[[PageOutline]] = CG-ADM-1 Administrative Tests = This test validates administrative access for NCSU2 and NCSU Cisco racks. Cisco GENI Racks Administrator accounts can be obtained as described at the [https://wiki.exogeni.net/doku.php?id=public:operators:start ExoGENI Rack Operators] page where accounts creation and usage is documented. == Test Status == This section captures the status for each step in the acceptance test plan. || '''Test''' ||'''State''' || ''' !Tickets/Comments''' || ||NCSU2 Administrative Access ||[[Color(green,Pass)]] || Verified disabled telnet access on both switches;No hostname aliases for rack switches || ||NCSU Administrative Access ||[[Color(green,Pass)]] || Verified disabled telnet access on both switches;No hostname aliases for rack switches || [[BR]] || '''State Legend''' || '''Description''' || || [[Color(green,Pass)]] || Test completed and met all criteria || || [[Color(#98FB98,Pass: most criteria)]] || Test completed and met most criteria. Exceptions documented || || [[Color(red,Fail)]] || Test completed and failed to meet criteria. || || [[Color(yellow,Complete)]] || Test completed but will require re-execution due to expected changes || || [[Color(orange,Blocked)]] || Blocked by ticketed issue(s). || || [[Color(#63B8FF,In Progress)]] || Currently under test. || [[BR]] = NCSU2 Administrative Access = With requested account accessed rack head node and verified root access and group membership: {{{ LNM:~$ ssh ncsu2-hn.exogeni.net The authenticity of host 'ncsu2-hn.exogeni.net (152.48.13.190)' can't be established. RSA key fingerprint is 73:17:05:21:29:42:71:05:52:e5:fd:16:a1:07:78:be. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ncsu2-hn.exogeni.net,152.48.13.190' (RSA) to the list of known hosts. lnevers@ncsu2-hn.exogeni.net's password: Creating home directory for lnevers. |-----------------------------------------------------------------| | ____ ____ ____ ____ ____ ____ ____ | | ||E |||x |||o |||G |||E |||N |||I || | | ||__|||__|||__|||__|||__|||__|||__|| | | |/__\|/__\|/__\|/__\|/__\|/__\|/__\| | | | |-----------------------------------------------------------------| [lnevers@ncsu2-hn ~]$ sudo whoami We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for lnevers: root [lnevers@ncsu2-hn ~]$ id uid=2107(lnevers) gid=2000(nonrenci) groups=2000(nonrenci),2502(ncsuadmins),2508(osfadmins),2509(ucdadmins),2510(sladmins),2512(ncsu2admins),2513(tamuadmins),9510(bbnadmins) [lnevers@ncsu2-hn ~]$ }}} From head node verified login and administrative access to each of the worker nodes that supply VMs. {{{ [lnevers@ncsu2-hn ~]$ for i in 1 2 3 4 ; do sudo ssh root@ncsu2-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done Executing on: ncsu2-w1 root Linux ncsu2-w1 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu2-w2 root Linux ncsu2-w2 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu2-w3 root Linux ncsu2-w3 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu2-w4 root Linux ncsu2-w4 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [lnevers@ncsu2-hn ~]$ }}} For each worker node execute the following: {{{ for i in X Y; do sudo ssh root@ncsu2-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done }}} ''' Note: No Bare Metal Nodes ''' Connect to the management switch: {{{ [lnevers@ncsu2-hn ~]$ ssh 192.168.107.2 -l admin Password: Password: ncsu-3560>ena Password: ncsu-3560# ncsu-3560#show interface status Port Name Status Vlan Duplex Speed Type Gi0/1 to SSG5 connected 1006 a-full a-100 10/100/1000BaseTX Gi0/2 To_N3K connected trunk a-full a-1000 10/100/1000BaseTX Gi0/3 Fabric_Interconnec connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/4 connected 1006 a-full a-100 10/100/1000BaseTX Gi0/5 notconnect 1 auto auto 10/100/1000BaseTX Gi0/6 Fabric Interconnec connected 1006 a-full a-100 10/100/1000BaseTX Gi0/7 to 4948 for Commod connected 1010 a-full a-1000 10/100/1000BaseTX Gi0/8 to N3064 disabled 1006 auto auto 10/100/1000BaseTX Gi0/9 connection to FI(A disabled 1 auto auto 10/100/1000BaseTX Gi0/10 connection to FI(A disabled 1 auto auto 10/100/1000BaseTX Gi0/11 notconnect 1 auto auto 10/100/1000BaseTX Gi0/12 N3548 Mgmt0 (192.1 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/13 to UCS-C-1 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/14 to UCS-C-2 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/15 to UCS-C-3 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/16 to UCS-C-4 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/17 to UCS-C-5 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/18 UCS-C HN Public IP connected 1010 a-full a-1000 10/100/1000BaseTX Gi0/19 notconnect 1006 auto auto 10/100/1000BaseTX Gi0/20 notconnect 1 auto auto 10/100/1000BaseTX Gi0/21 notconnect 1 auto auto 10/100/1000BaseTX Gi0/22 notconnect 1 auto auto 10/100/1000BaseTX Gi0/23 notconnect 1 auto auto 10/100/1000BaseTX Gi0/24 notconnect 1 auto auto 10/100/1000BaseTX Gi0/25 notconnect 1 auto auto Not Present Gi0/26 notconnect 1 auto auto Not Present Gi0/27 notconnect 1 auto auto Not Present Gi0/28 notconnect 1 auto auto Not Present ncsu-3560# show version Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Thu 02-Dec-10 07:17 by prod_rel_team Image text-base: 0x01000000, data-base: 0x02F00000 ROM: Bootstrap program is C3560 boot loader BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1) ncsu-3560 uptime is 1 year, 3 weeks, 5 days, 2 hours, 49 minutes System returned to ROM by power-on System image file is "flash:c3560-ipservicesk9-mz.122-55.SE1" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C3560G-24PS (PowerPC405) processor (revision D0) with 131072K bytes of memory. Processor board ID FOC1022Y0HY Last reset from power-on 2 Virtual Ethernet interfaces 28 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 00:18:19:29:16:00 Motherboard assembly number : 73-9707-04 Power supply part number : 341-0108-03 Motherboard serial number : FOC10221C8M Power supply serial number : DCA102019DZ Model revision number : D0 Motherboard revision number : A0 Model number : WS-C3560G-24PS-S System serial number : FOC1022Y0HY SFP Module assembly part number : 73-7757-03 SFP Module revision Number : A0 SFP Module serial number : CAT10171FZX Top Assembly Part Number : 800-25863-03 Top Assembly Revision Number : A0 Version ID : V03 CLEI Code Number : COM5H00ARA Hardware Board Revision Number : 0x05 Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 28 WS-C3560G-24PS 12.2(55)SE1 C3560-IPSERVICESK9-M Configuration register is 0xF ncsu-3560#show vlan summary Number of existing VLANs : 11 Number of existing VTP VLANs : 5 Number of existing extended VLANS : 6 ncsu-3560#show running-config Building configuration... Current configuration : 5164 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ncsu-3560 <<>> line con 0 line vty 0 4 password 7 14141B180F0B login local transport input ssh line vty 5 15 login local transport input ssh ! end ncsu-3560# }}} Connect to the !OpenFlow switch: {{{ [lnevers@ncsu2-hn ~]$ ssh 192.168.107.4 -l admin Nexus 3500 Switch Password: Bad terminal type: "xterm-256color". Will assume vt100. Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php GENI3548# GENI3548# show interface status ------------------------------------------------------------------------------------ Port Name Status Vlan Duplex Speed Type ------------------------------------------------------------------------------------ Eth1/1 to FI-A connected trunk full 10G SFP-H10GB-CU3M Eth1/2 TO-FI-A-32-InterRa connected trunk full 10G SFP-H10GB-CU3M Eth1/3 to FI-B connected trunk full 10G SFP-H10GB-CU3M Eth1/4 TO-FI-B-32-InterRa connected trunk full 10G SFP-H10GB-CU3M Eth1/5 -- notconnec 1 full 10G 10Gbase-SR Eth1/6 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/7 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/8 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/9 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/10 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/11 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/12 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/13 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/14 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/15 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/16 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/17 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/18 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/19 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/20 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/21 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/22 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/23 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/24 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/25 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/26 -- connected 1 full 10G SFP-H10GB-CU1M Eth1/27 ncsu2-hn 1G eth fo disabled trunk full 1000 1000base-T Eth1/28 UCS-C mgmt 1007, 1 connected trunk full 1000 1000base-T Eth1/29 UCS-C mgmt 1007, 1 connected trunk full 1000 1000base-T Eth1/30 UCS-C mgmt 1007, 1 connected trunk full 1000 1000base-T Eth1/31 UCS-C mgmt 1007, 1 connected trunk full 1000 1000base-T Eth1/32 C-Series NCSU2-W1 connected trunk full 10G 10Gbase-SR Eth1/33 C-Series NCSU2-W2 connected trunk full 10G 10Gbase-SR Eth1/34 C-Series NCSU2-W3 connected trunk full 10G 10Gbase-SR Eth1/35 C-Series NCSU2-W4 connected trunk full 10G 10Gbase-SR Eth1/36 to UCS-C-1 connected trunk full 10G SFP-H10GB-CU5M Eth1/37 to UCS-C-1 connected trunk full 10G 10Gbase-SR Eth1/38 to UCS-C-2 OF connected trunk full 10G 10Gbase-SR Eth1/39 to UCS-C-3 OF connected trunk full 10G 10Gbase-SR Eth1/40 to UCS-C-4 OF connected trunk full 10G 10Gbase-SR Eth1/41 to UCS-C-5 OF connected trunk full 10G 10Gbase-SR Eth1/42 -- notconnec 1 full 1000 1000base-T Eth1/43 from e1/43-OF-Port connected trunk full 10G SFP-H10GB-CU1M Eth1/44 OF Port to forward connected trunk full 10G SFP-H10GB-CU1M Eth1/45 TO_3560 connected trunk full 1000 1000base-T Eth1/46 to AL2S via RENCI connected trunk full 10G 10Gbase-LR Eth1/47 to Netapp notconnec trunk full 10G 10Gbase-SR Eth1/48 to Netapp connected trunk full 10G 10Gbase-SR Po1 LACP link to UCS-C noOperMem 1 Full 10G -- mgmt0 -- connected routed full a-1000 -- GENI3548# GENI3548# show version Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html. Software BIOS: version 1.9.0 loader: version N/A kickstart: version 6.0(2)A4(1) [build 6.0(2)A4(0.862)] system: version 6.0(2)A4(1) [build 6.0(2)A4(0.862)] Power Sequencer Firmware: Module 1: version v3.1 BIOS compile time: 10/13/2012 kickstart image file is: bootflash:///n3500-uk9-kickstart.6.0.2.A4.0.862.bin kickstart compile time: 8/14/2014 11:00:00 [08/14/2014 15:06:01] system image file is: bootflash:///n3500-uk9.6.0.2.A4.0.862.bin system compile time: 8/14/2014 11:00:00 [08/14/2014 16:28:13] Hardware cisco Nexus 3548 Chassis ("48x10GE Supervisor") Intel(R) Pentium(R) CPU @ 1.50GHz with 3805876 kB of memory. Processor Board ID FOC18231ETM Device name: GENI3548 bootflash: 2007040 kB Kernel uptime is 14 day(s), 2 hour(s), 44 minute(s), 14 second(s) Last