You can access a database as an admin user with either CredHub credentials or BOSH SSH.
When you access a database as an admin user, you can do actions that cannot be done as a normal binding user.
You can do the following actions as an admin user:
You can choose to access your database service instance as an admin, in one of the following ways:
Using BOSH SSH: If your BOSH agent is healthy, you can BOSH SSH into the MySQL VM. This option can be faster. See Connect to MySQL with BOSH SSH below.
Using CredHub Credentials: If your BOSH agent is unhealthy, you can use this option. See Connect to MySQL with CredHub Credentials below.
To connect to MySQL with BOSH SSH:
BOSH SSH into your node by following the procedure in BOSH SSH in the Tanzu Operations Manager documentation.
Connect to your MySQL VM by running:
mysql --defaults-file=/var/vcap/jobs/pxc-mysql/config/mylogin.cnf
To retrieve the admin credentials for a service instance from BOSH CredHub:
cf service SERVICE-INSTANCE-NAME --guid
For example: $ cf service my-service-instance --guid 12345678-90ab-cdef-1234-567890abcdefIf you do not know the name of the service instance, you can list service instances in the space with
cf services
. Find the values for BOSH_CLIENT
and BOSH_CLIENT_SECRET
:
BOSH_CLIENT
and BOSH_CLIENT_SECRET
.credhub api https://BOSH-DIRECTOR-IP:8844 \
--ca-cert=/var/tempest/workspaces/default/root_ca_certificate
Where BOSH-DIRECTOR-IP
is the IP address of the BOSH Director VM. $ credhub api https://10.0.0.5:8844 \
--ca-cert=/var/tempest/workspaces/default/root_ca_certificate
credhub login \
--client-name=BOSH-CLIENT \
--client-secret=BOSH-CLIENT-SECRET
For example:
$ credhub login \ --client-name=credhub \ --client-secret=abcdefghijklm123456789
Use the CredHub CLI to retrieve the credentials by doing one of following :
credhub get -n /p-bosh/service-instance_GUID/admin_password
In the output, the password appears under value
. Record the password.$ credhub get \ -n /p-bosh/service-instance_70d30bb6-7f30-441a-a87c-05a5e4afff26/admin_password
id: d6e5bd10-3b60-4a1a-9e01-c76da688b847 name: /p-bosh/service-instance_70d30bb6-7f30-441a-a87c-05a5e4afff26/admin_password type: password value: UMF2DXsqNPPlCNWMdVMcNv7RC3Wi10 version_created_at: 2018-04-02T23:16:09Z
credhub get -n /p-bosh/service-instance_GUID/read_only_admin_password
In the output, the password appears under value
. Record the password. mysql -h IP-ADDRESS -u admin -P 3306 -pWhen prompted for a password, enter the password you recorded.