Changes between Initial Version and Version 1 of GENIRacksHome/InstageniRacks/AcceptanceTestStatus/IG-ADM-4


Ignore:
Timestamp:
02/14/13 11:32:46 (11 years ago)
Author:
tupty@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GENIRacksHome/InstageniRacks/AcceptanceTestStatus/IG-ADM-4

    v1 v1  
     1[[PageOutline]]
     2
     3= Detailed test plan for IG-ADM-4: Emergency Stop Test =
     4
     5''This page is GPO's working page for performing IG-ADM-4.  It is public for informational purposes, but it is not an official status report.  See [wiki:GENIRacksHome/InstageniRacks/AcceptanceTestStatus] for the current status of InstaGENI acceptance tests.''
     6
     7''Last substantive edit of this page: 2013-02-14''
     8
     9= Page format =
     10
     11 * The status chart summarizes the state of this test
     12 * The high-level description from test plan contains text copied exactly from the public test plan and acceptance criteria pages.
     13 * The steps contain things I will actually do/verify:
     14   * Steps may be composed of related substeps where I find this useful for clarity
     15   * Each step is identified as either "(prep)" or "(verify)":
     16     * Prep steps are just things we have to do.  They're not tests of the rack, but are prerequisites for subsequent verification steps
     17     * Verify steps are steps in which we will actually look at rack output and make sure it is as expected.  They contain a '''Using:''' block, which lists the steps to run the verification, and an '''Expect:''' block which lists what outcome is expected for the test to pass.
     18
     19= Status of test =
     20
     21See [wiki:GENIRacksHome/InstageniRacks/AcceptanceTestStatus#Legend] for the meanings of test states.
     22
     23|| '''Step''' || '''State'''                    || '''Date completed''' || '''Open Tickets''' || '''Closed Tickets/Comments''' ||
     24|| 1          || [[Color(green,Pass)]]          || 2012-12-20           ||                    ||   ||
     25|| 2A         || [[Color(green,Pass)]]          || 2012-12-20           ||                    ||   ||
     26|| 2B         || [[Color(green,Pass)]]          || 2012-12-20           ||                    ||   ||
     27|| 3A         || [[Color(green,Pass)]]          || 2012-12-20           ||                    ||   ||
     28|| 3B         || [[Color(green,Pass)]]          || 2012-12-20           ||                    ||   ||
     29
     30= High-level description from test plan =
     31
     32In this test, an Emergency Stop drill is performed on a sliver in the rack.
     33
     34== Procedure ==
     35
     36 * A site administrator reviews the Emergency Stop and sliver shutdown procedures, and verifies that these two documents combined fully document the campus side of the Emergency Stop procedure.
     37 * A second administrator (or the GPO) submits an Emergency Stop request to GMOC, referencing activity from a public IP address assigned to a compute sliver in the rack that is part of the test experiment.
     38 * GMOC and the first site administrator perform an Emergency Stop drill in which the site administrator successfully shuts down the sliver in coordination with GMOC.
     39 * GMOC completes the Emergency Stop workflow, including updating/closing GMOC tickets.
     40
     41== Criteria to verify as part of this test ==
     42
     43
     44
     45= Step 1 (prep): InstaGENI, GPO, and GMOC select a time for test =
     46
     47This step covers the physical delivery of the rack to BBN, the transport of the rack inside BBN to the GPO lab, and the cabling, powering, and initial configuration of the rack.
     48
     49= Step 2: Configure and verify DNS =
     50
     51== Step 2A (verify): Find out what IP-to-hostname mapping to use ==
     52
     53'''Using:'''
     54 * If the rack IP requirements documentation for the rack exists:
     55   * Review that documentation and determine what IP to hostname mappings should exist for `192.1.242.128/25`
     56 * Otherwise:
     57   * Iterate with `instageni-ops` to determine the IP to hostname mappings to use for `192.1.242.128/25`
     58
     59'''Expect:'''
     60 * Reasonable IP-to-hostname mappings for 126 valid IPs allocated for InstaGENI use in `192.1.242.128/25`
     61
     62=== Results of testing step 2A: 2012-12-20 ===
     63
     64We discussed this via e-mail, and concluded that we should create these DNS entries in gpolab.bbn.com:
     65
     66{{{
     67;; 192.1.242.128/25: InstaGENI rack
     68
     69; Delegate the whole subdomain to boss.instageni.gpolab.bbn.com, with
     70; ns.emulab.net as a secondary.
