From 3e100557d9021c452c7cf0212b827ef82d077ca3 Mon Sep 17 00:00:00 2001 From: spaceman1984 Date: Thu, 8 Jul 2021 14:51:52 +0200 Subject: [PATCH 1/7] Added schema-only description --- .../management-server/_database.rst | 34 +++++++++++++------ 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst index bad57c73e3..1fdf7e4f0d 100644 --- a/source/installguide/management-server/_database.rst +++ b/source/installguide/management-server/_database.rst @@ -333,8 +333,23 @@ same node for MySQL. See `“Install the Database on the Management Server Node #. Return to the root shell on your first Management Server. -#. Set up the database. The following command creates the cloud user on - the database. +#. Set up the database. + +The cloudstack-setup-databases script is used for creating the cloudstack +databases (cloud, cloud_usage), creating a user (cloud), granting permissions +to the user and preparing the tables for the first startup of the management +server. + +The following command creates the cloud user on the database. + + .. parsed-literal:: + + cloudstack-setup-databases cloud:@ \ + --deploy-as=root: \ + -e \ + -m \ + -k \ + -i - In dbpassword, specify the password to be assigned to the cloud user. You can choose to provide no password. @@ -364,14 +379,13 @@ same node for MySQL. See `“Install the Database on the Management Server Node cluster management server node IP. If not specified, the local IP address will be used. - .. parsed-literal:: - - cloudstack-setup-databases cloud:@ \ - --deploy-as=root: \ - -e \ - -m \ - -k \ - -i + - (Optional) There is an option to bypass the two initial steps of creating + the databases and granting permissions to the user. This is useful if you + don't want to expose your root credentials but still want the database to + be prepeared for first start up. These skipped steps will have had to be + done manually prior to executing this script. This behaviour can be + envoked by passing the --schema-only flag. This flag conflicts with the + --deploy-as flag so the two cannot be used together. When this script is finished, you should see a message like “Successfully initialized the database.” From 39892a45bdbd2e6c65c0fb4e128473160641e9c1 Mon Sep 17 00:00:00 2001 From: spaceman1984 Date: Thu, 8 Jul 2021 15:16:50 +0200 Subject: [PATCH 2/7] Added mySQL instructions --- .../management-server/_database.rst | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst index 1fdf7e4f0d..1b3d8ebeb8 100644 --- a/source/installguide/management-server/_database.rst +++ b/source/installguide/management-server/_database.rst @@ -385,7 +385,26 @@ The following command creates the cloud user on the database. be prepeared for first start up. These skipped steps will have had to be done manually prior to executing this script. This behaviour can be envoked by passing the --schema-only flag. This flag conflicts with the - --deploy-as flag so the two cannot be used together. + --deploy-as flag so the two cannot be used together. To set up the + databases and user manually before executing the script with the flag, + these commands can be executed: + + .. code:: mysql + + CREATE DATABASE `cloud`; + CREATE DATABASE `cloud_usage`; + + CREATE USER cloud@`localhost` identified by ''; + CREATE USER cloud@`%` identified by ''; + + GRANT ALL ON cloud.* to cloud@`localhost`; + GRANT ALL ON cloud.* to cloud@`%`; + + GRANT ALL ON cloud_usage.* to cloud@`localhost`; + GRANT ALL ON cloud_usage.* to cloud@`%`; + + GRANT process ON *.* TO cloud@`localhost`; + GRANT process ON *.* TO cloud@`%`; When this script is finished, you should see a message like “Successfully initialized the database.” From a34939cb011159a13e13e3d6911863d934a1ecbb Mon Sep 17 00:00:00 2001 From: spaceman1984 Date: Fri, 9 Jul 2021 11:51:58 +0200 Subject: [PATCH 3/7] Review changes --- .../management-server/_database.rst | 44 +++++++++++++++---- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst index 1b3d8ebeb8..bed3bdd680 100644 --- a/source/installguide/management-server/_database.rst +++ b/source/installguide/management-server/_database.rst @@ -162,7 +162,7 @@ MySQL. See :ref:`install-database-on-separate-node`. .. parsed-literal:: cloudstack-setup-databases cloud:@localhost \ - --deploy-as=root: \ + --deploy-as=root: | --schema-only \ -e \ -m \ -k \ @@ -197,6 +197,32 @@ MySQL. See :ref:`install-database-on-separate-node`. cluster management server node IP. If not specified, the local IP address will be used. + - (Optional) There is an option to bypass the creating of