wiki:GENIRacksHome/CiscoGENIRacks/AcceptanceTestStatus/CG-ADM-1

Version 8 (modified by lnevers@bbn.com, 5 years ago) (diff)

--

CG-ADM-1 Administrative Tests

This test validates administrative access for NCSU2 and NCSU Cisco racks. Cisco GENI Racks Administrator accounts can be obtained as described at the ExoGENI Rack Operators page where accounts creation and usage is documented.

Test Status

This section captures the status for each step in the acceptance test plan.

Test State Tickets/Comments
NCSU2 Administrative Access Color(#63B8FF,In Progress)? Need control and data plane switches access information
NCSU Administrative Access Color(#63B8FF,In Progress)? Need control and data plane switches access information


State Legend Description
Color(green,Pass)? Test completed and met all criteria
Color(#98FB98,Pass: most criteria)? Test completed and met most criteria. Exceptions documented
Color(red,Fail)? Test completed and failed to meet criteria.
Color(yellow,Complete)? Test completed but will require re-execution due to expected changes
Color(orange,Blocked)? Blocked by ticketed issue(s).
Color(#63B8FF,In Progress)? Currently under test.


NCSU2 Administrative Access

With requested account accessed rack head node and verified root access and group membership:

LNM:~$ ssh ncsu2-hn.exogeni.net
The authenticity of host 'ncsu2-hn.exogeni.net (152.48.13.190)' can't be established.
RSA key fingerprint is 73:17:05:21:29:42:71:05:52:e5:fd:16:a1:07:78:be.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ncsu2-hn.exogeni.net,152.48.13.190' (RSA) to the list of known hosts.
lnevers@ncsu2-hn.exogeni.net's password: 
Creating home directory for lnevers.
|-----------------------------------------------------------------|
|		 ____ ____ ____ ____ ____ ____ ____ 		  |
|		||E |||x |||o |||G |||E |||N |||I ||		  |
|		||__|||__|||__|||__|||__|||__|||__||		  |
|		|/__\|/__\|/__\|/__\|/__\|/__\|/__\|		  |
|                                                                 |
|-----------------------------------------------------------------|
[lnevers@ncsu2-hn ~]$ sudo whoami

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for lnevers: 
root
[lnevers@ncsu2-hn ~]$ id
uid=2107(lnevers) gid=2000(nonrenci) groups=2000(nonrenci),2502(ncsuadmins),2508(osfadmins),2509(ucdadmins),2510(sladmins),2512(ncsu2admins),2513(tamuadmins),9510(bbnadmins)
[lnevers@ncsu2-hn ~]$

From head node verified login and administrative access to each of the worker nodes that supply VMs.

[lnevers@ncsu2-hn ~]$ for i in 1 2 3 4 ; do sudo ssh root@ncsu2-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done
Executing on: ncsu2-w1
root
Linux ncsu2-w1 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu2-w2
root
Linux ncsu2-w2 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu2-w3
root
Linux ncsu2-w3 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu2-w4
root
Linux ncsu2-w4 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[lnevers@ncsu2-hn ~]$ 

For each worker node execute the following:

for i in X Y; do sudo ssh root@ncsu2-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done

Note: No Bare Metal Nodes

Connect to the management switch:

[lnevers@ncsu2-hn ~]$ ssh ncsu-8052.ncsu.xo

>ena

show interface status 
show version
show vlan

Connect to the OpenFlow switch:

 ssh lnevers@ncsu2-8264.ncsu.xo

>ena

show interface status
show version brief 
show vlan

Verify FOAM and FlowVisor configuration files ownership and paths:

[lnevers@ncsu2-hn ~]$ ls -l /etc/foam.passwd  /etc/flowvisor.passwd /etc/flowvisor/fvpasswd /opt/foam/etc/foampasswd
lrwxrwxrwx 1 root      flowvisor   21 Feb 10  2014 /etc/flowvisor/fvpasswd -> /etc/flowvisor.passwd
-r--r----- 1 flowvisor ncsu2admins 25 Feb  9  2014 /etc/flowvisor.passwd
-r--r----- 1 root      ncsu2admins 25 Feb  9  2014 /etc/foam.passwd
lrwxrwxrwx 1 root      root        16 Feb 10  2014 /opt/foam/etc/foampasswd -> /etc/foam.passwd
[lnevers@ncsu2-hn ~]$ 

Check FOAM version and FOAM configuration for site.admin.email, geni.site-tag, email.from settings on the NCSU2 head node:

[lnevers@ncsu2-hn ~]$ foamctl admin:get-version  --passwd-file=/etc/foam.passwd
{
 "version": "0.14.0"
}
[lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="site.admin.email"  --passwd-file=/opt/foam/etc/foampasswd
{
 "value": "foam-admin@gpolab.bbn.com"
}
[lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="geni.site-tag"  --passwd-file=/opt/foam/etc/foampasswd

{
 "value": "ncsu2-hn.exogeni.net"
}
[lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="email.from"  --passwd-file=/opt/foam/etc/foampasswd
{
 "value": null
}
[lnevers@ncsu2-hn ~]$ foamctl config:get-value --key="geni.approval.approve-on-creation"  --passwd-file=/opt/foam/etc/foampasswd
{
 "value": 0
}
[lnevers@ncsu2-hn ~]$

Show FOAM slivers details:

[lnevers@ncsu2-hn ~]$ foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd 
{
 "slivers": [
  {
   "status": "pending", 
   "flowvisor_slice": "dd2e77e8-02d0-45b8-8053-32c65960a88c", 
   "slice_urn": "urn:publicid:IDN+ch.geni.net:ln-test+slice+IG-CT-4", 
   "pend_reason": [], 
   "deleted": "False", 
   "user": "urn:publicid:IDN+ch.geni.net+user+lnevers", 
   "creation": "2014-12-04 19:42:24.569232+00:00", 
   "enabled": false, 
   "uuid": "dd2e77e8-02d0-45b8-8053-32c65960a88c", 
   "id": 3, 
   "expiration": "2014-12-10 00:00:00+00:00", 
   "sliver_urn": "urn:publicid:IDN+ch.geni.net:ln-test+slice+IG-CT-4:dd2e77e8-02d0-45b8-8053-32c65960a88c", 
   "ref": null, 
   "email": "lnevers@bbn.com", 
   "desc": "IG-CT-4 over 3716 "
  }
 ]
}
[lnevers@ncsu2-hn ~]$ 

Check the FlowVisor version, list of devices, get details for a device, list of active slices, and details for one of the slices on the NCSU2 Head node:

[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd ping hello
Got reply:
PONG(fvadmin): FV version=flowvisor-0.8.1::hello
[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listDevices
Device 0: 00:01:18:e7:28:07:bf:c0
[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd getDeviceInfo 00:01:18:e7:28:07:bf:c0
nPorts=5
portList=32,35,44,33,34
dpid=00:01:18:e7:28:07:bf:c0
remote=/192.168.107.20:6633-->/192.168.107.4:13369
portNames=Eth1/32(32),Eth1/35(35),Eth1/44(44),Eth1/33(33),Eth1/34(34)
[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices
Slice 0: fvadmin
Slice 1: orca-141
Slice 2: orca-142
Slice 3: orca-140
Slice 4: orca-143
Slice 5: orca-136
Slice 6: orca-137
Slice 7: orca-138
Slice 8: orca-128
Slice 9: orca-139
Slice 10: orca-158
Slice 11: orca-129
Slice 12: orca-159
Slice 13: orca-154
Slice 14: orca-155
Slice 15: orca-130
Slice 16: orca-156
Slice 17: orca-131
Slice 18: orca-157
Slice 19: orca-132
Slice 20: orca-133
Slice 21: orca-134
Slice 22: orca-152
Slice 23: orca-135
Slice 24: orca-153
[lnevers@ncsu2-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo orca-153
Got reply:
connection_1=00:01:18:e7:28:07:bf:c0-->/152.48.13.190:24503-->ncsu2-hn.exogeni.net/152.48.13.190:54423
contact_email=exogeni-ops@renci.org
controller_hostname=ncsu2-hn.exogeni.net
controller_port=54423
creator=fvadmin
[lnevers@ncsu2-hn ~]$

NCSU Administrative Access

With requested account accessed rack head node and verified root access and group membership:

LNM:~$ ssh ncsu-hn.exogeni.net
The authenticity of host 'ncsu-hn.exogeni.net (152.48.13.3)' can't be established.
RSA key fingerprint is e0:ad:3d:c7:33:02:84:66:1e:44:7d:30:4d:20:5b:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ncsu-hn.exogeni.net,152.48.13.3' (RSA) to the list of known hosts.
lnevers@ncsu-hn.exogeni.net's password: 
|-----------------------------------------------------------------|
|		 ____ ____ ____ ____ ____ ____ ____ 		  |
|		||E |||x |||o |||G |||E |||N |||I ||		  |
|		||__|||__|||__|||__|||__|||__|||__||		  |
|		|/__\|/__\|/__\|/__\|/__\|/__\|/__\|		  |
|                                                                 |
|-----------------------------------------------------------------|
[lnevers@ncsu-hn ~]$ sudo whoami