     71ns.instageni            IN      A       192.1.242.132
     72instageni               IN      NS      ns.instageni
     73instageni               IN      NS      ns.emulab.net.
     74}}}
     75
     76And these in 242.1.192.in-addr.arpa:
     77
     78{{{
     79;; 192.1.242.129/25: instageni.gpolab.bbn.com (InstaGENI rack control network)
     80
     81; Delegate a subdomain to boss.instageni.gpolab.bbn.com, and generate
     82; CNAMEs pointing to it.
     83129/25               IN   NS      ns.instageni.gpolab.bbn.com.
     84129/25               IN   NS      ns.emulab.net.
     85$GENERATE 129-255 $  IN   CNAME   $.129/25.242.1.192.in-addr.arpa.
     86}}}
     87
     88== Step 2B (prep): Insert IP-to-hostname mapping in DNS ==
     89
     90 * Fully populate `192.1.242.128/25` PTR entries in GPO lab DNS
     91 * Fully populate `instageni.gpolab.bbn.com` A entries in GPO lab DNS
     92
     93== Step 2C (verify): Test all PTR records ==
     94
     95'''Using:'''
     96 * From a BBN desktop host:
     97{{{
     98for lastoct in {129..255}; do
     99host 192.1.242.$lastoct
     100done
     101}}}
     102
     103'''Expect:'''
     104 * All results look like:
     105{{{
     106$lastoct.242.1.192.in-addr.arpa domain name pointer <something reasonable>
     107}}}
     108 and none look like:
     109{{{
     110Host $lastoct.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     111}}}
     112
     113=== Results of testing step 2C: 2012-12-20 ===
     114
     115Many addresses aren't defined:
     116
     117{{{
     118[13:46:15] jbs@anubis:/home/jbs
     119+$ for lastoct in {129..255} ; do host 192.1.242.$lastoct ; done
     120Host 129.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     121130.242.1.192.in-addr.arpa is an alias for 130.129/25.242.1.192.in-addr.arpa.
     122130.129/25.242.1.192.in-addr.arpa domain name pointer control.instageni.gpolab.bbn.com.
     123131.242.1.192.in-addr.arpa is an alias for 131.129/25.242.1.192.in-addr.arpa.
     124131.129/25.242.1.192.in-addr.arpa domain name pointer control-ilo.instageni.gpolab.bbn.com.
     125132.242.1.192.in-addr.arpa is an alias for 132.129/25.242.1.192.in-addr.arpa.
     126132.129/25.242.1.192.in-addr.arpa domain name pointer boss.instageni.gpolab.bbn.com.
     127133.242.1.192.in-addr.arpa is an alias for 133.129/25.242.1.192.in-addr.arpa.
     128133.129/25.242.1.192.in-addr.arpa domain name pointer ops.instageni.gpolab.bbn.com.
     129134.242.1.192.in-addr.arpa is an alias for 134.129/25.242.1.192.in-addr.arpa.
     130134.129/25.242.1.192.in-addr.arpa domain name pointer foam.instageni.gpolab.bbn.com.
     131135.242.1.192.in-addr.arpa is an alias for 135.129/25.242.1.192.in-addr.arpa.
     132135.129/25.242.1.192.in-addr.arpa domain name pointer flowvisor.instageni.gpolab.bbn.com.
     133Host 136.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     134Host 137.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     135Host 138.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     136Host 139.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     137140.242.1.192.in-addr.arpa is an alias for 140.129/25.242.1.192.in-addr.arpa.
     138140.129/25.242.1.192.in-addr.arpa domain name pointer pc1.instageni.gpolab.bbn.com.
     139141.242.1.192.in-addr.arpa is an alias for 141.129/25.242.1.192.in-addr.arpa.
     140141.129/25.242.1.192.in-addr.arpa domain name pointer pc2.instageni.gpolab.bbn.com.
     141142.242.1.192.in-addr.arpa is an alias for 142.129/25.242.1.192.in-addr.arpa.
