Context Navigation

EG-MON-2

Timestamp:: 08/14/12 18:05:11 (12 years ago)
Author:: Josh Smift
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

GENIRacksHome/ExogeniRacks/AcceptanceTestStatus/EG-MON-2

-                      v8
+                      v9
 || '''Step''' || '''State'''                || '''Date completed''' || '''Open Tickets''' || '''Closed Tickets/Comments'''                      ||
 || 1          || [[Color(orange,Blocked)]]  ||                      ||                    || need info from exogeni-design, asked 2012-08-14    ||
 || 2          || [[Color(orange,Blocked)]]  ||                      ||                    || need info from exogeni-design, asked 2012-08-14    ||
 || 3          || [[Color(orange,Blocked)]]  ||                      ||                    || need info from exogeni-design, asked 2012-08-14    ||
 || 4          || [[Color(orange,Blocked)]]  ||                      ||                    || need info from exogeni-design, asked 2012-08-14    ||
+|| 1          || [[Color(lightgreen,Pass)]] || 2012-08-14           ||                    ||                                                    ||
+|| 2          || [[Color(lightgreen,Pass)]] || 2012-08-14           ||                    ||                                                    ||
+|| 3          || [[Color(lightgreen,Pass)]] || 2012-08-14           ||                    ||                                                    ||
+|| 4          || [[Color(lightgreen,Pass)]] || 2012-08-14           ||                    ||                                                    ||
 || 5          || [[Color(lightgreen,Pass)]] || 2012-08-14           ||                    ||                                                    ||
 …
  * A site administrator uses available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine the configuration of ExoGENI resources:
    * How many VMs are assigned to each of the BBN rack SM and the global ExoSM
    * How many bare metal nodes are configured on the rack and whether they are controlled by the BBN rack SM or by ExoSM.
    * How many unbound VLANs are in the rack's available pool and whether they are controlled by the BBN rack SM or by ExoSM.
+   * How many bare metal nodes are configured on the rack and whether they are allocated to the BBN rack SM or by ExoSM.
+   * How many unbound VLANs are in the rack's available pool and whether they are allocated to the BBN rack SM or by ExoSM.
    * Whether the BBN ExoGENI AM, the RENCI ExoGENI AM, and ExoSM trust the pgeni.gpolab.bbn.com slice authority, which will be used for testing.
  * A site administrator uses available system data sources to determine the configuration of !OpenFlow resources according to FOAM, ExoGENI, and !FlowVisor.
 …
  * The site administrator can determine how many VMs are allocated to each SM
+=== Results of Step 1 from 2012-08-14 ===
+On bbn-hn, in /opt/orca-12080/config/config.xml, I see
+{{{
+        <topology>
+                <edges>
+                        <edge>
+                                <from name="bbn-broker" guid="2d6308a4-e38b-4210-9f4b-3319acd28e4e" type="broker">
+                                        <location protocol="soapaxis2" url="http://bbn-hn.bbn.exogeni.net:13080/orca/services/bbn-broker"/>
+<certificate>
+MIICbTCCAdagAwIBAgIET0+04zANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE
+CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt
+MCsGA1UEAxMkMmQ2MzA4YTQtZTM4Yi00MjEwLTlmNGItMzMxOWFjZDI4ZTRlMB4XDTEyMDMwMTE3
+NDE1NVoXDTIyMDIyNzE3NDE1NVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH
+EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDJkNjMw
+OGE0LWUzOGItNDIxMC05ZjRiLTMzMTlhY2QyOGU0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA0LqNHOAo51mJbWHQaozNPZ3+rbwommOcP0aSe0dEOlF4YtdOy6CewxiipDpMrcbia/Ur3wfn
+s83Tm/+5tgGNyn9jmhGfmCGKr6PVieF0/F3jGsGN3wDX6C2bOG/B99pDbtyWM6EJR5wxVLVYsuji
+kkzA2I5P6Ri/G/edh1yaex0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAGmuajmFFnd577IX/rvit4
+vL+HlM2Yybf22bkEqlzG0uFtaXFJRUto9xOcSPm+Y3xijkf2B/X4Q+N73CFTxBEJkSh6s89SPUab
+nLHlwi3NXDPNd5t3WR4L0KzWgFndObXbxP0ZQFS7bI5O/F8k6iBNVa5PfEvkTVekpJvYA9WJTg==
+</certificate>
+                                </from>
+                                <to name="bbn-vm-am" guid="8e9f5bd9-6bd4-495b-9293-92a982e8ecf0" type="site" />
+                                <rset>