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for lnevers: 
root
[lnevers@ncsu-hn ~]$ id
uid=2107(lnevers) gid=2000(nonrenci) groups=2000(nonrenci),2502(ncsuadmins),2508(osfadmins),2509(ucdadmins),2510(sladmins),2512(ncsu2admins),2513(tamuadmins),9510(bbnadmins)
[lnevers@ncsu-hn ~]$

From head node verified login and administrative access to each of the worker nodes that supply VMs.

[lnevers@ncsu-hn ~]$ for i in {1..13}; do sudo ssh root@ncsu-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done
Executing on: ncsu-w1
root
Linux ncsu-w1 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w2
root
Linux ncsu-w2 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w3
root
Linux ncsu-w3 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w4
root
Linux ncsu-w4 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w5
root
Linux ncsu-w5 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w6
root
Linux ncsu-w6 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w7
root
Linux ncsu-w7 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w8
root
Linux ncsu-w8 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w9
root
Linux ncsu-w9 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w10
root
Linux ncsu-w10 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w11
root
Linux ncsu-w11 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w12
root
Linux ncsu-w12 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Executing on: ncsu-w13
root
Linux ncsu-w13 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[lnevers@ncsu-hn ~]$

For each Bare Metal node execute the following:

for i in 14 15; do sudo ssh root@ncsu-w$i "echo -n 'Executing on: ' ; hostname;whoami;uname -a"; done

Connect to the management switch:

[lnevers@ncsu-hn ~]$ ssh ncsu-8052.ncsu.xo

>ena

show interface status 
show version
show vlan

Connect to the OpenFlow switch:

 ssh lnevers@ncsu-8264.ncsu.xo

>ena

show interface status
show version brief 
show vlan

Verify FOAM and FlowVisor configuration files ownership and paths:

[lnevers@ncsu-hn ~]$ ls -l /etc/foam.passwd  /etc/flowvisor.passwd /etc/flowvisor/fvpasswd /opt/foam/etc/foampasswd
lrwxrwxrwx  1 root      flowvisor  21 Feb 21  2013 /etc/flowvisor/fvpasswd -> /etc/flowvisor.passwd
-r--r-----  1 flowvisor ncsuadmins 25 Feb 20  2013 /etc/flowvisor.passwd
-r--r-----+ 1 root      ncsuadmins 25 Feb 20  2013 /etc/foam.passwd
lrwxrwxrwx  1 root      root       16 Feb 21  2013 /opt/foam/etc/foampasswd -> /etc/foam.passwd
[lnevers@ncsu-hn ~]$ 

Check FOAM version and FOAM configuration for site.admin.email, geni.site-tag, email.from settings on the NCSU head node:

[lnevers@ncsu-hn ~]$ foamctl admin:get-version  --passwd-file=/etc/foam.passwd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ foamctl config:get-value --key="site.admin.email"  --passwd-file=/opt/foam/etc/foampasswd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ foamctl config:get-value --key="geni.site-tag"  --passwd-file=/opt/foam/etc/foampasswd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ foamctl config:get-value --key="email.from"  --passwd-file=/opt/foam/etc/foampasswd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ foamctl config:get-value --key="geni.approval.approve-on-creation"  --passwd-file=/opt/foam/etc/foampasswd
Basic auth failed: invalid password
[lnevers@ncsu-hn ~]$ 

Note: Fails as expected, no OpenFlow for NCSU rack.

Show FOAM slivers details:

[lnevers@ncsu-hn ~]$ foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd 
Basic auth failed: invalid password

Note: Fails as expected, no OpenFlow for NCSU rack.

Check the FlowVisor version, list of devices, get details for a device, list of active slices, and details for one of the slices on the NCSU Head node:

[lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd ping hello
Got reply:
PONG(fvadmin): FV version=flowvisor-0.8.1::hello
[lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listDevices
[lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices
Slice 0: fvadmin
Slice 1: N3K-Test
[lnevers@ncsu-hn ~]$ /opt/flowvisor/bin/fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo  N3K-Test
Got reply:
contact_email=slice=tester@renci.org
controller_hostname=127.0.0.1
controller_port=60635
creator=fvadmin
[lnevers@ncsu-hn ~]$ 

Note: No Device present as expected, no OpenFlow at NCSU