     142142.129/25.242.1.192.in-addr.arpa domain name pointer pc3.instageni.gpolab.bbn.com.
     143143.242.1.192.in-addr.arpa is an alias for 143.129/25.242.1.192.in-addr.arpa.
     144143.129/25.242.1.192.in-addr.arpa domain name pointer pc4.instageni.gpolab.bbn.com.
     145144.242.1.192.in-addr.arpa is an alias for 144.129/25.242.1.192.in-addr.arpa.
     146144.129/25.242.1.192.in-addr.arpa domain name pointer pc5.instageni.gpolab.bbn.com.
     147Host 145.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     148Host 146.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     149Host 147.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     150Host 148.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     151Host 149.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     152Host 150.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     153Host 151.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     154Host 152.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     155Host 153.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     156Host 154.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     157Host 155.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     158Host 156.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     159Host 157.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     160Host 158.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     161Host 159.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     162Host 160.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     163Host 161.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     164Host 162.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     165Host 163.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     166Host 164.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     167Host 165.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     168Host 166.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     169Host 167.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     170Host 168.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     171Host 169.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     172Host 170.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     173Host 171.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     174Host 172.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     175Host 173.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     176Host 174.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     177Host 175.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     178Host 176.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     179Host 177.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     180Host 178.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     181Host 179.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     182Host 180.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     183Host 181.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     184Host 182.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     185Host 183.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     186Host 184.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     187Host 185.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     188Host 186.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     189Host 187.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     190Host 188.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     191Host 189.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     192Host 190.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     193Host 191.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     194Host 192.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     195Host 193.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     196Host 194.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     197Host 195.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     198Host 196.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     199Host 197.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     200Host 198.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     201Host 199.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     202Host 200.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     203Host 201.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     204Host 202.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     205Host 203.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     206Host 204.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     207Host 205.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     208Host 206.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     209Host 207.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     210Host 208.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     211Host 209.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     212Host 210.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     213Host 211.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     214Host 212.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     215Host 213.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     216Host 214.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     217Host 215.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     218Host 216.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     219Host 217.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     220Host 218.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     221Host 219.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     222Host 220.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     223Host 221.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     224Host 222.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     225Host 223.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     226Host 224.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     227Host 225.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     228Host 226.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     229Host 227.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     230Host 228.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     231Host 229.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     232Host 230.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     233Host 231.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     234Host 232.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     235Host 233.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     236Host 234.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     237Host 235.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     238Host 236.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     239Host 237.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     240Host 238.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     241Host 239.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     242Host 240.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     243Host 241.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     244Host 242.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     245Host 243.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     246Host 244.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     247Host 245.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     248Host 246.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     249Host 247.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     250Host 248.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     251Host 249.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     252Host 250.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     253Host 251.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     254Host 252.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     255Host 253.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     256Host 254.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     257Host 255.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     258}}}
     259
     260We think that's normal: The in-use ones are in DNS, the not-in-use ones aren't.
     261
     262I tried creating a VM with a public IP address, using this rspec:
     263
     264{{{
     265<?xml version="1.0" encoding="UTF-8"?>
     266<rspec xmlns="http://www.geni.net/resources/rspec/3"
     267       xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
     268       xmlns:emulab="http://www.protogeni.net/resources/rspec/ext/emulab/1"
     269       xs:schemaLocation="http://www.geni.net/resources/rspec/3
     270           http://www.geni.net/resources/rspec/3/request.xsd"
     271       type="request">
     272  <node client_id="carlin" exclusive="false">
     273    <sliver_type name="emulab-openvz" />
     274    <emulab:routable_control_ip />
     275  </node>
     276</rspec>
     277}}}
     278
     279According to my manifest rspec, I got
     280
     281{{{
     282<emulab:vnode name="pcvm2-3"/>    <host name="carlin.jbs.pgeni-gpolab-bbn-com.instageni.gpolab.bbn.com"/>    <services>      <login authentication="ssh-keys" hostname="pcvm2-3.instageni.gpolab.bbn.com" port="22" username="jbs"/>    </services>  </node>
     283}}}
     284
     285That hostname and IP address now resolve:
     286
     287{{{
     288[15:03:32] jbs@anubis:/home/jbs/rspecs/request
     289+$ host pcvm2-3.instageni.gpolab.bbn.com
     290pcvm2-3.instageni.gpolab.bbn.com has address 192.1.242.150
     291
     292[15:03:34] jbs@anubis:/home/jbs/rspecs/request
     293+$ host 192.1.242.150
     294150.242.1.192.in-addr.arpa is an alias for 150.129/25.242.1.192.in-addr.arpa.
