wiki:GENIRacksHome/InstageniRacks/ConfirmationTestStatus/AdminNewSite

Version 17 (modified by lnevers@bbn.com, 7 years ago) (diff)

--

InstaGENI New Site Administration

This page captures information that should be defined for new Site Administrators, so that they may know which resources are available and access them.

Prerequisites

  1. Instructions are available at the Admin Accounts on InstaGeni Racks page that provide details for administrative account requests. Each rack will initially deliver one administrative account that can add or remove other admin accounts.
  1. Also Local Admin must join the emulab-ops group, once account was create and membership to emulab-ops was approved proceeded to execute administrative tests. Note the Utah rack request was submitted at https://boss.utah.geniracks.net/joinproject.php3?target_pid=emulab-ops.
  1. Access to FOAM.utah.genirack.net and FlowVisor requires more account creation. Also need to document to users the location of the foam password (/opt/foam/etc/foampasswd) and FlowVisor (/etc/flowvisor/fvpasswd).
  1. Access to VM nodes iLO remote access, need to detail how to determine address via web interface, and which login ID (elabman) and password (/usr/testbed/etc/ilo.pswd) are to be used.

Note: Found that Utah Rack FlowVisor uses /home/jbs/fvpasswd.

Information to be documented for Local Admin

  1. Define type of access supported for a Local Administrator:
  • SSH no password for VMs
  • SSH (sudo only) access to Dedicated Nodes (raw-pc) when up and part of an experiment. Cannot access when no experiment is running.
  • Telnet with password for control plane switch, must communicate the location of the telnet password to Local Admin.
  • SSH with password for dataplane switch, must communicate login ID (manager) and password location to Local Admin.
  1. Local Admin should be told that they can access every VM in the rack, but can only access dedicated nodes (raw-pc) only when they run a sliver on that dedicated node.
  1. There are a multitude of host names for each component in the rack there need to be a list of hostnames provides to the user which documents which hostname is mapped to which address and the role of that definition.

For example the following exist on the InstaGENI rack:

Node Access @ Address Role
utah.control.geniracks.net 155.98.34.2 ?
boss.utah.geniracks.net 155.98.34.4 Boss Node
ops.utah.geniracks.net 155.98.34.5 Ops Node
procurve1 10.1.1.253 Control Network Switch
procurve2 10.2.1.253 Dataplane Network Switch
procurve1-alt 10.3.1.253 Control Network Alternate
procurve2-old 10.3.1.250 ?
foam.utah.genirack.net 155.98.34.6 FOAM aggregate
flowvisor.utah.genirack.net 155.98.34.7 FlowVisor
?? ? Console Access