Managing Internal Databases

This topic describes two procedures for managing the internal MySQL databases used by Pivotal Application Service (PAS) system components: scaling down your MySQL cluster, and migrating the cluster to a database stack that uses TLS encryption.

These procedures do not apply to databases configured as external in the PAS tile Databases pane.

PAS components that use system databases include the Cloud Controller, Diego brain, Gorouter, and the User Authorization and Authentication (UAA) server. See Cloud Foundry Components.

Scale Down Your MySQL Cluster

This procedure explains how to safely scale your MySQL cluster down to a single node. If you are already running the MySQL cluster with a single node, you do not need to perform these steps.

By default, internal MySQL deploys as a single node. To take advantage of the high availability features of MySQL, you may have scaled the configuration up to three or more server nodes.

Check the Health of Your Cluster

Before scaling down your MySQL cluster, perform the following actions to ensure the cluster is healthy.

  1. Use the Cloud Foundry Command Line Interface (cf CLI) to target the API endpoint of your Pivotal Cloud Foundry (PCF) deployment:

    $ cf api api.YOUR-SYSTEM-DOMAIN
    Setting api endpoint to api.YOUR-SYSTEM-DOMAIN...
    OK

    API endpoint: https://api.YOUR-SYSTEM-DOMAIN... (API version: 2.54.0) Not logged in. Use 'cf login' to log in.

  2. Log in with your User Account and Authentication (UAA) Administrator user credentials. Obtain these credentials by clicking the Credentials tab of the Pivotal Application Service (PAS) tile, locating the Admin Credentials entry in the UAA section, and clicking Link to Credential.

    $ cf login -u admin
    API endpoint: https://api.YOUR-SYSTEM-DOMAIN

    Password> Authenticating... OK

  3. Create a test organization to verify the database across all nodes:

    $ cf create-org data-integrity-test-organization
    Creating org data-integrity-test-organization as admin...
    OK

    Assigning role OrgManager to user admin in org data-integrity-test-organization ... OK

    TIP: Use 'cf target -o data-integrity-test-organization' to target new org

  4. Obtain the IP addresses of your MySQL server by performing the following steps:

    1. From the PCF Installation Dashboard, click the Pivotal Application Service tile.
    2. Click the Status tab.
    3. Record the IP addresses for all instances of the MySQL Server job.
  5. Retrieve Cloud Controller database credentials from CredHub using the Ops Manager API:

    1. Perform the procedures in the Using the Ops Manager API topic to authenticate and access the Ops Manager API.
    2. Use the GET /api/v0/deployed/products endpoint to retrieve a list of deployed products, replacing UAA-ACCESS-TOKEN with the access token recorded in the previous step:
      $ curl "https://OPS-MAN-FQDN/api/v0/deployed/products" \
      -X GET \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    3. In the response to the above request, locate the product with an installation_name starting with cf- and copy its guid.
    4. Run the following curl command, replacing PRODUCT-GUID with the value of guid from the previous step:
      $ curl "https://OPS-MAN-FQDN/api/v0/deployed/products/PRODUCT-GUID/variables?name=cc-db-credentials" \
      -X GET \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    5. Record the Cloud Controller database username and password from the response to the above request.
  6. SSH into the Ops Manager VM. Because the procedures vary by IaaS, review the SSH into Ops Manager section of the Advanced Troubleshooting with the BOSH CLI topic for specific instructions.

  7. For each of the MySQL server IP addresses recorded above, perform the following steps from the Ops Manager VM:

    1. Query the new organization with the following command, replacing YOUR-IP with the IP address of the MySQL server and YOUR-IDENTITY with the identity value of the CCDB credentials obtained above:
      $ mysql -h YOUR-IP -u YOUR-IDENTITY -D ccdb -p -e "select created_at, name from organizations where name = 'data-integrity-test-organization'"
      
    2. When prompted, provide the password value of the CCDB credentials obtained above.
    3. Examine the output of the mysql command and verify the created_at date is recent.
      +---------------------+----------------------------------+
      | created_at          | name                             |
      +---------------------+----------------------------------+
      | 2016-05-28 01:11:42 | data-integrity-test-organization |
      +---------------------+----------------------------------+
      
  8. If each MySQL server instance does not return the same created_at result, contact Pivotal Support before proceeding further or making any changes to your deployment. If each MySQL server instance does return the same result, then you can safely proceed to scaling down your cluster to a single node by performing the steps in the following section.

Set Server Instance Count to 1

  1. From the PCF Installation Dashboard, click the Pivotal Application Service tile.

  2. Select Resource Config.

  3. Use the dropdown to change the Instances count for MySQL Server to 1.

  4. Click Save, then Review Pending Changes and Apply Changes to apply the changes.

  5. Delete your test organization with the following cf CLI command:

    $ cf delete-org data-integrity-test-organization

Migrating to Internal Percona MySQL

In PAS v2.1 and earlier, internal system MySQL databases ran MariaDB with cluster nodes communicating over plaintext. PAS v2.2 offers a second option for internal databases: a Percona Server that uses TLS to encrypt communication between server cluster nodes.

For more information on migrating PAS internal MySQL databases from the less secure MariaDB infrastructure to a TLS-encrypted Percona stack, see Migrating to Internal Percona MySQL.

Create a pull request or raise an issue on the source for this page in GitHub