managing a shared mysql farm dpc11
DESCRIPTION
Slides for my #dpc11 talk.TRANSCRIPT
![Page 1: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/1.jpg)
Managing a shared MySQL farmThijs FerynEvangelist+32 (0)9 218 79 [email protected]
Dutch PHP ConferenceSaturday May 21st 2011Amsterdam, The Netherlands
![Page 2: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/2.jpg)
About me
I’m an evangelist at Combell
![Page 3: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/3.jpg)
About me
I’m a board member at PHPBenelux
![Page 4: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/4.jpg)
I live in the wonderful city of Bruges
MPBecker -‐ Bruges by Night hXp://www.flickr.com/photos/galverson2/3715965933
![Page 5: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/5.jpg)
Give me feedback: hXp://joind.in/3247
Read my blog: hXp://blog.feryn.eu
Follow me on TwiXer: @ThijsFeryn
![Page 6: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/6.jpg)
![Page 7: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/7.jpg)
Managing a shared MySQL farmtekst
![Page 8: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/8.jpg)
Managing a shared MySQL farmtekst
Provisioning/authentication/permissions
![Page 9: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/9.jpg)
Managing a shared MySQL farmtekst
Several clients/apps connect to it
![Page 10: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/10.jpg)
Managing a shared MySQL farmtekst
Multiple servers
![Page 11: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/11.jpg)
The farm
![Page 12: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/12.jpg)
Managing the farm
![Page 13: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/13.jpg)
Managing the farm
User
Permissions
Database
![Page 14: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/14.jpg)
Managing users
✓Create user✓Remove user✓Enable/disable user✓Reset password
![Page 15: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/15.jpg)
Managing databases
✓Create database✓Remove database✓Enable/disable database✓Set quota
![Page 16: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/16.jpg)
Managing permissions
✓Grant permissions✓Revoke permissions✓Enable wricng✓Disable wricng
![Page 17: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/17.jpg)
MySQL authenccacon & privileges
![Page 18: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/18.jpg)
MySQL privilege system
Global privileges
Database privileges
Table privileges
Field privileges
![Page 19: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/19.jpg)
MySQL privilege system
Global privileges
Database privileges
Table privileges
Field privileges
mysql.user
mysql.db
mysql.tables_priv
mysql.columns_priv
![Page 20: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/20.jpg)
General privileges
✓Select✓Insert✓Update✓Delete✓Create✓Drop✓Grant✓References✓Index
✓Alter✓Create tmp table✓Lock tables✓Create view✓Show view✓Create roucne✓Alter roucne✓Execute priv
![Page 21: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/21.jpg)
Server privileges
✓Reload✓Shutdown✓Process✓File✓Show_db✓Super
✓Max quescons✓Max updates✓Max conneccons✓Max user conneccons
![Page 22: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/22.jpg)
Which privileges to grant?
![Page 23: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/23.jpg)
Which privileges to grant?
✓Select✓Insert✓Update✓Delete✓Create✓Drop✓Grant✓References✓Index
✓Alter✓Create tmp table✓Lock tables✓Create view✓Show view✓Create roucne✓Alter roucne✓Execute priv
✓Reload✓Shutdown✓Process✓File✓Show_db✓Super
![Page 24: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/24.jpg)
Manage privileges
✓CREATE USER✓DROP USER✓GRANT✓RENAME USER✓REVOKE✓SET PASSWORD
![Page 25: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/25.jpg)
Manage privileges
✓Manually in mysql.user✓Manually in mysql.db✓Manually in mysql.tables_priv✓Manually in mysql.columns_priv
![Page 26: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/26.jpg)
Challenges
![Page 27: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/27.jpg)
Challenges
✓Management across mulcple nodes✓Aggregacng data from mulcple nodes✓Name clashes✓Quota management
![Page 28: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/28.jpg)
Solucons
![Page 29: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/29.jpg)
Solucons
