MySQL Preacher

If you are attending this year’s O’Reilly MySQL Conference & Expo, it is with great pleasure that I invite you to attend my presentation featuring Securich, the MySQL user administration and security plugin. It is a user friendly tool which will help make user management and general database security much more versatile and fun than ever before.

The session will be held at 10:50am on Wednesday 14th April 2010 at BallRoom A.

http://en.oreilly.com/mysql2010/public/schedule/detail/13351

So come on over and `grant all on *.*` no more :)

Hasta luego mez amis
Haben eine sichere fahrt

Uncategorized

If you have multiple database servers with strange names, or if you have to hop over multiple machines to connect to any mysql database server, then you know what a pain it can be to administer such a setup. Thanks to some scripting, you can automate such tasks as follows:

Create an expect script:
/path/to/sshmysql.exp

#!/usr/bin/expect -f
#script by darren cassar
#mysqlpreacher.com

set machine [lindex $argv 0]

set timeout -1

spawn ssh username@$machine
match_max 100000
expect -exact “assword: ”
send — “password\r”
send — “sudo -k; sudo su – mysql\r”
expect -exact “sudo -k; sudo su – mysql”
expect -exact “assword:”
send — “password\r”
interact

# you should change the word password in ’send — “password\r”‘ to your login password
# if you have the same password for each environment you could also script logging into mysql directly from the same expect script BUT that is not recommended.

Create a bash script:
/path/to/login.sh

#!/bin/bash
#script by darren cassar
#mysqlpreacher.com

sm=’/path/to/sshmysql.exp’

menu() {
echo ” 101 – dev.databaseserver1 ”
echo ” 102 – dev.databaseserver2 ”
echo ” 103 – dev.databaseserver3 ”
echo ” 201 – qa.databaseserver1 ”
echo ” 301 – uat.databaseserver1 ”
echo ” 302 – uat.databaseserver2 ”
echo ” 401 – prod.databaseserver1 ”
echo ” ”
}

ARGUMENT=notmenu

if [ -z "$1" ]
then
ARGUMENT=menu
else
choice=$1
fi

if [ $ARGUMENT = "menu" ]
then
menu
else
case “$choice” in
101|dev.databaseserver1 ) $sm dev.databaseserver1;;
102|dev.databaseserver2 ) $sm dev.databaseserver2;;
103|dev.databaseserver3 ) $sm dev.databaseserver3;;
201|qa.databaseserver1 ) $sm qa.databaseserver1;;
301|uat.databaseserver1 ) $sm uat.databaseserver1;;
302|uat.databaseserver2 ) $sm uat.databaseserver2;;
401|prod.databaseserver1 ) $sm prod.databaseserver1;;
* ) echo “Wrong value passed to script”
menu ;;
esac
fi

alias l=’/path/to/login.sh’

Output:

[darrencassar@mymachine ~ ]$ l
101 – dev.databaseserver1
102 – dev.databaseserver2
103 – dev.databaseserver3
201 – qa.databaseserver1
301 – uat.databaseserver1
302 – uat.databaseserver2
401 – prod.databaseserver1

Output:
The below command would log you into the first development database server as mysql user.

[darrencassar@mymachine ~ ]$ l 101

On each machine place aliases for each instance in the .profile

alias use3306=’mysql -u root -p -h 127.0.0.1 -P 3306 –prompt=”mysql \D> “‘

The above setup can be used using any client/server OS: Linux, Solaris, MAC OS or Windows(running Cygwin)

NOTE: If you store the password in clear text inside the expect script, you should at least save the scripts inside an encrypted partition on your machine and make sure that folder is not shared or accessible by anyone. Another way of doing it would be to use either SSHKeys OR save the password inside a file and encrypt it using OpenSSL

Enjoy!

Databases, Intermediate, OS, Uncategorized access, automation, bash, expect, MySQL

The security plugin for MySQL namely Securich has been migrated to google code a while ago for availability and usability purposes. Last week I finished testing and made available version 0.2.0 which includes some important enhancements like

* Added reconciliation from mysql to securich during installation

The above feature enables the installation of securich on instances already in operation without loosing any of the current user base and associated privileges (unlike previous versions which were mostly usable on new instances without user base).

* Added mysql version check for connection kill using processlist view in information_schema available as from 5.1.7

* Added auditing of users changing password via MySQLs own `set_password`
* Added auditing of role creation and updates
* Added auditing of grants / revokes

With auditing, the dba will be able to look at when a particular permission was granted, and by whom, which roles were updated and what kind of update, privilege added/removed as well as auditing of users trying to change passwords through MySQL rather than through Securich which would otherwise possibly make password complexity and aging futile.

Also some naming changes have been made in order to achieve more “MySQL’ly’ like commands:

* Stored proc check_roles was renamed to show_roles
* Stored proc check_role_privileges was renamed to show_privileges_in_roles
* Stored proc check_user_privileges was renamed to show_user_privileges
* Stored proc check_privilege_users was renamed to show_users_with_privilege
* Stored proc check_user_list was renamed to show_user_list
* Stored proc check_user_entries was renamed to show_user_entries
* Stored proc check_full_user_entries was renamed to show_full_user_entrie

Anyone interested in enhancing the functionality of securich can also use the new test scripts implemented in order to make sure nothing was broken by code change.

