= OG-ADM-2: Rack Administrator Access Test = This page captures status for the test case OG-ADM-2. For additional information see the [wiki:GENIRacksHome/OpenGENIRacks/AcceptanceTestStatusApr2014 Acceptance Test Status - April 2014] page overall status, or the [wiki:GENIRacksHome/AcceptanceTests/OpenGENIAcceptanceTestsPlan OpenGENI Acceptance Test Plan] for details about the planned evaluation. || '''Step''' || '''State''' ||''' Notes ''' || '''Tickets''' || || Step 1 ||[[span(Pass, style=background-color: green )]]|| || || || Step 2 ||[[span(Pass, style=background-color: green )]]|| || || || Step 3 ||[[span(Pass: most criteria, style=background-color: #98FB98)]] ||Remote access to iDRAC ||65 || [[BR]] || '''State Legend''' || '''Description''' || ||[[span(Pass, style=background-color: green )]] || Test completed and met all criteria || ||[[span(Pass: most criteria, style=background-color: #98FB98)]]|| Test completed and met most criteria. Exceptions documented || ||[[span(Fail, style=background-color: red)]] || Test completed and failed to meet criteria. || ||[[span(Complete, style=background-color: yellow)]] || Test completed but will require re-execution due to expected changes || ||[[span(Blocked, style=background-color: orange)]] || Blocked by ticketed issue(s). || ||[[span(In Progress, style=background-color: #63B8FF)]]|| Currently under test. || ||[[span(Not Planned)]] || This area is not part of initial evaluation || = Test Plan Steps = == Step 1: For each type of rack infrastructure node verify features == For each type of rack infrastructure node, including VM server hosts and any VMs running infrastructure support services, use a site administrator account to test: * Login to the node using public-key SSH. * Verify that you cannot login to the node using password-based SSH, nor via any unencrypted login protocol. * When logged in, run a command via sudo to verify root privileges. === Control Node === Requested Administrative account and provided SSH Public keys. Once the account was created, logged in to verify sudo access on Control Node: {{{ LNM:~$ ssh lnevers@130.127.88.98 Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.5.0-46-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Tue Apr 22 12:30:41 EDT 2014 System load: 0.01 Users logged in: 0 Usage of /: 2.4% of 297.06GB IP address for dat: 10.10.5.100 Memory usage: 1% IP address for mgt: 10.10.6.100 Swap usage: 0% IP address for ctl: 10.10.8.100 Processes: 297 IP address for br-ex: 130.127.88.98 Graph this data and manage this system at: https://landscape.canonical.com/ 76 packages can be updated. 28 updates are security updates. Last login: Tue Apr 22 12:30:04 2014 from 128.89.73.116 lnevers@clemson-clemson-control-1:~$ lnevers@clemson-clemson-control-1:~$ sudo whoami root lnevers@clemson-clemson-control-1:~$ }}} === Compute Nodes === From control node connected to compute resource servers clemson-clemson-compute-1 and clemson-clemson-compute-2 and verified root access: {{{ lnevers@clemson-clemson-control-1:~$ for i in 10.10.8.101 10.10.8.102; do ssh -t $i "hostname; sudo whoami; uname -a "; done clemson-clemson-compute-1 [sudo] password for lnevers: root Linux clemson-clemson-compute-1 3.5.0-46-generic #70~precise1-Ubuntu SMP Thu Jan 9 23:55:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Connection to 10.10.8.101 closed. clemson-clemson-compute-2 [sudo] password for lnevers: root Linux clemson-clemson-compute-2 3.5.0-46-generic #70~precise1-Ubuntu SMP Thu Jan 9 23:55:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Connection to 10.10.8.102 closed. lnevers@clemson-clemson-control-1:~$ }}} == Step 2: For each rack infrastructure device verify features == For each rack infrastructure device (switches, remote PDUs if any), use a site administrator account to test: * Login via SSH. * Login via a serial console (if the device has one). * Verify