✓Centralized provisioning database✓GeXers on the provisioning database✓Node mapper for user/db/privilege management✓INFORMATION_SCHEMA for quota management✓Prefixes to avoid name clashes
![Page 30: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/30.jpg)
Provisioning plan
![Page 31: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/31.jpg)
User✓Id✓Prefix✓Username✓Password✓Enabled✓DatabaseId✓Write✓CreateDate✓UpdateDate
Database✓Id✓Node✓Prefix✓Database✓Quota✓Enabled✓Down✓Overquota✓CreateDate✓UpdateDate
![Page 32: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/32.jpg)
User✓Id✓Prefix✓Username✓Password✓Enabled✓DatabaseId✓Write✓CreateDate✓UpdateDate
Database✓Id✓Node✓Prefix✓Database✓Quota✓Enabled✓Down✓Overquota✓CreateDate✓UpdateDate
Mulcpleservers
Database on single node
![Page 33: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/33.jpg)
![Page 34: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/34.jpg)
Mapping uses cases to SQL
![Page 35: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/35.jpg)
✓Add user✓Delete user✓Reset user password✓Enable user✓Disable user✓Get user
![Page 36: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/36.jpg)
Add user
INSERT INTO `user`(`prefix`,`username`,`password`,`createdate`) VALUES(‘test’,‘test_user’,‘mypass123’,NOW());
![Page 37: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/37.jpg)
Delete user
DELETE FROM `user` WHERE username=‘test_user’;
DELETE u.*, db.* FROM `mysql`.`user` u LEFT JOIN `mysql`.`db` db ON(db.`User` = u.`User`) WHERE u.`User` = ‘test_user’;
![Page 38: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/38.jpg)
Reset user password
UPDATE `user` SET `password` = ‘newpass123’ WHERE `username` = ‘test_user’;
UPDATE `mysql`.`user` SET `Password` = PASSWORD(‘newpass123’) WHERE `User`= ‘test_user’;
![Page 39: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/39.jpg)
Enable user
UPDATE `user` SET `enabled` = '1' WHERE `username` = ‘test_user’;
UPDATE `mysql`.`user` SET `Host` = ‘%’ WHERE `User`= ‘test_user’
![Page 40: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/40.jpg)
Disable user
UPDATE `user` SET `enabled` = '0' WHERE `username` = ‘test_user’;
UPDATE `mysql`.`user` SET `Host` = ‘localhost’ WHERE `User`= ‘test_user’
![Page 41: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/41.jpg)
Get user
SELECT * FROM `user` WHERE `username` = ‘test_user’;
![Page 42: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/42.jpg)
✓Add database✓Delete database✓Set database quota✓Enable database✓Disable database✓Get database
![Page 43: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/43.jpg)
Add database
INSERT INTO `database`(`node`,`prefix`,`database`,`quota`,`createdate`) VALUES(1,‘test’,‘test_db’,10,NOW());
CREATE DATABASE test_db1;
![Page 44: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/44.jpg)
Delete database
DELETE FROM `database` WHERE `database` = ‘test_db’;
![Page 45: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/45.jpg)
Delete database
SELECT u.usernameFROM `user` uWHERE u.databaseId = 123GROUP BY u.username; Find
deletable users to delete from MySQL privileges system
Are linked to this database
![Page 46: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/46.jpg)
Delete database
DELETE u.*, db.* FROM `user` u LEFT JOIN `db` db ON(db.`User` = u.`User`) WHERE u.`User` IN('test_user’);
Deletethese users from MySQL privileges
system
![Page 47: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/47.jpg)
Delete database
DROP DATABASE test_db;
![Page 48: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/48.jpg)
Set database quota
UPDATE `database` SET `quota` = 100WHERE `database` = ‘test_db’;
![Page 49: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/49.jpg)
Enable database
UPDATE `database` SET `enabled` = '1' WHERE `database` = ‘test_db’;
![Page 50: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/50.jpg)
Enable database
SELECT u.username, u.writeFROM user uWHERE u.databaseId = 123 Find
user mappings to re-‐enable
![Page 51: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/51.jpg)
Enable database
INSERT INTO `db`(Host,Db,User,Select_priv,Insert_priv, Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv, Create_view_priv,Show_view_priv,Create_routine_priv, Alter_routine_priv,Execute_priv)
![Page 52: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/52.jpg)
Enable database
