From b127369752dd4f6a1b038c14c45f90df54a505fd Mon Sep 17 00:00:00 2001 From: agardner Date: Thu, 27 Apr 2017 11:46:29 +0200 Subject: Adding all releng octopus and pharos docs. Please argue and remove as needed in the review. Change-Id: Ia376d8be14c56f6a2fae3cd753ea53b869e5f784 Signed-off-by: agardner --- docs/specification/remoteaccess.rst | 63 +++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 docs/specification/remoteaccess.rst (limited to 'docs/specification/remoteaccess.rst') diff --git a/docs/specification/remoteaccess.rst b/docs/specification/remoteaccess.rst new file mode 100644 index 0000000..4b8160b --- /dev/null +++ b/docs/specification/remoteaccess.rst @@ -0,0 +1,63 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) 2016 OPNFV. + + +Remote Management +------------------ + +Remote access is required for … + + * Developers to access deploy/test environments (credentials to be issued per POD / user) + * Connection of each environment to Jenkins master hosted by Linux Foundation for automated + deployment and test + +OpenVPN is generally used for remote however community hosted labs may vary due to company security +rules. For POD access rules / restrictions refer to individual lab documentation as each company may +have different access rules and acceptable usage policies. + +Basic requirements: + + * SSH sessions to be established (initially on the jump server) + * Packages to be installed on a system (tools or applications) by pullig from an external repo. + +Firewall rules accomodate: + + * SSH sessions + * Jenkins sessions + +Lights-out management network requirements: + + * Out-of-band management for power on/off/reset and bare-metal provisioning + * Access to server is through a lights-out-management tool and/or a serial console + * Refer to applicable light-out mangement information from server manufacturer, such as ... + + * Intel lights-out + `RMM `_ + * HP lights-out `ILO `_ + * CISCO lights-out `UCS `_ + +Linux Foundation Lab is a UCS-M hardware environment with controlled access *as needed* + + * `Access rules and procedure `_ are + maintained on the Wiki + * `A list of people `_ with access is + maintained on the Wiki + * Send access requests to infra-steering@lists.opnfv.org with the + following information ... + + * Name: + * Company: + * Approved Project: + * Project role: + * Why is access needed: + * How long is access needed (either a specified time period or define "done"): + * What specific POD/machines will be accessed: + * What support is needed from LF admins and LF community support team: + + * Once access is approved please follow instructions for setting up VPN access ... + https://wiki.opnfv.org/get_started/lflab_hosting + * The people who require VPN access must have a valid PGP key bearing a valid signature from LF + * When issuing OpenVPN credentials, LF will be sending TLS certificates and 2-factor + authentication tokens, encrypted to each recipient's PGP key + -- cgit 1.2.3-korg