You can access a database as an admin user with either CredHub credentials or BOSH SSH.
When you access a database as an admin user, you can do actions that cannot be done as a normal binding user.
You can do the following actions as an admin user:
- Add users.
- Create new schemas.
- View system schemas.
You can choose to access your database service instance as an admin, in one of the following ways:
-
Using BOSH SSH: If your BOSH agent is healthy, you can BOSH SSH into the MySQL VM. This option can be faster. See Connect to MySQL with BOSH SSH.
-
Using CredHub Credentials: If your BOSH agent is unhealthy, you can use this option. See Connect to MySQL with CredHub Credentials.
Connect to MySQL with BOSH SSH
To connect to MySQL with BOSH SSH:
-
BOSH SSH into your node by following the procedure in BOSH SSH in the Tanzu Operations Manager documentation.
-
Connect to your MySQL VM by running:
mysql --defaults-file=/var/vcap/jobs/pxc-mysql/config/mylogin.cnf
Connect to MySQL with CredHub credentials
To retrieve the admin credentials for a service instance from BOSH CredHub:
-
Use the cf CLI to find the GUID associated with the service instance
for which you want to retrieve credentials by running:
For example:cf service SERVICE-INSTANCE-NAME --guid
$ cf service my-service-instance --guid 12345678-90ab-cdef-1234-567890abcdef
If you do not know the name of the service instance, you can list service instances in the space withcf services. - Follow the steps in Gather Credential and IP Address information and Log in to the Tanzu Operations Manager VM with SSH of Advanced Troubleshooting with the BOSH CLI to SSH into the Tanzu Operations Manager VM.
- From the Tanzu Operations Manager VM, log in to your BOSH Director with the BOSH CLI. See Authenticate with the BOSH Director VM in Advanced Troubleshooting with the BOSH CLI.
-
Find the values for
BOSH_CLIENTandBOSH_CLIENT_SECRET:- In the Tanzu Operations Manager Installation Dashboard, click the BOSH Director tile.
- Click the Credentials tab.
- In the BOSH Director section, click the link to the BOSH Commandline Credentials .
- Record the values for
BOSH_CLIENTandBOSH_CLIENT_SECRET.
-
Set the API target of the CredHub CLI to your BOSH CredHub server by running:
Wherecredhub api https://BOSH-DIRECTOR-IP:8844 \ --ca-cert=/var/tempest/workspaces/default/root_ca_certificateBOSH-DIRECTOR-IPis the IP address of the BOSH Director VM.
For example:$ credhub api https://10.0.0.5:8844 \ --ca-cert=/var/tempest/workspaces/default/root_ca_certificate -
Log in to CredHub by running:
credhub login \ --client-name=BOSH-CLIENT \ --client-secret=BOSH-CLIENT-SECRETFor example:
$ credhub login \ --client-name=credhub \ --client-secret=abcdefghijklm123456789 -
Use the CredHub CLI to retrieve the credentials by doing one of following :
-
Retrieve the password for the admin user by running:
In the output, the password appears undercredhub get -n /p-bosh/service-instance_GUID/admin_passwordvalue. Record the password.
For example:$ credhub get \ -n /p-bosh/service-instance_70d30bb6-7f30-441a-a87c-05a5e4afff26/admin_password
id: d6e5bd10-3b60-4a1a-9e01-c76da688b847 name: /p-bosh/service-instance_70d30bb6-7f30-441a-a87c-05a5e4afff26/admin_password type: password value: UMF2DXsqNPPlCNWMdVMcNv7RC3Wi10 version_created_at: 2018-04-02T23:16:09Z -
Retrieve the password for the read-only admin user by running:
In the output, the password appears undercredhub get -n /p-bosh/service-instance_GUID/read_only_admin_passwordvalue. Record the password.
-
Retrieve the password for the admin user by running:
- Record the IP of your service instance. See Connect Using an IP Address.
-
Connect to your database by doing one of following:
- Connect using a management tool. See Using management tools for VMware Tanzu for MySQL.
- Connect directly from your workstation using the MySQL client by
running:
mysql -h IP-ADDRESS -u admin -P 3306 -p
When prompted for a password, enter the password you recorded.
Content feedback and comments