Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

database

Enables automatic repairing (vacuuming) and dropping of captive-portal and NSight databases

If enforcing authenticated access to the database, use this command to generate the keyfile. Every keyfile has a set of associated users having a username and password. Access to the database is allowed only if the user credentials entered during database login are valid. For more information on enabling database authentication, see Enabling Database Authentication.

Note

Note

This command and its syntax is common to both the User Executable and Privilege Executable configuration modes.

Supported in the following platforms

  • Service Platforms — NX9500, NX9600, VX9000

Syntax

database [drop|keyfile|repair]
database drop [all|captive-portal|nsight]
database repair {on <DEVICE-NAME>}
database keyfile [export|generate|import|zerzoise]
database keyfile generate
database keyfile [export|import] <URL>
database keyfile zerzoise

Parameters

database drop [all|captive-portal|nsight]
database drop [all|captive-portal| nsight] Drops (deletes) all or a specified database. Execute the command on the database.
  • all – Drops all databases, captive portal and NSight
  • captive-portal – Drops the captive-portal database
  • nsight – Drops the NSight database
 
database repair {on <DEVICE-NAME>}
database repair on <DEVICE-NAME> Enables automatic repairing of all databases. Repairing (vacuuming a database refers to the process of finding and reclaiming space left over from previous DELETE statements. Execute the command on the database host.
  • on <DEVICE-NAME> – Optional. Specifies the name of the database host. When specified, databases on the specified host are periodically checked to identify and remove obsolete data documents.
    • <DEVICE-NAME> – Specify the name of the access point, wireless controller, or service platform.
Note: If no device is specified, the system repairs all databases.
 
database keyfile generate
database keyfile generate Enables database keyfile management. This command is part of a set of configurations required to enforce database authentication. Use this command to generate database keyfiles. After generating the keyfile, create the username and password combination required to access the database. For information on creating database users, see service. For information on enabling database authentication, see Enabling Database Authentication.
  • generate – Generates the keyfile. In case of a replica-set deployment, execute the command on the primary database host. Once generated, export the keyfile to a specified location from where it is imported on to the replica-set hosts.
 
database keyfile [export|import] <URL>
database keyfile [export|import] <URL> Enables database keyfile management. This command is part of a set of configurations required to enforce database authentication. Use this command to exchange keyfiles between replica set members.
  • export – Exports the keyfile to a specified location on an FTP/SFTP/TFTP server. Execute the command on the database host on which the keyfile has been generated.
  • import – Imports the keyfile from a specified location. Execute the command on the replica set members.
The following parameter is common to both of the above keywords:
  • <URL> – Specify the location to/from where the keyfile is to be exported/imported. Use one of the following options to specify the keyfile location:

    ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

    sftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

    tftp://<hostname|IP>[:port]/path/file

 
database keyfile zerzoise
database keyfile zerzoise Enables database keyfile management. Use this command to delete keyfiles
  • zerzoise – Deletes an existing keyfile.

Examples

vx9000-1A1809#database keyfile generate
Database keyfile successfully generated
vx9000-1A1809#
vx9000-1A1809#database keyfile export ftp://1.1.1.111/db-key
Database keyfile successfully exported
vx9000-1A1809#
vx9000-D031F2#database keyfile import ftp://1.1.1.111/db-key
Database keyfile successfully imported
vx9000-D031F2#

Example: Enabling Database Authentication

Follow the steps below to enable database authentication.

  1. On the primary database host,
    1. Generate the database keyfile.
      Primary-DB-HOST>database keyfile generate
Database keyfile successfully generated
Primary-DB-HOST>
    2. Use the show > database > keyfile command to view the generated keyfile.
    3. Export the keyfile to an external location. This is required only in case of database replica-set deployment.
      Primary-DB-HOST>database keyfile export ftp://1.1.1.111/db-key
Database keyfile successfully exported
Primary-DB-HOST>
    4. Create the users that are allowed access to the database.
      Primary-DB-HOST#service database authentication create-user username techpubs password techPubs@123
Database user [techpubs] created.
Primary-DB-HOST#
    5. View the database user account created.
      Primary-DB-HOST#show database users
--------------------------------
         DATABASE USER
--------------------------------
 techpubs
--------------------------------
Primary-DB-HOST#
  2. On the replica set host, import the keyfile from the location specified in Step 1 c. 
    Secondary-DB-HOST#database keyfile import ftp://1.1.1.111/db-key
  3. In the database-policy context, --- (used on the NSight/EGuest database hosts)
    1. Enable authentication.
      Primary-DB-HOST(config-database-policy-techpubs)#authentication
    2. Configure the user accounts created in Step 1 d.
      Primary-DB-HOST(config-database-policy-techpubs)#authentication username techpubs password S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
      Primary-DB-HOST(config-database-policy-techpubs)#show context
database-policy techpubs
 authentication
 authentication username techpubs password 2 S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
 replica-set member nx7500-A02B91 arbiter
 replica-set member vx9000-1A1809 priority 1
 replica-set member vx9000-D031F2 priority 20
Primary-DB-HOST(config-database-policy-techpubs)#
  4. In the database-client policy context --- (used on the NSight/EGuest server host), Note, this configuration is required only if the NSight/EGuest server and database are hosted on separate hosts.
    1. Configure the user credentials created in Step 1 d.
      NOC-Controller(config-database-client-policy-techpubs)#authentication username techpubs password S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
    2. View the configuration.
      NOC-Controller(config-database-client-policy-techpubs)#show context
database-client-policy techpubs
 authentication username techpubs password 2 S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
NOC-Controller(config-database-client-policy-techpubs)#

Related Commands

database-backup Backs up captive-portal and/or NSight database to a specified location and file on an FTP or SFTP server
database-restore Restores a previously exported database [captive-portal and/or NSight]
database-policy global config Documents database-policy configuration commands. Use this option to enable the database.
database-client-policy global-config Documents database-client-policy configuration commands. Use this option to configure the database host details (IP address or hostname). If enforcing database authentication, use it to configure the users having database access. Once configured, use the policy in the NSight/EGuest server‘s device config context.
service Documents the database user account configuration details
Published April 2019prev | next

Email this topicEmail this topic

Print this pagePrint this page