docs/content/stable/faq/yugabyte-platform.md
YugabyteDB Anywhere (previously known as Yugabyte Platform and YugaWare) is a private database-as-a-service, used to create and manage YugabyteDB universes and clusters. YugabyteDB Anywhere can be used to deploy YugabyteDB in any public or private cloud.
You deploy and manage your YugabyteDB universes using the YugabyteDB Anywhere UI.
{{<lead link="../../yugabyte-platform/yba-overview/">}} Introduction to YugabyteDB Anywhere {{</lead>}}
Follow the steps in the vulnerability disclosure policy to report a vulnerability to our security team. The policy outlines our commitments to you when you disclose a potential vulnerability, the reporting process, and how Yugabyte will respond.
YugabyteDB Anywhere first needs to be installed on a machine. The next step is to configure YugabyteDB Anywhere to work with public and/or private clouds. In the case of public clouds, YugabyteDB Anywhere spawns the machines to orchestrate bringing up the data platform. In the case of private clouds, you add the nodes you want to be a part of the data platform into YugabyteDB Anywhere.
You install YugabyteDB Anywhere using a standalone installer that you download from Yugabyte.
YugabyteDB Anywhere distributes and installs YugabyteDB on the hosts identified to run the data nodes. Because the YugabyteDB software is already packaged into existing artifacts, the data node does not require any Internet connectivity.
{{<lead link="../../yugabyte-platform/install-yugabyte-platform/">}} Install YugabyteDB Anywhere {{</lead>}}
For a list of operating systems supported by YugabyteDB Anywhere, see Operating system support. YugabyteDB Anywhere doesn't support ARM architectures (but can be used to deploy universes to ARM-based nodes).
YugabyteDB Anywhere also requires the following:
{{<lead link="../../yugabyte-platform/prepare/networking/">}} For a complete list of networking requirements, see Networking. {{</lead>}}
{{<lead link="../../yugabyte-platform/prepare/server-yba/">}} For a complete list of hardware and software prerequisites, see Prerequisites. {{</lead>}}
{{<lead link="../../yugabyte-platform/prepare/server-nodes-hardware/">}} For hardware prerequisites for YugabyteDB data nodes, refer to Hardware prerequisites. {{</lead>}}
{{<lead link="../../yugabyte-platform/prepare/server-nodes-software/">}} For software prerequisites for YugabyteDB data nodes, refer to Software prerequisites. {{</lead>}}
YugabyteDB Anywhere communicates with nodes using a service installed on each node called the YugabyteDB Anywhere node agent. The node agent is an RPC service, allowing YugabyteDB Anywhere to interact with data nodes without the need for SSH.
For universes deployed using earlier versions of YugabyteDB Anywhere (that is, prior to the introduction of node agent), YugabyteDB Anywhere creates a passwordless SSH connection to interact with the data nodes.
Yes, you have access to all machines spawned by YugabyteDB Anywhere. YugabyteDB Anywhere runs on your machine in your region/data center.
If you have configured YugabyteDB Anywhere to work with any public cloud (such as AWS or GCP), it will spawn YugabyteDB nodes using your credentials. These machines run in your account, but are created and managed by YugabyteDB Anywhere on your behalf. You can log on to these machines any time. The YugabyteDB Anywhere UI additionally displays metrics per node and per universe.
You need the following:
Typically, you can saturate a database server (or three in case of RF=3) with just one large enough test machine running a synthetic load tester that has a light usage pattern. YugabyteDB ships with some synthetic load-testers, which can simulate a few different workloads. For example, one load tester simulates a time series or IoT-style workload and another does a stock-ticker like workload. But if you have a load tester that emulates your planned usage pattern, you can use that.
Yes, you can control what YugabyteDB Anywhere is spinning up. For example:
You can choose if YugabyteDB Anywhere should spawn a new VPC with peering to the VPC on which application servers are running (to isolate the database machines into a separate VPC) AWS, or ask it to reuse an existing VPC.
You can choose dedicated IOPS EBS drives on AWS and specify the number of dedicated IOPS you need.
YugabyteDB Anywhere also allows creating these machines out of band and importing them as an on-premises install.
Node agent is an RPC service running on a YugabyteDB node, and is used to manage communication between YugabyteDB Anywhere and the nodes in universes. It includes the following functions:
~/.bashrc) gets reflected in the subsequent command.Installation depends on the type of provider configuration you choose to use.
For on-premises providers, after creating VMs and installing a supported Linux operating system and additional software (such as Python) (see Software requirements for nodes), you download the YugabyteDB Anywhere node agent package to the VM, modify the configuration file, and run the included script (node-agent-provision.sh) as root or via sudo.
This process prepares the node for YugabyteDB, including installation of node agent on the node.
If you have already installed YugabyteDB Anywhere and it is running, the script can additionally create (or update) an on-premises provider with the node already added.
