wiki:GENIRacksHome/OpenGENIRacks/AcceptanceTestStatusDec2013/OG-ADM-2

Version 1 (modified by lnevers@bbn.com, 5 years ago) (diff)

--

GR-ADM-2: Rack Administrator Access Test

This page captures status for the test case GR-ADM-2. For additional information see the Acceptance Test Status - December 2013? page overall status, or the GRAM Acceptance Test Plan? for details about the planned evaluation.

Last Update: 2013/12/13"

Step State Notes Tickets
Step 1 Pass: most criteriaAdministrative account instructions not complete#95
Step 2 Pass
Step 3 Pass: most criteria Remote access not fully validated#65


State Legend Description
Pass Test completed and met all criteria
Pass: most criteria Test completed and met most criteria. Exceptions documented
Fail Test completed and failed to meet criteria.
Complete Test completed but will require re-execution due to expected changes
Blocked Blocked by ticketed issue(s).
In Progress Currently under test.
Not Planned This area is not part of initial evaluation

Test Plan Steps

Step 1: For each type of rack infrastructure node verify features

For each type of rack infrastructure node, including VM server hosts and any VMs running infrastructure support services, use a site administrator account to test:

  • Login to the node using public-key SSH.
  • Verify that you cannot login to the node using password-based SSH, nor via any unencrypted login protocol.
  • When logged in, run a command via sudo to verify root privileges.

Control Node

Requested Administrative account and provided SSH Public keys. Once the account was created, logged in to verify sudo access on Control Node:

LNM:~$ ssh -Y 128.89.72.112 -l lnevers
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.5.0-43-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Tue Dec 10 10:02:56 EST 2013

  System load:  1.54               Users logged in:      0
  Usage of /:   2.4% of 296.80GB   IP address for eth2:  10.10.5.100
  Memory usage: 2%                 IP address for eth3:  10.10.8.100
  Swap usage:   0%                 IP address for eth1:  10.10.6.100
  Processes:    313                IP address for br-ex: 128.89.72.112

  Graph this data and manage this system at https://landscape.canonical.com/

21 packages can be updated.
11 updates are security updates.

Last login: Tue Dec 10 09:14:16 2013 from dhcp89-073-116.bbn.com
lnevers@bbn-cam-ctrl-1:~$ sudo whoami
[sudo] password for lnevers: 
root
lnevers@bbn-cam-ctrl-1:~$ uname -a
Linux bbn-cam-ctrl-1.bbn.com 3.5.0-43-generic #66~precise1-Ubuntu SMP Thu Oct 24 14:52:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
lnevers@bbn-cam-ctrl-1:~$ 
lnevers@bbn-cam-ctrl-1:~$ ssh  bbn-cam-cmpe-1
Permission denied (publickey).
lnevers@bbn-cam-ctrl-1:~$ ssh  bbn-cam-cmpe-2
Permission denied (publickey).

Compute Nodes VM servers

Logged in to each of the 2 VM servers and verified access. Compute Node 1:

LNM:~$ ssh -Y 128.89.72.113 -l lnevers
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.5.0-43-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Tue Dec 10 10:04:45 EST 2013

  System load:  0.0                Users logged in:      0
  Usage of /:   2.8% of 422.79GB   IP address for eth2:  10.10.5.101
  Memory usage: 3%                 IP address for eth3:  10.10.8.101
  Swap usage:   0%                 IP address for eth1:  10.10.6.101
  Processes:    317                IP address for br-ex: 128.89.72.113

  Graph this data and manage this system at https://landscape.canonical.com/

48 packages can be updated.
16 updates are security updates.

Last login: Tue Dec 10 09:04:54 2013 from dhcp89-073-116.bbn.com
lnevers@bbn-cam-cmpe-1:~$ sudo whoami
[sudo] password for lnevers: 
root
lnevers@bbn-cam-cmpe-1:~$ uname -a
Linux bbn-cam-cmpe-1 3.5.0-43-generic #66~precise1-Ubuntu SMP Thu Oct 24 14:52:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
lnevers@bbn-cam-cmpe-1:~$ 

Compute Node 2:

LNM:~$ ssh -Y 128.89.72.114 -l lnevers
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.5.0-43-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Tue Dec 10 10:05:22 EST 2013

  System load:  0.01               Users logged in:      0
  Usage of /:   2.2% of 422.79GB   IP address for eth2:  10.10.5.102
  Memory usage: 2%                 IP address for eth3:  10.10.8.102
  Swap usage:   0%                 IP address for eth1:  10.10.6.102
  Processes:    281                IP address for br-ex: 128.89.72.114

  Graph this data and manage this system at https://landscape.canonical.com/

23 packages can be updated.
11 updates are security updates.

Last login: Tue Dec 10 09:08:33 2013 from dhcp89-073-116.bbn.com
lnevers@bbn-cam-cmpe-2:~$ sudo whoami
[sudo] password for lnevers: 
root
lnevers@bbn-cam-cmpe-2:~$ uname -a
Linux bbn-cam-cmpe-2 3.5.0-43-generic #66~precise1-Ubuntu SMP Thu Oct 24 14:52:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
lnevers@bbn-cam-cmpe-2:~$ 

Step 2: For each rack infrastructure device verify features

For each rack infrastructure device (switches, remote PDUs if any), use a site administrator account to test:

  • Login via SSH.
  • Login via a serial console (if the device has one).
  • Verify that you cannot login to the device via an unencrypted login protocol.
  • Use the "enable" command or equivalent to verify privileged access.

First connected to Force10 OpenFlow Switch which is 10.10.8.200 according to Dell Rack Details page:

lnevers@bbn-cam-ctrl-1:~$ ssh admin@10.10.8.200
admin@10.10.8.200's password: 
FTOS>show version
Dell Force10 Real Time Operating System Software
Dell Force10 Operating System Version: 2.0
Dell Force10 Application Software Version: 9.1(0.0)
Copyright (c) 1999-2012 by Dell Inc. All Rights Reserved.
Build Time: Tue Feb 26 20:02:06 2013
Build Path: /sites/sjc/work/build/toolSpaces/tools03/E9-1-0/SW/SRC
FTOS uptime is 1 week(s), 1 day(s), 0 hour(s), 47 minute(s)

System image file is "system://A"

System Type: S4810 
Control Processor: Freescale QorIQ P2020 with 2147483648 bytes of memory.

128M bytes of boot flash memory.

  1 52-port GE/TE/FG (SE)
 48 Ten GigabitEthernet/IEEE 802.3 interface(s)
  4 Forty GigabitEthernet/IEEE 802.3 interface(s)
FTOS>

FTOS>ena
Password:

FTOS#show running-config
Current Configuration ...
! Version 9.1(0.0)
! Last configuration change at Mon Dec  2 15:15:15 2013 by admin
!
boot system stack-unit 0 primary system: A:
boot system stack-unit 0 secondary system: B:
boot system stack-unit 0 default system: A:
boot system gateway 128.89.72.1
!
redundancy auto-synchronize full
!
hardware watchdog
!
service timestamps log datetime localtime show-timezone
!
hostname FTOS
!
cam-acl l2acl 2 ipv4acl 0 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 openflow 8 fcoeacl 0 iscsioptacl 0
!
cam-acl-vlan vlanopenflow 1 vlaniscsi 1
!
enable password 7 xxx
!
username admin password 7 xx
!
enable restricted 7 xx
!
stack-unit 0 provision S4810
!
interface TenGigabitEthernet 0/0
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off
 no shutdown
!
interface TenGigabitEthernet 0/1
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off
 no shutdown
!
interface TenGigabitEthernet 0/2
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off
 no shutdown
!
interface TenGigabitEthernet 0/3
 no ip address
 portmode hybrid
 switchport
 flowcontrol rx on tx off
 no shutdown
!
interface TenGigabitEthernet 0/4
 no ip address
 flowcontrol rx on tx off
 no shutdown
!
interface TenGigabitEthernet 0/5
 no ip address
 flowcontrol rx on tx off
 no shutdown
!
interface TenGigabitEthernet 0/6
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/7
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/8
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/9
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/10
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/11
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/12
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/13
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/14
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/15
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/16
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/17
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/18
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/19
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/20
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/21
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/22
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/23
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/24
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!       
interface TenGigabitEthernet 0/25
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/26
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/27
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/28
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/29
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/30
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/31
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/32
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/33
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/34
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/35
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/36
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/37
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/38
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/39
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/40
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/41
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/42
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/43
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/44
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/45
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/46
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface TenGigabitEthernet 0/47
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!       
interface fortyGigE 0/48
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface fortyGigE 0/52
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface fortyGigE 0/56
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface fortyGigE 0/60
 no ip address
 flowcontrol rx on tx off 
 no shutdown
!
interface ManagementEthernet 0/0
 ip address 10.10.8.200/24
 no shutdown
!
interface ManagementEthernet 1/0
 no shutdown
!
interface ManagementEthernet 2/0
 no shutdown
!
interface ManagementEthernet 3/0
 no shutdown
!
interface ManagementEthernet 4/0
 no shutdown
!
interface ManagementEthernet 5/0
 no shutdown
!
interface ManagementEthernet 6/0
 no shutdown
!
interface ManagementEthernet 7/0
 no shutdown
!
interface ManagementEthernet 8/0
 no shutdown
!
interface ManagementEthernet 9/0
 no shutdown
!
interface ManagementEthernet 10/0
 no shutdown
!
interface ManagementEthernet 11/0
 no shutdown
!
interface Vlan 1
!untagged TenGigabitEthernet 0/0-3
!
interface Vlan 1000 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-2
 no shutdown

<... VLAN 1001 through 2098 not shown here...>
interface Vlan 2099 of-instance 1
 no ip address
 tagged TenGigabitEthernet 0/0-3
 no shutdown
!
openflow of-instance 1
 controller 1 10.10.8.100  tcp
 flow-map l2 enable
 flow-map l3 enable
 interface-type vlan
 multiple-fwd-table enable
 no shutdown
!
clock timezone PST -8 
!
ip ssh server enable
!
protocol lldp 
!
line console 0
 exec-timeout 35751 0
line vty 0
line vty 1
line vty 2
line vty 3
line vty 4
line vty 5
line vty 6
line vty 7
line vty 8
line vty 9
!
reload-type normal-reload
!
end
FTOS#

Note: A total of 1100 VLAN were in the run-config, only subset was capture above.

