1110 | | |
| 1110 | Sent request for administrative account to site contact from the [http://groups.geni.net/geni/wiki/GeniAggregate/StanfordInstaGENI Stanford InstaGENI] aggregate page. Followed instructions at the [http://groups.geni.net/geni/wiki/GENIRacksAdministration/InstaGENIAdministration InstaGENI Administration] page for account request. A local administrator account was requested by joining the ''emulab-ops'' group at https://www.instageni.stanford.edu/joinproject.php3 page. Once the administrative account was approved and the membership to emulab-ops was granted, proceeded to execute administrative tests. |
| 1111 | |
| 1112 | {{{ |
| 1113 | LNM:~$ ssh control.instageni.stanford.edu |
| 1114 | |
| 1115 | }}} |
| 1116 | |
| 1117 | Also access the boss node: |
| 1118 | {{{ |
| 1119 | LNM:~$ ssh boss.instageni.stanford.edu |
| 1120 | The authenticity of host 'boss.instageni.stanford.edu (171.67.2.4)' can't be established. |
| 1121 | RSA key fingerprint is 46:63:92:67:c8:75:20:4e:52:9f:2d:f6:cb:58:16:77. |
| 1122 | Are you sure you want to continue connecting (yes/no)? yes |
| 1123 | Warning: Permanently added 'boss.instageni.stanford.edu,171.67.2.4' (RSA) to the list of known hosts. |
| 1124 | FreeBSD 9.0-STABLE (TESTBED-XEN) #0: Tue Apr 30 14:24:36 MDT 2013 |
| 1125 | |
| 1126 | Welcome to FreeBSD! |
| 1127 | |
| 1128 | Any user that is a member of the wheel group can use "su -" to simulate |
| 1129 | a root login. You can add a user to the wheel group by editing /etc/group. |
| 1130 | -- Konstantinos Konstantinidis <kkonstan@duth.gr> |
| 1131 | > bash |
| 1132 | [lnevers@boss ~]$ sudo whoami |
| 1133 | root |
| 1134 | [lnevers@boss ~]$ uname -a |
| 1135 | FreeBSD boss.instageni.stanford.edu 9.0-STABLE FreeBSD 9.0-STABLE #0: Tue Apr 30 14:24:36 MDT 2013 root@n1.one-freebsd.testbed.emulab.net:/usr/obj/mnt/src/sys/TESTBED-XEN i386 |
| 1136 | [lnevers@boss ~]$ |
| 1137 | }}} |
| 1138 | |
| 1139 | From boss node accessed each of the experiment nodes that support VMs: |
| 1140 | {{{ |
| 1141 | [lnevers@boss ~]$ for i in pc1 pc2 pc3; do ssh $i "echo -n '===> Host: ';hostname;sudo whoami;uname -a;echo"; done |
| 1142 | Warning: Permanently added 'pc1.instageni.stanford.edu' (RSA) to the list of known hosts. |
| 1143 | ===> Host: vhost1.shared-nodes.emulab-ops.instageni.stanford.edu |
| 1144 | root |
| 1145 | Linux vhost1.shared-nodes.emulab-ops.instageni.stanford.edu 2.6.32-042stab049.6.emulab.1 #1 SMP Mon May 21 14:36:04 MDT 2012 x86_64 x86_64 x86_64 GNU/Linux |
| 1146 | |
| 1147 | Warning: Permanently added 'pc2.instageni.stanford.edu' (RSA) to the list of known hosts. |
| 1148 | ===> Host: vhost2.shared-nodes.emulab-ops.instageni.stanford.edu |
| 1149 | root |
| 1150 | Linux vhost2.shared-nodes.emulab-ops.instageni.stanford.edu 2.6.32-042stab049.6.emulab.1 #1 SMP Mon May 21 14:36:04 MDT 2012 x86_64 x86_64 x86_64 GNU/Linux |
| 1151 | |
| 1152 | Warning: Permanently added 'pc3.instageni.stanford.edu' (RSA) to the list of known hosts. |