     295150.129/25.242.1.192.in-addr.arpa domain name pointer pcvm2-3.instageni.gpolab.bbn.com.
     296}}}
     297
     298After I delete my sliver:
     299
     300{{{
     301[15:03:58] jbs@anubis:/home/jbs/rspecs/request
     302+$ omni -a $am deletesliver $slicename
     303[* snip *]
     304  Result Summary: Deleted sliver urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs on unspecified_AM_URN at https://instageni.gpolab.bbn.com:12369/protogeni/xmlrpc/am
     305INFO:omni: ============================================================
     306
     307[15:04:43] jbs@anubis:/home/jbs/rspecs/request
     308+$ host pcvm2-3.instageni.gpolab.bbn.com
     309Host pcvm2-3.instageni.gpolab.bbn.com not found: 3(NXDOMAIN)
     310
     311[15:05:57] jbs@anubis:/home/jbs/rspecs/request
     312+$ host 192.1.242.150
     313150.242.1.192.in-addr.arpa is an alias for 150.129/25.242.1.192.in-addr.arpa.
     314150.129/25.242.1.192.in-addr.arpa domain name pointer pcvm2-3.instageni.gpolab.bbn.com.
     315}}}
     316
     317That second one still works because it's cached on my local nameserver; if I ask the source, it's gone:
     318
     319{{{
     320[15:32:13] jbs@ops.instageni.gpolab.bbn.com:/users/jbs
     321+$ host 192.1.242.150
     322Host 150.242.1.192.in-addr.arpa. not found: 3(NXDOMAIN)
     323}}}
     324
     325So, I think this is fine: Records exist when they're in use, and not when they're not, and that's fine.
     326
     327= Step 3: GPO requests and receives administrator accounts =
     328
     329== Step 3A: GPO requests access to boss and ops nodes ==
     330
     331'''Using:'''
     332 * Request accounts for GPO ops staffers on boss.instageni.gpolab.bbn.com and ops.instageni.gpolab.bbn.com
     333 * Chaos tries to SSH to chaos@boss.instageni.gpolab.bbn.com
     334 * Josh tries to SSH to jbs@boss.instageni.gpolab.bbn.com
     335 * Tim tries to SSH to tupty@boss.instageni.gpolab.bbn.com
     336 * Chaos tries to SSH to chaos@ops.instageni.gpolab.bbn.com
     337 * Josh tries to SSH to jbs@ops.instageni.gpolab.bbn.com
     338 * Tim tries to SSH to tupty@ops.instageni.gpolab.bbn.com
     339 * Chaos tries to run a minimal command as sudo on boss:
     340{{{
     341sudo whoami
     342}}}
     343 * Chaos tries to run a minimal command as sudo on ops:
     344{{{
     345sudo whoami
     346}}}
     347
     348'''Verify:'''
     349 * Logins succeed for Chaos, Josh, and Tim on both nodes
     350 * The commands work:
     351{{{
     352$ sudo whoami
     353root
     354}}}
     355
     356=== Results of testing step 3A: 2012-12-20 ===
     357
     358I followed the procedure at https://users.emulab.net/trac/protogeni/wiki/RackAdminAccounts#AdminAccountsinEmulab to join the emulab-ops project, and once the Utah folks approved that and made an admin, I was able to log in to boss and ops, and use sudo:
     359
     360{{{
     361[15:50:40] jbs@anubis:/home/jbs
     362+$ ssh ops.instageni.gpolab.bbn.com sudo whoami
     363root
     364
     365[15:50:50] jbs@anubis:/home/jbs
     366+$ ssh boss.instageni.gpolab.bbn.com sudo whoami
     367root
     368}}}
     369
     370I asked Chaos and Tim to follow the procedure at that URL as well, and they did, and I approved their accounts by following the procedure at https://users.emulab.net/trac/protogeni/wiki/RackAdminAccounts#AddingmoreadminaccountstoEmulab, and they confirmed that they could log in to boss and ops.
