| 1136 | Sent request for administrative account to site contact from the [http://groups.geni.net/geni/wiki/GeniAggregate/NYSERNetInstaGENI NYSERNet InstaGENI] aggregate page. Followed instructions at [https://users.emulab.net/trac/protogeni/wiki/RackAdminAccounts Admin Accounts on InstaGeni Racks] page for account request. A local admin account was create and also had to join the ''emulab-ops'' group at https://www.nysernet.org/joinproject.php3?target_pid=emulab-ops. Once the administrative account was created and membership to emulab-ops was approved, proceeded to execute administrative tests. |
| 1137 | |
| 1138 | {{{ |
| 1139 | LNM:~$ ssh control.instageni.nysernet.org |
| 1140 | Welcome to Ubuntu precise (development branch) (GNU/Linux 3.2.0-23-generic x86_64) |
| 1141 | |
| 1142 | * Documentation: https://help.ubuntu.com/ |
| 1143 | |
| 1144 | System information as of Mon Sep 16 18:24:35 UTC 2013 |
| 1145 | |
| 1146 | System load: 0.0 IP address for xenbr0: 199.109.64.3 |
| 1147 | Usage of /: 31.2% of 5.85GB IP address for xenbr0:1: 172.16.0.1 |
| 1148 | Memory usage: 38% IP address for xenbr1: 10.1.1.254 |
| 1149 | Swap usage: 2% IP address for xenbr2: 10.2.1.254 |
| 1150 | Processes: 166 IP address for xenbr3: 10.3.1.254 |
| 1151 | Users logged in: 1 |
| 1152 | |
| 1153 | Graph this data and manage this system at https://landscape.canonical.com/ |
| 1154 | Last login: Mon Sep 16 17:34:17 2013 from 128.89.254.103 |
| 1155 | To run a command as administrator (user "root"), use "sudo <command>". |
| 1156 | See "man sudo_root" for details. |
| 1157 | |
| 1158 | lnevers@nysernet:~$ sudo whoami |
| 1159 | root |
| 1160 | lnevers@nysernet:~$ |
| 1161 | |
| 1162 | }}} |
| 1163 | |
| 1164 | Also access the boss node: |
| 1165 | {{{ |
| 1166 | LNM:~$ ssh boss.instageni.nysernet.org |
| 1167 | Last login: Mon Sep 16 14:16:21 2013 from dhcp89-073-116.bbn.com |
| 1168 | FreeBSD 9.0-STABLE (TESTBED-XEN) #0: Tue Apr 30 14:24:36 MDT 2013 |
| 1169 | |
| 1170 | Welcome to FreeBSD! |
| 1171 | |
| 1172 | Want to use sed(1) to edit a file in place? Well, to replace every 'e' with |
| 1173 | an 'o', in a file named 'foo', you can do: |
| 1174 | |
| 1175 | sed -i.bak s/e/o/g foo |
| 1176 | |
| 1177 | And you'll get a backup of the original in a file named 'foo.bak', but if you |
| 1178 | want no backup: |
| 1179 | |
| 1180 | sed -i '' s/e/o/g foo |
| 1181 | [lnevers@boss ~]$ sudo whoami |
| 1182 | root |
| 1183 | [lnevers@boss ~]$ }}} |
| 1184 | |
| 1185 | From boss node accessed each of the experiment nodes that support VMs: |
| 1186 | {{{ |
| 1187 | [lnevers@boss ~]$ for i in pc1 pc2; do ssh $i "echo -n '===> Host: ';hostname;sudo whoami;uname -a;echo"; done |
| 1188 | Warning: Permanently added 'pc1.instageni.nysernet.org' (RSA) to the list of known hosts. |
| 1189 | ===> Host: vhost1.shared-nodes.emulab-ops.instageni.nysernet.org |
| 1190 | root |
| 1191 | Linux vhost1.shared-nodes.emulab-ops.instageni.nysernet.org 2.6.32-042stab049.6.emulab.1 #1 SMP Mon May 21 14:36:04 MDT 2012 x86_64 x86_64 x86_64 GNU/Linux |
| 1192 | |
| 1193 | Warning: Permanently added 'pc2.instageni.nysernet.org' (RSA) to the list of known hosts. |