| 1153 | ===> Host: vhost3.shared-nodes.emulab-ops.instageni.stanford.edu |
| 1154 | root |
| 1155 | Linux vhost3.shared-nodes.emulab-ops.instageni.stanford.edu 3.2.46 #1 SMP Wed Jun 5 15:53:18 MDT 2013 x86_64 x86_64 x86_64 GNU/Linux |
| 1156 | |
| 1157 | [lnevers@boss ~]$ |
| 1158 | }}} |
| 1159 | |
| 1160 | In order to access Dedicated Nodes some experiment must be running on the raw-pc device. At the time of this capture there one experiment using the two raw-pc nodes (pc4 and pc5): |
| 1161 | {{{ |
| 1162 | [lnevers@boss ~]$ sudo ssh pc4 |
| 1163 | [root@vm ~]# sudo whoami |
| 1164 | root |
| 1165 | [root@vm ~]# uname -a |
| 1166 | Linux vm.ln2pc.ch-geni-net.instageni.stanford.edu 2.6.40-4.emulab2.fc15.i686.PAE #1 SMP Tue Feb 26 13:35:12 MST 2013 i686 i686 i386 GNU/Linux |
| 1167 | [root@vm ~]# exit |
| 1168 | logout |
| 1169 | Connection to pc4.instageni.stanford.edu closed. |
| 1170 | [lnevers@boss ~]$ sudo ssh pc5 |
| 1171 | [root@pc ~]# sudo whoami |
| 1172 | root |
| 1173 | [root@pc ~]# uname -a |
| 1174 | Linux pc.ln2pc.ch-geni-net.instageni.stanford.edu 2.6.40-4.emulab2.fc15.i686.PAE #1 SMP Tue Feb 26 13:35:12 MST 2013 i686 i686 i386 GNU/Linux |
| 1175 | [root@pc ~]# exit |
| 1176 | logout |
| 1177 | Connection to pc5.instageni.stanford.edu closed. |
| 1178 | [lnevers@boss ~]$ |
| 1179 | }}} |
| 1180 | |
| 1181 | Further verified access by ssh from ops.instageni.gpolab.bbn.com to boss.instageni.gpolab.bbn.com, which is usually restricted for non-admin users: |
| 1182 | {{{ |
| 1183 | LNM:~$ ssh ops.instageni.stanford.edu |
| 1184 | The authenticity of host 'ops.instageni.stanford.edu (171.67.2.5)' can't be established. |
| 1185 | RSA key fingerprint is 46:63:92:67:c8:75:20:4e:52:9f:2d:f6:cb:58:16:77. |
| 1186 | Are you sure you want to continue connecting (yes/no)? yes |
| 1187 | Warning: Permanently added 'ops.instageni.stanford.edu,171.67.2.5' (RSA) to the list of known hosts. |
| 1188 | FreeBSD 9.0-STABLE (TESTBED-XEN) #0: Tue Apr 30 14:24:36 MDT 2013 |
| 1189 | |
| 1190 | Welcome to FreeBSD! |
| 1191 | |
| 1192 | To determine whether a file is a text file, executable, or some other type |
| 1193 | of file, use |
| 1194 | |
| 1195 | file filename |
| 1196 | -- Dru <genesis@istar.ca> |
| 1197 | > bash |
| 1198 | [lnevers@ops ~]$ sudo whoami |
| 1199 | root |
| 1200 | [lnevers@ops ~]$ uname -a |
| 1201 | FreeBSD ops.instageni.stanford.edu 9.0-STABLE FreeBSD 9.0-STABLE #0: Tue Apr 30 14:24:36 MDT 2013 root@n1.one-freebsd.testbed.emulab.net:/usr/obj/mnt/src/sys/TESTBED-XEN i386 |
| 1202 | [lnevers@ops ~]$ |
| 1203 | [lnevers@ops ~]$ uname -a |
| 1204 | FreeBSD ops.instageni.stanford.edu 9.0-STABLE FreeBSD 9.0-STABLE #0: Tue Apr 30 14:24:36 MDT 2013 root@n1.one-freebsd.testbed.emulab.net:/usr/obj/mnt/src/sys/TESTBED-XEN i386 |
| 1205 | [lnevers@ops ~]$ ssh boss |
| 1206 | The authenticity of host 'boss.instageni.stanford.edu (171.67.2.4)' can't be established. |
