Context Navigation

← Previous Change
Wiki History
Next Change →

OG-ADM-2

Timestamp:: 05/23/14 11:34:18 (10 years ago)
Author:: lnevers@bbn.com
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

GENIRacksHome/OpenGENIRacks/AcceptanceTestStatusDec2013/OG-ADM-2

                       v1
+= GR-ADM-2: Rack Administrator Access Test =
+This page captures status for the test case GR-ADM-2. For additional information see the [wiki:GENIRacksHome/GRAMRacks/AcceptanceTestStatusDec2013 Acceptance Test Status - December 2013] page overall status, or the [wiki:GENIRacksHome/AcceptanceTests/GRAMAcceptanceTestsPlan GRAM Acceptance Test Plan] for details about the planned evaluation.
+''Last Update: 2013/12/13"
+|| '''Step''' || '''State'''                                  ||''' Notes '''            || '''Tickets'''  ||
+|| Step 1     ||[[span(Pass: most criteria, style=background-color: #98FB98)]]||Administrative account instructions not complete||#95                ||
+|| Step 2     ||[[span(Pass, style=background-color: green )]]  ||                ||
+|| Step 3     ||[[span(Pass: most criteria, style=background-color: #98FB98)]] || Remote access not fully validated||#65      ||
+[[BR]]
+|| '''State Legend'''                                   || '''Description'''                                                    ||
+||[[span(Pass, style=background-color: green )]]        || Test completed and met all criteria                                  ||
+||[[span(Pass: most criteria, style=background-color: #98FB98)]]|| Test completed and met most criteria. Exceptions documented  ||
+||[[span(Fail, style=background-color: red)]]           || Test completed and failed to meet criteria.                          ||
+||[[span(Complete, style=background-color: yellow)]]    || Test completed but will require re-execution due to expected changes ||
+||[[span(Blocked, style=background-color: orange)]]     || Blocked by ticketed issue(s).                                        ||
+||[[span(In Progress, style=background-color: #63B8FF)]]|| Currently under test.                                                ||
+||[[span(Not Planned)]]                                 || This area is not part of initial evaluation                          ||
+= Test Plan Steps =
+== Step 1: For each type of rack infrastructure node verify features ==
+For each type of rack infrastructure node, including VM server hosts and any VMs running infrastructure support services, use a site administrator account to test:
+        * Login to the node using public-key SSH.
+        * Verify that you cannot login to the node using password-based SSH, nor via any unencrypted login protocol.
+        * When logged in, run a command via sudo to verify root privileges.
+=== Control Node ===
+Requested Administrative account and provided SSH Public keys. Once the account was created, logged in to verify sudo access on Control Node:
+{{{
+LNM:~$ ssh -Y 128.89.72.112 -l lnevers
+Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.5.0-43-generic x86_64)
+ * Documentation:  https://help.ubuntu.com/
+  System information as of Tue Dec 10 10:02:56 EST 2013
+  System load:  1.54               Users logged in:      0
+  Usage of /:   2.4% of 296.80GB   IP address for eth2:  10.10.5.100
+  Memory usage: 2%                 IP address for eth3:  10.10.8.100
+  Swap usage:   0%                 IP address for eth1:  10.10.6.100
+  Processes:    313                IP address for br-ex: 128.89.72.112
+  Graph this data and manage this system at https://landscape.canonical.com/
+packages can be updated.
+updates are security updates.
+Last login: Tue Dec 10 09:14:16 2013 from dhcp89-073-116.bbn.com
+lnevers@bbn-cam-ctrl-1:~$ sudo whoami
+[sudo] password for lnevers:
+root
+lnevers@bbn-cam-ctrl-1:~$ uname -a
+Linux bbn-cam-ctrl-1.bbn.com 3.5.0-43-generic #66~precise1-Ubuntu SMP Thu Oct 24 14:52:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
+lnevers@bbn-cam-ctrl-1:~$
+lnevers@bbn-cam-ctrl-1:~$ ssh  bbn-cam-cmpe-1
+Permission denied (publickey).
+lnevers@bbn-cam-ctrl-1:~$ ssh  bbn-cam-cmpe-2
+Permission denied (publickey).