{{<lead link="/stable/yugabyte-platform/prepare/server-nodes-software/software-on-prem/">}} Automatically provision on-premises nodes {{</lead>}}
In addition, for on-premises providers, there are three legacy methods (now deprecated) for preparing a node, depending on the level of access provided to YugabyteDB Anywhere, as follows:
Automatic provisioning, where an SSH user with sudo access for the node is provided to YugabyteDB Anywhere (for example, the ec2-user for an AWS EC2 instance). YugabyteDB Anywhere then automatically provisions nodes, including installing node agent.
Assisted manual provisioning, where YugabyteDB Anywhere doesn't have access to an SSH user with sudo access, but you can run a script (provision_instance.py) interactively in YugabyteDB Anywhere, providing parameters for credentials for the SSH user with sudo access. The script provisions the node, including installing node agent.
Fully manual provisioning, where neither you nor YugabyteDB Anywhere has access to an SSH user with sudo access. In this case, only a local (non-SSH) user with sudo access is available, and you must follow a series of manual steps to provision the node, including installing node agent.
{{<lead link="/stable/yugabyte-platform/prepare/server-nodes-software/software-on-prem-legacy">}} Legacy provisioning {{</lead>}}
For public cloud (AWS, GCP, and Azure) providers, node agents are automatically installed on each universe node during provisioning using SSH. After the node agent is installed, all the legacy SSH calls are replaced with node agent calls. Just like an SSH daemon, node agent is run as a root user to perform provisioning of the nodes. After node provisioning, you can revoke the SSH access, but it's recommended to retain access for debugging.
When creating an on-premises provider, you are prompted to provide SSH credentials, which are used during legacy provisioning. After provisioning and adding the instances to the provider (including installing the node agent), YugabyteDB Anywhere no longer requires SSH or sudo access to nodes.
If you are manually provisioning nodes, these credentials aren't needed to provision nodes.
However, SSH keys are still required to connect to the node for debugging purposes (by navigating to universe > Nodes > Actions > Connect for example).
If you don't want to provide YugabyteDB Anywhere with an SSH key for a manually provisioned on-premises provider (because you can log in to the nodes over SSH for debugging outside of YugabyteDB Anywhere), then you can provide a dummy SSH key in the provider configuration.
Node agent is a secure service that authenticates every remote call from YugabyteDB Anywhere. Registration is the process of:
No provider-level details are needed for registration.
Unregistration is the process of removing the node agent entry from YugabyteDB Anywhere such that there is no further communication. In effect, unregistration makes YugabyteDB Anywhere and the node forget each other.
Node agent is used to run preflight checks on the node during various day-0 and day-2 operations. These checks need information like the non-root user's home directory, expected port number for Prometheus Node Exporter, the NTP servers, and so on. These are attributes configured with a provider. As a result, to run these preflight checks the node agent needs to be configured to a provider in YugabyteDB Anywhere, and these details are needed to make the node agent aware of the YugabyteDB Anywhere provider which the node will become a part of.
In v2.18.6 and later, moving a node from one provider to another does not require unregistering the node agent, as node agents aren't linked to providers.
{{<lead link="../../yugabyte-platform/prepare/server-nodes-software/software-on-prem-manual/#reconfigure-a-node-agent">}} To change the provider of a node, follow the procedure in Reconfigure a node agent. {{</lead>}}
As long as the IP does not change, the node agent does not try to register again.
Note that first removing the node instance from the provider is very important, because after the provider configuration information changes in the configuration file as part of running the config command, the node agent will no longer be able to find the node to delete it, as the scope is always with the current provider and availability zone.
Prior to adding a node that you have provisioned as an instance to your provider, you run a preflight check to determine if the node satisfies the requirements for YugabyteDB.
A node agent does the following when the preflight check command is run:
yb.node_agent.preflight_checks. The values can be changed if needed.You can disable node agents of a provider's universes any time by setting the yb.node_agent.client.enabled Provider Runtime Configuration for the provider to false.
This disables all node agents for universes created using the provider, and YugabyteDB Anywhere falls back to using SSH to communicate with universe nodes, using credentials provided during provider creation.
Note that in future versions of YugabyteDB Anywhere, node agent must be enabled on all nodes managed by YugabyteDB Anywhere in order to upgrade YugabyteDB Anywhere.
Use the yb.node_agent.server.port Provider Runtime Configuration.
The change is reflected only on newly created node agents.
<!-- ### Is it okay to manually edit the configuration file for node agent? It is not recommended to do so because editing the file can interfere with the self-upgrade workflow. If it is a minor change, it is better to stop the node agent service first to keep YugabyteDB Anywhere away from starting the upgrade process. -->YugabyteDB Anywhere uses the IP address to identify a node instance. The IP can be a DNS from YugabyteDB Anywhere v2.18.5 and later.
For YugabyteDB Anywhere versions 2.18.6 or 2.20.2, a bind address that defaults to the IP will be added in case a DNS is supplied and the node agent has to listen to a specific interface IP.
For providers where node agents are installed automatically (that is, all providers except on-premises with manual provisioning), YugabyteDB Anywhere removes the node agent entry when it releases the node back to the node instances pool of the provider. You can choose to leave the node agent service running, but when the node is again re-used, the node agent is re-installed.