what is the privilege of OS account in DB server? #503
Comments
|
Hi William, It's not clear for me as well do you plan to take backups using ssh dbjobs ( the script is call dbjob_new , but can be duplicate and customize for your need) , dbjob are runs on the database server host after ssh connect, but i think we pass the host and credential of the monitoring user of replication-manager to connect into db inside the script , i guess the grants needed are the one that can take and restore backup but we also do a couple of trick when restore like flush tables and import tablespaces to reload a backup without restarting the database server . Hope it help |
|
Hi @svaroqui , we are using MariaDB. Tested replication-manager can start / stop db node using another os account. We modified "/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy" to allow the new account running "systemctl start mariadb". Not sure auditor allows this or not. This is initial testing and we haven't configured backup yet. Seems the remote access does not relate to backup. |
|
Hi if you wan’t to enable configuration of database instances than you will need to enable dropping and adding files in
/etc/mysql
/var/lib/mysql
You also need to tell replication-manger it’s own ip or hostname so that the job script can wget to replication-manger and get the config
./replication-manager-pro --config=etc/opensvc/cluster-api/cluster-demo/stephane.toml monitor --monitoring-save-config --help | grep monitoring-add
--monitoring-address string How to contact this monitoring (default "localhost »)
To enable physical backups like mariabackup then you will also need
Binary execution of socat , mariabackup, mbstream and the mysql client
Stéphane Varoqui, VP of Products
Phone: +33-6-95-92-64-01, skype: svaroqui
https://signal18.io/ https://meet.signal18.io/
… Le 31 juil. 2023 à 18:14, frelist ***@***.***> a écrit :
Hi @svaroqui <https://github.com/svaroqui> , we are using MariaDB. Tested replication-manager can start / stop db node using another os account. We modified "/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy" to allow the new account running "systemctl start mariadb". Not sure auditor allows this or not.
This is initial testing and we haven't configured backup yet. Seems the remote access does not relate to backup.
—
Reply to this email directly, view it on GitHub <#503 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAWVCIAL57BSARTHIAR7K5LXS7KURANCNFSM6AAAAAA24VU6ZY>.
You are receiving this because you were mentioned.
|
We configured below replication-manager parameters to connect DB server OS via ssh. We can restart DB node from replication-manager as expected.
prov-orchestrator = "onpremise"
onpremise-ssh = true
onpremise-ssh-credential = "root"
config.toml.txt
scheduler-jobs-ssh = true
Since remote root is not allowed, we are planning to create new OS service account for this.
But we are not sure the setting "sudoer root user" in https://docs.signal18.io/configuration/provisioning/orchestrators/onpremise
Attached the config file. Kindly advise the privilege required.
Regards,
William
The text was updated successfully, but these errors were encountered: