All VMs can be accessed by either a low-privilege user or a primary user.
Low-privilege user
All VMs include a low-privilege user with the username viewer.
This user has read-only access to almost all diagnostics and can run most read-only diagnostic commands.
However, it has no access to read-write diagnostic commands, insufficient privileges for some logs and file paths,
and no superuser capabilities on the VMs.
Use the low-privilege user as opposed to the primary user when possible.
The low-privilege user is only accessible over SSH.
You can log in as the low-privilege user
using any key provisioned in the ssh/authorized-keys list for a VM in the SDF
or using any key in the low-privilege-ssh-authorized-keys list
within the product-options section of a VNFC in the SDF.
See Logging in through SSH for more information
on how to authorize SSH keys.
Follow the example below to SSH into a deployed VM as the low-privilege user.
ssh -i <path-to-ssh-private-key> viewer@<VM-management-IP-address>
|
The low-privilege user cannot login until initconf has configured the system. |
Primary user
All VMs include a primary user with the username sentinel.
The primary user has root access and thus, should only be used when you need to perform write and update operations.
Follow the example below to SSH into a deployed VM as the primary user.
ssh -i <path-to-ssh-private-key> sentinel@<VM-management-IP-address>Once logged into a VM, you can run sudo su - viewer to run subsequent commands as the low-privilege user.
Permissions of commonly used commands
Below is a table indicating which user has permission to run commonly used commands.
|
|
This is not an exhaustive list. |
| Command | Low-privilege user allowed | Primary user allowed |
|---|---|---|
Run cqlsh commands |
No |
Yes |
Read Tomcat logs |
No |
Yes |
Read REM logs |
No |
Yes |
Read Rhino logs |
Yes |
Yes |
Read Cassandra logs |
Yes |
Yes |
Read bootstrap logs |
Yes |
Yes |
Read initconf logs |
Yes |
Yes |
Gather diags |
Yes |
Yes |
Use nodetool commands |
Yes, but only with sudo |
Yes |
Run Rhino console commands |
Yes, but only read-only commands |
Yes |
Run Docker commands |
No |
Yes |
Run report-initconf |
Yes |
Yes |