| 1207 | ECDSA key fingerprint is bd:05:23:a7:5b:cc:78:c8:8c:a8:d3:e9:f7:27:53:cb. |
| 1208 | Are you sure you want to continue connecting (yes/no)? yes |
| 1209 | Warning: Permanently added 'boss.instageni.stanford.edu' (ECDSA) to the list of known hosts. |
| 1210 | Last login: Thu Dec 12 12:30:49 2013 from dhcp89-073-116.bbn.com |
| 1211 | FreeBSD 9.0-STABLE (TESTBED-XEN) #0: Tue Apr 30 14:24:36 MDT 2013 |
| 1212 | |
| 1213 | Welcome to FreeBSD! |
| 1214 | |
| 1215 | Having trouble using fetch through a firewall? Try setting the environment |
| 1216 | variable FTP_PASSIVE_MODE to yes, and see fetch(3) for more details. |
| 1217 | > bash |
| 1218 | [lnevers@boss ~]$ |
| 1219 | |
| 1220 | }}} |
| 1221 | Access infrastructure switches using documented password. First connect to the switch named procurve1 the control network switch: |
| 1222 | {{{ |
| 1223 | [lnevers@boss ~]$ sudo more /usr/testbed/etc/switch.pswd |
| 1224 | XXXXXXXXX |
| 1225 | [lnevers@boss ~]$ telnet procurve1 |
| 1226 | Trying 10.1.1.253... |
| 1227 | Connected to procurve1. |
| 1228 | Escape character is '^]'. |
| 1229 | |
| 1230 | HP J9623A E2620-24 Switch |
| 1231 | Software revision RA.15.05.0006 |
| 1232 | |
| 1233 | Copyright (C) 1991-2011 Hewlett-Packard Development Company, L.P. |
| 1234 | |
| 1235 | RESTRICTED RIGHTS LEGEND |
| 1236 | Confidential computer software. Valid license from HP required for possession, |
| 1237 | use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer |
| 1238 | Software, Computer Software Documentation, and Technical Data for Commercial |
| 1239 | Items are licensed to the U.S. Government under vendor's standard commercial |
| 1240 | license. |
| 1241 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. |
| 1242 | 20555 State Highway 249, Houston, TX 77070 |
| 1243 | |
| 1244 | We'd like to keep you up to date about: |
| 1245 | * Software feature updates |
| 1246 | * New product announcements |
| 1247 | * Special events |
| 1248 | Please register your products now at: www.hp.com/networking/register |
| 1249 | Password: |
| 1250 | HP-E2620-24# show version |
| 1251 | Image stamp: /sw/code/build/xform(RA_15_05) |
| 1252 | Aug 9 2011 09:08:18 |
| 1253 | RA.15.05.0006 |
| 1254 | 44 |
| 1255 | Boot Image: Primary |
| 1256 | HP-E2620-24# show running-config |
| 1257 | |
| 1258 | Running configuration: |
| 1259 | |
| 1260 | ; J9623A Configuration Editor; Created on release #RA.15.05.0006 |
| 1261 | ; Ver #01:01:00 |
| 1262 | |
| 1263 | hostname "HP-E2620-24" |
| 1264 | ip default-gateway 10.1.1.254 |
| 1265 | vlan 1 |
| 1266 | name "DEFAULT_VLAN" |
| 1267 | untagged 1-22,25-28 |
| 1268 | ip address 10.254.254.253 255.255.255.0 |
| 1269 | no untagged 23-24 |
| 1270 | ip igmp |
| 1271 | exit |
| 1272 | vlan 11 |
| 1273 | name "control-alternate" |
| 1274 | untagged 24 |
| 1275 | ip address 10.2.1.253 255.255.255.0 |
| 1276 | exit |
| 1277 | vlan 10 |
| 1278 | name "control-hardware" |
| 1279 | untagged 23 |
