If enforcing authenticated access to a database, use this command to generate the keyfile. Every keyfile has a set of associated users having a username and password. Access to the database is allowed only if the user credentials entered during database login are valid. For more information on enabling database authentication, see Enabling Database Authentication.
Note
This command and its syntax is common to both the User Executable and Privilege Executable configuration modes.database [drop|keyfile|repair]
database drop [all|captive-portal]
database repair {on <DEVICE-NAME>}
database keyfile [export|generate|import|zerzoise]
database keyfile generate
database keyfile [export|import] <URL>
database keyfile zerzoise
database drop [all|captive-portal]
database drop [all|captive-portal|] | Drops (deletes) all or a specified database. Execute the command on the device
hosting the database.
|
database repair {on <DEVICE-NAME>}
database repair on <DEVICE-NAME> | Enables automatic repairing of all databases. Repairing (vacuuming a database
refers to the process of finding and reclaiming space left over from previous DELETE
statements. Execute the command on the database host.
Note: If no device is specified,
the system repairs all databases.
|
database keyfile generate
database keyfile generate | Enables database keyfile management. This command is part
of a set of configurations required to enforce database
authentication. Use this command to generate database keyfiles.
After generating the keyfile, create the username and password
combination required to access the database. For information on
creating database users, see service. For information on enabling database
authentication, see Enabling Database Authentication.
|
database keyfile [export|import] <URL>
database keyfile [export|import] <URL> | Enables database keyfile management. This command is part of a set of
configurations required to enforce database authentication. Use this command to
exchange keyfiles between replica set members.
The following parameter is common to both of the above keywords:
|
database keyfile zerzoise
database keyfile zerzoise | Enables database keyfile management. Use this command to delete keyfiles
|
vx9000-1A1809#database keyfile generate Database keyfile successfully generated vx9000-1A1809#
vx9000-1A1809#database keyfile export ftp://1.1.1.111/db-key Database keyfile successfully exported vx9000-1A1809#
vx9000-D031F2#database keyfile import ftp://1.1.1.111/db-key Database keyfile successfully imported vx9000-D031F2#
Follow the steps below to enable database authentication and set up the onboard database. Note, the example uses replica set database deployment.
Primary-DB-HOST>database keyfile generate Database keyfile successfully generated Primary-DB-HOST>
Primary-DB-HOST>database keyfile export ftp://1.1.1.111/db-key Database keyfile successfully exported Primary-DB-HOST>
Primary-DB-HOST#service database authentication create-user username techpubs password techPubs@123 Database user [techpubs] created. Primary-DB-HOST#
Primary-DB-HOST#show database users -------------------------------- DATABASE USER -------------------------------- techpubs -------------------------------- Primary-DB-HOST#
Secondary-DB-HOST#database keyfile import ftp://1.1.1.111/db-key
Primary-DB-HOST(config-database-policy-techpubs)#authentication
Primary-DB-HOST(config-database-policy-techpubs)#authentication username techpubs password S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
Primary-DB-HOST(config-database-policy-techpubs)#show context database-policy techpubs authentication authentication username techpubs password 2 S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr replica-set member nx7500-A02B91 arbiter replica-set member vx9000-1A1809 priority 1 replica-set member vx9000-D031F2 priority 20 Primary-DB-HOST(config-database-policy-techpubs)#
Primary-DB-HOST(config-device-B4-C7-99-6C-88-09)#use database-policy techpubs
Note
This configuration is needed in deployments implementing captive-portal registration and database authentication with an onboard database.NOC-Controller(config-database-client-policy-techpubs)#authentication username techpubs password S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
NOC-Controller(config-database-client-policy-techpubs)#show context database-client-policy techpubs authentication username techpubs password 2 S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr NOC-Controller(config-database-client-policy-techpubs)#
<DB-CLIENT>(config-device-B4-C7-99-6C-88-09)#use database-client-policy techpubs
database-backup | Backs up all databases to a specified location and file on an FTP or SFTP server |
database-restore | Restores a previously exported databases |
database-policy global config | Documents database-policy configuration commands. Use this option to enable a WiNG device as the database. |
database-client-policy global-config | Documents database-client-policy configuration commands. The database-client-policy is only needed in deployments implementing captive-portal registration and database authentication with an onboard database. Use this command to enable the controller or RF Domain manager to authenticate with the database. |
service | Documents the database user account configuration details |