You may require Secure Shell (SSH) access to a Service Instance for viewing log files or for other troubleshooting purposes.

Data Management for VMware Tanzu permits you to SSH into a Service Instance as the root operating system user at any time. The root password is identified in the VM Root Password field located in the Server Information section of the Databases view, instance Details.

Data Management for VMware Tanzu does not permit non-root users SSH access to a Service Instance by default. To permit special DMS-created operating system users to access a Service Instance, you must first explicitly enable SSH access to the instance.

Enabling SSH Access

When you enable SSH access to a Service Instance, Data Management for VMware Tanzu configures access to the instance for two DMS-created operating system users and generates a new password for each:

OS User Name Description
tenant‑admin Operating system user with read-only permission to view log files residing on the Service Instance.
provider‑admin Operating system user that is a member of the sudo group, and has the permissions required to execute any command on the Service Instance.

Warning: The provider-admin user must run any systemctl command that stops or restarts a service as the sudo user. If systemctl is executed without sudo privileges, the Service Instance may enter an inconsistent state, and the only remediation will be to power down the Service Instance and then power it back up.

You share the management of SSH access to a Service Instance for the tenant-admin operating system user with both the Organization Administrator and the Organization User that created the instance.

Note: When an Organization User has already enabled SSH for a Service Instance, an enable operation initiated by you resets the tenant-admin password.

Prerequisites

Before you enable SSH access to a Service Instance, ensure that:

  • The Service Instance is powered on and online.
  • SSH access is currently disabled for the instance.

Procedure

Perform the following procedure to enable SSH access to a Service Instance:

  1. Select Databases from the left navigation pane.

    This action displays the Database view, a table that lists the provisioned database instances.

  2. Examine the databases listed in the table, identify the instance for which you want to enable SSH access, and navigate to that table row.

  3. Click the database Instance Name.

    The database information Details tab displays.

  4. Locate the VM Admin User Details section of the pane, click ACTIONS, and select Enable SSH Access from the drop down menu.

    The Enable DB VM SSH dialog displays.

  5. Click CONFIRM.

    Data Management for VMware Tanzu initiates the task, generating an operation of type ENABLE_DB_VM_SSH.

  6. Monitor the progress of the task in the Operations tab or in the Database Operations view:

    1. Locate the ENABLE_DB_VM_SSH operation type and click it.
    2. Select the State History tab to view the subtasks and their status.
    3. If the operation fails, select the Error Info tab to examine the returned error information.

Connecting to a Service Instance with an SSH Client

After you enable SSH access to a Service Instance, the instance allows SSH connections from clients running on any host with connectivity to the Service Network.

You obtain the IP address and FQDN of the Service Instance from the Server Information section of the Databases instance Details tab:

You obtain the login credentials for the provider-admin and tenant-admin operating system users from the VM Admin User Details section of the Databases instance Details tab:

Recall that provider-admin is a member of the sudo group, and has the permissions required to execute any command. The tenant-admin user has read-only permission to log files residing on the Service Instance.

You use the DB IP Address or DB FQDN and the desired credentials to ssh into the Service Instance. For example:

user@host$ ssh provider-admin@DBFQDN
password: 

Disabling SSH Access

When you disable SSH access to a Service Instance, Data Management for VMware Tanzu removes SSH access to the instance from the provider-admin and tenant-admin operating system users.

Note: The Organization Administrator or Organization User can also remove SSH access to a Service Instance from the tenant-admin operating system user at any time.

Prerequisites

Before you disable SSH access to a Service Instance, ensure that:

  • The Service Instance is powered on and online.
  • SSH access is currently enabled for the instance.

Procedure

Perform the following procedure to disable SSH access to a Service Instance:

  1. Select Databases from the left navigation pane.

    This action displays the Database view, a table that lists the provisioned database instances.

  2. Examine the databases listed in the table, identify the instance for which you want to disable SSH access, and navigate to that table row.

  3. Click the database Instance Name.

    The database information Details tab displays.

  4. Locate the VM Admin User Details section of the pane, click ACTIONS, and select Disable SSH Access from the drop down menu.

    The Disable DB VM SSH dialog displays.

  5. Click CONFIRM.

    Data Management for VMware Tanzu initiates the task, generating an operation of type DISABLE_DB_VM_SSH.

  6. Monitor the progress of the task in the Operations tab or in the Database Operations view:

    1. Locate the DISABLE_DB_VM_SSH operation type and click it.
    2. Select the State History tab to view the subtasks and their status.
    3. If the operation fails, select the Error Info tab to examine the returned error information.
check-circle-line exclamation-circle-line close-line
Scroll to top icon