that you cannot login to the device via an unencrypted login protocol. * Use the "enable" command or equivalent to verify privileged access. From Control Node connected to Force10 !OpenFlow Switch which is 10.10.8.200: {{{ lnevers@clemson-clemson-control-1:~$ ssh 10.10.8.200 lnevers@10.10.8.200's password: FTOS>ena Password: FTOS# FTOS#show version Dell Force10 Real Time Operating System Software Dell Force10 Operating System Version: 2.0 Dell Force10 Application Software Version: 9.1(0.0) Copyright (c) 1999-2012 by Dell Inc. All Rights Reserved. Build Time: Tue Feb 26 20:02:06 2013 Build Path: /sites/sjc/work/build/toolSpaces/tools03/E9-1-0/SW/SRC FTOS uptime is 6 week(s), 5 day(s), 1 hour(s), 15 minute(s) System image file is "system://B" System Type: S4810 Control Processor: Freescale QorIQ P2020 with 2147483648 bytes of memory. 128M bytes of boot flash memory. 1 52-port GE/TE/FG (SE) 48 Ten GigabitEthernet/IEEE 802.3 interface(s) 4 Forty GigabitEthernet/IEEE 802.3 interface(s) FTOS# FTOS#show running-config Current Configuration ... ! Version 9.1(0.0) ! Last configuration change at Wed Apr 23 08:48:58 2014 by bparker ! Startup-config last updated at Wed Apr 23 08:49:43 2014 by bparker ! boot system stack-unit 0 primary system: B: boot system stack-unit 0 secondary system: A: boot system stack-unit 0 default system: B: boot system gateway 10.10.8.1 ! redundancy auto-synchronize full redundancy disable-auto-reboot stack-unit ! redundancy disable-auto-reboot stack-unit 0 redundancy disable-auto-reboot stack-unit 1 redundancy disable-auto-reboot stack-unit 2 redundancy disable-auto-reboot stack-unit 3 redundancy disable-auto-reboot stack-unit 4 redundancy disable-auto-reboot stack-unit 5 redundancy disable-auto-reboot stack-unit 6 redundancy disable-auto-reboot stack-unit 7 redundancy disable-auto-reboot stack-unit 8 redundancy disable-auto-reboot stack-unit 9 redundancy disable-auto-reboot stack-unit 10 redundancy disable-auto-reboot stack-unit 11 ! hardware watchdog ! logging coredump stack-unit all ! hostname FTOS ! cam-acl l2acl 2 ipv4acl 0 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 openflow 8 fcoeacl 0 iscsioptacl 0 ! cam-acl-vlan vlanopenflow 1 vlaniscsi 1 ! <> stack-unit 0 provision S4810 ! interface TenGigabitEthernet 0/0 no ip address portmode hybrid switchport flowcontrol rx on tx off no shutdown ! interface TenGigabitEthernet 0/1 no ip address portmode hybrid switchport flowcontrol rx on tx off no shutdown ! interface TenGigabitEthernet 0/2 no ip address portmode hybrid switchport flowcontrol rx on tx off no shutdown ! interface TenGigabitEthernet 0/3 no ip address portmode hybrid switchport flowcontrol rx on tx off no shutdown ! interface TenGigabitEthernet 0/4 no ip address portmode hybrid switchport flowcontrol rx on tx off no shutdown ! interface TenGigabitEthernet 0/5 no ip address portmode hybrid switchport flowcontrol rx on tx off no shutdown ! interface TenGigabitEthernet 0/6 no ip address flowcontrol rx on tx off no shutdown ! interface TenGigabitEthernet 0/7 no ip address flowcontrol rx on tx off no shutdown ! interface TenGigabitEthernet 0/8 no ip address flowcontrol rx on tx off no shutdown ! interface TenGigabitEthernet 0/9 no ip address flowcontrol rx on tx off no shutdown ! <<>> interface ManagementEthernet 0/0 ip address 10.10.8.200/24 no shutdown ! interface Vlan 1 !untagged TenGigabitEthernet 0/0-5,12-13 ! interface Vlan 100 of-instance 2 no ip address tagged TenGigabitEthernet 0/12-13 no shutdown ! interface Vlan 845 no ip address tagged TenGigabitEthernet 0/47 no shutdown ! interface Vlan 1000 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-2 no shutdown ! interface Vlan 1001 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-2 no shutdown ! interface Vlan 1002 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-2 no shutdown ! interface Vlan 1003 