+}}}
+=== Compute Nodes VM servers ===
+Logged in to each of the 2 VM servers and verified access. Compute Node 1:
+{{{
+LNM:~$ ssh -Y 128.89.72.113 -l lnevers
+Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.5.0-43-generic x86_64)
+ * Documentation:  https://help.ubuntu.com/
+  System information as of Tue Dec 10 10:04:45 EST 2013
+  System load:  0.0                Users logged in:      0
+  Usage of /:   2.8% of 422.79GB   IP address for eth2:  10.10.5.101
+  Memory usage: 3%                 IP address for eth3:  10.10.8.101
+  Swap usage:   0%                 IP address for eth1:  10.10.6.101
+  Processes:    317                IP address for br-ex: 128.89.72.113
+  Graph this data and manage this system at https://landscape.canonical.com/
+packages can be updated.
+updates are security updates.
+Last login: Tue Dec 10 09:04:54 2013 from dhcp89-073-116.bbn.com
+lnevers@bbn-cam-cmpe-1:~$ sudo whoami
+[sudo] password for lnevers:
+root
+lnevers@bbn-cam-cmpe-1:~$ uname -a
+Linux bbn-cam-cmpe-1 3.5.0-43-generic #66~precise1-Ubuntu SMP Thu Oct 24 14:52:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
+lnevers@bbn-cam-cmpe-1:~$
+}}}
+Compute Node 2:
+{{{
+LNM:~$ ssh -Y 128.89.72.114 -l lnevers
+Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.5.0-43-generic x86_64)
+ * Documentation:  https://help.ubuntu.com/
+  System information as of Tue Dec 10 10:05:22 EST 2013
+  System load:  0.01               Users logged in:      0
+  Usage of /:   2.2% of 422.79GB   IP address for eth2:  10.10.5.102
+  Memory usage: 2%                 IP address for eth3:  10.10.8.102
+  Swap usage:   0%                 IP address for eth1:  10.10.6.102
+  Processes:    281                IP address for br-ex: 128.89.72.114
+  Graph this data and manage this system at https://landscape.canonical.com/
+packages can be updated.
+updates are security updates.
+Last login: Tue Dec 10 09:08:33 2013 from dhcp89-073-116.bbn.com
+lnevers@bbn-cam-cmpe-2:~$ sudo whoami
+[sudo] password for lnevers:
+root
+lnevers@bbn-cam-cmpe-2:~$ uname -a
+Linux bbn-cam-cmpe-2 3.5.0-43-generic #66~precise1-Ubuntu SMP Thu Oct 24 14:52:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
+lnevers@bbn-cam-cmpe-2:~$
+}}}
+== Step 2: For each rack infrastructure device verify features ==
+For each rack infrastructure device  (switches, remote PDUs if any), use a site administrator account to test:
+        * Login via SSH.
+        * Login via a serial console (if the device has one).
+        * Verify that you cannot login to the device via an unencrypted login protocol.
+        * Use the "enable" command or equivalent to verify privileged access.
+First connected to Force10 !OpenFlow Switch which is 10.10.8.200 according to [https://superior.bbn.com/trac/bbn-rack/wiki/DellRackDetails Dell Rack Details] page:
+{{{
+lnevers@bbn-cam-ctrl-1:~$ ssh admin@10.10.8.200
+admin@10.10.8.200's password:
+FTOS>show version
+Dell Force10 Real Time Operating System Software
+Dell Force10 Operating System Version: 2.0
+Dell Force10 Application Software Version: 9.1(0.0)
+Copyright (c) 1999-2012 by Dell Inc. All Rights Reserved.
+Build Time: Tue Feb 26 20:02:06 2013
+Build Path: /sites/sjc/work/build/toolSpaces/tools03/E9-1-0/SW/SRC
+FTOS uptime is 1 week(s), 1 day(s), 0 hour(s), 47 minute(s)
+System image file is "system://A"
+System Type: S4810
+Control Processor: Freescale QorIQ P2020 with 2147483648 bytes of memory.
+M bytes of boot flash memory.
+52-port GE/TE/FG (SE)
+Ten GigabitEthernet/IEEE 802.3 interface(s)
+Forty GigabitEthernet/IEEE 802.3 interface(s)
+FTOS>
+FTOS>ena
+Password:
+FTOS#show running-config
+Current Configuration ...
+! Version 9.1(0.0)
+! Last configuration change at Mon Dec  2 15:15:15 2013 by admin
+!
+boot system stack-unit 0 primary system: A:
+boot system stack-unit 0 secondary system: B:
+boot system stack-unit 0 default system: A:
+boot system gateway 128.89.72.1
+!
+redundancy auto-synchronize full
+!
+hardware watchdog
+!