| 1194 | ===> Host: vhost2.shared-nodes.emulab-ops.instageni.nysernet.org |
| 1195 | root |
| 1196 | Linux vhost2.shared-nodes.emulab-ops.instageni.nysernet.org 2.6.32-042stab049.6.emulab.1 #1 SMP Mon May 21 14:36:04 MDT 2012 x86_64 x86_64 x86_64 GNU/Linux |
| 1197 | |
| 1198 | [lnevers@boss ~]$ |
| 1199 | |
| 1200 | |
| 1201 | }}} |
| 1202 | |
| 1203 | In order to access Dedicated Nodes some experiment must be running on the raw-pc device. At the time of this capture only 1 raw-pc nodes was in use: |
| 1204 | {{{ |
| 1205 | [lnevers@boss ~]$ sudo ssh pc4 |
| 1206 | [root@pc ~]# sudo whoami |
| 1207 | root |
| 1208 | [root@pc ~]# exit |
| 1209 | logout |
| 1210 | Connection to pc4.instageni.nysernet.org closed. |
| 1211 | [lnevers@boss ~]$ |
| 1212 | |
| 1213 | }}} |
| 1214 | |
| 1215 | Further verified access by ssh from ops.instageni.gpolab.bbn.com to boss.instageni.gpolab.bbn.com, which is usually restricted for non-admin users: |
| 1216 | {{{ |
| 1217 | LNM:~$ ssh ops.instageni.nysernet.org |
| 1218 | Last login: Mon Sep 16 13:29:52 2013 from 128.89.254.103 |
| 1219 | FreeBSD 9.0-STABLE (TESTBED-XEN) #0: Tue Apr 30 14:24:36 MDT 2013 |
| 1220 | |
| 1221 | Welcome to FreeBSD! |
| 1222 | |
| 1223 | If you `set watch = (0 any any)' in tcsh, you will be notified when |
| 1224 | someone logs in or out of your system. |
| 1225 | > bash |
| 1226 | [lnevers@ops ~]$ sudo whoami |
| 1227 | root |
| 1228 | [lnevers@ops ~]$ ssh boss |
| 1229 | Last login: Mon Sep 16 14:25:43 2013 from dhcp89-073-116.bbn.com |
| 1230 | FreeBSD 9.0-STABLE (TESTBED-XEN) #0: Tue Apr 30 14:24:36 MDT 2013 |
| 1231 | |
| 1232 | Welcome to FreeBSD! |
| 1233 | |
| 1234 | To see the 10 largest files on a directory or partition, use |
| 1235 | |
| 1236 | du /partition_or_directory_name | sort -rn | head |
| 1237 | -- Dru <genesis@istar.ca> |
| 1238 | [lnevers@boss ~]$ |
| 1239 | |
| 1240 | }}} |
| 1241 | Access infrastructure Switches using documented password. First connect to the switch named procurve1 the control network switch: |
| 1242 | {{{ |
| 1243 | [lnevers@boss ~]$ telnet procurve1 |
| 1244 | Trying 10.1.1.253... |
| 1245 | Connected to procurve1. |
| 1246 | Escape character is '^]'. |
| 1247 | |
| 1248 | HP J9623A E2620-24 Switch |
| 1249 | Software revision RA.15.08.0009 |
| 1250 | |
| 1251 | Copyright (C) 1991-2012 Hewlett-Packard Development Company, L.P. |
| 1252 | |
| 1253 | RESTRICTED RIGHTS LEGEND |
| 1254 | Confidential computer software. Valid license from HP required for possession, |
| 1255 | use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer |
| 1256 | Software, Computer Software Documentation, and Technical Data for Commercial |
| 1257 | Items are licensed to the U.S. Government under vendor's standard commercial |
| 1258 | license. |
| 1259 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. |
| 1260 | 20555 State Highway 249, Houston, TX 77070 |
| 1261 | |
| 1262 | We'd like to keep you up to date about: |
| 1263 | * Software feature updates |
| 1264 | * New product announcements |
| 1265 | * Special events |
| 1266 | Please register your products now at: www.hp.com/networking/register |