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-2 no shutdown ! interface Vlan 1004 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-2 no shutdown ! interface Vlan 1005 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-2 no shutdown ! interface Vlan 1006 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-2 no shutdown <>> interface Vlan 2099 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 2100 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3000 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-4 no shutdown ! interface Vlan 3001 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-4 no shutdown ! interface Vlan 3002 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-4 no shutdown ! interface Vlan 3003 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-4 no shutdown ! interface Vlan 3004 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-4 no shutdown ! interface Vlan 3005 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-4 no shutdown ! interface Vlan 3006 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-5 no shutdown ! interface Vlan 3007 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-4 no shutdown ! interface Vlan 3008 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-4 no shutdown ! interface Vlan 3009 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-4 no shutdown ! interface Vlan 3010 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3011 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3012 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3013 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3014 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3015 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3016 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3017 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3018 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3019 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! interface Vlan 3020 of-instance 1 no ip address tagged TenGigabitEthernet 0/0-3 no shutdown ! openflow of-instance 1 controller 1 10.10.8.100 tcp flow-map l2 enable flow-map l3 enable interface-type vlan multiple-fwd-table enable no shutdown ! openflow of-instance 2 controller 1 130.127.39.171 tcp flow-map l2 enable flow-map l3 enable interface-type vlan multiple-fwd-table enable shutdown ! snmp-server community public ro ! ip ssh rsa-authentication enable ip ssh server enable ! protocol lldp ! line console 0 line vty 0 line vty 1 line vty 2 line vty 3 line vty 4 line vty 5 line vty 6 line vty 7 line vty 8 line vty 9 ! http-server http ! reload-type normal-reload ! end FTOS#show vlan Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C - Community, I - Isolated O - Openflow Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged o - OpenFlow untagged, O - OpenFlow tagged G - GVRP tagged, M - Vlan-stack, H - VSN tagged i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged NUM Status Description Q Ports * 1 Active U Te 0/0-5,12-13 O 100 Inactive T Te 0/12-13 845 Inactive T Te 0/47 O 1000 Active T Te 0/0-2 O 1001 Active T Te 0/0-2 O 1002 Active T Te 0/0-2 <....Information Removed>>> O 3000 Active T Te 0/0-4 O 3001 Active T Te 0/0-4 O 3002 Active T Te 0/0-4 O 3003 Active T Te 0/0-4 O 3004 Active T Te 0/0-4 O 3005 Active T Te 0/0-4 O 3006 Active T Te 0/0-5 O 3007 Active T Te 0/0-4 O 3008 Active T Te 0/0-4 O 3009 Active T Te 0/0-4 O 3010 Active T Te 0/0-3 O 3011 Active T Te 0/0-3 O 3012 Active T Te 0/0-3 O 3013 Active T Te 0/0-3 O 3014 Active T Te 0/0-3 O 3015 Active T Te 0/0-3 O 3016 Active T Te 0/0-3 O 3017 Active T Te 0/0-3 O 3018 Active T Te 0/0-3 O 3019 Active T Te 0/0-3 O 3020 Active T Te 0/0-3 FTOS# FTOS#show vlan id 3001 Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C - Community, I - Isolated O - Openflow Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged o - OpenFlow untagged, O - OpenFlow