+                                        <type>bbnvmsite.vm</type>
+                                        <units>48</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+                                <!--
+                                <rset>
+                                        <type>bbnvmsite.baremetalce</type>
+                                        <units>1</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+                                -->
+                                <rset>
+                                        <type>bbnvmsite.vlan</type>
+                                        <units>500</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+                        </edge>
+                        <edge>
+                                <from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker">
+                                        <location protocol="soapaxis2" url="http://geni-net.renci.org:11080/orca/services/ndl-broker"/>
+<certificate>
+MIICbTCCAdagAwIBAgIETDtgYzANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE
+CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt
+MCsGA1UEAxMkMjViYzkxMTEtOWI0MS00NmFiLWE5NmItM2M4N2Y1NzRjZmRlMB4XDTEwMDcxMjE4
+MzUxNVoXDTIwMDcwOTE4MzUxNVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH
+EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDI1YmM5
+MTExLTliNDEtNDZhYi1hOTZiLTNjODdmNTc0Y2ZkZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAqcyS60d5t9c3eEud529hYmD/0BrIHGkEevwAtqBb7FFD1X98SB1G8y7gzxplt0xr2Hm72Et+
+qB7YgT6XQHWfJQQW7RUZEnrDbGsS0v6bffY291eeDVd0ZCH1ogzPDlyMqdhSGKsstqZd0CYc2E
+zRFNngOIytBu1m59Jr6/FqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCpFKta+1JitcfPbti3x3Tj
+WqqINj2f/MzwTVZbxV1eW6gLrwc3FRTX8RgAfqn2sl9Igxfzb+GbQbhY2j5iyBsEV90eKjQQitgv
+KUA1IpJqVMYiGSohX2jL+uXEK7bujv9eRyNG82Rp+ouWCrDKo7kOVLh/iSD1s8Mrk03/wd3qfw==
+</certificate>
+                                </from>
+                                <to name="bbn-vm-am" guid="8e9f5bd9-6bd4-495b-9293-92a982e8ecf0" type="site" />
+                                <rset>
+                                        <type>bbnvmsite.vm</type>
+                                        <units>48</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+                                <rset>
+                                        <type>bbnvmsite.baremetalce</type>
+                                        <units>2</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+                                <rset>
+                                        <type>bbnvmsite.vlan</type>
+                                        <units>500</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+                        </edge>
+                        <edge>
+                                <from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker">
+                                        <location protocol="soapaxis2" url="http://geni-net.renci.org:11080/orca/services/ndl-broker"/>
+<certificate>
+MIICbTCCAdagAwIBAgIETDtgYzANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE
+CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt
+MCsGA1UEAxMkMjViYzkxMTEtOWI0MS00NmFiLWE5NmItM2M4N2Y1NzRjZmRlMB4XDTEwMDcxMjE4
+MzUxNVoXDTIwMDcwOTE4MzUxNVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH
+EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDI1YmM5
+MTExLTliNDEtNDZhYi1hOTZiLTNjODdmNTc0Y2ZkZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAqcyS60d5t9c3eEud529hYmD/0BrIHGkEevwAtqBb7FFD1X98SB1G8y7gzxplt0xr2Hm72Et+
+qB7YgT6XQHWfJQQW7RUZEnrDbGsS0v6bffY291eeDVd0ZCH1ogzPDlyMqdhSGKsstqZd0CYc2E
+zRFNngOIytBu1m59Jr6/FqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCpFKta+1JitcfPbti3x3Tj
+WqqINj2f/MzwTVZbxV1eW6gLrwc3FRTX8RgAfqn2sl9Igxfzb+GbQbhY2j5iyBsEV90eKjQQitgv
+KUA1IpJqVMYiGSohX2jL+uXEK7bujv9eRyNG82Rp+ouWCrDKo7kOVLh/iSD1s8Mrk03/wd3qfw==
+</certificate>
+                                </from>
+                                <to name="bbn-net-am" guid="ca369912-0b78-4cc0-a52a-89b9eff03cf2" type="site" />
+                                <rset>
+                                        <type>bbnNet.vlan</type>
+                                        <units>10</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+                        </edge>
+                </edges>
+        </topology>
+}}}
+That indicates that 48 VMs are allocated to bbn-broker, and 48 VMs are allocated to ndl-broker.