| 1267 | |
| 1268 | Username: manager |
| 1269 | Password: |
| 1270 | |
| 1271 | HP-E2620-24# show version |
| 1272 | Image stamp: /ws/swbuildm/rel_galt_qaoff/code/build/xform(rel_galt_qaoff) |
| 1273 | May 9 2012 15:28:43 |
| 1274 | RA.15.08.0009 |
| 1275 | 474 |
| 1276 | Boot Image: Primary |
| 1277 | HP-E2620-24# show running-config |
| 1278 | |
| 1279 | Running configuration: |
| 1280 | |
| 1281 | ; J9623A Configuration Editor; Created on release #RA.15.08.0009 |
| 1282 | ; Ver #02:13.2d:3c |
| 1283 | hostname "HP-E2620-24" |
| 1284 | max-vlans 50 |
| 1285 | no stack |
| 1286 | no web-management |
| 1287 | ip default-gateway 10.1.1.254 |
| 1288 | snmp-server community "xxx" unrestricted |
| 1289 | aaa authentication ssh login public-key |
| 1290 | aaa authentication ssh enable public-key |
| 1291 | vlan 1 |
| 1292 | name "DEFAULT_VLAN" |
| 1293 | no untagged 23-24 |
| 1294 | untagged 1-22,25-28 |
| 1295 | ip address 10.254.254.253 255.255.255.0 |
| 1296 | ip igmp |
| 1297 | exit |
| 1298 | vlan 10 |
| 1299 | name "control-hardware" |
| 1300 | untagged 23 |
| 1301 | ip address 10.1.1.253 255.255.255.0 |
| 1302 | exit |
| 1303 | vlan 11 |
| 1304 | name "control-alternate" |
| 1305 | untagged 24 |
| 1306 | ip address 10.2.1.253 255.255.255.0 |
| 1307 | exit |
| 1308 | management-vlan 10 |
| 1309 | no dhcp config-file-update |
| 1310 | password manager |
| 1311 | password operator |
| 1312 | |
| 1313 | HP-E2620-24# show vlan 10 |
| 1314 | |
| 1315 | Status and Counters - VLAN Information - VLAN 10 |
| 1316 | |
| 1317 | VLAN ID : 10 |
| 1318 | Name : control-hardware |
| 1319 | Status : Port-based |
| 1320 | Voice : No |
| 1321 | Jumbo : No |
| 1322 | |
| 1323 | Port Information Mode Unknown VLAN Status |
| 1324 | ---------------- -------- ------------ ---------- |
| 1325 | 23 Untagged Learn Up |
| 1326 | |
| 1327 | |
| 1328 | HP-E2620-24# exit |
| 1329 | HP-E2620-24> exit |
| 1330 | Do you want to log out [y/n]? y |
| 1331 | Connection closed by foreign host. |
| 1332 | [lnevers@boss ~]$ |
| 1333 | }}} |
| 1334 | |
| 1335 | Connect to the switch named procurve2 the dataplane network switch via ssh using the documented password: |
| 1336 | {{{ |
| 1337 | [lnevers@boss ~]$ sudo more /usr/testbed/etc/switch.pswd |
| 1338 | xxxxxxx |
| 1339 | [lnevers@boss ~]$ telnet procurve2 |
| 1340 | Trying 10.3.1.253... |
| 1341 | Connected to procurve2. |
| 1342 | Escape character is '^]'. |
| 1343 | |
| 1344 | HP J8697A Switch E5406zl |
| 1345 | Software revision K.15.06.5008 |
| 1346 | |
| 1347 | Copyright (C) 1991-2012 Hewlett-Packard Development Company, L.P. |
| 1348 | |
| 1349 | RESTRICTED RIGHTS LEGEND |
| 1350 | Confidential computer software. Valid license from HP required for possession, |
| 1351 | use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer |
| 1352 | Software, Computer Software Documentation, and Technical Data for Commercial |
| 1353 | Items are licensed to the U.S. Government under vendor's standard commercial |
| 1354 | license. |
| 1355 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. |
| 1356 | 20555 State Highway 249, Houston, TX 77070 |
