The SDN Administrator daemon can be accessed via the REST API vi HTTPS on port 8081. The access is secured through either token-based authentication or basic authentication, against the locally running keystone server, which is the same as the main SDN Controller REST API.

The following set of features are accessible through the administrative REST API:

SDN Controller daemon (sdnc) stop/start/restart

Adding/removing the team leader IP alias (required only when in team mode)

Downloading the ZIP bundle of log files

Uploading upgrade Debian bundles and installing/removing Debian packages

Uploading upgrade ZIP bundles and executing upgrade commands

System reboot

The install process adds a number of sudoers entries for the sdnadmin user. These are as follows:

/sbin/ifconfig

/sbin/reboot

/usr/bin/service

/usr/bin/at

/usr/bin/dpkg

All, or any, of the above entries can be blocked or removed from the sudoers configuration. The /sbin/ifconfig entry is only required when running in teamed mode. Otherwise the controller cannot migrate the team IP address from node to node as team leader changes.

The sdna daemon can be completely disabled by stopping the daemon by using the sudo service sdna stop command and then removing the /etc/init/sdna.conf file.

5.11 Virgo admin UI access

The Virgo admin UI is configured to only be accessible via a local host. Access to this UI can be made via http://localhost:8080/admin. This should not be used under normal circumstances, but can be useful for debugging purposes.

To change the credentials of this console, get root console access to the machine(s) running the HP VAN SDN Controller and edit the following file:

/opt/sdn/virgo/configuration/org.eclipse.virgo.kernel.users.properties

This file includes the following two entries:

user.admin=sdn

role.admin=admin

where role.admin defines the user and user.admin defines the password. This file needs to be owned by user:sdn, group:sdn. Changes to this file require a restart of the controller to recognize the new credentials.

To disable access to the Virgo Admin UI, either remove the following file or move it to a safe location outside the pickup directory.

5.12 Virgo console access

This allows Virgo administrative access via ssh/telnet. This service is disabled by default. The following file configures these properties and requires the controller to restart to recognize the new settings:

/opt/sdn/virgo/pickup/ org.eclipse.virgo.management.console_3.6.2.RELEASE.jar

70 SDN Controller authentication