How to Access VMs and Databases related to PKS

Following instructions are about how to access the VMs and Databases for PKS.

1. SSH into Ops Manager & access tempest_production database

- SSH into your Ops Manager VM # Use the password you gave when you logged in the Operations Manager UI for the first time.

$ ssh ubuntu@opsman.mycompany.local 
ubuntu@opsman.mycompany.local's password:
ubuntu@opsman:~$ sudo -i
[sudo] password for ubuntu: 

- Access then tempest_production databases on PostgreSQL

root@opsman:~# su - postgres
postgres@opsman:~$ psql tempest_production
tempest_production=# \d
 
                             List of relations
Schema |                  Name                   |   Type   |    Owner
--------+-----------------------------------------+----------+-------------
public | application_unlock_infos                | table    | tempest-web
public | application_unlock_infos_id_seq         | sequence | tempest-web
public | ar_internal_metadata                    | table    | tempest-web
public | certificates                            | table    | tempest-web
public | certificates_id_seq                     | sequence | tempest-web
public | delayed_jobs                            | table    | tempest-web
public | delayed_jobs_id_seq                     | sequence | tempest-web
public | disk_types                              | table    | tempest-web
public | disk_types_id_seq                       | sequence | tempest-web
public | encryption_keys                         | table    | tempest-web
public | encryption_keys_id_seq                  | sequence | tempest-web
public | installation_changes                    | table    | tempest-web
public | installation_changes_id_seq             | sequence | tempest-web
public | installation_logs                       | table    | tempest-web
:
:

2. SSH into PKS UAA/API Server and Access MySQL DB

- Login to the PKS VM using the 'bosh ssh' command

$ bosh -e pks vms
:
Deployment 'pivotal-container-service-c64a8a8eeb4b61aa3ec6'
Instance                                                        Process State ...
pivotal-container-service/d747d87a-dd69-4f17-a49e-22a1d6bb0b13  running       ...
:
 
$ bosh -e pks -d pivotal-container-service-c64a8a8eeb4b61aa3ec6 ssh pivotal-container-service/d747d87a-dd69-4f17-a49e-22a1d6bb0b13
Using environment '10.193.121.11' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)
Using deployment 'pivotal-container-service-c64a8a8eeb4b61aa3ec6'
:
:
pivotal-container-service/d747d87a-dd69-4f17-a49e-22a1d6bb0b13:~$

- Access MySQL DB Get the MySQL root password from PKS tile -> Credentials -> Mysql Admin password

pivotal-container-service/d747d87a-dd69-4f17-a49e-22a1d6bb0b13:~$ mysql -h 127.0.0.1 -u root -p
Enter password: <mysql_admin_password>
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| pks                |
| uaa                |
+--------------------+
 

3. SSH into Kubernetes Master and Access etcd database - SSH into a Kubernetes master

$ bosh -e pks -d service-instance_8847255e-40e3-41ad-b141-e45ab0af62a9 ssh master/cabf6333-4f46-4ce6-939f-099f2c6b0d7c
Using environment '10.193.121.11' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)
Using deployment 'service-instance_8847255e-40e3-41ad-b141-e45ab0af62a9'
:
:
master/cabf6333-4f46-4ce6-939f-099f2c6b0d7c:~$ sudo -i
master/cabf6333-4f46-4ce6-939f-099f2c6b0d7c:~#

- Access etcd key-value datastore # # etcd has two API versions of v2 & v3 and their command usages are different. # - Access Flannel Configuration using API v2 ** etcdctl/API v2 command usage - https://github.com/coreos/etcd/blob/master/etcdctl/READMEv2.md

# alias etcdctlv2='ETCDCTL_API=2 /var/vcap/packages/etcdctl/etcdctl --cert-file /var/vcap/jobs/etcd/config/certs/client.crt --key-file /var/vcap/jobs/etcd/config/certs/client.key --ca-file /var/vcap/jobs/etcd/config/certs/server-ca.crt --endpoints=https://master-0.etcd.cfcr.internal:4001';
    # etcdctlv2 ls -r /
    /coreos.com
    /coreos.com/network
    /coreos.com/network/config
    /coreos.com/network/subnets
    /coreos.com/network/subnets/10.200.4.0-24
    /coreos.com/network/subnets/10.200.63.0-24
    /coreos.com/network/subnets/10.200.56.0-24
    /coreos.com/network/subnets/10.200.5.0-24
  
