DSM 9.0.1 – MySQL Database deployments through VCF Automation

by Posted on

In Data Services Manager 9.0.1, we decided to remove the ability to create MySQL Data Service Policies (DSP) from VCF Automation (VCFA) UI until we can also provision MySQL databases end-to-end. Even though you could create a Data Service Policy via the UI in VCFA 9.0/DSM 9.0, you still had to use the API to create the database. We decided this might be a little confusing, so we disabled the MySQL DSP step in the UI for now and will re-enable it when we can provide the ability to create both MySQL DSP and MySQL database. However, for those of you who still wish to provision MySQL databases in VCF Automation, this can be still be achieved through the API. In this post, I will show you how to do this.

Create a MySQL Data Service Policy

To begin, login onto the DSM appliance as root. From here we can query some existing Data Service Policy, primarily one that is used in VCF Automation when provisioning Postgres databases. Use the command kg get DataServicePolicies -n dsm-system. Here is a Postgres Data Service Policy which allows all tenants in all VCFA organizations (matchCriteria is ‘*’) to provision all versions (again, matchCriteria is ‘*’) of Postgres databases. The infrastructure policy uses a Supervisor namespace as the destination for provisioned databases. This YAML output can now be used as the basis for creating a new MySQL Data Service Policy.

root@dsm [ ~ ]# kg get DataServicePolicies pg-for-everybody -n dsm-system -o yaml
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: DataServicePolicy
metadata:
  creationTimestamp: "2025-09-26T11:01:07Z"
  generation: 6
  labels:
    dsm.vmware.com/created-in: vcfa
  name: pg-for-everybody
  namespace: dsm-system
  resourceVersion: "4349"
  uid: 0dbb1fa7-ecf2-4810-a7eb-1038500c71ab
spec:
  description: ""
  matchCriteria:
  - key: vcfa.vmware.com/org
    operator: in
    values:
    - '*'
  postgresPolicy:
    allowedReplicas:
    - -1
    allowedVersions:
    - '*'
    common:
      allowedBackupLocations:
      - dsm-backups
      allowedInfrastructurePolicies:
      - dsm-ns-synn6
  serviceType: vmware-sql-postgres
status: {}

Using the above output, we can now proceed with crafting a VCFA Data Services Policy for MySQL. Here is such an example which is essentially a copy of the Postgres one above, but now giving all tenants in all projects in all organizations the ability to provision any version of MySQL.This can be fine-tuned to meet your own specific requirements, such as granting only tenants in certain ORGs with the ability to provision a MySQL database or allowing multiple backup location or allowing multiple infrastructure policies to be selected.

apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: DataServicePolicy
metadata:
  labels:
    dsm.vmware.com/created-in: vcfa
  name: mysql-for-everybody
  namespace: dsm-system
spec:
  description: ""
  matchCriteria:
  - key: vcfa.vmware.com/org
    operator: in
    values:
    - '*'
  mysqlPolicy:
    allowedMembers:
    - -1
    allowedVersions:
    - '*'
    common:
      allowedBackupLocations:
      - dsm-backups
      allowedInfrastructurePolicies:
      - dsm-ns-synn6
  serviceType: vmware-sql-mysql

Use kubectl (or the kg shortcut) in the root shell on the DSM appliance to apply this manifest and create the MySQL Data Service Policy.

Create a MySQL Database

With the Data Service Policy now in place, we can turn our attention to creating a new MySQL database in VCF Automation. This step requires access to the VCF CLI tool which is available via the Supervisor API URL, accessible from the Summary tab > Status window of any Namespace in the vSphere Client. In the Link to CLI Tools, click Open.

This will take you to the VCF Consumption CLI. Here you can download the VCF CLI tools to match your desktop Operating System. Once downloaded, we can proceed to the next step of building a MySQL database in VCFA using our previously created MySQL Data Service Policy. Note that you will also need access to a kubectl command on your desktop to complete the process.

My desktop is running a Windows OS. For a Windows desktop, download the .exe file. I renamed the downloaded exe to vcf.exe for simplicity. You will now need your tenant admin to generate a token for access to VCFA. The token can be generated by logging into the ORG portal as the tenant admin, and from the tenant admin User / Account Settings view in the VCFA UI, select the tab for tokens and create a new one if necessary.

