wiki:GENIRacksHome/OpenGENIRacks/AcceptanceTestStatusApr2014/OG-ADM-2

Version 1 (modified by lnevers@bbn.com, 10 years ago) (diff)

--

GR-ADM-2: Rack Administrator Access Test

This page captures status for the test case GR-ADM-2. For additional information see the Acceptance Test Status - April 2014? page overall status, or the GRAM Acceptance Test Plan? for details about the planned evaluation.

Step State Notes Tickets
Step 1 Pass
Step 2 Pass
Step 3 Pass: most criteria Remote access to iDRAC 65


State Legend Description
Pass Test completed and met all criteria
Pass: most criteria Test completed and met most criteria. Exceptions documented
Fail Test completed and failed to meet criteria.
Complete Test completed but will require re-execution due to expected changes
Blocked Blocked by ticketed issue(s).
In Progress Currently under test.
Not Planned This area is not part of initial evaluation

Test Plan Steps

Step 1: For each type of rack infrastructure node verify features

For each type of rack infrastructure node, including VM server hosts and any VMs running infrastructure support services, use a site administrator account to test:

  • Login to the node using public-key SSH.
  • Verify that you cannot login to the node using password-based SSH, nor via any unencrypted login protocol.
  • When logged in, run a command via sudo to verify root privileges.

Control Node

Requested Administrative account and provided SSH Public keys. Once the account was created, logged in to verify sudo access on Control Node:

LNM:~$ ssh lnevers@130.127.88.98  
Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.5.0-46-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Tue Apr 22 12:30:41 EDT 2014

  System load:  0.01               Users logged in:      0
  Usage of /:   2.4% of 297.06GB   IP address for dat:   10.10.5.100
  Memory usage: 1%                 IP address for mgt:   10.10.6.100
  Swap usage:   0%                 IP address for ctl:   10.10.8.100
  Processes:    297                IP address for br-ex: 130.127.88.98

  Graph this data and manage this system at:
    https://landscape.canonical.com/

76 packages can be updated.
28 updates are security updates.

Last login: Tue Apr 22 12:30:04 2014 from 128.89.73.116
lnevers@clemson-clemson-control-1:~$ 
lnevers@clemson-clemson-control-1:~$ sudo whoami
root
lnevers@clemson-clemson-control-1:~$ 

Compute Nodes

From control node connected to compute resource servers clemson-clemson-compute-1 and clemson-clemson-compute-2 and verified root access:

lnevers@clemson-clemson-control-1:~$ for i in  10.10.8.101 10.10.8.102; do ssh -t $i "hostname; sudo whoami; uname -a "; done
clemson-clemson-compute-1
[sudo] password for lnevers: 
root
Linux clemson-clemson-compute-1 3.5.0-46-generic #70~precise1-Ubuntu SMP Thu Jan 9 23:55:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Connection to 10.10.8.101 closed.
clemson-clemson-compute-2
[sudo] password for lnevers: 
root
Linux clemson-clemson-compute-2 3.5.0-46-generic #70~precise1-Ubuntu SMP Thu Jan 9 23:55:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Connection to 10.10.8.102 closed.
lnevers@clemson-clemson-control-1:~$ 

Step 2: For each rack infrastructure device verify features

For each rack infrastructure device (switches, remote PDUs if any), use a site administrator account to test:

  • Login via SSH.
  • Login via a serial console (if the device has one).
  • Verify that you cannot login to the device via an unencrypted login protocol.
  • Use the "enable" command or equivalent to verify privileged access.

From Control Node connected to Force10 OpenFlow Switch which is 10.10.8.200:

lnevers@clemson-clemson-control-1:~$ ssh 10.10.8.200
lnevers@10.10.8.200's password: 
FTOS>ena
Password: 
FTOS#
FTOS#show version
Dell Force10 Real Time Operating System Software
Dell Force10 Operating System Version: 2.0
Dell Force10 Application Software Version: 9.1(0.0)
Copyright (c) 1999-2012 by Dell Inc. All Rights Reserved.
Build Time: Tue Feb 26 20:02:06 2013
Build Path: /sites/sjc/work/build/toolSpaces/tools03/E9-1-0/SW/SRC
FTOS uptime is 6 week(s), 5 day(s), 1 hour(s), 15 minute(s)

System image file is "system://B"

System Type: S4810 
Control Processor: Freescale QorIQ P2020 with 2147483648 bytes of memory.

128M bytes of boot flash memory.

  1 52-port GE/TE/FG (SE)
 48 Ten GigabitEthernet/IEEE 802.3 interface(s)
  4 Forty GigabitEthernet/IEEE 802.3 interface(s)
FTOS#

FTOS#show running-config 
Current Configuration ...
! Version 9.1(0.0)
! Last configuration change at Wed Apr 23 08:48:58 2014 by bparker
! Startup-config last updated at Wed Apr 23 08:49:43 2014 by bparker
!
boot system stack-unit 0 primary system: B:
boot system stack-unit 0 secondary system: A:
boot system stack-unit 0 default system: B:
boot system gateway 10.10.8.1
!
redundancy auto-synchronize full
redundancy disable-auto-reboot stack-unit
!
redundancy disable-auto-reboot stack-unit 0
redundancy disable-auto-reboot stack-unit 1
redundancy disable-auto-reboot stack-unit 2
redundancy disable-auto-reboot stack-unit 3
redundancy disable-auto-reboot stack-unit 4
redundancy disable-auto-reboot stack-unit 5
redundancy disable-auto-reboot stack-unit 6
redundancy disable-auto-reboot stack-unit 7
redundancy disable-auto-reboot stack-unit 8
redundancy disable-auto-reboot stack-unit 9
redundancy disable-auto-reboot stack-unit 10
redundancy disable-auto-reboot stack-unit 11
!
hardware watchdog
!
logging coredump stack-unit all
!
hostname FTOS
!
cam-acl l2acl 2 ipv4acl 0 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 openflow 8 fcoeacl 0 iscsioptacl 0
!
cam-acl-vlan vlanopenflow 1 vlaniscsi 1 
!

<<User information omitted>>

stack-unit 0 provision S4810
!       
interface TenGigabitEthernet 0/0
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/1
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/2
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/3
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/4
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/5
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/6
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/7
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/8
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/9
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!

<<<LOTS of Interface information not captured!>>>

interface ManagementEthernet 0/0
 ip address 10.10.8.200/24
 no shutdown
!

interface Vlan 1
!untagged TenGigabitEthernet 0/0-5,12-13
!
interface Vlan 100 of-instance 2
 no ip address
 tagged TenGigabitEthernet 0/12-13
 no shutdown
!       
interface Vlan 845
 no ip address
 tagged TenGigabitEthernet 0/47
 no shutdown
!
interface Vlan 1000 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-2
 no shutdown
!
interface Vlan 1001 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-2
 no shutdown
!
interface Vlan 1002 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-2
 no shutdown
!
interface Vlan 1003 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-2
 no shutdown
!
interface Vlan 1004 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-2
 no shutdown
!
interface Vlan 1005 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-2
 no shutdown
!
interface Vlan 1006 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-2
 no shutdown