 == Step 2: determine bare metal node configurations ==
 …
 '''Using:'''
  * On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine how many nodes in the rack are configured as bare metal nodes, and whether they are controlled by the BBN rack SM or by ExoSM.
+ * On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine how many nodes in the rack are configured as bare metal nodes, and whether they are allocated to the BBN rack SM or by ExoSM.
 '''Verify:'''
+ * The site administrator can determine how many bare metal nodes are controlled by the local SM
+ * The site administrator can determine where each rack bare metal node's controller is if the controller is not the local SM
+ * The site administrator can determine how many bare metal nodes are allocated to the local SM
+ * The site administrator can determine what each bare metal node is allocated to if it is not allocated to the local SM
+=== Results of Step 2 from 2012-08-14 ===
+See Step 1 for the full topology element from /opt/orca-12080/config/config.xml. In that topology, I see
+{{{
+                                <!--
+                                <rset>
+                                        <type>bbnvmsite.baremetalce</type>
+                                        <units>1</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+                                -->
+}}}
+in the bbn-broker section, and
+{{{
+                                <rset>
+                                        <type>bbnvmsite.baremetalce</type>
+                                        <units>2</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+}}}
+in the ndl-broker section.
+That indicates that one bare metal node would normally be allocated to bbn-broker, but it's commented out; and two bare metal nodes are currently allocated to ndl-broker.
 == Step 3: determine available VLAN pool ==
 …
  * The site administrator can determine what bound VLANs are available for use and where they are allocated.
+=== Results of Step 3 from 2012-08-14 ===
+For the first, see Step 1 for the full topology element from /opt/orca-12080/config/config.xml. In that topology, I see
+{{{
+                                <rset>
+                                        <type>bbnvmsite.vlan</type>
+                                        <units>500</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+}}}
+in the bbn-broker section, and
+{{{
+                                <rset>
+                                        <type>bbnvmsite.vlan</type>
+                                        <units>500</units>
+                                        <start>2010-01-30T00:00:00</start>
+                                        <end>2031-01-30T00:00:00</end>
+                                </rset>
+}}}
+in the ndl-broker section.
+That indicates that 500 VLANs are allocated to bbn-broker, and 500 VLANs are allocated to ndl-broker.
+For the second, in /opt/orca-12080/ndl/bbnvmsite.rdf, I see
+{{{
+    <layer:LabelSet rdf:about="#Bbn/ExoGeni/staticVLANSet">
+        <collections:size rdf:datatype="&xsd;int">1</collections:size>
+        <domain:isAllocatable rdf:datatype="&xsd;boolean">false</domain:isAllocatable>
+        <collections:element rdf:resource="#Bbn/ExoGeni/VLANLabel/1750"/>
+        <domain:hasResourceType rdf:resource="&domain;VLAN"/>
+    </layer:LabelSet>
+}}}
+which indicates that VLAN 1750 is the only bound VLAN.
 == Step 4: determine which GENI SAs are trusted ==
 …
 '''Using:'''
+ * On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine which GENI slice authorities the local rack SM trusts.
+ * Use the GENI AM API to verify that the BBN ExoGENI AM, the RENCI ExoGENI AM and the ExoSM trust the pgeni.gpolab.bbn.com SA.
+ * On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine which GENI slice authorities the BBN ExoGENI AM trusts.
+ * On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine which GENI slice authorities FOAM trusts.
+ * Use the GENI AM API to verify that the BBN ExoGENI AM and the ExoSM trust the pgeni.gpolab.bbn.com SA.
  * Use the GENI AM API to verify that the rack FOAM instance trusts the pgeni.gpolab.bbn.com SA.
 …
 === Results of Step 4 from 2012-08-14 ===
+I verified that the rack FOAM instance trusts the pgeni.gpolab.bbn.com SA in two ways.