| 1357 | |
| 1358 | We'd like to keep you up to date about: |
| 1359 | * Software feature updates |
| 1360 | * New product announcements |
| 1361 | * Special events |
| 1362 | Please register your products now at: www.hp.com/networking/register |
| 1363 | |
| 1364 | Username: manager |
| 1365 | Password: |
| 1366 | |
| 1367 | |
| 1368 | HP-E5406zl# show version |
| 1369 | Image stamp: /ws/swbuildm/of_bridge_qaoff/code/build/btm(of_bridge_qaoff) |
| 1370 | Feb 18 2012 11:26:28 |
| 1371 | K.15.06.5008 |
| 1372 | 79 |
| 1373 | Boot Image: Primary |
| 1374 | HP-E5406zl# show running-config |
| 1375 | |
| 1376 | Running configuration: |
| 1377 | |
| 1378 | ; J8697A Configuration Editor; Created on release #K.15.06.5008 |
| 1379 | ; Ver #02:10.0d:1f |
| 1380 | |
| 1381 | hostname "HP-E5406zl" |
| 1382 | module 1 type J9549A |
| 1383 | interface A1 |
| 1384 | speed-duplex auto-1000 |
| 1385 | exit |
| 1386 | interface A2 |
| 1387 | speed-duplex auto-1000 |
| 1388 | exit |
| 1389 | interface A3 |
| 1390 | speed-duplex auto-1000 |
| 1391 | exit |
| 1392 | interface A4 |
| 1393 | speed-duplex auto-1000 |
| 1394 | exit |
| 1395 | interface A5 |
| 1396 | speed-duplex auto-1000 |
| 1397 | exit |
| 1398 | interface A6 |
| 1399 | speed-duplex auto-1000 |
| 1400 | exit |
| 1401 | interface A7 |
| 1402 | speed-duplex auto-1000 |
| 1403 | exit |
| 1404 | interface A8 |
| 1405 | speed-duplex auto-1000 |
| 1406 | exit |
| 1407 | interface A9 |
| 1408 | speed-duplex auto-1000 |
| 1409 | exit |
| 1410 | interface A10 |
| 1411 | speed-duplex auto-1000 |
| 1412 | exit |
| 1413 | ip default-gateway 10.3.1.254 |
| 1414 | vlan 1 |
| 1415 | name "DEFAULT_VLAN" |
| 1416 | forbid A1-A9 |
| 1417 | untagged A11-A19,A21-A23 |
| 1418 | no untagged A1-A10,A20,A24 |
| 1419 | no ip address |
| 1420 | exit |
| 1421 | vlan 10 |
| 1422 | name "control-hardware" |
| 1423 | untagged A20 |
| 1424 | ip address 10.3.1.253 255.255.255.0 |
| 1425 | exit |
| 1426 | vlan 257 |
| 1427 | name "_1" |
| 1428 | untagged A1-A9 |
| 1429 | no ip address |
| 1430 | exit |
| 1431 | vlan 258 |
| 1432 | name "_6" |
| 1433 | tagged A4,A7 |
| 1434 | no ip address |
| 1435 | exit |
| 1436 | vlan 259 |
| 1437 | name "_7" |
| 1438 | tagged A1,A4 |
| 1439 | no ip address |
| 1440 | exit |
| 1441 | vlan 1750 |
| 1442 | name "_8" |
| 1443 | tagged A1,A24 |
| 1444 | no ip address |
| 1445 | exit |
| 1446 | vlan 260 |
| 1447 | name "_17" |
| 1448 | tagged A7 |
| 1449 | no ip address |
| 1450 | exit |
| 1451 | vlan 261 |
| 1452 | name "_19" |
| 1453 | tagged A7,A10 |
| 1454 | no ip address |
| 1455 | exit |
| 1456 | no web-management |
| 1457 | openflow |
| 1458 | vlan 1750 |
| 1459 | enable |
| 1460 | controller "tcp:10.3.1.7:6633" fail-secure on |
| 1461 | exit |
| 1462 | exit |
| 1463 | snmp-server community "xxx" unrestricted |
| 1464 | aaa authentication ssh login public-key |
| 1465 | aaa authentication ssh enable public-key |
| 1466 | management-vlan 10 |
| 1467 | no autorun |
| 1468 | no dhcp config-file-update |
| 1469 | no dhcp image-file-update |
| 1470 | password xxx |
| 1471 | password xxx |
| 1472 | |
| 1473 | HP-E5406zl# show vlan 1750 |
