Skip to content. | Skip to navigation

Personal tools

Navigation

You are here: Home / Wiki / Rackadminaccounts

Rackadminaccounts

Admin Accounts on InstaGeni Racks

Admin Accounts on InstaGeni Racks

Each InstaGeni rack will come configured with a single admin account on the control node, as well as the FlowVisor and FOAM virtual machines. This account will be created when Utah bakes the image that runs on the control node. When each new rack is delivered, the local administrator will need to send Utah the desired login id and an ssh version 2 public key. Instageni racks do not permit password based authentication. Accounts on the boss and ops virtual machines need to be requested by the local site admin when the rack is brought online (in other words, they are not created automatically when the rack is baked). Note that admin accounts can use sudo without typing a password. Be careful!

Adding admin accounts on the control node, and FOAM/FLowVisor VMs

As mentioned above, the local administrator already has an account on the control node and FOAM/FlowVisor VMs. The local administrator can then use his/her account to add (or remove) other local admin accounts as needed. We provide a simple wrapper script to do this, although you are of course free to handle this any way you like. For those who want to take the simple approach, simply scp over the new admin's ssh public key (or entire authorized keys file), ssh to the control node, then run the following command:

control-host> sudo /usr/local/bin/mkadmin.pl <username> <pathtopubkey>

and to remove the account:

control-host> sudo /usr/local/bin/mkadmin.pl -r <username>

You need to repeat this procedure for the FOAM VM and the FlowVisor VM (accounts added on one host are not created on the others automatically).

Admin accounts on Boss/Ops VMs

Also running on the control node are the Emulab virtual machines boss and ops. There are two VMs, but for this discussion you only need to worry about getting a single account; we create accounts inside both of the VMs for you.

Requesting initial admin account

As mentioned above, the local administrator needs to request this account. You should point your web browser at the Emulab web server (you might need to contact Utah to find out the URL) for your rack. Click on the Request Account button, and then on the next page, click on the Join Existing Project button. Fill out the form, and near the bottom on the line that says "Project Name", enter emulab-ops. Click on the submit button.

In a few minutes you will receive an email that includes a link to verify your email address. Be sure to check your spam box and adjust your spam filter appropriately. Follow the instructions in the email message. You must verify your email in order for the account request to be completed. Once you do that, an admin from Utah will complete the account request. You will receive another email when that happens.

How to use your admin account

When you log into the Emulab web interface, you will see a little green dot at the top of the page, to the left of the Search Documentation box. This dot indicates that you are an administrator, but that your administrator status is currently off; in other words, you are operating as any other normal user. To turn administrator mode on, click on the green dot, and it will turn to red. You are now in red dot mode, which is the equivalent of root; you can do pretty much anything, so BE CAREFUL! To go back to normal user mode, click on the red dot and it will turn green. In general, you should operate in green dot mode unless you need to do something that requires special permission.

When operating on the command line in Emulab, most programs reside in /usr/testbed. You will want to change your path to include these dirs:

/usr/testbed/bin:/usr/testbed/sbin

Adding more admin accounts to Boss/Ops VMs

If you have other local users who need Emulab admin accounts, you should have them follow the same procedure as above. You can either wait for Utah to approve the new user, or you can do it yourself by logging into the Emulab web interface and navigating to the user approval page. To do this:

  1. Click on the little green dot at the top of the page (after you log in). This will toggle your administrator status; you are now operating as the equivalent of root. The green dot will turn red to remind you that you have enabled "red dot mode"
  2. Hover over the Experiment drop down menu, and select New User Approval. On the next page you will see a list of users needing approval.
  3. For the user you want to approve, select approve and group_root from the menus and then click on submit. The new user will receive email that the account has been approved.
  4. Go to the user's emulab page, and click on the toggle on the Administrator line. This will enable administrator status for the user (the ability to go into red dot mode in the web interface, and to log into boss). To find the user's emulab page, hover over the Administration drop down menu and select List Users. Then click on active from among the choices along the top. Find the user in the list and click on that user.

SSH Keys

Emulab does not permit password based login; users must upload their ssh public keys to the Emulab web interface. Users should go to their My Emulab page, then click on Edit SSH Keys in the left side menu.