the databases, + user and granting permissions to the user. This is useful if you don't + want to expose your root credentials but still want the database to + be prepeared for first start up. These skipped steps will have had to be + done manually prior to executing this script. This behaviour can be + envoked by passing the --schema-only flag. This flag conflicts with the + --deploy-as flag so the two cannot be used together. To set up the + databases and user manually before executing the script with the flag, + these commands can be executed: + + .. code:: mysql + -- Create the cloud and cloud_user databases + CREATE DATABASE `cloud`; + CREATE DATABASE `cloud_usage`; + -- Create the cloud user + CREATE USER cloud@`localhost` identified by ''; + CREATE USER cloud@`%` identified by ''; + -- Grant all privileges to the cloud user on the databases + GRANT ALL ON cloud.* to cloud@`localhost`; + GRANT ALL ON cloud.* to cloud@`%`; + + GRANT ALL ON cloud_usage.* to cloud@`localhost`; + GRANT ALL ON cloud_usage.* to cloud@`%`; + -- Grant process list privilege for all other databases + GRANT process ON *.* TO cloud@`localhost`; + GRANT process ON *.* TO cloud@`%`; When this script is finished, you should see a message like “Successfully initialized the database.” @@ -345,7 +371,7 @@ The following command creates the cloud user on the database. .. parsed-literal:: cloudstack-setup-databases cloud:@ \ - --deploy-as=root: \ + --deploy-as=root: | --schema-only \ -e \ -m \ -k \ @@ -379,9 +405,9 @@ The following command creates the cloud user on the database. cluster management server node IP. If not specified, the local IP address will be used. - - (Optional) There is an option to bypass the two initial steps of creating - the databases and granting permissions to the user. This is useful if you - don't want to expose your root credentials but still want the database to + - (Optional) There is an option to bypass the creating of the databases, + user and granting permissions to the user. This is useful if you don't + want to expose your root credentials but still want the database to be prepeared for first start up. These skipped steps will have had to be done manually prior to executing this script. This behaviour can be envoked by passing the --schema-only flag. This flag conflicts with the @@ -390,19 +416,19 @@ The following command creates the cloud user on the database. these commands can be executed: .. code:: mysql - + -- Create the cloud and cloud_user databases CREATE DATABASE `cloud`; CREATE DATABASE `cloud_usage`; - + -- Create the cloud user CREATE USER cloud@`localhost` identified by ''; CREATE USER cloud@`%` identified by ''; - + -- Grant all privileges to the cloud user on the databases GRANT ALL ON cloud.* to cloud@`localhost`; GRANT ALL ON cloud.* to cloud@`%`; GRANT ALL ON cloud_usage.* to cloud@`localhost`; GRANT ALL ON cloud_usage.* to cloud@`%`; - + -- Grant process list privilege for all other databases GRANT process ON *.* TO cloud@`localhost`; GRANT process ON *.* TO cloud@`%`; From b90894d5b889e5a7e81683320fa8654eb1c552b3 Mon Sep 17 00:00:00 2001 From: spaceman1984 Date: Fri, 9 Jul 2021 12:05:20 +0200 Subject: [PATCH 4/7] Added optional indication --- source/installguide/management-server/_database.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst index bed3bdd680..e9750dfea7 100644 --- a/source/installguide/management-server/_database.rst +++ b/source/installguide/management-server/_database.rst @@ -162,7 +162,7 @@ MySQL. See :ref:`install-database-on-separate-node`. .. parsed-literal:: cloudstack-setup-databases cloud:@localhost \ - --deploy-as=root: | --schema-only \ + [ --deploy-as=root: | --schema-only ] \ -e \ -m \ -k \ @@ -371,7 +371,7 @@ The following command creates the cloud user on the database. .. parsed-literal:: cloudstack-setup-databases cloud:@ \ - --deploy-as=root: | --schema-only \ + [ --deploy-as=root: | --schema-only ]\ -e \ -m \ -k \ From 247e28509544d1096ae29e9ee8e4c1b11964dd20 Mon Sep 17 00:00:00 2001 From: spaceman1984 Date: Fri, 9 Jul 2021 12:46:41 +0200 Subject: [PATCH 5/7] Added missing lines --- source/installguide/management-server/_database.