openstack/trove
Code Issues Proposed changes
9ea87ccf43
trove/doc/source/user/manage-db-and-users.rst
Lingxian Kong 72e20e4e97 Only enable user and database API for MySQL 
Change-Id: Ic59f2fd94c5f216414effe7d13d0dd486dce9243
2020-09-13 19:13:53 +12:00

4.1 KiB
Raw Blame History

Manage databases and users on Trove instances

Assume that you installed Trove service and uploaded images with datastore of your choice. This section shows how to manage users and databases in a MySQL 5.7 instance.

Warning

Currently, the Database and User API is only supported by mysql datastore. For others, the recommended way is to get root password (POST /v1.0/{project_id}/instances/{instance_id}/root) and communicate with the database service directly for database and user management.

Manage root user

For all the datastores, the user could enable root and get root password for further database operations.

$ openstack database root enable f22ce0d9-8c9c-403a-8599-2269761a66de
+----------+--------------------------------------+
| Field    | Value                                |
+----------+--------------------------------------+
| name     | root                                 |
| password | I5nPpBj1qf1eGR1idQorj1szppXGpYyYNj4h |
+----------+--------------------------------------+

If needed, openstack database root disable <instance_id> command could disable the root user.

Database and User management via Trove API

Trove provides API to manage users and databases for mysql datastore.

$ openstack database user list db-instance
+------+------+-----------+
| Name | Host | Databases |
+------+------+-----------+
| test | %    | testdb    |
+------+------+-----------+
$ openstack database user create db-instance newuser userpass --databases testdb
$ openstack database user list db-instance
+---------+------+-----------+
| Name    | Host | Databases |
+---------+------+-----------+
| newuser | %    | testdb    |
| test    | %    | testdb    |
+---------+------+-----------+
$ mysql -h 172.24.4.199 -u newuser -p testdb
Enter password:
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| testdb             |
+--------------------+
2 rows in set (0.00 sec)

$ openstack database db create db-instance newdb
$ openstack database db list db-instance
+--------+
| Name   |
+--------+
| newdb  |
| sys    |
| testdb |
+--------+

$ mysql -h 172.24.4.199 -u newuser -p newdb
Enter password:
ERROR 1044 (42000): Access denied for user 'newuser'@'%' to database 'newdb'

Manage access to databases

With Trove API you can grant and revoke database access rights for existing users.

$ openstack database user grant access db-instance newuser newdb

$ openstack database user show access db-instance newuser
+--------+
| Name   |
+--------+
| newdb  |
| testdb |
+--------+

$ mysql -h IP_ADDRESS -u newuser -p newdb
Enter password:

$ openstack database user show access db-instance test
+--------+
| Name   |
+--------+
| testdb |
+--------+

$ mysql -h IP_ADDRESS -u test -p newdb
Enter password:
ERROR 1044 (42000): Access denied for user 'test'@'%' to database 'newdb'

$ openstack database user revoke access db-instance newuser newdb

$ mysql -h IP_ADDRESS -u newuser -p newdb
Enter password:
ERROR 1044 (42000): Access denied for user 'newuser'@'%' to database 'newdb'

Delete databases

Lastly, Trove provides API for deleting databases.

$ openstack database db list db-instance
+--------+
| Name   |
+--------+
| newdb  |
| sys    |
| testdb |
+--------+

$ openstack database db delete db-instance testdb

$ openstack database db list db-instance
+--------+
| Name   |
+--------+
| newdb  |
| sys    |
+--------+

$ mysql -h IP_ADDRESS -u test -p testdb
Enter password:
ERROR 1049 (42000): Unknown database 'testdb'