wiki:GENIRacksHome/InstageniRacks/ConfirmationTestStatus/AdminNewSite

Version 20 (modified by Josh Smift, 11 years ago) (diff)

--

InstaGENI New Site Administration

This page captures information that should be defined for new Site Administrators, so that they may know which resources are available and access them.

Prerequisites

  1. Let the Admin know that instructions are available at the Admin Accounts on InstaGeni Racks page that provide details for administrative account requests. Document that Each rack will initially deliver one administrative account that can add or remove other admin accounts.
  1. Also Local Admin must join the emulab-ops group, once account was create and membership to emulab-ops was approved proceeded to execute administrative tests. Note the Utah rack request was submitted at https://boss.utah.geniracks.net/joinproject.php3?target_pid=emulab-ops.
  1. Access to FOAM.utah.genirack.net and FlowVisor requires more account creation. (TBD)

Note: Found that Utah Rack FlowVisor uses /home/jbs/fvpasswd.

Information to be documented for Local Admin

  1. Define type of access supported for a Local Administrator:
  • SSH no password for all VMs
  • SSH (sudo only) access to Dedicated Nodes (raw-pc) when up and part of an experiment. Cannot access when no experiment is running.
  • Telnet with password for control plane switch, must communicate the location of the telnet password to Local Admin.
  • SSH with password for dataplane switch, must communicate login ID (manager) and password location to Local Admin.
  1. Local Admin should be told that they can access every VM in the rack, but can only access dedicated nodes (raw-pc) only when they run a sliver on that dedicated node.
  1. Need to document to Local Admins the location of the foam password (/etc/foam.passwd) and FlowVisor (/etc/flowvisor.passwd).
  1. For Access to VM nodes iLO remote access, need to detail how to determine address via web interface, and which login ID (elabman) and password (/usr/testbed/etc/ilo.pswd) are to be used.
  1. There are a multitude of hostnames (and network connections) for each component in the rack, there need to be a list of hostnames which documents which hostname is mapped to which address and the role of that definition.

For example the following exist on the InstaGENI rack:

Node Access @ Address Role
utah.control.geniracks.net 155.98.34.2 ?
boss.utah.geniracks.net 155.98.34.4 Boss Node
ops.utah.geniracks.net 155.98.34.5 Ops Node
procurve1 10.1.1.253 Control Network Switch
procurve2 10.2.1.253 Dataplane Network Switch
procurve1-alt 10.3.1.253 Control Network Alternate
procurve2-old 10.3.1.250 ?
foam.utah.genirack.net 155.98.34.6 FOAM aggregate
flowvisor.utah.genirack.net 155.98.34.7 FlowVisor
iLO/PDU ?? ? Console Access