| 1280 | ip address 10.1.1.253 255.255.255.0 |
| 1281 | exit |
| 1282 | no web-management |
| 1283 | snmp-server community "xxx" unrestricted |
| 1284 | aaa authentication ssh login public-key |
| 1285 | aaa authentication ssh enable public-key |
| 1286 | management-vlan 10 |
| 1287 | no dhcp config-file-update |
| 1288 | password xx |
| 1289 | password xx |
| 1290 | |
| 1291 | HP-E2620-24# show vlans |
| 1292 | |
| 1293 | Status and Counters - VLAN Information |
| 1294 | |
| 1295 | Maximum VLANs to support : 256 |
| 1296 | Primary VLAN : DEFAULT_VLAN |
| 1297 | Management VLAN : control-hardware |
| 1298 | |
| 1299 | VLAN ID Name | Status Voice Jumbo |
| 1300 | ------- -------------------------------- + ---------- ----- ----- |
| 1301 | 1 DEFAULT_VLAN | Port-based No No |
| 1302 | 10 control-hardware | Port-based No No |
| 1303 | 11 control-alternate | Port-based No No |
| 1304 | |
| 1305 | HP-E2620-24# |
| 1306 | }}} |
| 1307 | |
| 1308 | Connect to the switch named procurve2 the dataplane network switch via ssh using the documented password: |
| 1309 | {{{ |
| 1310 | [lnevers@boss ~]$ sudo more /usr/testbed/etc/switch.pswd |
| 1311 | xxxxxxx |
| 1312 | [lnevers@boss ~]$ telnet procurve2 |
| 1313 | Trying 10.3.1.253... |
| 1314 | Connected to procurve2. |
| 1315 | Escape character is '^]'. |
| 1316 | |
| 1317 | HP J8697A Switch E5406zl |
| 1318 | Software revision K.15.06.5008 |
| 1319 | |
| 1320 | Copyright (C) 1991-2012 Hewlett-Packard Development Company, L.P. |
| 1321 | |
| 1322 | RESTRICTED RIGHTS LEGEND |
| 1323 | Confidential computer software. Valid license from HP required for possession, |
| 1324 | use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer |
| 1325 | Software, Computer Software Documentation, and Technical Data for Commercial |
| 1326 | Items are licensed to the U.S. Government under vendor's standard commercial |
| 1327 | license. |
| 1328 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. |
| 1329 | 20555 State Highway 249, Houston, TX 77070 |
| 1330 | |
| 1331 | We'd like to keep you up to date about: |
| 1332 | * Software feature updates |
| 1333 | * New product announcements |
| 1334 | * Special events |
| 1335 | Please register your products now at: www.hp.com/networking/register |
| 1336 | Username: manager |
| 1337 | Password: |
| 1338 | |
| 1339 | HP-E5406zl# show version |
| 1340 | Image stamp: /ws/swbuildm/of_bridge_qaoff/code/build/btm(of_bridge_qaoff) |
| 1341 | Feb 18 2012 11:26:28 |
| 1342 | K.15.06.5008 |
| 1343 | 79 |
| 1344 | Boot Image: Primary |
| 1345 | HP-E5406zl# show running-config |
| 1346 | |
| 1347 | Running configuration: |
| 1348 | |
| 1349 | ; J8697A Configuration Editor; Created on release #K.15.06.5008 |
| 1350 | ; Ver #02:10.0d:1f |
| 1351 | |
| 1352 | hostname "HP-E5406zl" |
| 1353 | module 1 type J9549A |
| 1354 | interface A1 |
| 1355 | speed-duplex auto-1000 |
| 1356 | exit |
| 1357 | interface A2 |
| 1358 | speed-duplex auto-1000 |
| 1359 | exit |