     371
     372=== Results of testing step 3A: 2012-05-15 ===
     373
     374''Note: This test was run on the Utah rack, where only Chaos has an account.  So Tim and Josh will not be testing, and the hosts to test are `boss.utah.geniracks.net` and `ops.utah.geniracks.net`.''
     375
     376 * Chaos successfully used public-key login and sudo from a BBN subnet (128.89.68.0/23) to boss:
     377{{{
     378capybara,[~],11:39(0)$ ssh chaos@boss.utah.geniracks.net
     379Last login: Tue May 15 07:29:07 2012 from capybara.bbn.co
     380Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
     381        The Regents of the University of California.  All rights reserved.
     382
     383FreeBSD 8.3-RC1 (XEN) #0: Tue Mar 13 16:27:12 MDT 2012
     384
     385Welcome to FreeBSD!
     386
     387Need to see the calendar for this month? Simply type "cal".  To see the
     388whole year, type "cal -y".
     389                -- Dru <genesis@istar.ca>
     390> bash
     391boss,[~],09:39(0)$ sudo whoami
     392root
     393}}}
     394 * Chaos successfully used public-key login and sudo from a BBN subnet (128.89.68.0/23) to ops:
     395{{{
     396capybara,[~],11:40(0)$ ssh chaos@ops.utah.geniracks.net
     397Last login: Sat May 12 15:41:57 2012 from capybara.bbn.co
     398Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
     399        The Regents of the University of California.  All rights reserved.
     400
     401FreeBSD 8.3-RC1 (XEN) #0: Tue Mar 13 16:27:12 MDT 2012
     402
     403Welcome to FreeBSD!
     404
     405ops,[~],09:40(0)$ sudo whoami
     406root
     407}}}
     408
     409== Step 3B: GPO requests access to FOAM VM ==
     410
     411 * Request accounts for GPO ops staffers on foam.instageni.gpolab.bbn.com
     412 * Chaos tries to SSH to chaos@foam.instageni.gpolab.bbn.com
     413 * Josh tries to SSH to jbs@foam.instageni.gpolab.bbn.com
     414 * Tim tries to SSH to tupty@foam.instageni.gpolab.bbn.com
     415 * Chaos tries to run a minimal command as sudo on foam:
     416{{{
     417sudo whoami
     418}}}
     419
     420'''Verify:'''
     421 * Logins succeed for Chaos, Josh, and Tim on the FOAM VM
     422 * The command works:
     423{{{
     424$ sudo whoami
     425root
     426}}}
     427
     428=== Results of testing step 3B: 2012-12-20 ===
     429
     430I was named as the site admin in the site survey, and was given an account on the FOAM VM. I was able to log in and use sudo:
     431
     432{{{
     433[15:57:46] jbs@anubis:/home/jbs
     434+$ ssh foam.instageni.gpolab.bbn.com sudo whoami
     435root
     436}}}
     437
     438I then created accounts for Chaos and Tim, following the procedure at https://users.emulab.net/trac/protogeni/wiki/RackAdminAccounts#AdminAccountsonInstaGeniRacks. I got their public keys from their Emulab accounts, and put them into chaos.keys and tupty.keys in my homedir, and then:
     439
     440{{{
     441sudo /usr/local/bin/mkadmin.pl chaos chaos.keys
     442sudo /usr/local/bin/mkadmin.pl tupty tupty.keys
     443}}}
     444
     445They then confirmed that they could log in, and run 'sudo whoami'.
     446
     447=== Results of testing step 3B: 2012-07-04 ===
     448
     449''Note: This test was run on the Utah rack."
     450
     451 * Chaos can SSH to foam.utah.geniracks.net:
     452{{{
     453$ ssh foam.utah.geniracks.net
     454Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-24-generic x86_64)
     455
     456 * Documentation:  https://help.ubuntu.com/
     457Last login: Tue Jul  3 12:57:20 2012 from capybara.bbn.com
     458foam,[~],09:33(0)$
     459}}}
     460 * Chaos can sudo on foam:
     461{{{
     462foam,[~],09:33(0)$ sudo whoami
     463root
     464}}}