+On bbn-hn:
+For the first, on bbn-hn:
+{{{
+[17:37:14] jbs@bbn-hn:/home/jbs
++$ keytool -v -list -keystore /opt/orca-11080/config/geni-trusted.jks
+Enter keystore password:
+*****************  WARNING WARNING WARNING  *****************
+* The integrity of the information stored in your keystore  *
+* has NOT been verified!  In order to verify its integrity, *
+* you must provide your keystore password.                  *
+*****************  WARNING WARNING WARNING  *****************
+Keystore type: JKS
+Keystore provider: SUN
+Your keystore contains 3 entries
+Alias name: ben-ca
+Creation date: Nov 29, 2011
+Entry type: trustedCertEntry
+Owner: EMAILADDRESS=ben-ops@renci.org, O=BEN@RENCI, L=Chapel Hill, ST=NC, C=US
+Issuer: EMAILADDRESS=ben-ops@renci.org, O=BEN@RENCI, L=Chapel Hill, ST=NC, C=US
+Serial number: 88753bc67f92f627
+Valid from: Fri Aug 29 14:27:45 EDT 2008 until: Mon Aug 27 14:27:45 EDT 2018
+Certificate fingerprints:
+         MD5:  6A:5B:EA:64:D7:40:BF:C1:AC:F0:D0:34:A6:54:00:C5
+         SHA1: 94:63:C3:04:4F:48:00:B7:35:34:35:32:C3:03:E5:B7:2E:3A:44:B1
+         Signature algorithm name: SHA1withRSA
+         Version: 3
+Extensions:
+#1: ObjectId: 2.5.29.14 Criticality=false
+SubjectKeyIdentifier [
+KeyIdentifier [
+: D8 9C 85 3A 11 47 9B CF   41 2E 59 B3 8B 54 37 F0  ...:.G..A.Y..T7.
+: B9 D7 1E 42                                        ...B
+]
+]
+#2: ObjectId: 2.5.29.19 Criticality=false
+BasicConstraints:[
+  CA:true
+  PathLen:2147483647
+]
+#3: ObjectId: 2.5.29.35 Criticality=false
+AuthorityKeyIdentifier [
+KeyIdentifier [
+: D8 9C 85 3A 11 47 9B CF   41 2E 59 B3 8B 54 37 F0  ...:.G..A.Y..T7.
+: B9 D7 1E 42                                        ...B
+]
+[EMAILADDRESS=ben-ops@renci.org, O=BEN@RENCI, L=Chapel Hill, ST=NC, C=US]
+SerialNumber: [    88753bc6 7f92f627]
+]
+*******************************************
+*******************************************
+Alias name: gpo-ca
+Creation date: Nov 28, 2011
+Entry type: trustedCertEntry
+Owner: EMAILADDRESS=testbed-ops@ops.pgeni.gpolab.bbn.com, CN=boss.pgeni.gpolab.bbn.com, OU=Certificate Authority, O=GENI Project Office, L=Cambridge, ST=Massachusetts, C=US
+Issuer: EMAILADDRESS=testbed-ops@ops.pgeni.gpolab.bbn.com, CN=boss.pgeni.gpolab.bbn.com, OU=Certificate Authority, O=GENI Project Office, L=Cambridge, ST=Massachusetts, C=US
+Serial number: fcedda89e11abaaf
+Valid from: Fri May 28 12:07:58 EDT 2010 until: Wed Nov 18 11:07:58 EST 2015
+Certificate fingerprints:
+         MD5:  0D:A1:E0:43:F9:C9:5A:06:39:A4:27:33:02:A6:CD:D1
+         SHA1: 2D:78:00:D0:1F:A0:7F:14:96:FA:57:DA:11:C6:E5:CC:F1:42:C2:BD
+         Signature algorithm name: MD5withRSA
+         Version: 3
+Extensions:
+#1: ObjectId: 2.5.29.14 Criticality=false
+SubjectKeyIdentifier [
+KeyIdentifier [
+: 98 57 01 01 AE BF D9 9C   8D D2 F0 04 06 D9 2A E8  .W............*.
+: 06 CB B0 F9                                        ....
+]
+]
+#2: ObjectId: 2.5.29.19 Criticality=false
+BasicConstraints:[
+  CA:true
+  PathLen:2147483647
+]
+#3: ObjectId: 2.5.29.35 Criticality=false
+AuthorityKeyIdentifier [
+KeyIdentifier [
+: 98 57 01 01 AE BF D9 9C   8D D2 F0 04 06 D9 2A E8  .W............*.
+: 06 CB B0 F9                                        ....