<<VLAN 1007 through 2098 not captured here...>>>
interface Vlan 2099 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 2100 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3000 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-4
 no shutdown
!
interface Vlan 3001 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-4
 no shutdown
!       
interface Vlan 3002 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-4
 no shutdown
!
interface Vlan 3003 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-4
 no shutdown
!
interface Vlan 3004 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-4
 no shutdown
!
interface Vlan 3005 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-4
 no shutdown
!
interface Vlan 3006 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-5
 no shutdown
!
interface Vlan 3007 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-4
 no shutdown
!
interface Vlan 3008 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-4
 no shutdown
!
interface Vlan 3009 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-4
 no shutdown
!
interface Vlan 3010 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3011 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3012 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3013 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3014 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3015 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3016 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3017 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3018 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3019 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
interface Vlan 3020 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
openflow of-instance 1
 controller 1 10.10.8.100  tcp
 flow-map l2 enable
 flow-map l3 enable
 interface-type vlan
 multiple-fwd-table enable
 no shutdown
!
openflow of-instance 2
 controller 1 130.127.39.171  tcp
 flow-map l2 enable
 flow-map l3 enable
 interface-type vlan
 multiple-fwd-table enable
 shutdown
!
snmp-server community public ro 
!
ip ssh rsa-authentication enable
ip ssh server enable
!
protocol lldp 
!
line console 0
line vty 0
line vty 1
line vty 2
line vty 3
line vty 4
line vty 5
line vty 6
line vty 7
line vty 8
line vty 9
!
http-server http
!
reload-type normal-reload
!
end
FTOS#show vlan

Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C - Community, I - Isolated
       O - Openflow
Q: U - Untagged, T - Tagged
   x - Dot1x untagged, X - Dot1x tagged
   o - OpenFlow untagged, O - OpenFlow tagged
   G - GVRP tagged, M - Vlan-stack, H - VSN tagged
   i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged

    NUM    Status    Description                     Q Ports
*   1      Active                                    U Te 0/0-5,12-13
O   100    Inactive                                  T Te 0/12-13
    845    Inactive                                  T Te 0/47
O   1000   Active                                    T Te 0/0-2
O   1001   Active                                    T Te 0/0-2
O   1002   Active                                    T Te 0/0-2
<....Information Removed>>>
O   3000   Active                                    T Te 0/0-4
O   3001   Active                                    T Te 0/0-4
O   3002   Active                                    T Te 0/0-4
O   3003   Active                                    T Te 0/0-4
O   3004   Active                                    T Te 0/0-4
O   3005   Active                                    T Te 0/0-4
O   3006   Active                                    T Te 0/0-5
O   3007   Active                                    T Te 0/0-4
O   3008   Active                                    T Te 0/0-4
O   3009   Active                                    T Te 0/0-4
O   3010   Active                                    T Te 0/0-3
O   3011   Active                                    T Te 0/0-3
O   3012   Active                                    T Te 0/0-3
O   3013   Active                                    T Te 0/0-3
O   3014   Active                                    T Te 0/0-3
O   3015   Active                                    T Te 0/0-3
O   3016   Active                                    T Te 0/0-3
O   3017   Active                                    T Te 0/0-3
O   3018   Active                                    T Te 0/0-3
O   3019   Active                                    T Te 0/0-3
O   3020   Active                                    T Te 0/0-3
FTOS#                
FTOS#show vlan id 3001

Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C - Community, I - Isolated
       O - Openflow
Q: U - Untagged, T - Tagged
   x - Dot1x untagged, X - Dot1x tagged
   o - OpenFlow untagged, O - OpenFlow tagged
   G - GVRP tagged, M - Vlan-stack, H - VSN tagged
   i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged

    NUM    Status    Description                     Q Ports
O   3001   Active                                    T Te 0/0-4
FTOS#
FTOS#exit
Connection to 10.10.8.200 closed.
lnevers@clemson-clemson-control-1:~$ exit
logout
Connection to 130.127.88.98 closed.
LNM:~$ 

From Control Node connected to PowerConnect 7048 switch which is 10.10.8.201:

lnevers@clemson-clemson-control-1:~$ ssh 10.10.8.201
lnevers@10.10.8.201's password: 

PCT7048>ena
Password:***************

PCT7048#show version

Image Descriptions

 image1 : default image
 image2 :


 Images currently available on Flash

unit  image1       image2       current-active     next-active
----- ------------ ------------ ----------------- -----------------