| 1360 | interface A3 |
| 1361 | speed-duplex auto-1000 |
| 1362 | exit |
| 1363 | interface A4 |
| 1364 | speed-duplex auto-1000 |
| 1365 | exit |
| 1366 | interface A5 |
| 1367 | speed-duplex auto-1000 |
| 1368 | exit |
| 1369 | interface A6 |
| 1370 | speed-duplex auto-1000 |
| 1371 | exit |
| 1372 | interface A7 |
| 1373 | speed-duplex auto-1000 |
| 1374 | exit |
| 1375 | interface A8 |
| 1376 | speed-duplex auto-1000 |
| 1377 | exit |
| 1378 | interface A9 |
| 1379 | speed-duplex auto-1000 |
| 1380 | exit |
| 1381 | interface A10 |
| 1382 | speed-duplex auto-1000 |
| 1383 | exit |
| 1384 | interface A13 |
| 1385 | speed-duplex auto-1000 |
| 1386 | exit |
| 1387 | ip default-gateway 10.3.1.254 |
| 1388 | vlan 1 |
| 1389 | name "DEFAULT_VLAN" |
| 1390 | forbid A1-A9 |
| 1391 | untagged A11-A12,A14-A19,A21-A23 |
| 1392 | no untagged A1-A10,A13,A20,A24 |
| 1393 | no ip address |
| 1394 | exit |
| 1395 | vlan 10 |
| 1396 | name "control-hardware" |
| 1397 | untagged A20 |
| 1398 | ip address 10.3.1.253 255.255.255.0 |
| 1399 | exit |
| 1400 | vlan 257 |
| 1401 | name "5000" |
| 1402 | untagged A1-A9 |
| 1403 | no ip address |
| 1404 | exit |
| 1405 | vlan 3752 |
| 1406 | name "5007" |
| 1407 | tagged A1,A7,A24 |
| 1408 | no ip address |
| 1409 | exit |
| 1410 | vlan 3755 |
| 1411 | name "5013" |
| 1412 | tagged A24 |
| 1413 | no ip address |
| 1414 | exit |
| 1415 | vlan 3756 |
| 1416 | name "5014" |
| 1417 | tagged A24 |
| 1418 | no ip address |
| 1419 | exit |
| 1420 | vlan 3757 |
| 1421 | name "5015" |
| 1422 | tagged A24 |
| 1423 | no ip address |
| 1424 | exit |
| 1425 | vlan 3758 |
| 1426 | name "5016" |
| 1427 | tagged A24 |
| 1428 | no ip address |
| 1429 | exit |
| 1430 | vlan 3759 |
| 1431 | name "5017" |
| 1432 | tagged A24 |
| 1433 | no ip address |
| 1434 | exit |
| 1435 | vlan 258 |
| 1436 | name "5051" |
| 1437 | untagged A10,A13 |
| 1438 | no ip address |
| 1439 | exit |
| 1440 | no web-management |
| 1441 | openflow |
| 1442 | vlan 3752 |
| 1443 | enable |
| 1444 | controller "tcp:10.3.1.7:6633" fail-secure on |
| 1445 | exit |
| 1446 | vlan 3755 |
| 1447 | enable |
| 1448 | controller "tcp:10.3.1.7:6633" fail-secure on |
| 1449 | exit |
| 1450 | vlan 3756 |
| 1451 | enable |
| 1452 | controller "tcp:10.3.1.7:6633" fail-secure on |
| 1453 | exit |
| 1454 | vlan 3757 |
| 1455 | enable |
| 1456 | controller "tcp:10.3.1.7:6633" fail-secure on |
| 1457 | exit |
| 1458 | vlan 3758 |
| 1459 | enable |
| 1460 | controller "tcp:10.3.1.7:6633" fail-secure on |
| 1461 | exit |
| 1462 | vlan 3759 |
| 1463 | enable |
| 1464 | controller "tcp:10.3.1.7:6633" fail-secure on |
| 1465 | exit |
| 1466 | exit |
| 1467 | snmp-server community "xxx" unrestricted |
| 1468 | aaa authentication ssh login public-key |
| 1469 | aaa authentication ssh enable public-key |
| 1470 | management-vlan 10 |
| 1471 | no autorun |
| 1472 | no dhcp config-file-update |
| 1473 | no dhcp image-file-update |
| 1474 | password xx |