+service timestamps log datetime localtime show-timezone
+!
+hostname FTOS
+!
+cam-acl l2acl 2 ipv4acl 0 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 openflow 8 fcoeacl 0 iscsioptacl 0
+!
+cam-acl-vlan vlanopenflow 1 vlaniscsi 1
+!
+enable password 7 xxx
+!
+username admin password 7 xx
+!
+enable restricted 7 xx
+!
+stack-unit 0 provision S4810
+!
+interface TenGigabitEthernet 0/0
+ no ip address
+ portmode hybrid
+ switchport
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/1
+ no ip address
+ portmode hybrid
+ switchport
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/2
+ no ip address
+ portmode hybrid
+ switchport
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/3
+ no ip address
+ portmode hybrid
+ switchport
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/4
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/5
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/6
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/7
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/8
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/9
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/10
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/11
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/12
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/13
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/14
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/15
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/16
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/17
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/18
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/19
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/20
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/21
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/22
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/23
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/24
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/25
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/26
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/27
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/28
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/29
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/30
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/31
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/32
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/33
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/34
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/35
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/36
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/37
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/38
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/39
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/40
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/41
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/42
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/43
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/44
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/45
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/46
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface TenGigabitEthernet 0/47
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface fortyGigE 0/48
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface fortyGigE 0/52
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface fortyGigE 0/56
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface fortyGigE 0/60
+ no ip address
+ flowcontrol rx on tx off
+ no shutdown
+!
+interface ManagementEthernet 0/0
+ ip address 10.10.8.200/24
+ no shutdown
+!
+interface ManagementEthernet 1/0
+ no shutdown
+!
+interface ManagementEthernet 2/0
+ no shutdown
+!
+interface ManagementEthernet 3/0
+ no shutdown
+!
+interface ManagementEthernet 4/0
+ no shutdown
+!
+interface ManagementEthernet 5/0
+ no shutdown
+!
+interface ManagementEthernet 6/0
+ no shutdown
+!
+interface ManagementEthernet 7/0
+ no shutdown
+!
+interface ManagementEthernet 8/0
+ no shutdown
+!
+interface ManagementEthernet 9/0
+ no shutdown
+!
+interface ManagementEthernet 10/0
+ no shutdown
+!
+interface ManagementEthernet 11/0
+ no shutdown
+!
+interface Vlan 1
+!untagged TenGigabitEthernet 0/0-3
+!
+interface Vlan 1000 of-instance 1
+ no ip address
+ tagged TenGigabitEthernet 0/0-2
+ no shutdown
+<... VLAN 1001 through 2098 not shown here...>
+interface Vlan 2099 of-instance 1
+ no ip address
+ tagged TenGigabitEthernet 0/0-3
+ no shutdown
+!
+openflow of-instance 1
+ controller 1 10.10.8.100  tcp
+ flow-map l2 enable
+ flow-map l3 enable
+ interface-type vlan
+ multiple-fwd-table enable
+ no shutdown
+!
+clock timezone PST -8
+!
+ip ssh server enable
+!
+protocol lldp
+!
+line console 0
+ exec-timeout 35751 0
+line vty 0
+line vty 1
+line vty 2
+line vty 3
+line vty 4
+line vty 5
+line vty 6
+line vty 7
+line vty 8
+line vty 9
+!
+reload-type normal-reload
+!
+end
+FTOS#
+}}}
+''Note'': A total of 1100 VLAN were in the run-config, only subset was capture above.
+Then connected to !PowerConnect 7048 switch which is 10.10.8.201 according to [https://superior.bbn.com/trac/bbn-rack/wiki/DellRackDetails Dell Rack Details] page:
+{{{
+lnevers@bbn-cam-ctrl-1:~$ ssh admin@10.10.8.201
+admin@10.10.8.201's password:
+console>ena
+console#show version
+Image Descriptions
+ image1 : default image
+ image2 :
+ Images currently available on Flash
+unit  image1       image2       current-active     next-active
+----- ------------ ------------ ----------------- -----------------
+     4.2.2.3      4.2.2.3      image1             image1
+console#show running-config
+!Current Configuration:
+!System Description "PowerConnect 7048, 4.2.2.3, VxWorks 6.6"
+!System Software Version 4.2.2.3
+!System Operational Mode "Normal"
+!
