Version 18 (modified by 12 years ago) (diff) | ,
---|
InstaGENI New Site Administration
This page captures information that should be defined for new Site Administrators, so that they may know which resources are available and access them.
Prerequisites
- Instructions are available at the Admin Accounts on InstaGeni Racks page that provide details for administrative account requests. Each rack will initially deliver one administrative account that can add or remove other admin accounts.
- Also Local Admin must join the emulab-ops group, once account was create and membership to emulab-ops was approved proceeded to execute administrative tests. Note the Utah rack request was submitted at https://boss.utah.geniracks.net/joinproject.php3?target_pid=emulab-ops.
- Access to FOAM.utah.genirack.net and FlowVisor requires more account creation.
Note: Found that Utah Rack FlowVisor uses /home/jbs/fvpasswd.
Information to be documented for Local Admin
- Define type of access supported for a Local Administrator:
- SSH no password for VMs
- SSH (sudo only) access to Dedicated Nodes (raw-pc) when up and part of an experiment. Cannot access when no experiment is running.
- Telnet with password for control plane switch, must communicate the location of the telnet password to Local Admin.
- SSH with password for dataplane switch, must communicate login ID (manager) and password location to Local Admin.
- Local Admin should be told that they can access every VM in the rack, but can only access dedicated nodes (raw-pc) only when they run a sliver on that dedicated node.
- Need to document to Local Admins the location of the foam password (/opt/foam/etc/foampasswd) and FlowVisor (/etc/flowvisor/fvpasswd).
- For Access to VM nodes iLO remote access, need to detail how to determine address via web interface, and which login ID (elabman) and password (/usr/testbed/etc/ilo.pswd) are to be used.
- There are a multitude of hostnames (and network connections) for each component in the rack there need to be a list of hostnames provides to the user which documents which hostname is mapped to which address and the role of that definition.
For example the following exist on the InstaGENI rack:
Node | Access @ Address | Role |
utah.control.geniracks.net | 155.98.34.2 | ? |
boss.utah.geniracks.net | 155.98.34.4 | Boss Node |
ops.utah.geniracks.net | 155.98.34.5 | Ops Node |
procurve1 | 10.1.1.253 | Control Network Switch |
procurve2 | 10.2.1.253 | Dataplane Network Switch |
procurve1-alt | 10.3.1.253 | Control Network Alternate |
procurve2-old | 10.3.1.250 | ? |
foam.utah.genirack.net | 155.98.34.6 | FOAM aggregate |
flowvisor.utah.genirack.net | 155.98.34.7 | FlowVisor |
?? | ? | Console Access |