The command which was run should be recorded in a log 245 281 246 == Step 6: verify access to control network switch ==247 248 === Step 6A: verify SSH access ===282 == Step 7: verify access to control network switch == 283 284 === Step 7A: verify SSH access === 249 285 250 286 '''Using:''' … … 254 290 * SSH login succeeds 255 291 256 === Step 6B: verify privileged access to the control network switch ===292 === Step 7B: verify privileged access to the control network switch === 257 293 258 294 '''Using:''' … … 266 302 * Viewing the MAC address table should succeed 267 303 268 === Step 6C: verify absence of unencrypted login access ===304 === Step 7C: verify absence of unencrypted login access === 269 305 270 306 '''Using:''' … … 280 316 * No other services appear to allow remote unencrypted authentication 281 317 282 === Step 6D: verify serial console access to the device ===318 === Step 7D: verify serial console access to the device === 283 319 284 320 '''Using:''' … … 293 329 * It should be possible to view the running configuration via the serial console 294 330 295 == Step 7: verify access to dataplane switch ==296 297 === Step 7A: verify SSH access ===331 == Step 8: verify access to dataplane switch == 332 333 === Step 8A: verify SSH access === 298 334 299 335 '''Using:''' … … 303 339 * SSH login succeeds 304 340 305 === Step 7B: verify privileged access to the dataplane switch ===341 === Step 8B: verify privileged access to the dataplane switch === 306 342 307 343 '''Using:''' … … 315 351 * Viewing the MAC address table should succeed 316 352 317 === Step 7C: verify absence of unencrypted login access ===353 === Step 8C: verify absence of unencrypted login access === 318 354 319 355 '''Using:''' … … 329 365 * No other services appear to allow remote unencrypted authentication 330 366 331 === Step 7D: verify serial console access to the device ===367 === Step 8D: verify serial console access to the device === 332 368 333 369 '''Using:''' … … 342 378 * It should be possible to view the running configuration via the serial console 343 379 344 == Step 8: verify that iLO is not accessible via unencrypted protocols ==380 == Step 9: verify that iLO is not accessible via unencrypted protocols == 345 381 346 382 '''Using:'''