VALUES(‘%’,‘test_db’,‘test_user’,'Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
VALUES(‘%’,‘test_db’,‘test_user’,'Y','N','N','N','N','N','N','N','N','N','N','N','N','Y','N','N','Y');
Write permissions
Read-‐only
permissions
![Page 53: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/53.jpg)
Disable database
UPDATE `database` SET `enabled` = '0' WHERE `database` = ‘test_db’;
DELETE FROM `db` WHERE db = 'test_db’;
![Page 54: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/54.jpg)
Get database
SELECT * FROM `database` WHERE `database` = ‘test_db’;
![Page 55: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/55.jpg)
✓Grant privilege✓Revoke privilege✓Enable database wricng✓Disable database wricng
![Page 56: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/56.jpg)
Grant privilege
UPDATE `user` SET `databaseId`=123, `write`='1' WHERE `username`= ‘test_user’;
UPDATE `user` SET `databaseId`=123, `write`='0' WHERE `username`= ‘test_user’;
Write permissions
Read-‐only
permissions
![Page 57: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/57.jpg)
Grant privilege
INSERT INTO `user`(Host,User,Password) VALUES(‘%’,‘test_user’,PASSWORD(‘password’));
Try adding user or catch duplicate user error
![Page 58: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/58.jpg)
Grant privilege
INSERT INTO `db`(Host,Db,User,Select_priv,Insert_priv, Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv, Create_view_priv,Show_view_priv,Create_routine_priv, Alter_routine_priv,Execute_priv)
![Page 59: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/59.jpg)
Grant privilege
VALUES(‘%’,‘test_db’,‘test_user’,'Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
VALUES(‘%’,‘test_db’,‘test_user’,'Y','N','N','N','N','N','N','N','N','N','N','N','N','Y','N','N','Y');
Write permissions
Read-‐only
permissions
![Page 60: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/60.jpg)
Revoke privilege
UPDATE `user` SET `databaseId`= NULL, `write`= NULL WHERE `user`= ‘test_user’;
DELETE u.*, db.* FROM `user` u LEFT JOIN `db` db ON(db.`User` = u.`User`) WHERE u.`User` = ‘test_user’;
![Page 61: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/61.jpg)
Enable database wricng
UPDATE `user` SET `write`= '1' WHERE `username` = ‘test_user’;
![Page 62: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/62.jpg)
Enable database wricng
UPDATE `user` SET `write`= '1' WHERE `username` = ‘test_user’;
UPDATE `db` SET`Select_priv` = 'Y',`Insert_priv` = 'Y',`Update_priv` = 'Y',`Delete_priv` = 'Y',`Create_priv` = 'Y',`Drop_priv` = 'Y',`Grant_priv` = 'N',`References_priv` = 'Y',`Index_priv` = 'Y',`Alter_priv` = 'Y',`Create_tmp_table_priv`='Y',`Lock_tables_priv` = 'Y',`Create_view_priv` = 'Y',`Show_view_priv` = 'Y',`Create_routine_priv` = 'Y',`Alter_routine_priv` = 'Y',`Execute_priv` = 'Y'WHERE `db`= ‘test_db’ AND `user` = ‘test_user’;
![Page 63: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/63.jpg)
Disable database wricng
UPDATE `user` SET `write`= '0' WHERE `username` = ‘test_user’;
![Page 64: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/64.jpg)
Disable database wricng
UPDATE `user` SET `write`= '1' WHERE `username` = ‘test_user’;
UPDATE `db` SET`Select_priv` = 'Y',`Insert_priv` = 'N',`Update_priv` = 'N',`Delete_priv` = 'N',`Create_priv` = 'N',`Drop_priv` = 'N',`Grant_priv` = 'N',`References_priv` = 'N',`Index_priv` = 'N',`Alter_priv` = 'N',`Create_tmp_table_priv`='N',`Lock_tables_priv` = 'N',`Create_view_priv` = 'N',`Show_view_priv` = 'Y',`Create_routine_priv` = 'N',`Alter_routine_priv` = 'N',`Execute_priv` = 'Y'WHERE `db`= ‘test_db’ AND `user` = ‘test_user’;
![Page 65: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/65.jpg)
Quota management
![Page 66: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/66.jpg)
Quota management
✓Limits in provisioning database✓Current usage stored in INFORMATION_SCHEMA✓Raco calculated via cron task✓Write permissions disabled while over quota
![Page 67: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/67.jpg)
Quota management
SELECT `database`,`quota` FROM `database`
SELECT TABLE_SCHEMA as `database`,ROUND(SUM(DATA_LENGTH + INDEX_LENGTH)/1048576,2) as `usage`FROM `information_schema`.`TABLES`GROUP BY TABLE_SCHEMA
![Page 68: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/68.jpg)
Quota management
UPDATE `database` SET `overquota` = '1' WHERE `database` = ‘test_db’;
