Changes between Initial Version and Version 1 of GENIRacksHome/OpenGENIRacks/AcceptanceTestStatusMay2013/OG-ADM-2

Timestamp:

05/23/14 11:35:13 (10 years ago)

Author:

lnevers@bbn.com

Comment:

--

GENIRacksHome/OpenGENIRacks/AcceptanceTestStatusMay2013/OG-ADM-2

@@ +1 @@
+= GR-ADM-2: Rack Administrator Access Test =
+
+This page captures status for the test case GR-ADM-2. For additional information see the [wiki:GENIRacksHome/GRAMRacks/AcceptanceTestStatusMay2013 Acceptance Test Status - May 2013] page overall status, or the [wiki:GENIRacksHome/AcceptanceTests/GRAMAcceptanceTestsPlan GRAM Acceptance Test Plan] for details about the planned evaluation.
+
+''Last Update: 2013/05/14"
+
+|| '''Step''' || '''State'''||''' Notes '''            || '''Tickets'''  ||
+|| Step 1     ||[[span(Pass, style=background-color: green )]]||                         ||                ||
+|| Step 2     ||[[span(Pass, style=background-color: green )]]||                ||
+|| Step 3     ||[[span(Fail, style=background-color: red)]]||IPKVM powered off and disconnected ||#65      ||
+               
+
+[[BR]]
+|| '''State Legend'''                                   || '''Description'''                                                    ||
+||[[span(Pass, style=background-color: green )]]        || Test completed and met all criteria                                  ||
+||[[span(Pass: most criteria, style=background-color: #98FB98)]]|| Test completed and met most criteria. Exceptions documented  ||
+||[[span(Fail, style=background-color: red)]]           || Test completed and failed to meet criteria.                          ||
+||[[span(Complete, style=background-color: yellow)]]    || Test completed but will require re-execution due to expected changes ||
+||[[span(Blocked, style=background-color: orange)]]     || Blocked by ticketed issue(s).                                        ||
+||[[span(In Progress, style=background-color: #63B8FF)]]|| Currently under test.                                                ||
+||[[span(Not Planned)]]                                 || This area is not part of initial evaluation                          ||
+
+= Test Plan Steps =
+
+== Step 1: For each type of rack infrastructure node verify features ==
+For each type of rack infrastructure node, including VM server hosts and any VMs running infrastructure support services, use a site administrator account to test:
+        * Login to the node using public-key SSH.
+        * Verify that you cannot login to the node using password-based SSH, nor via any unencrypted login protocol.
+        * When logged in, run a command via sudo to verify root privileges. 
+
+=== Control Node ===
+
+Requested Administrative account and provided SSH Public keys. Once the account was created, logged in and verified sudo access:
+{{{
+$ ssh 128.89.91.170
+Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.5.0-23-generic x86_64)
+
+ * Documentation:  https://help.ubuntu.com/
+
+*** System restart required ***
+Last login: Tue May 14 09:01:27 2013 from dhcp89-073-116.bbn.com
+lnevers@boscontroller:~$ sudo whoami
+root
+lnevers@boscontroller:~$ 
+}}}
+
+=== Compute Nodes VM servers ===
+
+Logged in to each of the 3 VM servers and verified access. Compute Node 1:
+
+{{{
+
+$ ssh 128.89.91.171
+Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.5.0-23-generic x86_64)
+
+ * Documentation:  https://help.ubuntu.com/
+
+1 package can be updated.
+0 updates are security updates.
+
+*** System restart required ***
+
+The programs included with the Ubuntu system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
+applicable law.
+
+lnevers@boscompute1:~$ sudo whoami
+root
+lnevers@boscompute1:~$ 
+}}}
+
+Compute Node 2:
+{{{
+$ ssh 128.89.91.172
+Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.5.0-23-generic x86_64)
+
+ * Documentation:  https://help.ubuntu.com/
+
+1 package can be updated.
+0 updates are security updates.
+
+*** System restart required ***
+
+The programs included with the Ubuntu system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
+applicable law.
+
+lnevers@boscompute2:~$ sudo whoami
+root
+lnevers@boscompute2:~$ 
+}}}
+
+Compute node 3:
+{{{
+$ ssh 128.89.91.174
+Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.5.0-23-generic x86_64)
+
+ * Documentation:  https://help.ubuntu.com/
+
+*** System restart required ***
+
+The programs included with the Ubuntu system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
+applicable law.
+
+lnevers@boscompute4:~$ sudo whoami
+root
+lnevers@boscompute4:~$ 
+}}}    
+== Step 2: For each rack infrastructure device verify features ==
+For each rack infrastructure device  (switches, remote PDUs if any), use a site administrator account to test:
+        * Login via SSH.
+        * Login via a serial console (if the device has one).
+        * Verify that you cannot login to the device via an unencrypted login protocol.
+        * Use the "enable" command or equivalent to verify privileged access. 
+
+First connected to host desktop.gpolab.bbn.com which has access to console ports for routers:
+{{{
+LNM:~$ ssh desktop.gpolab.bbn.com
+Last login: Tue May 14 10:44:21 2013 from dhcp89-073-116.bbn.com
+Welcome to coruscant.gpolab.bbn.com.
+
+This host is managed by GENI GPO Ops.
+
+This host's configuration files are maintained using the Puppet
+automated configuration utility.  Manual system-level changes may
+be overwritten.  Please make all system-level changes using Puppet.
+
+For configuration requests, contact gpo-infra@geni.net.
+[lnevers@coruscant ~]$ 
+}}}
+Then connected to router console ports for Control Network.  First login to desktop.gpolab.bbn.com and then connect to console via screen. 
+
+'' Note: Cable must be connected to console port to get access to Control Router Console via screen''
+
+{{{
+$ ssh desktop.gpolab.bbn.com
+[lnevers@coruscant ~]$  screen /dev/ttyS4
+<...>
+Username: gpo
+Password:
+bos-router1>
+bos-router1#show running-config 
+Building configuration...
+
+Current configuration : 6950 bytes
+!
+! Last configuration change at 19:02:21 UTC Tue Apr 9 2013 by gpo
+! NVRAM config last updated at 19:02:27 UTC Tue Apr 9 2013 by gpo
+! NVRAM config last updated at 19:02:27 UTC Tue Apr 9 2013 by gpo
+version 15.1
+service timestamps debug datetime msec
+service timestamps log datetime msec
+service password-encryption
+!
+hostname bos-router1
+!
+boot-start-marker
+boot-end-marker
+!
+logging buffered 51200 warnings
+!
+aaa new-model
+!
+aaa authentication login default local
+!
+aaa session-id common
+!
+no ipv6 cef
+ip source-route
+ip cef
+!
+ip domain name cities.gpolab.bbn.com
+ip name-server 128.89.91.10
+multilink bundle-name authenticated
+!
+crypto pki token default removal timeout 0
+!
+crypto pki trustpoint TP-self-signed-1265093406
+ enrollment selfsigned
+ subject-name cn=IOS-Self-Signed-Certificate-1265093406
+ revocation-check none
+ rsakeypair TP-self-signed-1265093406
+!
+crypto pki
+<.....>
+vtp mode transparent
+username xxx XXXX
+!
+vlan 820
+ name IP:rack-bos-ctrl
+!
+vlan 824
+ name IP:rack-bos-data
+!
+vlan 2005
+ name VLAN2006
+!
+interface Embedded-Service-Engine0/0
+ no ip address
+ shutdown
+!         
+interface GigabitEthernet0/0
+ description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
+ ip address 128.89.91.150 255.255.255.252
+ duplex auto
+ speed auto
+!
+interface GigabitEthernet0/1
+ no ip address
+ ip broadcast-address 128.89.91.191
+ duplex auto
+ speed auto
+!
+interface GigabitEthernet0/1/0
+ switchport access vlan 820
+ no ip address
+!
+interface GigabitEthernet0/1/1
+ switchport access vlan 820
+ no ip address
+!
+interface GigabitEthernet0/1/2
+ switchport access vlan 820
+ no ip address
+!         
+interface GigabitEthernet0/1/3
+ switchport access vlan 820
+ no ip address
+!         
+interface GigabitEthernet0/1/4
+ switchport mode trunk
+ no ip address
+!         
+interface GigabitEthernet0/1/5
+ switchport access vlan 820
+ no ip address
+!         
+interface GigabitEthernet0/1/6
+ switchport access vlan 820
+ no ip address
+!         
+interface GigabitEthernet0/1/7
+ switchport access vlan 820
+ no ip address
+!         
+interface GigabitEthernet0/3/0
+ switchport mode trunk
+ no ip address
+!         
+interface GigabitEthernet0/3/1
+ switchport mode trunk
+ no ip address
+!         
+interface GigabitEthernet0/3/2
+ switchport access vlan 820
+ no ip address
+!         
+interface GigabitEthernet0/3/3
+ switchport mode trunk
