How to login to an app container as a root in Tanzu Application Service for VMs
search cancel

How to login to an app container as a root in Tanzu Application Service for VMs

book

Article ID: 298010

calendar_today

Updated On:

Products

VMware Tanzu Application Service for VMs

Issue/Introduction

This article explains how to login to an app's container as a root from a Diego cell or a Windows Diego cell in Tanzu Application Service for VMs (TAS for VMs).

Environment

Product Version: 2.7

Resolution

Sometimes an operator may want to run specific commands in the app container for debugging purpose, which requires root privileges. When we run cf ssh <app_name>,  we can only login into the app container as a vcap user.


Diego Cell

The following instructions can be used for a Diego Cell.

1. Run this command: cf app <app_name> --guid . It shows the app_guid.

2. Run this command: cf curl /v2/apps/<app_guid>/stats or cf curl /v3/processes/<app_guid>/stats . It shows the host IP address and port of the Diego cell in which the app instance is running.

3. Run the command bosh vms | grep <host>  to retrieve the diego_cell name where host is the IP address listed in step 2.

4. Run this command bosh -d <cf-deployment> ssh <diego_cell> to SSH into the Diego cell to login.

5. Run cfdot actual-lrps | grep <host> | grep <app_guid> | jq '.instance_guid' 

     or  cfdot actual-lrps | grep <host> | grep <port>  | jq '.instance_guid'

     It shows the instance_guid, which is the app container guid.

Note: If you do not see any output from the above command, refer to Alternate method to locate an app instance_guid in VMware Tanzu Application Service (TAS) for VMs for information how to locate the instance_guid with a different method.

6.  For TAS for VMs 2.6+,  run this command: sudo /var/vcap/packages/runc/bin/runc --root /run/containerd/runc/garden exec -t <instance_guid> /bin/bash

For older TAS for VMs releases, run this command: sudo /var/vcap/packages/runc/bin/runc exec -t <instance_guid> /bin/bash

Note: Be aware, we use this method for troubleshooting and monitoring purposes. Any changes made in the app container will be lost when the application is restarted / restaged.


Windows Diego Cell

The following instructions can be used for a Windows Diego Cell.

1. Run this command: cf app <app_name> --guid. It shows the app_guid.

2. Run this command: cf curl /v2/apps/<app_guid>/stats. It shows the host address of the Windows Diego cell in which the app instance is running.

3. Run bosh vms | grep <host>  to retrieve the windows_diego_cell name where host is the IP address listed in step 2.

4. Run bosh -d <cf-deployment> ssh diego_brain/0  to SSH into Diego brain.

5. Run this command: cfdot actual-lrps | grep <host> | grep <app_guid> | jq '.instance_guid' . It shows
the instance_guid, which is the app container guid.

6. Run bosh -d <pasw-deployment> ssh <windows_diego_cell> to SSH into the Windows Diego cell in which the app instance is running.

7. Run the following command: C:\var\vcap\packages\winc\winc.exe exec <instance_guid> powershell