All VMs can be accessed by either a low-privilege user or a primary user.

Low-privilege user

All VMs include a low-privilege user with the username viewer. This user has read-only access to almost all diagnostics and can run most read-only diagnostic commands. However, it has no access to read-write diagnostic commands, insufficient privileges for some logs and file paths, and no superuser capabilities on the VMs.

Use the low-privilege user as opposed to the primary user when possible.

The low-privilege user is only accessible over SSH. You can log in as the low-privilege user using any key provisioned in the ssh/authorized-keys list for a VM in the SDF or using any key in the low-privilege-ssh-authorized-keys list within the product-options section of a VNFC in the SDF. See Logging in through SSH for more information on how to authorize SSH keys.

Follow the example below to SSH into a deployed VM as the low-privilege user.

ssh -i <path-to-ssh-private-key> viewer@<VM-management-IP-address>
Note

The low-privilege user cannot login until initconf has configured the system.

Primary user

All VMs include a primary user. The username of this user is configured when the node is built. This is done through the node-parameters.yaml file.

The primary user has root access and thus, should only be used when you need to perform write and update operations.

Follow the example below to SSH into a deployed VM as the primary user.

ssh -i <path-to-ssh-private-key> <username>@<VM-management-IP-address>

Once logged into a VM, you can run sudo su - viewer to run subsequent commands as the low-privilege user.

Permissions of commonly used commands

Below is a table indicating which user has permission to run commonly used commands.

Note

This is not an exhaustive list.

Command Low-privilege user allowed Primary user allowed

Run cqlsh commands

No

Yes

Read Tomcat logs

No

Yes

Read REM logs

No

Yes

Read Rhino logs

Yes

Yes

Read Cassandra logs

Yes

Yes

Read bootstrap logs

Yes

Yes

Read initconf logs

Yes

Yes

Gather diags

Yes

Yes

Use nodetool commands

Yes, but only with sudo

Yes

Run Rhino console commands

Yes, but only read-only commands

Yes

Run Docker commands

No

Yes

Run report-initconf

Yes

Yes

Previous page Next page
VM Build Container Version 3.2