reset at 217361 usecs after Mon Nov 24 19:31:59 2014 Reason: Power down due to temperature sensor policy trigger System version: 6.0(2)A4(1) Service: plugin Core Plugin, Ethernet Plugin GENI3548# GENI3548# show vlan summary Number of existing VLANs : 127 Number of existing user VLANs : 112 Number of existing extended VLANs : 15 GENI3548# GENI3548# show running-config !Command: show running-config !Time: Tue Dec 9 10:38:34 2014 version 6.0(2)A4(1) hostname GENI3548 <<>>> line console line vty boot kickstart bootflash:/n3500-uk9-kickstart.6.0.2.A4.0.862.bin boot system bootflash:/n3500-uk9.6.0.2.A4.0.862.bin openflow switch 1 protocol-version 1.0 default-miss cascade controller logging flow-mod rate-limit packet_in 1 burst 4 pipeline 203 controller ipv4 192.168.107.20 port 6633 vrf default security XXX of-port interface ethernet1/32 of-port interface ethernet1/33 of-port interface ethernet1/34 of-port interface ethernet1/35 of-port interface ethernet1/44 ip dhcp snooping vlan 1007 mac address-table guard-vpc-peergw-mac virtual-service OF activate GENI3548# }}} Verify FOAM and !FlowVisor configuration files ownership and paths: {{{ [lnevers@ncsu2-hn ~]$ ls -l /etc/foam.passwd /etc/flowvisor.passwd /etc/flowvisor/fvpasswd /opt/foam/etc/foampasswd lrwxrwxrwx 1 root flowvisor 21 Feb 10 2014 /etc/flowvisor/fvpasswd -> /etc/flowvisor.passwd -r--r----- 1 flowvisor ncsu2admins 25 Feb 9 2014 /etc/flowvisor.passwd -r--r----- 1 root ncsu2admins 25 Feb 9 2014 /etc/foam.passwd lrwxrwxrwx 1 root root 16 Feb 10 2014 /opt/foam/etc/foampasswd -> /etc/foam.passwd [lnevers@ncsu2-hn ~]$ }}} Check FOAM version and FOAM configuration for site.admin.email, geni.site-tag, email.from settings on the NCSU2 head node: {{{ [lnevers@ncsu2-hn ~]$ foamctl admin:get-version --passwd-file=/etc/foam.passwd { "version": "0.14.0" } [lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="site.admin.email" --passwd-file=/opt/foam/etc/foampasswd { "value": "foam-admin@gpolab.bbn.com" } [lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="geni.site-tag" --passwd-file=/opt/foam/etc/foampasswd { "value": "ncsu2-hn.exogeni.net" } [lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="email.from" --passwd-file=/opt/foam/etc/foampasswd { "value": null } [lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="geni.approval.approve-on-creation" --passwd-file=/opt/foam/etc/foampasswd { "value": 0 } [lnevers@ncsu2-hn ~]$ }}} Show FOAM slivers details: {{{ [lnevers@ncsu2-hn ~]$ foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd { "slivers": [ { "status": "pending", "flowvisor_slice": "dd2e77e8-02d0-45b8-8053-32c65960a88c", "slice_urn": "urn:publicid:IDN+ch.geni.net:ln-test+slice+IG-CT-4", "pend_reason": [], "deleted": "False", "user": "urn:publicid:IDN+ch.geni.net+user+lnevers", "creation": "2014-12-04 19:42:24.569232+00:00", "enabled": false, "uuid": "dd2e77e8-02d0-45b8-8053-32c65960a88c", "id": 3, "expiration": "2014-12-10 00:00:00+00:00", "sliver_urn": "urn:publicid:IDN+ch.geni.net:ln-test+slice+IG-CT-4:dd2e77e8-02d0-45b8-8053-32c65960a88c", "ref": null, "email": "lnevers@bbn.com", "desc": "IG-CT-4 over 3716 " } ] } [lnevers@ncsu2-hn ~]$ }}} Check the !FlowVisor version, list of devices, get details for a device, list of active slices, and details for one of the slices on the NCSU2 Head node: {{{ [lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd ping hello Got reply: PONG(fvadmin): FV version=flowvisor-0.8.1::hello [lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listDevices Device 0: 00:01:18:e7:28:07:bf:c0 [lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd getDeviceInfo 00:01:18:e7:28:07:bf:c0 nPorts=5 portList=32,35,44,33,34 dpid=00:01:18:e7:28:07:bf:c0 