| 1475 | password xx |
| 1476 | |
| 1477 | HP-E5406zl# show vlans |
| 1478 | |
| 1479 | Status and Counters - VLAN Information |
| 1480 | |
| 1481 | Maximum VLANs to support : 256 |
| 1482 | Primary VLAN : DEFAULT_VLAN |
| 1483 | Management VLAN : control-hardware |
| 1484 | |
| 1485 | VLAN ID Name | Status Voice Jumbo |
| 1486 | ------- -------------------------------- + ---------- ----- ----- |
| 1487 | 1 DEFAULT_VLAN | Port-based No No |
| 1488 | 10 control-hardware | Port-based No No |
| 1489 | 257 5000 | Port-based No No |
| 1490 | 258 5051 | Port-based No No |
| 1491 | 3752 5007 | Port-based No No |
| 1492 | 3755 5013 | Port-based No No |
| 1493 | 3756 5014 | Port-based No No |
| 1494 | 3757 5015 | Port-based No No |
| 1495 | 3758 5016 | Port-based No No |
| 1496 | 3759 5017 | Port-based No No |
| 1497 | |
| 1498 | |
| 1499 | HP-E5406zl# |
| 1500 | }}} |
| 1501 | |
| 1502 | Access the FOAM VM and gather information for version |
| 1503 | {{{ |
| 1504 | LNM:~$ ssh lnevers@foam.stanford.net |
| 1505 | |
| 1506 | sudo foamctl admin:get-version --passwd-file=/etc/foam.passwd |
| 1507 | |
| 1508 | }}} |
| 1509 | Check FOAM configuration for site.admin.email, geni.site-tag, email.from settings: |
| 1510 | {{{ |
| 1511 | foamctl config:get-value --key="site.admin.email" --passwd-file=/etc/foam.passwd |
| 1512 | |
| 1513 | foamctl config:get-value --key="geni.site-tag" --passwd-file=/etc/foam.passwd |
| 1514 | |
| 1515 | foamctl config:get-value --key="email.from" --passwd-file=/etc/foam.passwd |
| 1516 | |
| 1517 | # check if FOAM auto-approve is on. Value 2 = auto-approve is on. |
| 1518 | |
| 1519 | foamctl config:get-value --key="geni.approval.approve-on-creation" --passwd-file=/etc/foam.passwd |
| 1520 | |
| 1521 | }}} |
| 1522 | |
| 1523 | Show FOAM slivers details: |
| 1524 | |
| 1525 | {{{ |
| 1526 | foamctl geni:list-slivers --passwd-file=/etc/foam.passwd |
| 1527 | |
| 1528 | }}} |
| 1529 | Access the FlowVisor VM and gather version information: |
| 1530 | {{{ |
| 1531 | |
| 1532 | ssh lnevers@flowvisor.stanford.net |
| 1533 | }}} |
| 1534 | Check the !FlowVisor version, list of devices, get details for a device, list of active slices, and details for one of the slices: |
| 1535 | {{{ |
| 1536 | |
| 1537 | fvctl --passwd-file=/etc/flowvisor.passwd ping hello |
| 1538 | |
| 1539 | # Devices |
| 1540 | fvctl --passwd-file=/etc/flowvisor.passwd listDevices |
| 1541 | |
| 1542 | fvctl --passwd-file=/etc/flowvisor.passwd getDeviceInfo 06:d6:6c:3b:e5:68:00:00 |
| 1543 | |
| 1544 | #Slices |
| 1545 | fvctl --passwd-file=/etc/flowvisor.passwd listSlices |
| 1546 | |
| 1547 | fvctl --passwd-file=/etc/flowvisor.passwd getSliceInfo 5c956f94-5e05-40b5-948f-34d0149d9182 |
| 1548 | |
| 1549 | }}} |
| 1550 | |
| 1551 | Check the FlowVisor setting: |
| 1552 | {{{ |
| 1553 | fvctl --passwd-file=/etc/flowvisor.passwd dumpConfig /tmp/flowvisor-config |
| 1554 | more /tmp/flowvisor-config |
| 1555 | |
| 1556 | }}} |