![Page 69: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/69.jpg)
Quota management
UPDATE `db` SET`Select_priv` = 'Y',`Insert_priv` = 'N',`Update_priv` = 'N',`Delete_priv` = 'Y',`Create_priv` = 'N',`Drop_priv` = 'Y',`Grant_priv` = 'N',`References_priv` = 'N',`Index_priv` = 'N',`Alter_priv` = 'N',`Create_tmp_table_priv` = 'N',`Lock_tables_priv` = 'N',`Create_view_priv` = 'N',`Show_view_priv` = 'Y',`Create_routine_priv` = 'N',`Alter_routine_priv` = 'N',`Execute_priv` = 'Y' WHERE `db`= ‘test_database’
![Page 70: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/70.jpg)
Quota management
UPDATE `database` SET `overquota` = '0' WHERE `database` = ‘test_db’;
![Page 71: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/71.jpg)
Quota management
UPDATE `db` SET`Select_priv` = 'Y',`Insert_priv` = 'Y',`Update_priv` = 'Y',`Delete_priv` = 'Y',`Create_priv` = 'Y',`Drop_priv` = 'Y',`Grant_priv` = 'N',`References_priv` = 'Y',`Index_priv` = 'Y',`Alter_priv` = 'Y',`Create_tmp_table_priv`='Y',`Lock_tables_priv` = 'Y',`Create_view_priv` = 'Y',`Show_view_priv` = 'Y',`Create_routine_priv` = 'Y',`Alter_routine_priv` = 'Y',`Execute_priv` = 'Y' WHERE `db`= ‘test_db’
![Page 72: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/72.jpg)
Goals
![Page 73: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/73.jpg)
Single point of management
![Page 74: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/74.jpg)
Single point of conneccon
![Page 75: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/75.jpg)
Replicacon & loadbalancing
![Page 76: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/76.jpg)
Replicacon & loadbalancing
✓Minimizes risk✓Ensures stability, scalability & performance✓Copies databases across nodes✓Doesn’t parccon/shard databases✓Will require mulcple independent clusters
![Page 77: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/77.jpg)
Proxying strategies
![Page 78: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/78.jpg)
Server proxy
![Page 79: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/79.jpg)
Server proxy
MySQL Proxy is a simple program that sits between your client and MySQL server(s) that can monitor, analyze or transform their communicacon.
![Page 80: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/80.jpg)
MySQL Proxy features
✓ Load balancing✓ Failover✓ Query analysis✓ Query filtering and modificacon
![Page 81: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/81.jpg)
Installacon
APT-‐GET INSTALL✓mysql-‐proxy✓lua5.1✓liblua5.1-‐0-‐dev✓liblua5.1-‐sql-‐mysql-‐2✓liblua5.1-‐memcached0✓liblua5.1-‐md5-‐0
![Page 82: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/82.jpg)
Startup
/usr/bin/mysql-‐proxy \-‐-‐proxy-‐lua-‐script=/var/www/mysqlproxy.dev/ \proxy.lua -‐-‐proxy-‐address=:3307 \ -‐-‐proxy-‐backend-‐addresses=172.16.26.133:3306 \-‐-‐proxy-‐backend-‐addresses=172.16.26.134:3306 \-‐-‐lua-‐path=/usr/share/lua/5.1/?.lua \-‐-‐lua-‐cpath=/usr/lib/lua/5.1/?.so Custom
LUA library
/etc/default/mysql-‐proxy
![Page 83: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/83.jpg)
Hooks
✓connect_server✓read_handshake✓read_auth✓read_auth_result✓read_query✓read_query_result✓disconnect_client
![Page 84: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/84.jpg)
Goal
![Page 85: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/85.jpg)
Goal
✓ Accept conneccon using the proxy✓Hook into the authenccacon✓Match user to the provisioning DB✓Fetch node from provisioning✓Switch to the right node
➡Effeccve proxying solucon
![Page 86: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/86.jpg)
Reality
![Page 87: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/87.jpg)
Reality
✓ Accept conneccon using the proxy✓Hook into the authenccacon✓Match user to the provisioning DB✓Fetch node from provisioning✓Switch to the right node
➡Effeccve proxying solucon
![Page 88: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/88.jpg)
Reality
Conneccon switching only happens in the connect_server hook
Auth info is only available starcng from the read_auth hook
![Page 89: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/89.jpg)
Bridge the gap
![Page 90: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/90.jpg)
Bridge the gap
Redirect to node based on client IP
![Page 91: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/91.jpg)
Let’s see some code !