remote=/192.168.107.20:6633-->/192.168.107.4:13369 portNames=Eth1/32(32),Eth1/35(35),Eth1/44(44),Eth1/33(33),Eth1/34(34) [lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices Slice 0: fvadmin Slice 1: orca-141 Slice 2: orca-142 Slice 3: orca-140 Slice 4: orca-143 Slice 5: orca-136 Slice 6: orca-137 Slice 7: orca-138 Slice 8: orca-128 Slice 9: orca-139 Slice 10: orca-158 Slice 11: orca-129 Slice 12: orca-159 Slice 13: orca-154 Slice 14: orca-155 Slice 15: orca-130 Slice 16: orca-156 Slice 17: orca-131 Slice 18: orca-157 Slice 19: orca-132 Slice 20: orca-133 Slice 21: orca-134 Slice 22: orca-152 Slice 23: orca-135 Slice 24: orca-153 [lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo orca-153 Got reply: connection_1=00:01:18:e7:28:07:bf:c0-->/152.48.13.190:24503-->ncsu2-hn.exogeni.net/152.48.13.190:54423 contact_email=exogeni-ops@renci.org controller_hostname=ncsu2-hn.exogeni.net controller_port=54423 creator=fvadmin [lnevers@ncsu2-hn ~]$ }}} = NCSU Administrative Access = With requested account accessed rack head node and verified root access and group membership: {{{ LNM:~$ ssh ncsu-hn.exogeni.net The authenticity of host 'ncsu-hn.exogeni.net (152.48.13.3)' can't be established. RSA key fingerprint is e0:ad:3d:c7:33:02:84:66:1e:44:7d:30:4d:20:5b:07. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ncsu-hn.exogeni.net,152.48.13.3' (RSA) to the list of known hosts. lnevers@ncsu-hn.exogeni.net's password: |-----------------------------------------------------------------| | ____ ____ ____ ____ ____ ____ ____ | | ||E |||x |||o |||G |||E |||N |||I || | | ||__|||__|||__|||__|||__|||__|||__|| | | |/__\|/__\|/__\|/__\|/__\|/__\|/__\| | | | |-----------------------------------------------------------------| [lnevers@ncsu-hn ~]$ sudo whoami We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for lnevers: root [lnevers@ncsu-hn ~]$ id uid=2107(lnevers) gid=2000(nonrenci) groups=2000(nonrenci),2502(ncsuadmins),2508(osfadmins),2509(ucdadmins),2510(sladmins),2512(ncsu2admins),2513(tamuadmins),9510(bbnadmins) [lnevers@ncsu-hn ~]$ }}} From head node verified login and administrative access to each of the worker nodes that supply VMs. {{{ [lnevers@ncsu-hn ~]$ for i in {1..13}; do sudo ssh root@ncsu-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done Executing on: ncsu-w1 root Linux ncsu-w1 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w2 root Linux ncsu-w2 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w3 root Linux ncsu-w3 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w4 root Linux ncsu-w4 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w5 root Linux ncsu-w5 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w6 root Linux ncsu-w6 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w7 root Linux ncsu-w7 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w8 root Linux ncsu-w8 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w9 root Linux ncsu-w9 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w10 root Linux ncsu-w10 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w11 root Linux ncsu-w11 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w12 root Linux ncsu-w12 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Executing on: ncsu-w13 root Linux ncsu-w13 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [lnevers@ncsu-hn ~]$ }}} For each Bare Metal node execute the following: {{{ for i in 14 15; do sudo ssh root@ncsu-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done }}} Connect to the management switch: {{{ [lnevers@ncsu-hn ~]$ ssh 192.168.107.2 -l admin Password: Password: ncsu-3560>ena Password: ncsu-3560#show interface status Port Name Status Vlan Duplex Speed Type Gi0/1 to SSG5 