How to Hack vCenter Database in vCSA Appliance
As @lamw documented in his blog, you can access the database in the vCenter software appliance (vCSA). In the first appliance of version 5.0, VMware included IBM DB2 Embedded and then switched to vPostgres right after. That’s because vPostgres is VMware’s own product based on the open source Postgres.
By default, the access to the vPostgress database is limited to local applications. In other words, if you want to access the database remotely, it will not work. After researching a little, I figured out how to configure the databse for remote access.
Time to learn how to "Google" and manage your VMware and clouds in a fast and secureHTML5 App
In general, you should not touch the database but via vSphere API. But if you want to do something for development and testing, it should be fine. Before the hack, it’s always a good idea to back up the database.
For me, the biggest motivation is that I wanted to use the GUI tool – pgadmin3 for managing the database. It’s not possible to run it on the appliance as it is. Although doable, using the SQL command as follows to list all the tables and check their fields is not as easy a GUI tool.
vCSA:/# /opt/vmware/vpostgres/1.0/bin/psql -h localhost -U vc VCDB psql (9.0.4) Type "help" for help. VCDB=> select table_schema, table_name FROM information_schema.tables ORDER BY table_name, table_schema;
Before hacking the vCenter appliance, let’s find a Ubuntu machine and install the software:
$ sudo apt-get install pgadmin3
Once you get it installed, you can start the application. In the connection wizard, you can input the needed parameters including the passord. There is no well-know password, but it’s saved in the /etc/vmware-vpx/vcdb.properties file. Copy it over to the GUI. The connection will be refused without tweaks to be introduced below.
First, open the /storage/db/vpostgres/postgresql.conf using vi editor, and search for the listen_addresses. Change the line to the following:
It means it would serve connections from any host. If you want to limit it to certain hosts, you can use the follwing (change them to your own addresses, but always keep 127.0.0.1.)
listen_addresses='127.0.0.1 10.10.8.8 192.168.10.10'
Second, open the /storage/db/vpostgres/pg_hba.conf, and change the IPv4 line as following:
host all all 0.0.0.0/0 trust
Lastly, you want to restart the database server so that the new configuration can take effect.
# /etc/init.d/vmware-vpostgres restart
When the above steps are done correctly, you can test it out with the pgAdmin GUI. You should be able to connect to vCenter database directly using the GUI. Viewing the records won’t hurt anything, but if you want to update any tables, make sure you back up the database or get ready to install the vCenter appliance again.
The tricky part of the vCenter database is that it has many more than tables than anyone want to browse through, and lots of useful data you want to check is somehow encoded in binary field. So the power of accessing the database directly is limited.
Have fun with hacking the vCenter database.