+ no ip address
+!         
+interface GigabitEthernet0/3/4
+ switchport access vlan 820
+ no ip address
+!         
+interface GigabitEthernet0/3/5
+ switchport access vlan 820
+ no ip address
+!         
+interface GigabitEthernet0/3/6
+ switchport access vlan 820
+ no ip address
+!         
+interface GigabitEthernet0/3/7
+ switchport access vlan 820
+ no ip address
+!         
+interface Vlan1
+ no ip address
+ shutdown
+!         
+interface Vlan820
+ ip address 128.89.91.162 255.255.255.224
+!
+interface Vlan824
+ ip address 192.1.243.17 255.255.255.240
+ shutdown 
+!
+ip default-gateway 128.89.91.149
+ip forward-protocol nd
+!         
+no ip http server
+ip http access-class 23
+ip http authentication local
+no ip http secure-server
+ip http timeout-policy idle 60 life 86400 requests 10000
+!         
+ip route 0.0.0.0 0.0.0.0 192.1.249.1
+ip route 0.0.0.0 0.0.0.0 128.89.91.149
+!
+logging 192.1.243.4
+access-list 3 remark monitoring
+access-list 3 permit 192.1.243.4
+access-list 23 remark admin
+access-list 23 permit 192.1.249.10
+access-list 23 permit 192.1.243.4
+!         
+snmp-server community XXX RO 3
+!
+
+bos-router1#show vlan-switch 
+
+VLAN Name                             Status    Ports
+---- -------------------------------- --------- -------------------------------
+1    default                          active    
+820  IP:rack-bos-ctrl                 active    Gi0/1/0, Gi0/1/1, Gi0/1/2
+                                                Gi0/1/3, Gi0/1/5, Gi0/1/6
+                                                Gi0/1/7, Gi0/3/2, Gi0/3/4
+                                                Gi0/3/5, Gi0/3/6, Gi0/3/7
+824  IP:rack-bos-data                 active    
+1002 fddi-default                     act/unsup 
+1003 token-ring-default               act/unsup 
+1004 fddinet-default                  act/unsup 
+1005 trnet-default                    act/unsup 
+2005 VLAN2006                         active    
+
+VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
+---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
+1    enet  100001     1500  -      -      -        -    -        1002   1003
+820  enet  100820     1500  -      -      -        -    -        0      0   
+824  enet  100824     1500  -      -      -        -    -        0      0   
+1002 fddi  101002     1500  -      -      -        -    -        1      1003
+1003 tr    101003     1500  1005   0      -        -    srb      1      1002
+1004 fdnet 101004     1500  -      -      1        ibm  -        0      0   
+1005 trnet 101005     1500  -      -      1        ibm  -        0      0   
+          
+VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
+---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
+2005 enet  102005     1500  -      -      -        -    -        0      0   
+
+}}}
+
+Then connected to router console ports for Dataplane Network:
+{{{
+$ ssh desktop.gpolab.bbn.com
+[lnevers@coruscant ~]$  screen /dev/ttyS4
+Username: 
+Password: 
+
+bosswitch> ena
+bosswitch# show openflow version 
+
+ Openflow Version
+
+  HP-Labs Openflow Implementation for 5400zl/3500yl switches
+    Version 2.02w
+    Jean Tourrilhes & Praveen Yalagandula, HP-Labs
+  Based on ProCurve firmware for 5400zl/3500yl switches
+    Version K.14.83o
+    (Don't ask ProCurve for support or help)
+  Based on Open vSwitch Reference Source code
+    Version 1.0.0
+
+bosswitch# show running-config 
+Running configuration:
+
+; J9452A Configuration Editor; Created on release #K.14.83o
+
+hostname "bosswitch" 
+ip access-list standard "1" 
+   10 remark "admin" 
+   10 permit 192.1.249.10 0.0.0.0 
+   20 permit 192.1.243.4 0.0.0.0 
+   exit 
+module 2 type J94yyA 
+module 3 type J94zzA 
+module 5 type J94wwA 
+module 6 type J94wwA 
+no stack 
+interface 2 
+   disable
+exit
+interface 3 
+   disable
+exit
+interface 4 
+   disable
+exit
+interface 5 
+   disable
+exit
+interface 6 
+   disable
+exit
+interface 7 
+   disable
+exit
+interface 10 
+   disable
+exit
+interface 11 
+   disable
+exit
+interface 12 
+   disable
+exit
+interface 13 
+   disable
+exit
+interface 14 
+   disable
+exit
+interface 15 
+   disable
+exit
+interface 17 
+   disable
+exit
+interface 18 
+   disable
+exit