![Page 92: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/92.jpg)
Coderequire('luarocks.require')require('md5')require('Memcached')require('luasql.mysql')local memcache = Memcached.Connect()-‐-‐-‐ configlocal mysqlhost = "localhost"local mysqluser = "myUser"local mysqlpassword = "MyPwDsesd"local mysqldatabase = "test"-‐-‐ debuglocal debug = true
Dependencies & config
![Page 93: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/93.jpg)
Code
function error_result (msg) proxy.response = { type = proxy.MYSQLD_PACKET_ERR, errmsg = msg, errcode = 7777, sqlstate = 'X7777', } return proxy.PROXY_SEND_RESULTend
Custom MySQL errors
![Page 94: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/94.jpg)
Codefunction node_get(ip) local node = memcache:get(md5.sumhexa(ip)) if not node == nil then return loadstring('return '..memcache:get(md5.sumhexa(ip)))() end node = sql_get(ip) if node == nil then return nil end
memcache:set(md5.sumhexa(ip), node, 3600) return node
end
Get node from cache or database
![Page 95: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/95.jpg)
Codefunction sql_get(ip) env = assert (luasql.mysql()) con = assert (env:connect(mysqldatabase,mysqluser,mysqlpassword,mysqlhost)) cur = assert (con:execute(string.format("SELECT n.`id` FROM `accesslist` a JOIN `node` n ON(n.id=a.node) WHERE a.`ip` = '%s'",ip))) row = cur:fetch ({}, "a") if cur:numrows() == 0 then return nil end cur:close() con:close() env:close() return row.idend
Get node from provisioning database
![Page 96: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/96.jpg)
Code
function connect_server() selectedNode = node_get(proxy.connection.client.src.address)
if selectedNode == nil then return error_result(string.format("No info found in the cluster for IP '%s'",proxy.connection.client.src.address)) end
proxy.connection.backend_ndx = selectedNode end
Retrieve and switch to node
![Page 97: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/97.jpg)
Reality
MySQL Proxy is not accvely supported
![Page 98: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/98.jpg)
Client proxy
![Page 99: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/99.jpg)
MySQL Nacve Driver
![Page 100: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/100.jpg)
MySQL Nacve Driver
✓Replacement for libmysql✓Full client protocol as a PHP extension✓Official since PHP 5.3.0✓No API✓Mysql, Mysqli & PDO use it✓Supports plugins
![Page 101: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/101.jpg)
MySQL Nacve Driver
hXp://schlueters.de/blog/archives/146-‐mysqlnd-‐plugins-‐for-‐PHP-‐in-‐praccce.html
hXp://blog.ulf-‐wendel.de/?p=284
Read these blog posts
![Page 102: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/102.jpg)
MySQL Nacve Driver
✓ Accept conneccon using the proxy✓Hook into the authenccacon✓Match user to the provisioning DB✓Fetch node from provisioning✓Switch to the right node✓Doesn’t work for remote conneccons
➡Effeccve proxying solucon
![Page 103: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/103.jpg)
DNS & hostnames
Hostname per account
![Page 104: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/104.jpg)
What about PhpMyAdmin?
![Page 105: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/105.jpg)
What about PhpMyAdmin?