Then connected to PowerConnect 7048 switch which is 10.10.8.201 according to Dell Rack Details page:

lnevers@bbn-cam-ctrl-1:~$ ssh admin@10.10.8.201
admin@10.10.8.201's password: 

console>ena

console#show version

Image Descriptions 

 image1 : default image 
 image2 :  

 Images currently available on Flash 

unit  image1       image2       current-active     next-active       
----- ------------ ------------ ----------------- ----------------- 

1     4.2.2.3      4.2.2.3      image1             image1            

console#show running-config 

!Current Configuration:
!System Description "PowerConnect 7048, 4.2.2.3, VxWorks 6.6"
!System Software Version 4.2.2.3
!System Operational Mode "Normal"
!
configure
vlan database
vlan 100,200,300,2500
vlan routing 1 1
exit
vlan 100
name "Management"
exit
vlan 200
name "Control"
exit
vlan 300
name "External"
exit
ip telnet server disable
slot 1/0 5    ! PowerConnect 7048
stack
member 1 5    ! PCT7048
exit
interface out-of-band
ip address 10.10.8.201 255.255.255.0 0.0.0.0
exit
interface vlan 1
exit
username "xx" password xx privilege 15 encrypted
username "xx" password xx privilege 15 encrypted
crypto key pubkey-chain ssh
user-key "gram" rsa
key-string row  xx
exit
exit
line ssh
enable authentication xxx
exit
ip ssh server
ip ssh pubkey-auth
!
interface Gi1/0/1
switchport mode trunk
switchport trunk allowed vlan 2500
exit
!
interface Gi1/0/2
switchport mode trunk
switchport trunk allowed vlan 2500
exit
!
interface Gi1/0/3
switchport mode trunk
switchport trunk allowed vlan 2500
exit
!
interface Gi1/0/13
switchport access vlan 200
exit
!
interface Gi1/0/14
switchport access vlan 200
exit
!
interface Gi1/0/15
switchport access vlan 200
exit
!
interface Gi1/0/16
switchport access vlan 200
exit
!
interface Gi1/0/17
switchport access vlan 200
exit
!
interface Gi1/0/18
switchport access vlan 200
exit
!
interface Gi1/0/19
switchport access vlan 200
exit
!
interface Gi1/0/20
switchport access vlan 200
exit
!
interface Gi1/0/25
switchport access vlan 300
exit
!
interface Gi1/0/26
switchport access vlan 300
exit
!
interface Gi1/0/27
switchport access vlan 300
exit
!
interface Gi1/0/29
switchport access vlan 300
exit
!              
interface Gi1/0/37
switchport access vlan 300
exit
!
interface Gi1/0/48
switchport access vlan 300
exit
exit

console#show vlan 

VLAN   Name                             Ports          Type          
-----  ---------------                  -------------  --------------
1      default                          Po1-128,       Default                
                                        Gi1/0/4-12,
                                        Gi1/0/21-24,
                                        Gi1/0/28,
                                        Gi1/0/30-36,
                                        Gi1/0/38-47
100    Management                                      Static                 
200    Control                          Gi1/0/13-20    Static                 
300    External                         Gi1/0/25-27,   Static                 
                                        Gi1/0/29,
                                        Gi1/0/37,
                                        Gi1/0/48
2500   VLAN2500                         Gi1/0/1-3      Static     

Step 3. Verify GRAM remote console solution

Verify the GRAM remote console solution for rack hosts can be used to access the consoles all server hosts and experimental hosts:

  • Login via SSH or other encrypted protocol.
  • Verify that you cannot login via an unencrypted login protocol.

Access to an integrated Dell Remote Access Controller (iDRAC) server is available via SSH from the controller node:

gram@bbn-cam-ctrl-1:~$  ssh -i ~/.ssh/id_dsa gram@10.10.8.10
/admin1-> help
[Usage]
    show   [<options>] [<target>] [<properties>] 
           [<propertyname>== <propertyvalue>]
    set    [<options>] [<target>] <propertyname>=<value>
    cd     [<options>] [<target>]
    create [<options>] <target> [<property of new target>=<value>] 
           [<property of new target>=<value>]
    delete [<options>] <target>
    exit   [<options>]
    reset  [<options>] [<target>]
    start  [<options>] [<target>]
    stop   [<options>] [<target>]
    version [<options>]
    help   [<options>] [<help topics>]
    load -source <URI> [<options>] [<target>]
    dump -destination <URI> [<options>] [<target>]

/admin1-> 
/admin1-> racadm
racadm>> serveraction powerstatus
Server power status: ON
racadm>> quit

/admin1-> exit
CLP Session terminated
Connection to 10.10.8.10 closed.
gram@bbn-cam-ctrl-1:~$ 

Remote access is available via integrated Dell Remote Access Controller (iDRAC) Configuration, which allows Web access. With the current network topology, this could be tested without a Windows System. I has however been tried by others.