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst index e9750dfea7..bdc5909815 100644 --- a/source/installguide/management-server/_database.rst +++ b/source/installguide/management-server/_database.rst @@ -208,6 +208,7 @@ MySQL. See :ref:`install-database-on-separate-node`. these commands can be executed: .. code:: mysql + -- Create the cloud and cloud_user databases CREATE DATABASE `cloud`; CREATE DATABASE `cloud_usage`; @@ -416,6 +417,7 @@ The following command creates the cloud user on the database. these commands can be executed: .. code:: mysql + -- Create the cloud and cloud_user databases CREATE DATABASE `cloud`; CREATE DATABASE `cloud_usage`; From 2e0be6a70cf5b699ae01564bca0124c95fcf2e20 Mon Sep 17 00:00:00 2001 From: spaceman1984 Date: Fri, 9 Jul 2021 14:00:16 +0200 Subject: [PATCH 6/7] Review changes --- .../management-server/_database.rst | 100 ++++++++++-------- 1 file changed, 56 insertions(+), 44 deletions(-) diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst index bdc5909815..ac9233bd7e 100644 --- a/source/installguide/management-server/_database.rst +++ b/source/installguide/management-server/_database.rst @@ -156,8 +156,14 @@ MySQL. See :ref:`install-database-on-separate-node`. setenforce permissive -#. Set up the database. The following command creates the "cloud" user - on the database. +#. Set up the database. + + The cloudstack-setup-databases script is used for creating the cloudstack + databases (cloud, cloud_usage), creating a user (cloud), granting permissions + to the user and preparing the tables for the first startup of the management + server. + + The following command creates the "cloud" user on the database. .. parsed-literal:: @@ -177,30 +183,10 @@ MySQL. See :ref:`install-database-on-separate-node`. the root user is deploying the database and creating the "cloud" user. - - (Optional) For encryption\_type, use file or web to indicate the - technique used to pass in the database encryption password. - Default: file. See :ref:`about-password-key-encryption`. - - - (Optional) For management\_server\_key, substitute the default key - that is used to encrypt confidential parameters in the CloudStack - properties file. Default: password. It is highly recommended that - you replace this with a more secure value. See - :ref:`about-password-key-encryption`. - - - (Optional) For database\_key, substitute the default key that is - used to encrypt confidential parameters in the CloudStack - database. Default: password. It is highly recommended that you - replace this with a more secure value. See - :ref:`about-password-key-encryption`. - - - (Optional) For management\_server\_ip, you may explicitly specify - cluster management server node IP. If not specified, the local IP - address will be used. - - (Optional) There is an option to bypass the creating of the databases, user and granting permissions to the user. This is useful if you don't want to expose your root credentials but still want the database to - be prepeared for first start up. These skipped steps will have had to be + be prepared for first start up. These skipped steps will have had to be done manually prior to executing this script. This behaviour can be envoked by passing the --schema-only flag. This flag conflicts with the --deploy-as flag so the two cannot be used together. To set up the @@ -212,19 +198,42 @@ MySQL. See :ref:`install-database-on-separate-node`. -- Create the cloud and cloud_user databases CREATE DATABASE `cloud`; CREATE DATABASE `cloud_usage`; + -- Create the cloud user CREATE USER cloud@`localhost` identified by ''; CREATE USER cloud@`%` identified by ''; + -- Grant all privileges to the cloud user on the databases GRANT ALL ON cloud.* to cloud@`localhost`; GRANT ALL ON cloud.* to cloud@`%`; GRANT ALL ON cloud_usage.* to cloud@`localhost`; GRANT ALL ON cloud_usage.* to cloud@`%`; + -- Grant process list privilege for all other databases GRANT process ON *.* TO cloud@`localhost`; GRANT process ON *.* TO cloud@`%`; + - (Optional) For encryption\_type, use file or web to indicate the + technique used to pass in the database encryption password. + Default: file. See :ref:`about-password-key-encryption`. + + - (Optional) For management\_server\_key, substitute the default key + that is used to encrypt confidential parameters in the CloudStack + properties file. Default: password. It is highly recommended that + you replace this with a more secure value. See + :ref:`about-password-key-encryption`. + + - (Optional) For database\_key, substitute the default key that is + used to encrypt confidential parameters in the CloudStack + database. Default: password. It is highly recommended that you + replace this with a more secure value. See + :ref:`about-password-key-encryption`. + + - (Optional) For management\_server\_ip, you may explicitly specify + cluster management server