✓Use single signon auth module✓Use customized fallback auth module✓Detect linked database & node✓Switch to node
![Page 106: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/106.jpg)
config.inc.php
<?php$cfg['Servers'][1]['auth_type'] = 'httpsoap';$cfg['Servers'][1]['host'] = '1.2.3.4';$cfg['Servers'][1]['connect_type'] = 'tcp';$cfg['Servers'][1]['compress'] = false;$cfg['Servers'][1]['extension'] = 'mysql';$cfg['Servers'][1]['AllowNoPassword'] = false;$cfg['Servers'][2]['auth_type'] = 'httpsoap';$cfg['Servers'][2]['host'] = '1.2.3.4';$cfg['Servers'][2]['connect_type'] = 'tcp';$cfg['Servers'][2]['compress'] = false;$cfg['Servers'][2]['extension'] = 'mysql';$cfg['Servers'][2]['AllowNoPassword'] = false;$cfg['Servers'][3]['extension'] = 'mysql';$cfg['Servers'][3]['auth_type'] = 'signon';$cfg['Servers'][3]['SignonSession'] = 'SSOSession';$cfg['Servers'][3]['SignonURL'] = 'scripts/signon.php';$cfg['Servers'][3]['LogoutURL'] = 'scripts/signon-logout.php';
![Page 107: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/107.jpg)
scripts/signon.php
<?phpif (isset($_REQUEST['user'])) { try{ $soap = new SoapClient('http://my.soap-webservice.net/?WSDL'); $user = $soap->user_getByUsername($_REQUEST['user']); if(!isset($_REQUEST['hash'])){ die("No hash submitted"); } if(sha1($user->username.$user->password.'azertyuiop') !== $_REQUEST['hash']){ die("Invalid hash"); } } catch (Exception $e){ die("No such user"); }...
![Page 108: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/108.jpg)
scripts/signon.php
session_set_cookie_params(0, '/', '', 0); $session_name = 'SSOSession'; session_name($session_name); session_start(); $_SESSION['PMA_single_signon_user'] = $user->username; $_SESSION['PMA_single_signon_password'] = $user->password; $_SESSION['PMA_single_signon_host'] = $user->node; $_SESSION['PMA_single_signon_port'] = '3306'; $id = session_id(); session_write_close(); header('Location: ../index.php?server=3');} else { exit(); header('Location: ../index.php?server=1');}
![Page 109: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/109.jpg)
scripts/signon-‐logout.php
<?phpsession_set_cookie_params(0, '/', '', 0);$session_name = 'SSOSession';session_name($session_name);session_start();session_destroy();header('Location: ../index.php?server=1');
![Page 110: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/110.jpg)
Customized fallback auth module
✓Copy of ./libraries/auth/h>p.auth.lib.php✓Modify PMA_auth_set_user() funccon✓Implement deteccon logic✓Communicates with provisioning service✓Retrieves database & node✓Switches to node
![Page 111: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/111.jpg)
libraries/auth/hXpsoap.auth.lib.php<?phpfunction PMA_auth_set_user(){ global $cfg, $server; global $PHP_AUTH_USER, $PHP_AUTH_PW; try{ $soap = new SoapClient('http://my.soap-webservice.net/?WSDL'); $user = $soap->user_getByUsername($PHP_AUTH_USER); $cfg['Server']['host'] = $user->node; } catch (Exception $e){ PMA_auth(); return true; }...
![Page 112: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/112.jpg)
libraries/auth/hXpsoap.auth.lib.phpif ($cfg['Server']['user'] != $PHP_AUTH_USER) { $servers_cnt = count($cfg['Servers']); for ($i = 1; $i <= $servers_cnt; $i++) { if (isset($cfg['Servers'][$i]) && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host'] && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)) { $server = $i; $cfg['Server'] = $cfg['Servers'][$i]; break; } } } $cfg['Server']['user'] = $PHP_AUTH_USER; $cfg['Server']['password'] = $PHP_AUTH_PW; return true;}
![Page 113: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/113.jpg)
![Page 114: Managing a shared mysql farm dpc11](https://reader033.vdocuments.net/reader033/viewer/2022051610/5483f9a7b47959d30c8b4a8a/html5/thumbnails/114.jpg)
Q&A