connected 1006 a-full a-100 10/100/1000BaseTX Gi0/2 To_N3K connected trunk a-full a-1000 10/100/1000BaseTX Gi0/3 Fabric_Interconnec connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/4 connected 1006 a-full a-100 10/100/1000BaseTX Gi0/5 notconnect 1 auto auto 10/100/1000BaseTX Gi0/6 Fabric Interconnec connected 1006 a-full a-100 10/100/1000BaseTX Gi0/7 to 4948 for Commod connected 1010 a-full a-1000 10/100/1000BaseTX Gi0/8 to N3064 disabled 1006 auto auto 10/100/1000BaseTX Gi0/9 connection to FI(A disabled 1 auto auto 10/100/1000BaseTX Gi0/10 connection to FI(A disabled 1 auto auto 10/100/1000BaseTX Gi0/11 notconnect 1 auto auto 10/100/1000BaseTX Gi0/12 N3548 Mgmt0 (192.1 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/13 to UCS-C-1 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/14 to UCS-C-2 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/15 to UCS-C-3 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/16 to UCS-C-4 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/17 to UCS-C-5 connected 1006 a-full a-1000 10/100/1000BaseTX Gi0/18 UCS-C HN Public IP connected 1010 a-full a-1000 10/100/1000BaseTX Gi0/19 notconnect 1006 auto auto 10/100/1000BaseTX Gi0/20 notconnect 1 auto auto 10/100/1000BaseTX Gi0/21 notconnect 1 auto auto 10/100/1000BaseTX Gi0/22 notconnect 1 auto auto 10/100/1000BaseTX Gi0/23 notconnect 1 auto auto 10/100/1000BaseTX Gi0/24 notconnect 1 auto auto 10/100/1000BaseTX Gi0/25 notconnect 1 auto auto Not Present Gi0/26 notconnect 1 auto auto Not Present Gi0/27 notconnect 1 auto auto Not Present Gi0/28 notconnect 1 auto auto Not Present ncsu-3560# ncsu-3560#show version Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Thu 02-Dec-10 07:17 by prod_rel_team Image text-base: 0x01000000, data-base: 0x02F00000 ROM: Bootstrap program is C3560 boot loader BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1) ncsu-3560 uptime is 1 year, 3 weeks, 5 days, 2 hours, 54 minutes System returned to ROM by power-on System image file is "flash:c3560-ipservicesk9-mz.122-55.SE1" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C3560G-24PS (PowerPC405) processor (revision D0) with 131072K bytes of memory. Processor board ID FOC1022Y0HY Last reset from power-on 2 Virtual Ethernet interfaces 28 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 00:18:19:29:16:00 Motherboard assembly number : 73-9707-04 Power supply part number : 341-0108-03 Motherboard serial number : FOC10221C8M Power supply serial number : DCA102019DZ Model revision number : D0 Motherboard revision number : A0 Model number : WS-C3560G-24PS-S System serial number : FOC1022Y0HY SFP Module assembly part number : 73-7757-03 SFP Module revision Number : A0 SFP Module serial number : CAT10171FZX Top Assembly Part Number : 800-25863-03 Top Assembly Revision Number : A0 Version ID : V03 CLEI Code Number : COM5H00ARA Hardware Board Revision Number : 0x05 Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 28 WS-C3560G-24PS 12.2(55)SE1 C3560-IPSERVICESK9-M Configuration register is 0xF ncsu-3560# ncsu-3560#show vlan summary Number of existing VLANs : 11 Number of existing VTP VLANs : 5 Number of existing extended VLANS : 6 ncsu-3560#show run ncsu-3560#show running-config Building configuration... Current configuration : 5164 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ncsu-3560 <<>> line con 0 line vty 0 4 password 7 14141B180F0B login local transport input ssh line vty 5 15 login local transport input ssh ! end ncsu-3560# }}} Connect to the !OpenFlow switch: {{{ [lnevers@ncsu-hn ~]$ ssh 192.168.107.4 -l admin Nexus 3500 Switch Password: Bad terminal type: "xterm-256color". Will assume vt100. Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php GENI3548# GENI3548# show interface status ------------------------------------------------------------------------------------ Port Name Status Vlan Duplex Speed Type ------------------------------------------------------------------------------------ Eth1/1 to FI-A connected trunk full 10G SFP-H10GB-CU3M Eth1/2 TO-FI-A-32-InterRa connected trunk full 10G SFP-H10GB-CU3M Eth1/3 to FI-B connected trunk full 10G SFP-H10GB-CU3M Eth1/4 TO-FI-B-32-InterRa connected trunk full 10G SFP-H10GB-CU3M Eth1/5 -- notconnec 1 full 10G 10Gbase-SR Eth1/6 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/7 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/8 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/9 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/10 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/11 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/12 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/13 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/14 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/15 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/16 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/17 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/18 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/19 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/20 FI-A 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/21 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/22 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/23 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/24 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/25 FI-B 16-30 for Ope disabled trunk full 10G SFP-H10GB-CU1M Eth1/26 -- connected 1 full 10G SFP-H10GB-CU1M Eth1/27 ncsu2-hn 1G eth fo disabled trunk full 1000 1000base-T Eth1/28 UCS-C mgmt 1007, 1 connected trunk full 1000 1000base-T Eth1/29 UCS-C mgmt 1007, 1 connected trunk full 1000 1000base-T Eth1/30 UCS-C mgmt 1007, 1 connected trunk full 1000 1000base-T Eth1/31 UCS-C mgmt 1007, 1 connected trunk full 1000 1000base-T Eth1/32 C-Series NCSU2-W1 connected trunk full 10G 10Gbase-SR Eth1/33 C-Series NCSU2-W2 connected trunk full 10G 10Gbase-SR Eth1/34 C-Series NCSU2-W3 connected trunk full 10G 10Gbase-SR Eth1/35 C-Series NCSU2-W4 connected trunk full 10G 10Gbase-SR Eth1/36 to UCS-C-1 connected trunk full 10G SFP-H10GB-CU5M Eth1/37 to UCS-C-1 connected trunk full 10G 10Gbase-SR Eth1/38 to UCS-C-2 OF connected trunk full 10G 10Gbase-SR Eth1/39 to UCS-C-3 OF connected trunk full 10G 10Gbase-SR Eth1/40 to UCS-C-4 OF connected trunk full 10G 10Gbase-SR Eth1/41 to UCS-C-5 OF connected trunk full 10G 10Gbase-SR Eth1/42 -- notconnec 1 full 1000 1000base-T Eth1/43 from e1/43-OF-Port connected trunk full 10G SFP-H10GB-CU1M Eth1/44 OF Port to forward connected trunk full 10G SFP-H10GB-CU1M Eth1/45 TO_3560 connected trunk full 1000 1000base-T Eth1/46 to AL2S via RENCI connected trunk full 10G 10Gbase-LR Eth1/47 to Netapp notconnec trunk full 10G 10Gbase-SR Eth1/48 to Netapp connected trunk full 10G 10Gbase-SR Po1 LACP link to UCS-C noOperMem 1 Full 10G -- mgmt0 -- connected routed full a-1000 -- GENI3548# GENI3548# show version Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html. Software BIOS: version 1.9.0 loader: version N/A kickstart: version 6.0(2)A4(1) [build 6.0(2)A4(0.862)] system: version 6.0(2)A4(1) [build 6.0(2)A4(0.862)] Power Sequencer Firmware: Module 1: version v3.1 BIOS compile time: 10/13/2012 kickstart image file is: bootflash:///n3500-uk9-kickstart.6.0.2.A4.0.862.bin kickstart compile time: 8/14/2014 11:00:00 [08/14/2014 15:06:01] system image file is: bootflash:///n3500-uk9.6.0.2.A4.0.862.bin system compile time: 8/14/2014 11:00:00 [08/14/2014 16:28:13] Hardware cisco Nexus 3548 Chassis ("48x10GE Supervisor") Intel(R) Pentium(R) CPU @ 1.50GHz with 3805876 kB of memory. Processor Board ID FOC18231ETM Device name: GENI3548 bootflash: 2007040 kB Kernel uptime is 14 day(s), 2 hour(s), 51 minute(s), 44 second(s) Last reset at 217361 usecs after Mon Nov 24 19:31:59 2014 Reason: Power down due to temperature sensor policy trigger System version: 6.0(2)A4(1) Service: plugin Core Plugin, Ethernet Plugin GENI3548# GENI3548# show vlan summary Number of existing VLANs : 127 Number of existing user VLANs : 112 Number of existing extended VLANs : 15 GENI3548# GENI3548# show running-config !Command: show running-config !Time: Tue Dec 9 10:35:20 2014 version 6.0(2)A4(1) hostname GENI3548 <<>>> line console line vty boot kickstart bootflash:/n3500-uk9-kickstart.6.0.2.A4.0.862.bin boot system bootflash:/n3500-uk9.6.0.2.A4.0.862.bin openflow switch 1 protocol-version 1.0 default-miss cascade controller logging flow-mod rate-limit packet_in 1 burst 4 pipeline 203 controller ipv4 192.168.107.20 port 6633 vrf default security XXXXX of-port interface ethernet1/32 of-port interface ethernet1/33 of-port interface ethernet1/34 of-port interface ethernet1/35 of-port interface ethernet1/44 ip dhcp snooping vlan 1007 mac address-table guard-vpc-peergw-mac virtual-service OF activate }}} Verify FOAM and !FlowVisor configuration files ownership and paths: {{{ [lnevers@ncsu-hn ~]$ ls -l /etc/foam.passwd /etc/flowvisor.passwd /etc/flowvisor/fvpasswd /opt/foam/etc/foampasswd lrwxrwxrwx 1 root flowvisor 21 Feb 21 2013 /etc/flowvisor/fvpasswd -> /etc/flowvisor.passwd -r--r----- 1 flowvisor ncsuadmins 25 Feb 20 2013 /etc/flowvisor.passwd -r--r-----+ 1 root ncsuadmins 25 Feb 20 2013 /etc/foam.passwd lrwxrwxrwx 1 root root 16 Feb 21 2013 /opt/foam/etc/foampasswd -> /etc/foam.passwd [lnevers@ncsu-hn ~]$ }}} Check FOAM version and FOAM configuration for site.admin.email, geni.site-tag, email.from settings on the NCSU head node: {{{ [lnevers@ncsu-hn ~]$ foamctl admin:get-version --passwd-file=/etc/foam.passwd Basic auth failed: invalid password [lnevers@ncsu-hn ~]$ foamctl config:get-value --key="site.admin.email" --passwd-file=/opt/foam/etc/foampasswd Basic auth failed: invalid password [lnevers@ncsu-hn ~]$ foamctl config:get-value --key="geni.site-tag" --passwd-file=/opt/foam/etc/foampasswd Basic auth failed: invalid password [lnevers@ncsu-hn ~]$ foamctl config:get-value --key="email.from" --passwd-file=/opt/foam/etc/foampasswd Basic auth failed: invalid password [lnevers@ncsu-hn ~]$ foamctl config:get-value --key="geni.approval.approve-on-creation" --passwd-file=/opt/foam/etc/foampasswd Basic auth failed: invalid password [lnevers@ncsu-hn ~]$ }}} '''Note: Fails as expected, no !OpenFlow for NCSU rack.''' Show FOAM slivers details: {{{ [lnevers@ncsu-hn ~]$ foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd Basic auth failed: invalid password }}} '''Note: Fails as expected, no !OpenFlow for NCSU rack.''' Check the !FlowVisor version, list of devices, get details for a device, list of active slices, and details for one of the slices on the NCSU Head node: {{{ [lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd ping hello Got reply: PONG(fvadmin): FV version=flowvisor-0.8.1::hello [lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listDevices [lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices Slice 0: fvadmin Slice 1: N3K-Test [lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo N3K-Test Got reply: contact_email=slice=tester@renci.org controller_hostname=127.0.0.1 controller_port=60635 creator=fvadmin [lnevers@ncsu-hn ~]$ }}} '''Note: No Device present as expected, no !OpenFlow at NCSU'''