+]
+[EMAILADDRESS=testbed-ops@ops.pgeni.gpolab.bbn.com, CN=boss.pgeni.gpolab.bbn.com, OU=Certificate Authority, O=GENI Project Office, L=Cambridge, ST=Massachusetts, C=US]
+SerialNumber: [    fcedda89 e11abaaf]
+]
+#4: ObjectId: 2.5.29.18 Criticality=false
+IssuerAlternativeName [
+  URIName: urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root
+]
+#5: ObjectId: 2.5.29.17 Criticality=false
+SubjectAlternativeName [
+  URIName: urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root
+]
+*******************************************
+*******************************************
+Alias name: utah-emulab
+Creation date: Nov 29, 2011
+Entry type: trustedCertEntry
+Owner: EMAILADDRESS=testbed-ops@flux.utah.edu, CN=boss.emulab.net, OU=Certificate Authority, O=Utah Network Testbed, L=Salt Lake City, ST=Utah, C=US
+Issuer: EMAILADDRESS=testbed-ops@flux.utah.edu, CN=boss.emulab.net, OU=Certificate Authority, O=Utah Network Testbed, L=Salt Lake City, ST=Utah, C=US
+Serial number: 0
+Valid from: Wed Dec 02 13:47:47 EST 2009 until: Mon May 25 14:47:47 EDT 2015
+Certificate fingerprints:
+         MD5:  AC:CD:F6:5E:90:E6:7F:4D:BA:A2:75:CE:21:C6:09:99
+         SHA1: 23:44:33:D5:30:5F:4B:6C:53:75:8D:B0:A5:4D:46:72:FB:F6:8A:70
+         Signature algorithm name: MD5withRSA
+         Version: 3
+Extensions:
+#1: ObjectId: 2.5.29.14 Criticality=false
+SubjectKeyIdentifier [
+KeyIdentifier [
+: E1 FD 98 33 CE 37 B3 7D   F0 D3 75 31 DF A7 D8 31  ...3.7....u1...1
+: A0 F6 98 20                                        ...
+]
+]
+#2: ObjectId: 2.5.29.19 Criticality=false
+BasicConstraints:[
+  CA:true
+  PathLen:2147483647
+]
+#3: ObjectId: 2.5.29.35 Criticality=false
+AuthorityKeyIdentifier [
+KeyIdentifier [
+: E1 FD 98 33 CE 37 B3 7D   F0 D3 75 31 DF A7 D8 31  ...3.7....u1...1
+: A0 F6 98 20                                        ...
+]
+[EMAILADDRESS=testbed-ops@flux.utah.edu, CN=boss.emulab.net, OU=Certificate Authority, O=Utah Network Testbed, L=Salt Lake City, ST=Utah, C=US]
+SerialNumber: [    00]
+]
+#4: ObjectId: 2.5.29.18 Criticality=false
+IssuerAlternativeName [
+  URIName: urn:publicid:IDN+emulab.net+authority+root
+]
+#5: ObjectId: 2.5.29.17 Criticality=false
+SubjectAlternativeName [
+  URIName: urn:publicid:IDN+emulab.net+authority+root
+]
+*******************************************
+*******************************************
+}}}
+That indicates that ben-ca, gpo-ca, and utah-emulab are trusted by the ORCA AM.
+For the second, on bbn-hn:
 {{{
 …
 }}}
+Via the GENI AM API:
+That indicates that boss.pgeni.gpolab.bbn.com is trusted by FOAM.
+For the third:
+{{{
+[17:48:37] jbs@jericho:/home/jbs
++$ grep -A 8 -B 2 '\[gpolab\]' ~/.gcf/omni_config
+## GPO Lab ProtoGENI
+[gpolab]
+type = pg
+verbose = false
+ch = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/ch
+sa = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/sa
+cert = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem
+key = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem
+[17:50:36] jbs@jericho:/home/jbs
++$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc listresources -f gpolab
+INFO:omni:Loading config file /home/jbs/.gcf/omni_config
+INFO:omni:Using control framework gpolab
+INFO:omni:Listed resources on 1 out of 1 possible aggregates.
