[[PageOutline]]

= OpenGENI Rack Administrative Accounts =

Each OpenGENI rack delivers an initial local administrator account that is created when OpenGENI is installed. When each new rack is deployed, the local administrator must request the desired ''login ID'' and provide a copy of the SSH version 2 public keys. The keys provided will be used by the administrator to access the control node because GRAM racks do not permit password based authentication. The initial local administrator account will exist on each of the following systems:
  - Control Node
  - Compute Nodes (2)
  - Switches (Force10, !PowerConnect)
  - Remote Access System (iDRAC)


== Control and Compute Nodes Admin Accounts ==

Additional administrative accounts can be created or deleted by issuing standard Ubuntu unix commands detailed in this section:

'''__On the Control and the Compute Nodes:__ ''' Create the user account and set a temporary password. 

   '' Note:'' Replace instances of ''newAdmin'' with the user requested ''login ID'' 

   1.  Type "sudo useradd -c ''newAdmin'' -s /bin/bash -m ''newAdmin''".
   2.  Edit /etc/group and add user, ''newAdmin'', into the sudo group.
   3.  Edit /etc/sudoers using visudo and add a line for the user, ''newAdmin''.
   4.  Type "sudo passwd ''newAdmin''" to give the user a temporary password.

'''__On the Control Node only:__ ''' Install the SSH Keys provided by the user and generate the ssh keys to be installed on other rack devices for access:
 
   5.  Type "su - ''newAdmin''" to become ''newAdmin''.  
   6.  Generate keys that will be used to access other devices in rack. Type "ssh-keygen -t dsa".   
   7.  Install keys provided by user to allow access to Control Node. Type "cat ''pub_key'' >>~/.ssh/authorized_keys''
   8.  Set appropriate permission for key access. Type "chmod 600 ~/.ssh/authorized_keys".
   9.  Copy the public DSA public key generated into the compute nodes and all other devices where access can be done via key pairs.
The local administrator will need to have a local clearinghouse account to use some of the OpenGENI tools to check the rack component status.
   10. "sudo su - gram"
   11. "cd /opt/gcf/src"
   12.  "./gen-certs.py --exp -u ''newAdmin'' --notAll"
   13.  "exit"
   14.  As ''newAdmin'', "mkdir ~/.gcf"
   15.  "sudo cp ~gram/.gcf/''newAdmin''-*.pem ~/.gcf"
   16.   "sudo cp ~gram/.gcf/omni_config ~/.gcf/tmpOmni"
   17.   "sudo chown ''newAdmin'' ~/.gcf/*"
   18.  "sed 's/gramuser/''newAdmin''/g' ~/.gcf/tmpOmni>> ~/.gcf/omni_config"
   19.  "rm ~/.gcf/tmpOmni"
   20. "sudo service gram-ch restart"
   21. "sudo service gram-am restart"

'''__On the Compute Nodes:__ ''' Install the SSH DSA keys that you generated: 

   22.  Login with your admin account and then "su - ''newAdmin''" to become ''newAdmin''.
   23.  Copy the public DSA key generated in step 6 above into the .ssh directory.
   24.  Type "cat ''pub_key'' >> ~/.ssh/authorized_keys.
   25.  Set appropriate permission for key access. Type "chmod 600 authorized_keys".

''' __Delete Account on Control and Compute Nodes:__ '''

      ''Note:'' Replace instances of newAdmin with the user account to be deleted.

    1.  Type "sudo userdel -rf ''newAdmin''".


== Force10 Admin Accounts ==

To add a site admin account on the Force10 !OpenFlow switch you can either ssh to the switch IP address with user and password, or you access the switch console by using screen /dev/ttyS1, but this necessitates checking that the serial cable is connected to a server and that the other end of the cable is connected to the Force 10.

Once you can login to the switch add a user accounts as shown below, please note that the ''enable password'' is shared among the user accounts and should not be modified:
{{{
(Using Cisco IOS-like commands)
enable
configure
username <admin name>
username <admin name> password <admin password>
exit
write
}}}

To delete the user in the Force 10
{{{
(Using Cisco IOS-like commands)
enable
configure
no username <admin name>
exit
write
}}}

== !PowerConnect Admin Accounts ==

To add a site admin account on the !PowerConnect 7048 you can either ssh to the switch IP address with user and password or access the console by using screen /dev/ttyS1, but this necessitates checking that the serial cable is connected to a server and that the other end of the cable is connected to the !PowerConnect 7048. 

Once you can login to the switch add a user accounts as shown below, please note that the ''enable password'' is shared among the user accounts and should not be modified:
{{{
(Using Cisco IOS-like commands)
enable
config
username <admin name> password <admin password>
exit 
write
}}}
  

To delete the user in the !PowerConnect 7048
{{{
(Using Cisco IOS-like commands)
enable
configure
no username <admin name>
exit
write
}}}

== iDRAC Account == 

To set up iDRAC accounts: [wiki:GENIRacksAdministration/OpenGENIRacksAdminAccounts/iDRAC Integrated Dell Remote Access Controller (iDRAC) Configuration][[BR]]