From c8f8facec439fbc4fced0854845070caf9db38a5 Mon Sep 17 00:00:00 2001 From: Trevor Cooper Date: Tue, 23 Feb 2016 23:12:24 -0800 Subject: Removed index files from all doc directories, rearranged headings, fixed broken links and doc formatting issues, created platform overview file, edited content. Change-Id: I08113c732dc6bc5967fe263aecfa8734e4c98ee5 Signed-off-by: Trevor Cooper --- docs/specification/remoteaccess.rst | 78 +++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 43 deletions(-) (limited to 'docs/specification/remoteaccess.rst') diff --git a/docs/specification/remoteaccess.rst b/docs/specification/remoteaccess.rst index cb0ad8e2..51950da4 100644 --- a/docs/specification/remoteaccess.rst +++ b/docs/specification/remoteaccess.rst @@ -3,61 +3,53 @@ .. (c) 2016 OPNFV. -Remote management +Remote Management ------------------ -**Remote access** +Remote access is required for … -- Remote access is required for … + * Developers to access deploy/test environments (credentials to be issued per POD / user) + * Connection of each environment to Jenkins master hosted by Linux Foundation for automated deployment and test - 1. Developers to access deploy/test environments (credentials to be issued per POD / user) - 2. Connection of each environment to Jenkins master hosted by Linux Foundation for automated deployment and test +OpenVPN is generally used for remote however community hosted labs may vary due to company security rules. For POD +access rules / restrictions refer to individual lab documentation as each company may have different access rules +and acceptable usage policies. -- OpenVPN is generally used for remote however community hosted labs may vary due to company security rules -- POD access rules / restrictions … +Basic requirements: - - Refer to individual test-bed as each company may have different access rules and acceptable usage policies + * SSH sessions to be established (initially on the jump server) + * Packages to be installed on a system (tools or applications) by pullig from an external repo. -- Basic requirement is for SSH sessions to be established (initially on jump server) -- Majority of packages installed on a system (tools or applications) will be pulled from an external repo. +Firewall rules accomodate: -Firewall rules should include + * SSH sessions + * Jenkins sessions -- SSH sessions -- Jenkins sessions +Lights-out management network requirements: -Lights-out Management: + * Out-of-band management for power on/off/reset and bare-metal provisioning + * Access to server is through a lights-out-management tool and/or a serial console + * Refer to applicable light-out mangement information from server manufacturer, such as ... -- Out-of-band management for power on/off/reset and bare-metal provisioning -- Access to server is through lights-out-management tool and/or a serial console -- Intel lights-out ⇒ RMM http://www.intel.com/content/www/us/en/server-management/intel-remote-management-module.html -- HP lights-out ⇒ ILO http://www8.hp.com/us/en/products/servers/ilo/index.html -- CISCO lights-out ⇒ UCS https://developer.cisco.com/site/ucs-dev-center/index.gsp + * Intel lights-out `RMM `_ + * HP lights-out `ILO `_ + * CISCO lights-out `UCS `_ -Linux Foundation - VPN service for accessing Lights-Out -Management (LOM) infrastructure for the UCS-M hardware +Linux Foundation Lab is a UCS-M hardware environment with controlled access *as needed* -- People with admin access to LF infrastructure: + * `Access rules and procedure `_ are maintained on the Wiki + * `A list of people `_ with access is maintained on the Wiki + * Send access requests to infra-steering@lists.opnfv.org with the following information ... -1. amaged@cisco.com -2. cogibbs@cisco.com -3. daniel.smith@ericsson.com -4. dradez@redhat.com -5. fatih.degirmenci@ericsson.com -6. fbrockne@cisco.com -7. jonas.bjurel@ericsson.com -8. jose.lausuch@ericsson.com -9. joseph.gasparakis@intel.com -10. morgan.richomme@orange.com -11. pbandzi@cisco.com -12. phladky@cisco.com -13. stefan.k.berg@ericsson.com -14. szilard.cserey@ericsson.com -15. trozet@redhat.com - -- The people who require VPN access must have a valid -PGP key bearing a valid signature from one of these -three people. When issuing OpenVPN credentials, LF -will be sending TLS certificates and 2-factor -authentication tokens, encrypted to each recipient's PGP key. + * Name: + * Company: + * Approved Project: + * Project role: + * Why is access needed: + * How long is access needed (either a specified time period or define "done"): + * What specific POD/machines will be accessed: + * What support is needed from LF admins and LF community support team: + * Once access is approved please follow instructions for setting up VPN access ... https://wiki.opnfv.org/get_started/lflab_hosting + * The people who require VPN access must have a valid PGP key bearing a valid signature from LF + * When issuing OpenVPN credentials, LF will be sending TLS certificates and 2-factor authentication tokens, encrypted to each recipient's PGP key -- cgit 1.2.3-korg