All VMs can be accessed by either a low-privilege user or a primary user.
Low-privilege user
All VMs include a low-privilege user with the username viewer
.
This user has read-only access to almost all diagnostics and can run most read-only diagnostic commands.
However, it has no access to read-write diagnostic commands, insufficient privileges for some logs and file paths,
and no superuser capabilities on the VMs.
Use the low-privilege user as opposed to the primary user when possible.
The low-privilege user is only accessible over SSH.
You can log in as the low-privilege user
using any key provisioned in the ssh/authorized-keys
list for a VM in the SDF
or using any key in the low-privilege-ssh-authorized-keys
list
within the product-options
section of a VNFC in the SDF.
See Logging in through SSH for more information
on how to authorize SSH keys.
Follow the example below to SSH into a deployed VM as the low-privilege user.
ssh -i <path-to-ssh-private-key> viewer@<VM-management-IP-address>
The low-privilege user cannot login until initconf has configured the system. |
Primary user
All VMs include a primary user. The username of this user is configured when the node is built. This is done through the node-parameters.yaml file.
The primary user has root access and thus, should only be used when you need to perform write and update operations.
Follow the example below to SSH into a deployed VM as the primary user.
ssh -i <path-to-ssh-private-key> <username>@<VM-management-IP-address>
Once logged into a VM, you can run sudo su - viewer
to run subsequent commands as the low-privilege user.
Permissions of commonly used commands
Below is a table indicating which user has permission to run commonly used commands.
This is not an exhaustive list. |
Command | Low-privilege user allowed | Primary user allowed |
---|---|---|
Run cqlsh commands |
No |
Yes |
Read Tomcat logs |
No |
Yes |
Read REM logs |
No |
Yes |
Read Rhino logs |
Yes |
Yes |
Read Cassandra logs |
Yes |
Yes |
Read bootstrap logs |
Yes |
Yes |
Read initconf logs |
Yes |
Yes |
Gather diags |
Yes |
Yes |
Use nodetool commands |
Yes, but only with sudo |
Yes |
Run Rhino console commands |
Yes, but only read-only commands |
Yes |
Run Docker commands |
No |
Yes |
Run report-initconf |
Yes |
Yes |