Changes between Initial Version and Version 1 of GENIRacksAdministration/OpenGENIRacksAdminAccounts


Ignore:
Timestamp:
05/23/14 10:16:34 (8 years ago)
Author:
lnevers@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIRacksAdministration/OpenGENIRacksAdminAccounts

    v1 v1  
     1[[PageOutline]]
     2
     3= OpenGENI Rack Administrative Accounts =
     4
     5Each OpenGENI rack delivers an initial local administrator account that is created when OpenGENI is installed. When each new rack is deployed, the local administrator must request the desired ''login ID'' and provide a copy of the SSH version 2 public keys. The keys provided will be used by the administrator to access the control node because GRAM racks do not permit password based authentication. The initial local administrator account will exist on each of the following systems:
     6  - Control Node
     7  - Compute Nodes (2)
     8  - Switches (Force10, !PowerConnect)
     9  - Remote Access System (iDRAC)
     10
     11
     12== Control and Compute Nodes Admin Accounts ==
     13
     14Additional administrative accounts can be created or deleted by issuing standard Ubuntu unix commands detailed in this section:
     15
     16'''__On the Control and the Compute Nodes:__ ''' Create the user account and set a temporary password.
     17
     18   '' Note:'' Replace instances of ''newAdmin'' with the user requested ''login ID''
     19
     20   1.  Type "sudo useradd -c ''newAdmin'' -s /bin/bash -m ''newAdmin''".
     21   2.  Edit /etc/group and add user, ''newAdmin'', into the sudo group.
     22   3.  Edit /etc/sudoers using visudo and add a line for the user, ''newAdmin''.
     23   4.  Type "sudo passwd ''newAdmin''" to give the user a temporary password.
     24
     25'''__On the Control Node only:__ ''' Install the SSH Keys provided by the user and generate the ssh keys to be installed on other rack devices for access:
     26 
     27   5.  Type "su - ''newAdmin''" to become ''newAdmin''. 
     28   6.  Generate keys that will be used to access other devices in rack. Type "ssh-keygen -t dsa".   
     29   7.  Install keys provided by user to allow access to Control Node. Type "cat ''pub_key'' >>~/.ssh/authorized_keys''
     30   8.  Set appropriate permission for key access. Type "chmod 600 ~/.ssh/authorized_keys".
     31   9.  Copy the public DSA public key generated into the compute nodes and all other devices where access can be done via key pairs.
     32The local administrator will need to have a local clearinghouse account to use some of the OpenGENI tools to check the rack component status.
     33   10. "sudo su - gram"
     34   11. "cd /opt/gcf/src"
     35   12.  "./gen-certs.py --exp -u ''newAdmin'' --notAll"
     36   13.  "exit"
     37   14.  As ''newAdmin'', "mkdir ~/.gcf"
     38   15.  "sudo cp ~gram/.gcf/''newAdmin''-*.pem ~/.gcf"
     39   16.   "sudo cp ~gram/.gcf/omni_config ~/.gcf/tmpOmni"
     40   17.   "sudo chown ''newAdmin'' ~/.gcf/*"
     41   18.  "sed 's/gramuser/''newAdmin''/g' ~/.gcf/tmpOmni>> ~/.gcf/omni_config"
     42   19.  "rm ~/.gcf/tmpOmni"
     43   20. "sudo service gram-ch restart"
     44   21. "sudo service gram-am restart"
     45
     46'''__On the Compute Nodes:__ ''' Install the SSH DSA keys that you generated:
     47
     48   22.  Login with your admin account and then "su - ''newAdmin''" to become ''newAdmin''.
     49   23.  Copy the public DSA key generated in step 6 above into the .ssh directory.
     50   24.  Type "cat ''pub_key'' >> ~/.ssh/authorized_keys.
     51   25.  Set appropriate permission for key access. Type "chmod 600 authorized_keys".
     52
     53''' __Delete Account on Control and Compute Nodes:__ '''
     54
     55      ''Note:'' Replace instances of newAdmin with the user account to be deleted.
     56
     57    1.  Type "sudo userdel -rf ''newAdmin''".
     58
     59
     60== Force10 Admin Accounts ==
     61
     62To add a site admin account on the Force10 !OpenFlow switch you can either ssh to the switch IP address with user and password, or you access the switch console by using screen /dev/ttyS1, but this necessitates checking that the serial cable is connected to a server and that the other end of the cable is connected to the Force 10.
     63
     64Once you can login to the switch add a user accounts as shown below, please note that the ''enable password'' is shared among the user accounts and should not be modified:
     65{{{
     66(Using Cisco IOS-like commands)
     67enable
     68configure
     69username <admin name>
     70username <admin name> password <admin password>
     71exit
     72write
     73}}}
     74
     75To delete the user in the Force 10
     76{{{
     77(Using Cisco IOS-like commands)
     78enable
     79configure
     80no username <admin name>
     81exit
     82write
     83}}}
     84
     85== !PowerConnect Admin Accounts ==
     86
     87To add a site admin account on the !PowerConnect 7048 you can either ssh to the switch IP address with user and password or access the console by using screen /dev/ttyS1, but this necessitates checking that the serial cable is connected to a server and that the other end of the cable is connected to the !PowerConnect 7048.
     88
     89Once you can login to the switch add a user accounts as shown below, please note that the ''enable password'' is shared among the user accounts and should not be modified:
     90{{{
     91(Using Cisco IOS-like commands)
     92enable
     93config
     94username <admin name> password <admin password>
     95exit
     96write
     97}}}
     98 
     99
     100To delete the user in the !PowerConnect 7048
     101{{{
     102(Using Cisco IOS-like commands)
     103enable
     104configure
     105no username <admin name>
     106exit
     107write
     108}}}
     109
     110== iDRAC Account ==
     111
     112To set up iDRAC accounts: [wiki:GENIRacksAdministration/OpenGENIRacksAdminAccounts/iDRAC Integrated Dell Remote Access Controller (iDRAC) Configuration][[BR]]