+interface 19 
+   disable
+exit
+interface 20 
+   disable
+exit
+interface 21 
+   disable
+exit
+interface 22 
+   disable
+exit
+interface 23 
+   disable
+exit
+interface 25 
+   disable
+exit
+interface 26 
+   disable
+exit
+interface 27 
+   disable
+exit
+interface 28 
+   disable
+exit
+interface 29 
+   disable
+exit
+interface 30 
+   disable
+exit
+interface 31 
+   disable
+exit
+interface 32 
+   disable
+exit
+interface 33 
+   disable
+exit
+interface 35 
+   disable
+exit
+interface 37 
+   disable
+exit
+interface 38 
+   disable
+exit
+interface 39 
+   disable
+exit
+interface 40 
+   disable
+exit
+interface 41 
+   disable
+exit
+interface 42 
+   disable
+exit
+interface 43 
+   disable
+exit
+interface 44 
+   disable
+exit
+interface 45 
+   disable
+exit
+interface 47 
+   disable
+exit
+ip default-gateway 128.89.91.162 
+vlan 1 
+   name "DEFAULT_VLAN" 
+   untagged 2-8,10-45,47,49-50,51-52 
+   no untagged 1,9,46,48 
+   no ip address 
+   exit 
+vlan 820 
+   name "IP:rack-bos-ctrl" 
+   untagged 48 
+   ip address 128.89.91.161 255.255.255.224 
+   exit 
+vlan 1403 
+   name "IP:exp-euca-bos-priv" 
+   untagged 1,9,46 
+   no ip address 
+   exit 
+vlan 1000 
+   name "vlan1000" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1001 
+   name "vlan1001" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1002 
+   name "vlan1002" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1003 
+   name "vlan1003" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1004 
+   name "vlan1004" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1005 
+   name "vlan1005" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1006 
+   name "vlan1006" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1007 
+   name "vlan1007" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1008 
+   name "vlan1008" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1009 
+   name "vlan1009" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+vlan 1010 
+   name "vlan1010" 
+   tagged 8,16,24,34 
+   no ip address 
+   exit 
+logging 192.1.243.4
+logging facility local7
+   exit 
+logging 192.1.243.4
+logging facility local7
+timesync sntp
+sntp unicast
+sntp server priority 1 192.1.243.4 3
+no telnet-server
+ip authorized-managers 192.1.249.10 255.255.255.255 access XXX access-method
+ ssh
+ip authorized-managers 192.1.243.4 255.255.255.255 access XXX access-method 
+ssh
+ip authorized-managers 192.1.243.4 255.255.255.255 access XXX access-method
+ snmp
+ip ssh filetransfer
+snmp-server community "XXX" XXX
+oobm
+   ip address dhcp-bootp
+   exit
+no tftp client
+no tftp server
+no autorun
+password XXX
+
+
+bosswitch# show vlans 
+ Status and Counters - VLAN Information
+
+  Maximum VLANs to support : 256
+  Primary VLAN : DEFAULT_VLAN
+  Management VLAN :
+
+  VLAN ID Name                 | Status     Voice Jumbo
+  ------- -------------------- + ---------- ----- -----
+  1       DEFAULT_VLAN         | Port-based No    No
+  820     IP:rack-bos-ctrl     | Port-based No    No
+  1000    vlan1000             | Port-based No    No
+  1001    vlan1001             | Port-based No    No
+  1002    vlan1002             | Port-based No    No
+  1003    vlan1003             | Port-based No    No
+  1004    vlan1004             | Port-based No    No
+  1005    vlan1005             | Port-based No    No
+  1006    vlan1006             | Port-based No    No
+  1007    vlan1007             | Port-based No    No
+  1008    vlan1008             | Port-based No    No
+  1009    vlan1009             | Port-based No    No
+  1010    vlan1010             | Port-based No    No
+  1403    IP:exp-euca-bos-priv | Port-based No    No
+
+
+}}}
+
+
+
+
+== Step 3. Verify GRAM remote console solution ==
+
+Verify the GRAM remote console solution for rack hosts can be used to access the consoles all server hosts and experimental hosts:
+        * Login via SSH or other encrypted protocol.
+        * Verify that you cannot login via an unencrypted login protocol. 
+
+
+There is Direct Console access to each node via a local KVM switch. 
+
+There is an IPKVM switch for remote access, but it is powered off, disconnected from the network and has not been configured for the GRAM rack networks.
+