Finally, you will need to have the Certificate Authority (CA) from VCF Automation, typically called the VCF Operations Fleet Management Locker CA. This can be retrieved by opening a browser to VCFA and retrieving it that way, or from the Certificates section of your VCF Operations UI. Once the CA has been successfully retrieved and stored locally on your desktop, run the following command to create a context for your Org using the VCF CLI. Once the context is created for the Org, contexts for the different projects and namespaces in the Org also become available. The -e is the endpoint which points at the VCF Automation URL. Also include type ‘cci’ for Cloud Consumption Interface.

PS C:\Users\Administrator\Downloads> .\vcf.exe context create -e https://flt-auto01.rainpole.io 
--api-token <token-value> --tenant-name cjh-org-01 
--ca-certificate '.\VCF Operations Fleet Management Locker CA.crt' 
--type cci
? Provide a name for the context:  cjh-org-01
Successfully logged into flt-auto01.rainpole.io

You have access to the following contexts:
   cjh-org-01
   cjh-org-01:dsm-ns-synn6:default-project
   cjh-org-01:tenant-ns-4qvxq:default-project

If the namespace context you wish to use is not in this list, you may need to
refresh the context again, or contact your cluster administrator.

To change context, use `vcf context use <context_name>`
[ok] successfully created context: cjh-org-01
[ok] successfully created context: cjh-org-01:dsm-ns-synn6:default-project
[ok] successfully created context: cjh-org-01:tenant-ns-4qvxq:default-project
PS C:\Users\Administrator\Downloads>

Next, run the following commands to create the MySQL database in VCFA. In this example, the database creation request is emanating from a tenant namespace called tenant-ns-4qvxq in the Org cjh-org-01. However,  the objects that back the databases are provisioned to a different namespace called dsm-ns-synn6 namespace as this is how the Infrastructure Policy has been created (if you are new to VCFA and DSM integration, this earlier blog post might be worth reviewing to get an understanding on infra policies). Now with access to the VCF Consumption CLI, you can set the context to “organization:namespace:project”, check the MySQL Data Service Policy (DSP) which we created earlier is in place (binding) which means that this namespace is associated with the MySQL DSP, and finally request the creation of a MySQL database using kubectl.

PS C:\Users\Administrator\Downloads> .\vcf.exe context use cjh-org-01:dsm-ns-synn6:default-project
[ok] Token is still active. Skipped the token refresh for context "cjh-org-01:dsm-ns-synn6:default-project"
[i] Successfully activated context 'cjh-org-01:dsm-ns-synn6:default-project' (Type: cloud-consumption-interface)
[i] Fetching recommended plugins for active context 'cjh-org-01:dsm-ns-synn6:default-project'...
[i] No image repository override information was found
[ok] All recommended plugins are already installed and up-to-date.

PS C:\Users\Administrator\Downloads> .\kubectl.exe get dataservicepolicybindings
NAME      AGE
binding   5d1h

PS C:\Users\Administrator\Downloads> cat .\mysql.yml
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: MySQLCluster
metadata:
  name: mysql-backup-tester
  namespace: tenant-ns-4qvxq
spec:
  backupConfig:
    backupRetentionDays: 30
    schedules:
    - name: default-full-backup
      schedule: 59 23 * * 6
      type: full
  backupLocation:
    name: dsm-backups
  infrastructurePolicy:
    name: dsm-ns-synn6
  maintenanceWindow:
    duration: 6h0m0s
    startDay: SATURDAY
    startTime: "22:59"
  members: 1
  storagePolicyName: vSAN Default Storage Policy
  storageSpace: 20Gi
  supportAsynchReplicas: true
  version: 8.0.41+vmware.v9.0.1.0
  vmClass:
    name:  best-effort-large

PS C:\Users\Administrator\Downloads> .\kubectl.exe apply -f .\mysql.yml
mysqlcluster.databases.dataservices.vmware.com/mysql-backup-tester created

As stated, this database is created from the tenant namespace called called tenant-ns-4qxvq in the organization called cjh-org-01 in VCFA. This is possible since this namespace has been granted permission to provision MySQL databases via the MySQL DSP. However, the databases are provisioned to a different namespace called dsm-ns-synn6 as this is defined in the infrastructure policy. Since MySQL is not yet plumbed up in VCF Automation Data Services, it will not appear in the databases view in VCFA. However it will appear in the DSM UI:


And it will also be visible in the vSphere Client as a VKS cluster resource pool and VM in the dsm-ns namespace:

And that is how to create MySQL databases via the VCF Consumption CLI integrated with VCF Automation.

Published by Cormac

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.