DaemonAdmin/MySQL352012-04-23 04:19:38ClintonEbadi342011-04-23 16:31:37AdamChlipalaspam332011-04-23 00:08:19ec2-122-248-244-127.ap-southeast-1.compute.amazonaws.comBcENfl <a href="http://vilivwwawkml.com/">vilivwwawkml</a>322011-04-21 19:34:40200.35.177.233TYVM you've solved all my porblmes312009-09-09 20:13:34ClintonEbadiRevert to revision 29.302009-09-09 18:20:3493.174.94.599IbICC increasing fuel use (and thus increasing operating costs and environmental impacts). To, [[http://ukazurenet.com/members/qantas_2D00_airline/default.aspx|qantas airline]]agement Sciences, the J292008-07-07 04:28:18localhostconverted to 1.6 markup282007-12-02 22:14:08AdamChlipalaAnswer question272007-11-29 14:38:38RyanMikulovskyadd comment requesting info on mysql drop262007-02-10 21:18:23AdamChlipalaProgress on dbtool252007-02-10 20:04:01212.91.114.4242007-02-10 19:55:34212.91.114.4232007-02-10 19:42:10212.91.114.4222007-02-10 19:33:18212.91.114.4212007-02-10 19:20:11212.91.114.4202007-02-10 18:09:11212.91.114.4192007-02-05 16:54:52ChristopherClausenadded steps for system:backup ACLs and change from root.cell to common.databases182007-02-05 15:00:01213.147.110.16172007-02-05 14:59:34213.147.110.16162007-02-05 14:52:48213.147.110.16152007-02-05 14:51:19213.147.110.16142007-02-05 14:47:34213.147.110.16132007-02-05 14:44:06213.147.110.16122007-02-04 00:18:41212.91.114.169112007-02-03 23:41:12212.91.114.169102007-02-03 23:24:16212.91.114.16992007-02-03 23:19:02212.91.114.16982007-02-03 23:11:55212.91.114.16972007-01-30 00:31:16212.91.113.20662007-01-30 00:27:17212.91.113.2061.52007-01-10 13:51:32JustinLeitgebAdded note about network permissions.42007-01-06 18:07:03JustinLeitgeb32007-01-06 17:48:44JustinLeitgeb22007-01-06 17:31:13JustinLeitgeb12007-01-06 16:45:22JustinLeitgebBecause we wanted to have version 5 of MySQL running on our stable server, we used the package. For this reason there should be mirrors from dotdeb.org listed in the file /etc/apt/sources.list on deleuze. Configuration detailsmy.cnf file modified to leave a port open over the network, default is local pipe only. ProgressAs of Sat Jan 6 12:29:23 EST 2007, the MySQL 5.0 daemon and client libraries have been installed on deleuze. I also installed the mysql-common and mysql-client 5.0 packages on mire which should will allow for users to connect back to the main DB server. To DoThe new dbtool implemented as part of DomTool can now be used to create MySQL users and databases and the associated AFS directories. We still need to figure out how to allow users to drop tables from their databases without letting them drop the databases themselves. Since users retain permissions on a database even after it's dropped, the user could drop his database and recreate it on the partition where /var/lib/mysql lives, instead of in AFS. We also need to work out exactly what hostname mask to use in creating users and granting them privileges. Bugzilla says this isn't an issue anymore. dbtool runs mysql-fixperms now right? Or must a user tell dbtool to do this? -- RyanMikulovsky No, dbtool doesn't run mysql-fixperms. We would never have created that script if it were possible to set up a database ahead of time so that these problems wouldn't apply to it. mysql-fixperms needs to do things to particular tables, and dbtool isn't run on table creation. --AdamChlipala Steps to performLogical stepsCreate user's database volume in AFS, if one isn't there already Create directory structure with proper permission within the AFS volume (the sole existence of the directory is enough for MySQL to consider it a database, even if just an empty one). NOTE: If we stick to existing behavior on fyodor, requested database name should be prefixed with USERNAME_ . Create a symbolic link in /var/lib/mysql/ that points to the database Grant the user rights on the new DB And, in terms of command line, the steps are: Initialize DB space for any DBYou need to perform this as any user who has AFS admin permissions: $dir = /afs/hcoop.net/common/.databases/USERNAME If vos examine db.USER says there's no volume created: vos create -server afs -partition a -name db.USERNAME -maxquota 5000 If db.USER volume is there, but $dir is not present (volume isn't mounted): fs mkmount -dir /afs/hcoop.net/common/.databases/USERNAME -vol db.USERNAME -rw vos release common.databases And this can be done always: fs setacl -dir $dir -acl databases l fs setacl -dir $dir -acl system:backup rl Database creation routine when the db space has been initializedYou need to perform this as any user who has AFS admin permissions: $dir = /afs/hcoop.net/common/databases/USERNAME/mysql mkdir -p $dir fs setacl -dir $dir -acl mysql lid fs setacl -dir $dir -acl databases none # (keep out other databases, just in case) fs setacl -dir $dir -acl system:backup rl # (should be inherited from parent dir) sudo mkdir $dir/DBNAME || exit # (Must not exist) sudo chown mysql:mysql $dir/DBNAME sudo chmod 770 $dir/DBNAME # (Just for visual impression) sudo ln -sf $dir/DBNAME /var/lib/mysql/DBNAME fs setacl -dir $dir/DBNAME/ -acl mysql all Now, about users and granting permissions to the database, I would like to see users being able create new users and passwords and their privileges (to their databases) themselves. This would allow fine-grained tuning of what service uses which DB username/pw, and what access rights it has. Maybe a list of users/passwords, or an appropriate support ticket would be cool. So anyway, the procedure for creating a user and giving privileges, executed on behalf of the admin user (domtool2), which can be specified as sudo -H mysql -e "<COMMAND HERE>" mysql: CREATE USER 'USERNAME'@'HOSTNAME' IDENTIFIED BY 'PASSWORD'; GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,GRANT OPTION ON DBNAME.* TO USERNAME@'%.hcoop.net'; FLUSH PRIVILEGES; (Thing to note here: Wildcard '%' can be used in hostname part, for things like '%.hcoop.net'.) There are two other things related to users, one is changing password and the other is deleting users. These simply map to mysql SET PASSWORD and DROP USER commands, if you go to implement them. And one last thing; mysql is listening both on localhost and network interfaces (deleuze external IP). Maybe we want to restrict it to run on just one of them. Or if not, if it will run on both, then the access rule ( USERNAME@'%.hcoop.net' ) has to be duplicated in a way (for USERNAME@localhost), OR the users will always have to specify mysql host "deleuze" instead of "localhost". Another solution to this is that we don't try to be clever at all, but simply let users make sure the hostname part in their support ticket will match the interface they'll be using to connect. CategorySystemAdministration CategoryNeedsWork CategoryOutdated