+INFO:omni:<?xml version="1.0" ?>
+INFO:omni:<!-- Resources at AM:
+        URN: unspecified_AM_URN
+        URL: https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc
+ -->
+INFO:omni:<rspec type="advertisement" xmlns="http://www.geni.net/resources/rspec/3" xmlns:ns2="http://hpn.east.isi.edu/rspec/ext/stitch/0.1/" xmlns:ns3="http://www.protogeni.net/resources/rspec/ext/emulab/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.geni.net/resources/rspec/3 http://www.geni.net/resources/rspec/3/ad.xsd http://hpn.east.isi.edu/rspec/ext/stitch/0.1/ http://hpn.east.isi.edu/rspec/ext/stitch/0.1/stitch-schema.xsd http://www.protogeni.net/resources/rspec/ext/emulab/1 http://www.protogeni.net/resources/rspec/ext/emulab/1/ptop_extension.xsd">
+      <node component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+node+orca-vm-cloud" component_manager_id="urn:publicid:IDN+exogeni.net:bbnvmsite+authority+am" component_name="orca-vm-cloud" exclusive="false">
+            <hardware_type name="orca-vm-cloud">
+                  <ns3:node_type type_slots="47"/>
+            </hardware_type>
+            <available now="true"/>
+            <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+bbn:ExoGeni:TengigabitEthernet:2" role="experimental"/>
+            <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+Bbn:ExoGeni:TenGigabitEthernet:1" role="experimental"/>
+      </node>
+      <link component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+link+Bbn:ExoGeni:TenGigabitEthernet:1:BbnNet:IBM:G8052:TenGigabitEthernet:1:1">
+            <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+Bbn:ExoGeni:TenGigabitEthernet:1"/>
+            <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnNet+interface+BbnNet:IBM:G8052:TenGigabitEthernet:1:1"/>
+            <link_type name="ethernet"/>
+      </link>
+      <link component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+link+bbn:ExoGeni:TengigabitEthernet:2:BbnNet:BM:G8052:TenGigabitEthernet:1:2">
+            <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+bbn:ExoGeni:TengigabitEthernet:2"/>
+            <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnNet+interface+BbnNet:BM:G8052:TenGigabitEthernet:1:2"/>
+            <link_type name="ethernet"/>
+      </link>
+      <node component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+node+orca-transit-net-vlan" component_manager_id="urn:publicid:IDN+exogeni.net:bbnvmsite+authority+am" component_name="orca-transit-net-vlan" exclusive="false">
+            <hardware_type name="orca-static-net-vlan">
+                  <ns3:node_type type_slots="1"/>
+            </hardware_type>
+            <hardware_type name="orca-transit-net-vlan">
+                  <ns3:node_type type_slots="500"/>
+            </hardware_type>
+            <available now="true"/>
+            <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+bbn:ExoGeni:TengigabitEthernet:2" role="experimental"/>
+            <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+Bbn:ExoGeni:TenGigabitEthernet:1" role="experimental"/>
+      </node>
+</rspec>
+INFO:omni: ------------------------------------------------------------
+INFO:omni: Completed listresources:
+  Options as run:
+                aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc
+                framework: gpolab
+                native: True
+  Args: listresources
+  Result Summary: Retrieved resources from 1 aggregates.
+Wrote rspecs from 1 aggregates.
+INFO:omni: ============================================================
+}}}
+That indicates that BBN ExoGENI trusts the pgeni.gpolab.bbn.com SA.
+I also verified that it did not trust another SA, the BBN pgeni1 staging SA in this case:
+{{{
+[17:51:17] jbs@jericho:/home/jbs
++$ grep -A 8 -B 2 '\[pgeni1\]' ~/.gcf/omni_config
+## GPO Lab staging ProtoGENI
+[pgeni1]
+type = pg
+verbose = false
+ch = https://www.pgeni1.gpolab.bbn.com/protogeni/xmlrpc/ch
+sa = https://www.pgeni1.gpolab.bbn.com/protogeni/xmlrpc/sa
+cert = ~/.ssl/jbs@pgeni1.gpolab.bbn.com.pem
+key = ~/.ssl/jbs@pgeni1.gpolab.bbn.com.pem
+[17:52:09] jbs@jericho:/home/jbs
++$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc listresources -f pgeni1
+INFO:omni:Loading config file /home/jbs/.gcf/omni_config
+INFO:omni:Using control framework pgeni1
+INFO:omni:Listed resources on 0 out of 1 possible aggregates.
+INFO:omni:Got no resources. No resources from AM https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc: Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges.
+INFO:omni: ------------------------------------------------------------
+INFO:omni: Completed listresources:
+  Options as run:
+                aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc
+                framework: pgeni1
+                native: True
+  Args: listresources
+  Result Summary: Got no resources. No resources from AM https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc: Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges.
+INFO:omni: ============================================================
+}}}
+That indicates that it does not trust the BBN pgeni1 SA.
+For the fourth:
 {{{
 …
 }}}
+That indicates that FOAM trusts the pgeni.gpolab.bbn.com SA.
 I also verified that it did not trust another SA, Utah ProtoGENI in this case:
 …
 INFO:omni: ============================================================
 }}}
+That indicates that it does not trust the ProtoGENI Utah SA.
 == Step 5: determine rack !OpenFlow state ==