Pivotal Knowledge Base

Follow

How to Access VMs & Databases related to PKS

Environment

Pivotal Container Service (PKS) Version 1.0

Purpose

Warning: Even though you have access to these various databases, it is NOT suggested to alter any of these databases directly. If you have any doubt about the following steps, please contact Pivotal Support and perform the following steps under their guidance.

With a fully deployed PKS environment, there are many VMs and databases associated with the environment and sometimes it is necessary to access to those VMs and databases for troubleshooting purposes.

This article explains how to access most of these VMs & databases (DBs). Please note this article assumes you have enough knowledge of those associated VMs and DBs and that's why we are not trying to explain the role of each VMs & databases.

Prerequisites

  • You have fully deployed PKS environment.
  • You have access to the Ops Manager Terminal screen.

Procedure

Following instructions are about how to access the VMs and Databases for PKS.

1. SSH into OpsManager & access tempest_production database

- SSH into your OpsManager VM
# Use the password you gave when you logged in the OpsManager UI for the first time.

$ ssh ubuntu@opsman.mycompany.local 
ubuntu@opsman.mycompany.local's password:
ubuntu@opsman:~$ sudo -i
[sudo] password for ubuntu:

- Access then tempest_production databases on PostgreSQL

root@opsman:~# su - postgres
postgres@opsman:~$ psql tempest_production
tempest_production=# \d

                             List of relations
Schema |                  Name                   |   Type   |    Owner
--------+-----------------------------------------+----------+-------------
public | application_unlock_infos                | table    | tempest-web
public | application_unlock_infos_id_seq         | sequence | tempest-web
public | ar_internal_metadata                    | table    | tempest-web
public | certificates                            | table    | tempest-web
public | certificates_id_seq                     | sequence | tempest-web
public | delayed_jobs                            | table    | tempest-web
public | delayed_jobs_id_seq                     | sequence | tempest-web
public | disk_types                              | table    | tempest-web
public | disk_types_id_seq                       | sequence | tempest-web
public | encryption_keys                         | table    | tempest-web
public | encryption_keys_id_seq                  | sequence | tempest-web
public | installation_changes                    | table    | tempest-web
public | installation_changes_id_seq             | sequence | tempest-web
public | installation_logs                       | table    | tempest-web
:
:

 
2. SSH into PKS UAA/API Server and Access MySQL DB

- Login to the PKS VM using the 'bosh ssh' command

$ bosh -e pks vms
:
Deployment 'pivotal-container-service-c64a8a8eeb4b61aa3ec6'
Instance                                                        Process State ...
pivotal-container-service/d747d87a-dd69-4f17-a49e-22a1d6bb0b13  running       ...
:
 
$ bosh -e pks -d pivotal-container-service-c64a8a8eeb4b61aa3ec6 ssh pivotal-container-service/d747d87a-dd69-4f17-a49e-22a1d6bb0b13
Using environment '10.193.121.11' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)
Using deployment 'pivotal-container-service-c64a8a8eeb4b61aa3ec6'
:
:
pivotal-container-service/d747d87a-dd69-4f17-a49e-22a1d6bb0b13:~$

- Access MySQL DB
  Get the MySQL root password from PKS tile -> Credentials -> Mysql Admin password

pivotal-container-service/d747d87a-dd69-4f17-a49e-22a1d6bb0b13:~$ mysql -u root -p
Enter password: <mysql_admin_password>
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| pks                |
| uaa                |
+--------------------+

3. SSH into Kubernetes Master and Access etcd database

- SSH into a Kubernetes master

$ bosh -e pks -d service-instance_8847255e-40e3-41ad-b141-e45ab0af62a9 ssh master/cabf6333-4f46-4ce6-939f-099f2c6b0d7c
Using environment '10.193.121.11' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)
Using deployment 'service-instance_8847255e-40e3-41ad-b141-e45ab0af62a9'
:
:
master/cabf6333-4f46-4ce6-939f-099f2c6b0d7c:~$ sudo -i
master/cabf6333-4f46-4ce6-939f-099f2c6b0d7c:~#

 
- Access etcd key-value datastore
#
# etcd has two API versions of v2 & v3 and their command usages are different.
#
- Access Flannel Configuration using API v2
    ** etcdctl/API v2 command usage - https://github.com/coreos/etcd/blob/master/etcdctl/READMEv2.md

