database

Enables automatic repairing (vacuuming) and dropping databases. Also enables keyfile generation.

If enforcing authenticated access to a database, use this command to generate the keyfile. Every keyfile has a set of associated users having a username and password. Access to the database is allowed only if the user credentials entered during database login are valid. For more information on enabling database authentication, see Enabling Database Authentication.

Note

Note

This command and its syntax is common to both the User Executable and Privilege Executable configuration modes.

Supported in the following platforms

  • Service Platforms — NX9500, NX9600, VX9000

Syntax

database [drop|keyfile|repair]
database drop [all|captive-portal]
database repair {on <DEVICE-NAME>}
database keyfile [export|generate|import|zerzoise]
database keyfile generate
database keyfile [export|import] <URL>
database keyfile zerzoise

Parameters

database drop [all|captive-portal]
database drop [all|captive-portal|] Drops (deletes) all or a specified database. Execute the command on the device hosting the database.
  • all – Drops all databases, captive portal and NSight
  • captive-portal – Drops the captive-portal database
database repair {on <DEVICE-NAME>}
database repair on <DEVICE-NAME> Enables automatic repairing of all databases. Repairing (vacuuming a database refers to the process of finding and reclaiming space left over from previous DELETE statements. Execute the command on the database host.
  • on <DEVICE-NAME> – Optional. Specifies the name of the database host. When specified, databases on the specified host are periodically checked to identify and remove obsolete data documents.
    • <DEVICE-NAME> – Specify the name of the access point, wireless controller, or service platform.
Note: If no device is specified, the system repairs all databases.
database keyfile generate
database keyfile generate Enables database keyfile management. This command is part of a set of configurations required to enforce database authentication. Use this command to generate database keyfiles. After generating the keyfile, create the username and password combination required to access the database. For information on creating database users, see service. For information on enabling database authentication, see Enabling Database Authentication.
  • generate – Generates the keyfile. In case of a replica-set deployment, execute the command on the primary database host. Once generated, export the keyfile to a specified location from where it is imported on to the replica-set hosts.
database keyfile [export|import] <URL>
database keyfile [export|import] <URL> Enables database keyfile management. This command is part of a set of configurations required to enforce database authentication. Use this command to exchange keyfiles between replica set members.
  • export – Exports the keyfile to a specified location on an FTP/SFTP/TFTP server. Execute the command on the database host on which the keyfile has been generated.
  • import – Imports the keyfile from a specified location. Execute the command on the replica set members.
The following parameter is common to both of the above keywords:
  • <URL> – Specify the location to/from where the keyfile is to be exported/imported. Use one of the following options to specify the keyfile location:

    ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

    sftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

    tftp://<hostname|IP>[:port]/path/file

database keyfile zerzoise
database keyfile zerzoise Enables database keyfile management. Use this command to delete keyfiles
  • zerzoise – Deletes an existing keyfile.

Examples

vx9000-1A1809#database keyfile generate
Database keyfile successfully generated
vx9000-1A1809#
vx9000-1A1809#database keyfile export ftp://1.1.1.111/db-key
Database keyfile successfully exported
vx9000-1A1809#
vx9000-D031F2#database keyfile import ftp://1.1.1.111/db-key
Database keyfile successfully imported
vx9000-D031F2#

Example: Enabling Database Authentication

Follow the steps below to enable database authentication and set up the onboard database. Note, the example uses replica set database deployment.

  1. On the primary database host,
    1. Generate the database keyfile.
      Primary-DB-HOST>database keyfile generate
      Database keyfile successfully generated
      Primary-DB-HOST>
      
    2. Use the show > database > keyfile command to view the generated keyfile.
    3. Export the keyfile to an external location. This is required only in case of database replica-set deployment.
      Primary-DB-HOST>database keyfile export ftp://1.1.1.111/db-key
      Database keyfile successfully exported
      Primary-DB-HOST>
      
    4. Create the users that are allowed access to the database.
      Primary-DB-HOST#service database authentication create-user username techpubs password techPubs@123
      Database user [techpubs] created.
      Primary-DB-HOST#
      
    5. View the database user account created.
      Primary-DB-HOST#show database users
      --------------------------------
               DATABASE USER
      --------------------------------
       techpubs
      --------------------------------
      Primary-DB-HOST#
      
  2. On the replica set host, import the keyfile from the location specified in Step 1 c.
    Secondary-DB-HOST#database keyfile import ftp://1.1.1.111/db-key
    
  3. In the database-policy context, – (used on the WiNG device hosting the captive-portal database)
    1. Enable authentication.
      Primary-DB-HOST(config-database-policy-techpubs)#authentication
      
    2. Configure the user accounts created in Step 1 d.
      Primary-DB-HOST(config-database-policy-techpubs)#authentication username techpubs password S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
      
      Primary-DB-HOST(config-database-policy-techpubs)#show context
      database-policy techpubs
       authentication
       authentication username techpubs password 2 S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
       replica-set member nx7500-A02B91 arbiter
       replica-set member vx9000-1A1809 priority 1
       replica-set member vx9000-D031F2 priority 20
      Primary-DB-HOST(config-database-policy-techpubs)#
      
  4. Use the database policy created in the previous step on the primary database.
    Primary-DB-HOST(config-device-B4-C7-99-6C-88-09)#use database-policy techpubs
    
  5. In the database-client policy context
    Note

    Note

    This configuration is needed in deployments implementing captive-portal registration and database authentication with an onboard database.
    1. Configure the user credentials created in Step 1 d.
      NOC-Controller(config-database-client-policy-techpubs)#authentication username techpubs password S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
      
    2. View the configuration.
      NOC-Controller(config-database-client-policy-techpubs)#show context
      database-client-policy techpubs
       authentication username techpubs password 2 S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
      NOC-Controller(config-database-client-policy-techpubs)#
      
  6. Use the database client policy configured in the previous step on the WiNG device that will access the database.
    <DB-CLIENT>(config-device-B4-C7-99-6C-88-09)#use database-client-policy techpubs
    

Related Commands

database-backup Backs up all databases to a specified location and file on an FTP or SFTP server
database-restore Restores a previously exported databases
database-policy global config Documents database-policy configuration commands. Use this option to enable a WiNG device as the database.
database-client-policy global-config Documents database-client-policy configuration commands. The database-client-policy is only needed in deployments implementing captive-portal registration and database authentication with an onboard database. Use this command to enable the controller or RF Domain manager to authenticate with the database.
service Documents the database user account configuration details