| 1474 | |
| 1475 | Status and Counters - VLAN Information - VLAN 1750 |
| 1476 | |
| 1477 | VLAN ID : 1750 |
| 1478 | Name : _8 |
| 1479 | Status : Port-based |
| 1480 | Voice : No |
| 1481 | Jumbo : No |
| 1482 | |
| 1483 | Port Information Mode Unknown VLAN Status |
| 1484 | ---------------- -------- ------------ ---------- |
| 1485 | A1 Tagged Learn Up |
| 1486 | A24 Tagged Learn Up |
| 1487 | |
| 1488 | |
| 1489 | HP-E5406zl# |
| 1490 | |
| 1491 | }}} |
| 1492 | |
| 1493 | Access the FOAM VM and gather information for version |
| 1494 | {{{ |
| 1495 | LNM:~$ ssh lnevers@foam.nysernet.org |
| 1496 | |
| 1497 | sudo foamctl admin:get-version --passwd-file=/etc/foam.passwd |
| 1498 | |
| 1499 | }}} |
| 1500 | Check FOAM configuration for site.admin.email, geni.site-tag, email.from settings: |
| 1501 | {{{ |
| 1502 | foamctl config:get-value --key="site.admin.email" --passwd-file=/etc/foam.passwd |
| 1503 | |
| 1504 | foamctl config:get-value --key="geni.site-tag" --passwd-file=/etc/foam.passwd |
| 1505 | |
| 1506 | foamctl config:get-value --key="email.from" --passwd-file=/etc/foam.passwd |
| 1507 | |
| 1508 | # check if FOAM auto-approve is on. Value 2 = auto-approve is on. |
| 1509 | |
| 1510 | foamctl config:get-value --key="geni.approval.approve-on-creation" --passwd-file=/etc/foam.passwd |
| 1511 | |
| 1512 | }}} |
| 1513 | |
| 1514 | Show FOAM slivers and details for one sliver: |
| 1515 | |
| 1516 | {{{ |
| 1517 | foamctl geni:list-slivers --passwd-file=/etc/foam.passwd |
| 1518 | |
| 1519 | }}} |
| 1520 | Access the FlowVisor VM and gather version information: |
| 1521 | {{{ |
| 1522 | |
| 1523 | ssh lnevers@flowvisor.nysernet.org |
| 1524 | }}} |
| 1525 | Check the !FlowVisor version, list of devices, get details for a device, list of active slices, and details for one of the slices: |
| 1526 | {{{ |
| 1527 | |
| 1528 | fvctl --passwd-file=/etc/flowvisor.passwd ping hello |
| 1529 | |
| 1530 | # Devices |
| 1531 | fvctl --passwd-file=/etc/flowvisor.passwd listDevices |
| 1532 | |
| 1533 | fvctl --passwd-file=/etc/flowvisor.passwd getDeviceInfo 06:d6:6c:3b:e5:68:00:00 |
| 1534 | |
| 1535 | #Slices |
| 1536 | fvctl --passwd-file=/etc/flowvisor.passwd listSlices |
| 1537 | |
| 1538 | fvctl --passwd-file=/etc/flowvisor.passwd getSliceInfo 5c956f94-5e05-40b5-948f-34d0149d9182 |
| 1539 | |
| 1540 | }}} |
| 1541 | |
| 1542 | Check the FlowVisor setting: |
| 1543 | {{{ |
| 1544 | fvctl --passwd-file=/etc/flowvisor.passwd dumpConfig /tmp/flowvisor-config |
| 1545 | more /tmp/flowvisor-config |
| 1546 | |
| 1547 | }}} |
| 1548 | |
| 1549 | |
| 1550 | Verify alerts for the compute resource Aggregate Manager are being reported to the [http://monitor.gpolab.bbn.com/nagios/cgi-bin/status.cgi GPO Tango GENI Nagios monitoring] and that all alerts have status OK. |
| 1551 | |
| 1552 | |
| 1553 | [[Image(NYSERNet-nagios.jpg)]] |
| 1554 | |
| 1555 | Verify alerts for the FOAM Aggregate Manager are being reported to the [http://monitor.gpolab.bbn.com/nagios/cgi-bin/status.cgi GPO Tango GENI Nagios monitoring] and that all alerts have status OK. |
| 1556 | |
| 1557 | [[Image(NYSERNet-OF-nagios.jpg)]] |