1     4.2.0.4      5.0.1.3      image2             image2

PCT7048#
PCT7048#show vlan

VLAN   Name                             Ports          Type
-----  ---------------                  -------------  --------------
1      default                          Po1-128,       Default
                                        Gi1/0/4-12,
                                        Gi1/0/16-24,
                                        Gi1/0/28-36,
                                        Gi1/0/40,
                                        Gi1/0/42-47
100    Management                       Gi1/0/1-3      Static
200    Control                          Gi1/0/13-15,   Static
                                        Gi1/0/37-39,
                                        Gi1/0/41
300    External                                        Static
845    VLAN0845                         Gi1/0/48       Static
846    VLAN0846                         Gi1/0/48       Static
872    External                         Gi1/0/25-27,   Static
                                        Gi1/0/48
2500   VLAN2500                         Gi1/0/1-3      Static

PCT7048#
PCT7048#show running-config 

!Current Configuration:
!System Description "PowerConnect 7048, 5.0.1.3, VxWorks 6.6"
!System Software Version 5.0.1.3
!System Operational Mode "Normal"
!
configure
vlan 100,200,300,845-846,872,2500
exit
vlan 100
name "Management"
exit
vlan 200
name "Control"
exit
vlan 300
name "External"
exit
vlan 872
name "External"
exit
hostname "PCT7048"
slot 1/0 5    ! PowerConnect 7048
--More-- or (q)uit
slot 1/1 9    ! CX4 Card
stack
member 1 5    ! PCT7048
exit
interface vlan 1
exit
interface vlan 200
ip address 10.10.8.201 255.255.255.0
exit
interface vlan 845
ip address 130.127.39.136 255.255.255.128
exit
interface vlan 872
exit

<<User info not captured>>
ip ssh server
!
interface Gi1/0/1
--More-- or (q)uit
switchport mode trunk
switchport trunk allowed vlan 100,2500
exit
!
interface Gi1/0/2
switchport mode trunk
switchport trunk allowed vlan 100,2500
exit
!
interface Gi1/0/3
switchport mode trunk
switchport trunk allowed vlan 100,2500
exit
!
interface Gi1/0/13
switchport access vlan 200
exit
!
interface Gi1/0/14
switchport access vlan 200
exit
!
interface Gi1/0/15
--More-- or (q)uit
switchport access vlan 200
exit
!
interface Gi1/0/25
switchport access vlan 872
exit
!
interface Gi1/0/26
switchport access vlan 872
exit
!
interface Gi1/0/27
switchport access vlan 872
exit
!
interface Gi1/0/37
switchport access vlan 200
exit
!
interface Gi1/0/38
switchport access vlan 200
exit
!
interface Gi1/0/39
switchport access vlan 200
exit
!
interface Gi1/0/41
switchport access vlan 200
exit
!
interface Gi1/0/48
switchport mode trunk
switchport trunk allowed vlan 845-846,872
exit

exit

PCT7048#exit

PCT7048>exitConnection to 10.10.8.201 closed.
lnevers@clemson-clemson-control-1:~$ 

Remote access is available via integrated Dell Remote Access Controller (iDRAC) Configuration, which allows Web access.

With the current network topology, this could be tested without a Windows System. Has been tried by others.

Step 3. Verify GRAM remote console solution

Verify the GRAM remote console solution for rack hosts can be used to access the consoles all server hosts and experimental hosts:

  • Login via SSH or other encrypted protocol.
  • Verify that you cannot login via an unencrypted login protocol.

Access to an integrated Dell Remote Access Controller (iDRAC) server is available via SSH from the controller node:

gram@bbn-cam-ctrl-1:~$
ssh -i ~/.ssh/id_dsa gram@10.10.8.10
/admin1-> racadm 

racadm>> serveraction <action >

quit
exit

Remote access is available via integrated Dell Remote Access Controller (iDRAC) Configuration, which allows Web access. With the current network topology, this could be tested without a Windows System. I has however been tried by others.