doc/source/user/manage-db-and-users.rst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

=============================================
Manage databases and users on Trove instances
=============================================

Assume that you installed Trove service and uploaded images with datastore of
your choice. This section shows how to manage users and databases in a MySQL
5.7 instance.

Currently, the Database and User API is only supported by mysql datastore.

For database user management, there are two approaches:

1. If the ``root_on_create`` option is enabled for the datastore in trove
   service config file, the root user password is returned after creating
   instance, which can be used directly to access the database.
2. If ``root_on_create=False``, the recommended way is to get root password
   (``POST /v1.0/{project_id}/instances/{instance_id}/root`` or ``openstack
   database root enable`` in CLI) and communicate with the database service
   directly for database and user management.

Manage root user
~~~~~~~~~~~~~~~~

For all the datastores, the user could enable root and get root password for
further database operations.

.. code-block:: console

   $ openstack database root enable f22ce0d9-8c9c-403a-8599-2269761a66de
   +----------+--------------------------------------+
   | Field    | Value                                |
   +----------+--------------------------------------+
   | name     | root                                 |
   | password | I5nPpBj1qf1eGR1idQorj1szppXGpYyYNj4h |
   +----------+--------------------------------------+

If needed, ``openstack database root disable <instance_id>`` command could
disable the root user.

Database and User management via Trove CLI
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Trove provides API to manage users and databases for mysql datastore.

.. code-block:: console

    $ openstack database user list db-instance
    +------+------+-----------+
    | Name | Host | Databases |
    +------+------+-----------+
    | test | %    | testdb    |
    +------+------+-----------+
    $ openstack database user create db-instance newuser userpass --databases testdb
    $ openstack database user list db-instance
    +---------+------+-----------+
    | Name    | Host | Databases |
    +---------+------+-----------+
    | newuser | %    | testdb    |
    | test    | %    | testdb    |
    +---------+------+-----------+
    $ mysql -h 172.24.4.199 -u newuser -p testdb
    Enter password:
    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | testdb             |
    +--------------------+
    2 rows in set (0.00 sec)

    $ openstack database db create db-instance newdb
    $ openstack database db list db-instance
    +--------+
    | Name   |
    +--------+
    | newdb  |
    | sys    |
    | testdb |
    +--------+

    $ mysql -h 172.24.4.199 -u newuser -p newdb
    Enter password:
    ERROR 1044 (42000): Access denied for user 'newuser'@'%' to database 'newdb'


Manage access to databases
~~~~~~~~~~~~~~~~~~~~~~~~~~

With Trove API you can grant and revoke database access rights for existing
users.

.. code-block:: console

    $ openstack database user grant access db-instance newuser newdb

    $ openstack database user show access db-instance newuser
    +--------+
    | Name   |
    +--------+
    | newdb  |
    | testdb |
    +--------+

    $ mysql -h IP_ADDRESS -u newuser -p newdb
    Enter password:

    $ openstack database user show access db-instance test
    +--------+
    | Name   |
    +--------+
    | testdb |
    +--------+

    $ mysql -h IP_ADDRESS -u test -p newdb
    Enter password:
    ERROR 1044 (42000): Access denied for user 'test'@'%' to database 'newdb'

    $ openstack database user revoke access db-instance newuser newdb

    $ mysql -h IP_ADDRESS -u newuser -p newdb
    Enter password:
    ERROR 1044 (42000): Access denied for user 'newuser'@'%' to database 'newdb'


Delete databases
~~~~~~~~~~~~~~~~

Lastly, Trove provides API for deleting databases.

.. code-block:: console

    $ openstack database db list db-instance
    +--------+
    | Name   |
    +--------+
    | newdb  |
    | sys    |
    | testdb |
    +--------+

    $ openstack database db delete db-instance testdb

    $ openstack database db list db-instance
    +--------+
    | Name   |
    +--------+
    | newdb  |
    | sys    |
    +--------+

    $ mysql -h IP_ADDRESS -u test -p testdb
    Enter password:
    ERROR 1049 (42000): Unknown database 'testdb'