diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst index 16d9c6574a..cc2d114113 100644 --- a/source/installguide/management-server/_database.rst +++ b/source/installguide/management-server/_database.rst @@ -166,13 +166,19 @@ MySQL. See :ref:`install-database-on-separate-node`. setenforce permissive -#. Set up the database. The following command creates the "cloud" user - on the database. +#. Set up the database. + + The cloudstack-setup-databases script is used for creating the cloudstack + databases (cloud, cloud_usage), creating a user (cloud), granting permissions + to the user and preparing the tables for the first startup of the management + server. + + The following command creates the "cloud" user on the database. .. parsed-literal:: cloudstack-setup-databases cloud:@localhost \ - --deploy-as=root: \ + [ --deploy-as=root: | --schema-only ] \ -e \ -m \ -k \ @@ -187,6 +193,37 @@ MySQL. See :ref:`install-database-on-separate-node`. the root user is deploying the database and creating the "cloud" user. + - (Optional) There is an option to bypass the creating of the databases, + user and granting permissions to the user. This is useful if you don't + want to expose your root credentials but still want the database to + be prepared for first start up. These skipped steps will have had to be + done manually prior to executing this script. This behaviour can be + envoked by passing the --schema-only flag. This flag conflicts with the + --deploy-as flag so the two cannot be used together. To set up the + databases and user manually before executing the script with the flag, + these commands can be executed: + + .. code:: mysql + + -- Create the cloud and cloud_usage databases + CREATE DATABASE `cloud`; + CREATE DATABASE `cloud_usage`; + + -- Create the cloud user + CREATE USER cloud@`localhost` identified by ''; + CREATE USER cloud@`%` identified by ''; + + -- Grant all privileges to the cloud user on the databases + GRANT ALL ON cloud.* to cloud@`localhost`; + GRANT ALL ON cloud.* to cloud@`%`; + + GRANT ALL ON cloud_usage.* to cloud@`localhost`; + GRANT ALL ON cloud_usage.* to cloud@`%`; + + -- Grant process list privilege for all other databases + GRANT process ON *.* TO cloud@`localhost`; + GRANT process ON *.* TO cloud@`%`; + - (Optional) For encryption\_type, use file or web to indicate the technique used to pass in the database encryption password. Default: file. See :ref:`about-password-key-encryption`. @@ -207,7 +244,6 @@ MySQL. See :ref:`install-database-on-separate-node`. cluster management server node IP. If not specified, the local IP address will be used. - When this script is finished, you should see a message like “Successfully initialized the database.” @@ -363,8 +399,23 @@ same node for MySQL. See `“Install the Database on the Management Server Node #. Return to the root shell on your first Management Server. -#. Set up the database. The following command creates the cloud user on - the database. +#. Set up the database. + +The cloudstack-setup-databases script is used for creating the cloudstack +databases (cloud, cloud_usage), creating a user (cloud), granting permissions +to the user and preparing the tables for the first startup of the management +server. + +The following command creates the cloud user on the database. + + .. parsed-literal:: + + cloudstack-setup-databases cloud:@ \ + [ --deploy-as=root: | --schema-only ]\ + -e \ + -m \ + -k \ + -i - In dbpassword, specify the password to be assigned to the cloud user. You can choose to provide no password. @@ -374,6 +425,37 @@ same node for MySQL. See `“Install the Database on the Management Server Node the root user is deploying the database and creating the cloud user. + - (Optional) There is an option to bypass the creating of the databases, + user and granting permissions to the user. This is useful if you don't + want to expose your root credentials but still want the database to + be prepared for first start up. These skipped steps will have had to be + done manually prior to executing this script. This behaviour can be + envoked by passing the --schema-only flag. This flag conflicts with the + --deploy-as flag so the two cannot be used together. To set up the + databases and user manually before executing the script with the flag, + these commands can be executed: + + .. code:: mysql + + -- Create the cloud and cloud_usage databases + CREATE DATABASE `cloud`; + CREATE DATABASE `cloud_usage`; + + -- Create the cloud user + CREATE USER cloud@`localhost` identified by ''; + CREATE USER cloud@`%` identified by ''; + + -- Grant all privileges to the cloud user on the databases + GRANT ALL ON cloud.* to cloud@`localhost`; + GRANT ALL ON cloud.* to cloud@`%`; + + GRANT ALL ON cloud_usage.* to cloud@`localhost`; + GRANT ALL ON cloud_usage.* to cloud@`%`; + + -- Grant process list privilege for all other databases + GRANT process ON *.* TO cloud@`localhost`; + GRANT process ON *.* TO cloud@`%`; + - (Optional) For encryption\_type, use file or web to indicate the technique used to pass in the database encryption password. Default: file. See :ref:`about-password-key-encryption`. @@ -381,8 +463,8 @@ same node for MySQL. See `“Install the Database on the Management Server Node - (Optional) For management\_server\_key, substitute the default key that is used to encrypt confidential parameters in the CloudStack properties file. Default: password. It is highly recommended that - you replace this with a more secure value. See About Password and - Key Encryption. + you replace this with a more secure value. See + :ref:`about-password-key-encryption`. - (Optional) For database\_key, substitute the default key that is used to encrypt confidential parameters in the CloudStack