+configure
+vlan database
+vlan 100,200,300,2500
+vlan routing 1 1
+exit
+vlan 100
+name "Management"
+exit
+vlan 200
+name "Control"
+exit
+vlan 300
+name "External"
+exit
+ip telnet server disable
+slot 1/0 5    ! PowerConnect 7048
+stack
+member 1 5    ! PCT7048
+exit
+interface out-of-band
+ip address 10.10.8.201 255.255.255.0 0.0.0.0
+exit
+interface vlan 1
+exit
+username "xx" password xx privilege 15 encrypted
+username "xx" password xx privilege 15 encrypted
+crypto key pubkey-chain ssh
+user-key "gram" rsa
+key-string row  xx
+exit
+exit
+line ssh
+enable authentication xxx
+exit
+ip ssh server
+ip ssh pubkey-auth
+!
+interface Gi1/0/1
+switchport mode trunk
+switchport trunk allowed vlan 2500
+exit
+!
+interface Gi1/0/2
+switchport mode trunk
+switchport trunk allowed vlan 2500
+exit
+!
+interface Gi1/0/3
+switchport mode trunk
+switchport trunk allowed vlan 2500
+exit
+!
+interface Gi1/0/13
+switchport access vlan 200
+exit
+!
+interface Gi1/0/14
+switchport access vlan 200
+exit
+!
+interface Gi1/0/15
+switchport access vlan 200
+exit
+!
+interface Gi1/0/16
+switchport access vlan 200
+exit
+!
+interface Gi1/0/17
+switchport access vlan 200
+exit
+!
+interface Gi1/0/18
+switchport access vlan 200
+exit
+!
+interface Gi1/0/19
+switchport access vlan 200
+exit
+!
+interface Gi1/0/20
+switchport access vlan 200
+exit
+!
+interface Gi1/0/25
+switchport access vlan 300
+exit
+!
+interface Gi1/0/26
+switchport access vlan 300
+exit
+!
+interface Gi1/0/27
+switchport access vlan 300
+exit
+!
+interface Gi1/0/29
+switchport access vlan 300
+exit
+!
+interface Gi1/0/37
+switchport access vlan 300
+exit
+!
+interface Gi1/0/48
+switchport access vlan 300
+exit
+exit
+console#show vlan
+VLAN   Name                             Ports          Type
+-----  ---------------                  -------------  --------------
+      default                          Po1-128,       Default
+                                        Gi1/0/4-12,
+                                        Gi1/0/21-24,
+                                        Gi1/0/28,
+                                        Gi1/0/30-36,
+                                        Gi1/0/38-47
+    Management                                      Static
+    Control                          Gi1/0/13-20    Static
+    External                         Gi1/0/25-27,   Static
+                                        Gi1/0/29,
+                                        Gi1/0/37,
+                                        Gi1/0/48
+   VLAN2500                         Gi1/0/1-3      Static
+}}}
+== Step 3. Verify GRAM remote console solution ==
+Verify the GRAM remote console solution for rack hosts can be used to access the consoles all server hosts and experimental hosts:
+        * Login via SSH or other encrypted protocol.
+        * Verify that you cannot login via an unencrypted login protocol.
+Access to an integrated Dell Remote Access Controller (iDRAC) server is available via SSH from the controller node:
+{{{
+gram@bbn-cam-ctrl-1:~$  ssh -i ~/.ssh/id_dsa gram@10.10.8.10
+/admin1-> help
+[Usage]
+    show   [<options>] [<target>] [<properties>]
+           [<propertyname>== <propertyvalue>]
+    set    [<options>] [<target>] <propertyname>=<value>
+    cd     [<options>] [<target>]
+    create [<options>] <target> [<property of new target>=<value>]
+           [<property of new target>=<value>]
+    delete [<options>] <target>
+    exit   [<options>]
+    reset  [<options>] [<target>]
+    start  [<options>] [<target>]
+    stop   [<options>] [<target>]
+    version [<options>]
+    help   [<options>] [<help topics>]
+    load -source <URI> [<options>] [<target>]
+    dump -destination <URI> [<options>] [<target>]
+/admin1->
+/admin1-> racadm
+racadm>> serveraction powerstatus
+Server power status: ON
+racadm>> quit
+/admin1-> exit
+CLP Session terminated
+Connection to 10.10.8.10 closed.
+gram@bbn-cam-ctrl-1:~$
+}}}
+Remote access is available via integrated Dell Remote Access Controller (iDRAC) Configuration, which allows Web access. With the current network topology, this could be tested without a Windows System. I has however been tried by others.