tagged G - GVRP tagged, M - Vlan-stack, H - VSN tagged i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged NUM Status Description Q Ports O 3001 Active T Te 0/0-4 FTOS# FTOS#exit Connection to 10.10.8.200 closed. lnevers@clemson-clemson-control-1:~$ exit logout Connection to 130.127.88.98 closed. LNM:~$ }}} From Control Node connected to !PowerConnect 7048 switch which is 10.10.8.201: {{{ lnevers@clemson-clemson-control-1:~$ ssh 10.10.8.201 lnevers@10.10.8.201's password: PCT7048>ena Password:*************** PCT7048#show version Image Descriptions image1 : default image image2 : Images currently available on Flash unit image1 image2 current-active next-active ----- ------------ ------------ ----------------- ----------------- 1 4.2.0.4 5.0.1.3 image2 image2 PCT7048# PCT7048#show vlan VLAN Name Ports Type ----- --------------- ------------- -------------- 1 default Po1-128, Default Gi1/0/4-12, Gi1/0/16-24, Gi1/0/28-36, Gi1/0/40, Gi1/0/42-47 100 Management Gi1/0/1-3 Static 200 Control Gi1/0/13-15, Static Gi1/0/37-39, Gi1/0/41 300 External Static 845 VLAN0845 Gi1/0/48 Static 846 VLAN0846 Gi1/0/48 Static 872 External Gi1/0/25-27, Static Gi1/0/48 2500 VLAN2500 Gi1/0/1-3 Static PCT7048# PCT7048#show running-config !Current Configuration: !System Description "PowerConnect 7048, 5.0.1.3, VxWorks 6.6" !System Software Version 5.0.1.3 !System Operational Mode "Normal" ! configure vlan 100,200,300,845-846,872,2500 exit vlan 100 name "Management" exit vlan 200 name "Control" exit vlan 300 name "External" exit vlan 872 name "External" exit hostname "PCT7048" slot 1/0 5 ! PowerConnect 7048 --More-- or (q)uit slot 1/1 9 ! CX4 Card stack member 1 5 ! PCT7048 exit interface vlan 1 exit interface vlan 200 ip address 10.10.8.201 255.255.255.0 exit interface vlan 845 ip address 130.127.39.136 255.255.255.128 exit interface vlan 872 exit <> ip ssh server ! interface Gi1/0/1 --More-- or (q)uit switchport mode trunk switchport trunk allowed vlan 100,2500 exit ! interface Gi1/0/2 switchport mode trunk switchport trunk allowed vlan 100,2500 exit ! interface Gi1/0/3 switchport mode trunk switchport trunk allowed vlan 100,2500 exit ! interface Gi1/0/13 switchport access vlan 200 exit ! interface Gi1/0/14 switchport access vlan 200 exit ! interface Gi1/0/15 --More-- or (q)uit switchport access vlan 200 exit ! interface Gi1/0/25 switchport access vlan 872 exit ! interface Gi1/0/26 switchport access vlan 872 exit ! interface Gi1/0/27 switchport access vlan 872 exit ! interface Gi1/0/37 switchport access vlan 200 exit ! interface Gi1/0/38 switchport access vlan 200 exit ! interface Gi1/0/39 switchport access vlan 200 exit ! interface Gi1/0/41 switchport access vlan 200 exit ! interface Gi1/0/48 switchport mode trunk switchport trunk allowed vlan 845-846,872 exit exit PCT7048#exit PCT7048>exitConnection to 10.10.8.201 closed. lnevers@clemson-clemson-control-1:~$ }}} Remote access is available via integrated Dell Remote Access Controller (iDRAC) Configuration, which allows Web access. With the current network topology, this could be tested without a Windows System. Has been tried by others. == Step 3. Verify OpenGENI remote console solution == Verify the OpenGENI remote console solution for rack hosts can be used to access the consoles all server hosts and experimental hosts: * Login via SSH or other encrypted protocol. * Verify that you cannot login via an unencrypted login protocol. Access to an integrated Dell Remote Access Controller (iDRAC) server is available via SSH from the controller node: {{{ gram@bbn-cam-ctrl-1:~$ ssh -i ~/.ssh/id_dsa gram@10.10.8.10 /admin1-> racadm racadm>> serveraction quit exit }}} Remote access is available via integrated Dell Remote Access Controller (iDRAC) Configuration, which allows Web access. With the current network topology, this could be tested without a Windows System. I has however been tried by others.