node IP. If not specified, the local IP + address will be used. + When this script is finished, you should see a message like “Successfully initialized the database.” @@ -386,30 +395,10 @@ The following command creates the cloud user on the database. the root user is deploying the database and creating the cloud user. - - (Optional) For encryption\_type, use file or web to indicate the - technique used to pass in the database encryption password. - Default: file. See :ref:`about-password-key-encryption`. - - - (Optional) For management\_server\_key, substitute the default key - that is used to encrypt confidential parameters in the CloudStack - properties file. Default: password. It is highly recommended that - you replace this with a more secure value. See About Password and - Key Encryption. - - - (Optional) For database\_key, substitute the default key that is - used to encrypt confidential parameters in the CloudStack - database. Default: password. It is highly recommended that you - replace this with a more secure value. See - :ref:`about-password-key-encryption`. - - - (Optional) For management\_server\_ip, you may explicitly specify - cluster management server node IP. If not specified, the local IP - address will be used. - - (Optional) There is an option to bypass the creating of the databases, user and granting permissions to the user. This is useful if you don't want to expose your root credentials but still want the database to - be prepeared for first start up. These skipped steps will have had to be + be prepared for first start up. These skipped steps will have had to be done manually prior to executing this script. This behaviour can be envoked by passing the --schema-only flag. This flag conflicts with the --deploy-as flag so the two cannot be used together. To set up the @@ -421,19 +410,42 @@ The following command creates the cloud user on the database. -- Create the cloud and cloud_user databases CREATE DATABASE `cloud`; CREATE DATABASE `cloud_usage`; + -- Create the cloud user CREATE USER cloud@`localhost` identified by ''; CREATE USER cloud@`%` identified by ''; + -- Grant all privileges to the cloud user on the databases GRANT ALL ON cloud.* to cloud@`localhost`; GRANT ALL ON cloud.* to cloud@`%`; GRANT ALL ON cloud_usage.* to cloud@`localhost`; GRANT ALL ON cloud_usage.* to cloud@`%`; + -- Grant process list privilege for all other databases GRANT process ON *.* TO cloud@`localhost`; GRANT process ON *.* TO cloud@`%`; + - (Optional) For encryption\_type, use file or web to indicate the + technique used to pass in the database encryption password. + Default: file. See :ref:`about-password-key-encryption`. + + - (Optional) For management\_server\_key, substitute the default key + that is used to encrypt confidential parameters in the CloudStack + properties file. Default: password. It is highly recommended that + you replace this with a more secure value. See + :ref:`about-password-key-encryption`. + + - (Optional) For database\_key, substitute the default key that is + used to encrypt confidential parameters in the CloudStack + database. Default: password. It is highly recommended that you + replace this with a more secure value. See + :ref:`about-password-key-encryption`. + + - (Optional) For management\_server\_ip, you may explicitly specify + cluster management server node IP. If not specified, the local IP + address will be used. + When this script is finished, you should see a message like “Successfully initialized the database.” From 8bdb56255667373dceec2717f3c424245e5b2629 Mon Sep 17 00:00:00 2001 From: spaceman1984 Date: Fri, 9 Jul 2021 14:27:59 +0200 Subject: [PATCH 7/7] Typo --- source/installguide/management-server/_database.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/installguide/management-server/_database.rst b/source/installguide/management-server/_database.rst index ac9233bd7e..5c33df7741 100644 --- a/source/installguide/management-server/_database.rst +++ b/source/installguide/management-server/_database.rst @@ -195,7 +195,7 @@ MySQL. See :ref:`install-database-on-separate-node`. .. code:: mysql - -- Create the cloud and cloud_user databases + -- Create the cloud and cloud_usage databases CREATE DATABASE `cloud`; CREATE DATABASE `cloud_usage`; @@ -407,7 +407,7 @@ The following command creates the cloud user on the database. .. code:: mysql - -- Create the cloud and cloud_user databases + -- Create the cloud and cloud_usage databases CREATE DATABASE `cloud`; CREATE DATABASE `cloud_usage`;