    # etcdctlv2 get /coreos.com/network/config
    {"Network":"10.200.0.0/16","Backend":{"Type":"vxlan"}}
   

- Access Cluster Objects using API v3 ** etcdctl/API v3 command usage - https://coreos.com/etcd/docs/latest/dev-guide/interacting_v3.html

    # alias etcdctlv3='ETCDCTL_API=3 /var/vcap/packages/etcdctl/etcdctl --cert=/var/vcap/jobs/etcd/config/certs/client.crt --key=/var/vcap/jobs/etcd/config/certs/client.key --cacert=/var/vcap/jobs/etcd/config/certs/server-ca.crt --endpoints=https://master-0.etcd.cfcr.internal:4001';
    # etcdctlv3 get '' --keys-only --prefix
    :
    :
    /registry/services/specs/default/kubernetes
    /registry/services/specs/kube-system/heapster
    /registry/services/specs/kube-system/kube-dns
    /registry/services/specs/kube-system/kubernetes-dashboard
    :
    :

4. SSH into Harbor VM, containers and Access various Databases - SSH into Harbor VM

$ bosh -e pks vms
 Using environment '10.193.121.11' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)
 Task 186. Done
 :
 Deployment 'harbor-container-registry-74b44adfd44a90f27cb3'
 Instance                                         Process State AZ IPs VM CID                           VM Type
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842  running AZ1 10.193.121.13 vm-c5eb38a5-acd7-4769-a731-617b0de04dd5  large.disk
 :
  
 $ bosh -e pks -d harbor-container-registry-74b44adfd44a90f27cb3 ssh harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842
 :
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~$ sudo -i
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# alias docker='/var/vcap/packages/docker/bin/docker -H unix:///var/vcap/sys/run/docker/dockerd.sock'
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# docker ps
 CONTAINER ID        IMAGE                                       ...   NAMES
 ba8e4bbbd70e        vmware/nginx-photon:v1.4.0                  ...   nginx
 248ceeb87c92        vmware/harbor-jobservice:v1.4.0             ...   harbor-jobservice
 bc7dc8a03068        vmware/notary-server-photon:v0.5.1-v1.4.0   ...   notary-server
 f2714da1da31        vmware/harbor-ui:v1.4.0                     ...   harbor-ui
 71a87d716636        vmware/clair-photon:v2.0.1-v1.4.0           ...   clair
 15f4b712bcd4        vmware/notary-signer-photon:v0.5.1-v1.4.0   ...   notary-signer
 a09f5a207347        vmware/harbor-db:v1.4.0                     ...   harbor-db
 69ba31229876        vmware/postgresql-photon:v1.4.0             ...   clair-db
 476accffdb3c        vmware/mariadb-photon:v1.4.0                ...   notary-db
 26f720f46929        vmware/registry-photon:v2.6.2-v1.4.0        ...   registry
 78cae10c3831        vmware/harbor-adminserver:v1.4.0            ...   harbor-adminserver
 3e93a18f6cb5        vmware/harbor-log:v1.4.0                    ...   harbor-log

- Access Notary DB in MySQL

harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# docker exec -it notary-db bash
root [ / ]# mysql
MariaDB [(none)]> show databases;

+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| notaryserver       |
| notarysigner       |
| performance_schema |
+--------------------+
  

- Access Clair DB in PostgreSQL

harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# docker exec -it clair-db bash
root [ / ]# psql postgres postgres
psql (9.6.6)
Type "help" for help.
postgres=# \d
                             List of relations
Schema |                    Name                     |   Type   |  Owner
--------+---------------------------------------------+----------+----------
public | feature                                     | table    | postgres
public | feature_id_seq                              | sequence | postgres
:
:
public | vulnerability                               | table    | postgres
public | vulnerability_affects_featureversion        | table    | postgres
public | vulnerability_affects_featureversion_id_seq | sequence | postgres
public | vulnerability_fixedin_feature               | table    | postgres
public | vulnerability_fixedin_feature_id_seq        | sequence | postgres
public | vulnerability_id_seq                        | sequence | postgres
public | vulnerability_notification                  | table    | postgres
public | vulnerability_notification_id_seq           | sequence | postgres
 

- Access Harbor DB in MySQL

harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:/# docker exec -it harbor-db bash
root [ / ]# mysql -u root -p
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| registry           |
+--------------------+

references: https://community.pivotal.io/s/article/How-to-Access-VMs--Databases-related-to-PKS