You may require Secure Shell (SSH) access to a database for troubleshooting, to view log files, or for other purposes.

Data Management for VMware Tanzu does not permit SSH access to a database by default. To permit a special Data Management for VMware Tanzu-created operating system user to access a database, you or the Provider Administrator must first explicitly enable SSH access to the database.

Enabling SSH Access

When you enable SSH access to a databasee, Data Management for VMware Tanzu configures access to the database for an OS user named db-admin (created by Data Management for VMware Tanzu) and generates a new password for this user.

Data Management for VMware Tanzu assigns the db-admin user read-only permission to log files residing on the database.

Warning: The db-admin user must not execute any command that will impact or interfere with services running on the database.

You share the management of SSH access to a database for the db-admin OS user with the Provider Administrator.

Note: The Provider Administrator can also enable SSH access for a database at any time, and in doing so will reset the db-admin user password. If the password has changed, Connecting to a database with an SSH Client describes how to obtain the current password.

Prerequisites

Before you enable SSH access to a database, ensure that:

  • The database is powered on and online.
  • SSH access is currently deactivated for the database.

Procedure

Perform the following procedure to enable SSH access to a database:

  1. Select Databases from the left navigation pane.

    This action displays the Databases view, a table that lists the provisioned databases.

  2. Examine the databases listed in the table, identify the database for which you want to enable SSH access, and navigate to that table row.

  3. Click the database VM Name.

    The database information Details tab displays.

  4. Locate the VM Admin User Details section of the pane, click ACTIONS, and select Enable SSH Access from the drop down menu.

    The Enable DB VM SSH dialog displays.

  5. Click CONFIRM.

    Data Management for VMware Tanzu initiates the task, generating an operation of type ENABLE_DB_VM_SSH.

  6. Monitor the progress of the task in the Operations tab or in the Operations view:

    1. Locate the ENABLE_DB_VM_SSH operation type and click it.
    2. Select the State History tab to view the subtasks and their status.
    3. If the operation fails, select the Error Info tab to examine the returned error information.

Connecting to a Database with an SSH Client

After you enable SSH access to a database, the database allows SSH connections from clients running on any hosts with connectivity to the Service Network.

You obtain the IP address and FQDN of the database from the Server Information section of the Details tab:

Server Information Details of the Database VM
Figure 10. Server Information Details of the Database VM

You obtain the login credentials for the db-admin OS user from the VM Admin User Details section of the Details tab:

Admin User Details of the Database VM
Figure 11. Admin User Details of the Database VM

Recall that the db-admin user should not execute any commands that impact running services on the database.

You use the DB IP Address or DB FQDN and the Org Admin User and Org Admin Password credentials to ssh into the database. For example:

user@host$ ssh db-admin@DBFQDN
password:

Deactivating SSH Access

When you deactivate SSH access to a database, Data Management for VMware Tanzu removes access to the database from the db-admin user.

Note: The Provider Administrator can also remove SSH access from the db-admin user at any time.

Prerequisites

Before you deactivate SSH access to a database, ensure that:

  • The database is powered on and online.
  • SSH access is currently enabled for the database.

Procedure

Perform the following procedure to deactivate SSH access to a database:

  1. Select Databases from the left navigation pane.

    This action displays the Databases view, a table that lists the provisioned databases.

  2. Examine the databases listed in the table, identify the database for which you want to deactivate SSH access, and navigate to that table row.

  3. Click the database VM Name.

    The database information Details tab displays.

  4. Locate the VM Admin User Details section of the pane, click ACTIONS, and select Disable SSH Access from the drop down menu.

    The Disable DB VM SSH dialog displays.

  5. Click CONFIRM.

    Data Management for VMware Tanzu initiates the task, generating an operation of type DISABLE_DB_VM_SSH.

  6. Monitor the progress of the task in the Operations tab or in the Operations view:

    1. Locate the DISABLE_DB_VM_SSH operation type and click it.
    2. Select the State History tab to view the subtasks and their status.
    3. If the operation fails, select the Error Info tab to examine the returned error information.

Automatic Deactivation of SSH Access to a Database

SSH access to a database is deactivated by default. After you enable SSH access to a database, Data Management for VMware Tanzu deactivates the access automatically after eight hours to enhance security. However, consider the following expected behaviors to understand how this feature works under different circumstances:

  • After enabling SSH access to a database, if you deactivate SSH access to the database manually before the automatic deactivation, Data Management for VMware Tanzu cancels the automatic deactivation that is scheduled.
  • After enabling SSH access to a database, if the database is unreachable at the time when the automatic deactivation task is triggered, Data Management for VMware Tanzu retries up to 10 times (after 5 minutes, 10 minutes, 20 minutes, and so on) to check whether the database is reachable. If the database isn't reachable even after the exhaustion of all the retries, automatic deactivation of SSH access is canceled.
  • After enabling SSH access to a database, if the Agent VM is unreachable and then its services start again before the time of automatic deactivation, automatic deactivation of SSH access occurs as scheduled.
  • After enabling SSH access to a database, if the Agent VM is unreachable and then its services start again after the time of automatic deactivation, automatic deactivation of SSH access is scheduled an hour later.
  • After enabling SSH access to databases, if the databases are upgraded to Data Management for VMware Tanzu 1.3.0, you must deactivate the SSH access manually for the first time. The next time when you enable SSH access to the databases, the automatic deactivation of SSH access occurs as scheduled.
  • After enabling SSH access to a database, if the database is not reachable and the scheduled automatic deactivation of SSH access also reaches the limit for the maximum number of retries, you have to deactivate SSH access manually for the database when it comes up.
check-circle-line exclamation-circle-line close-line
Scroll to top icon