    # alias etcdctlv2='ETCDCTL_API=2 /var/vcap/packages/etcdctl/etcdctl --cert-file /var/vcap/jobs/etcd/config/certs/client.crt --key-file /var/vcap/jobs/etcd/config/certs/client.key --ca-file /var/vcap/jobs/etcd/config/certs/server-ca.crt --endpoints=https://master-0.etcd.cfcr.internal:4001'
# etcdctlv2 ls -r /
    /coreos.com
    /coreos.com/network
    /coreos.com/network/config
    /coreos.com/network/subnets
    /coreos.com/network/subnets/10.200.4.0-24
    /coreos.com/network/subnets/10.200.63.0-24
    /coreos.com/network/subnets/10.200.56.0-24
    /coreos.com/network/subnets/10.200.5.0-24
 
    # etcdctlv2 get /coreos.com/network/config
    {"Network":"10.200.0.0/16","Backend":{"Type":"vxlan"}}  

- Access Cluster Objects using API v3
   ** etcdctl/API v3 command usage - https://coreos.com/etcd/docs/latest/dev-guide/interacting_v3.html

    # alias etcdctlv3='ETCDCTL_API=3 /var/vcap/packages/etcdctl/etcdctl --cert=/var/vcap/jobs/etcd/config/certs/client.crt --key=/var/vcap/jobs/etcd/config/certs/client.key --cacert=/var/vcap/jobs/etcd/config/certs/server-ca.crt --endpoints=https://master-0.etcd.cfcr.internal:4001'
    # etcdctlv3 get '' --keys-only --prefix
:
    :
    /registry/services/specs/default/kubernetes
    /registry/services/specs/kube-system/heapster
    /registry/services/specs/kube-system/kube-dns
    /registry/services/specs/kube-system/kubernetes-dashboard
    :
    :


4. SSH into Harbor VM, containers and Access various Databases
 
- SSH into Harbor VM

$ bosh -e pks vms
Using environment '10.193.121.11' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)
Task 186. Done
:
Deployment 'harbor-container-registry-74b44adfd44a90f27cb3'
Instance                                         Process State AZ IPs VM CID                           VM Type
harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842  running AZ1 10.193.121.13 vm-c5eb38a5-acd7-4769-a731-617b0de04dd5  large.disk
:
 
$ bosh -e pks -d harbor-container-registry-74b44adfd44a90f27cb3 ssh harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842
:
harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~$ sudo -i
harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# alias docker='/var/vcap/packages/docker/bin/docker -H unix:///var/vcap/sys/run/docker/dockerd.sock'
harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# docker ps
CONTAINER ID        IMAGE                                       ...   NAMES
ba8e4bbbd70e        vmware/nginx-photon:v1.4.0                  ...   nginx
248ceeb87c92        vmware/harbor-jobservice:v1.4.0             ...   harbor-jobservice
bc7dc8a03068        vmware/notary-server-photon:v0.5.1-v1.4.0   ...   notary-server
f2714da1da31        vmware/harbor-ui:v1.4.0                     ...   harbor-ui
71a87d716636        vmware/clair-photon:v2.0.1-v1.4.0           ...   clair
15f4b712bcd4        vmware/notary-signer-photon:v0.5.1-v1.4.0   ...   notary-signer
a09f5a207347        vmware/harbor-db:v1.4.0                     ...   harbor-db
69ba31229876        vmware/postgresql-photon:v1.4.0             ...   clair-db
476accffdb3c        vmware/mariadb-photon:v1.4.0                ...   notary-db
26f720f46929        vmware/registry-photon:v2.6.2-v1.4.0        ...   registry
78cae10c3831        vmware/harbor-adminserver:v1.4.0            ...   harbor-adminserver
3e93a18f6cb5        vmware/harbor-log:v1.4.0                    ...   harbor-log

- Access Notary DB in MySQL   

harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# docker exec -it notary-db bash
root [ / ]# mysql
MariaDB [(none)]> show databases;

+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| notaryserver       |
| notarysigner       |
| performance_schema |
+--------------------+  

- Access Clair DB in PostgreSQL

harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# docker exec -it clair-db bash
root [ / ]# psql postgres postgres
psql (9.6.6)
Type "help" for help.
postgres=# \d
                             List of relations
Schema |                    Name                     |   Type   |  Owner
--------+---------------------------------------------+----------+----------
public | feature                                     | table    | postgres
public | feature_id_seq                              | sequence | postgres
:
:
public | vulnerability                               | table    | postgres
public | vulnerability_affects_featureversion        | table    | postgres
public | vulnerability_affects_featureversion_id_seq | sequence | postgres
public | vulnerability_fixedin_feature               | table    | postgres
public | vulnerability_fixedin_feature_id_seq        | sequence | postgres
public | vulnerability_id_seq                        | sequence | postgres
public | vulnerability_notification                  | table    | postgres
public | vulnerability_notification_id_seq           | sequence | postgres


- Access Harbor DB in MySQL 

harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:/# docker exec -it harbor-db bash
root [ / ]# mysql -u root -p
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| registry           |
+--------------------+

Comments

Powered by Zendesk