Bug reports / feature requests can be done through google code at http://code.google.com/p/securich.

Uncategorized

Once upon a time`stamp`, in a `data`base far far away, someone filed a bug named: `Microseconds precision is not retained by TIME, DATETIME, and TIMESTAMP field types.` – Bug Number 8523. This was the beginning of 2005, yet now that we are approaching the end of 2009, after 4.5 years, many (including myself) are still asking for this.

In fairness sake, MySQL have indeed supplied a way to retain milli and micro seconds in a decimal field `DECIMAL(17,3)`, and it is also queryable as if it were a timestamp BUT why isn’t it possible to store in a `DATETIME` or `TIMESTAMP` field? Why can’t we run a ’select now()’ or ’select curtime()’ etc and get a full timestamp including milli / micro seconds?

I have counted 37 different usernames asking for this feature, spanning from 15th Feb 2005 to recently. (list found below)

Some have suggested UDFs, others suggested using log4j while others, pretty annoyed, allegedly went to MS SQL and some to Postgres :). The comments were varied but one thing was quite common … a feeling of frustration and or disappointment, probably because despite all the requests for the feature in question to be implemented, it is still missing.

Back in 2007, Kevin Burton also tried to understand why MySQL doesn’t support milliseconds here. Brian Aker gave his view on the matter (back in 2007) in the first comment on the same blog post.

My point is (yeah about time :)) …. this is quite an important feature!! and I’m hoping a few MySQL developers / project managers / community people might read this blog post and maybe give it some more importance.

Now from the technical side, I am going to describing a way, `someone from MySQL has suggested it to me this week` to store milli and micro seconds. Maybe it’ll help you work your milliseconds requirement out (or maybe not). As to the way to generate milli and micro seconds, there is a UDF written by Mr Wadimoff here which you might use.

Storing:


mysql> create table ttable
-> (
-> timecol decimal(17,3)
-> ) Engine=MyISAM;
Query OK, 0 rows affected (0.04 sec)

mysql> insert into ttable (timecol) values( 20081223094234.572);
Query OK, 1 row affected (0.00 sec)

mysql> insert into ttable (timecol) values( 20090806133004.132);
Query OK, 1 row affected (0.00 sec)

mysql> insert into ttable (timecol) values( 20100411011258.985);
Query OK, 1 row affected (0.00 sec)

mysql> insert into ttable (timecol) values( 20110411011258.985);
Query OK, 1 row affected (0.00 sec)

mysql> select timestamp(timecol) from ttable;
+----------------------------+
| timestamp(timecol) |
+----------------------------+
| 2008-12-23 09:42:34.572000 |
| 2009-08-06 13:30:04.132000 |
| 2010-04-11 01:12:58.985000 |
| 2011-04-11 01:12:58.985000 |
+----------------------------+
4 rows in set (0.00 sec)

mysql> select timecol from ttable where timecol < "20090901000000";
+--------------------+
| timecol |
+--------------------+
| 20081223094234.572 |
| 20090806133004.132 |
+--------------------+
2 rows in set (0.00 sec)

mysql> select timecol from ttable where timecol > "20090901000000";
+--------------------+
| timecol |
+--------------------+
| 20100411011258.985 |
| 20110411011258.985 |
+--------------------+
2 rows in set (0.00 sec)

mysql> select timecol from ttable where timecol > now();
+--------------------+
| timecol |
+--------------------+
| 20100411011258.985 |
| 20110411011258.985 |
+--------------------+
2 rows in set (0.00 sec)

mysql> select datediff(20110411011258.985,20100411011258.985);
+-------------------------------------------------+
| datediff(20110411011258.985,20100411011258.985) |
+-------------------------------------------------+
| 365 |
+-------------------------------------------------+
1 row in set (0.00 sec)

mysql> select timecol, timestamp(timecol) as timestamp ,year(timecol) as year, month(timecol) as month, day(timecol) as day,quarter(timecol) as quarter from ttable;
+--------------------+----------------------------+------+-------+------+---------+
| timecol | timestamp | year | month | day | quarter |
+--------------------+----------------------------+------+-------+------+---------+
| 20081223094234.572 | 2008-12-23 09:42:34.572000 | 2008 | 12 | 23 | 4 |
| 20090806133004.132 | 2009-08-06 13:30:04.132000 | 2009 | 8 | 6 | 3 |
| 20100411011258.985 | 2010-04-11 01:12:58.985000 | 2010 | 4 | 11 | 2 |
| 20110411011258.985 | 2011-04-11 01:12:58.985000 | 2011 | 4 | 11 | 2 |
+--------------------+----------------------------+------+-------+------+---------+
4 rows in set (0.00 sec)

Bug link: http://bugs.mysql.com/bug.php?id=8523

List of people asking for this feature:

[15 Feb 2005 21:47] Christopher Miller
[03 May 2005 19:46] Boris Burtin
[30 Jun 2005 10:52] Yoshiaki Tajika
[06 Mar 2006 22:14] Tim Sheehy
[14 Mar 2006 21:50] Oriol Garrote
[17 Aug 2006 22:15] Sami Shalabi
[01 Apr 2007 05:22] Ben Valentine
[02 Apr 2007 23:25] Eric George
[27 Apr 2007 06:10] Verghese Mappillai
[23 May 2007 20:47] Andrew McLaughlin
[25 May 2007 18:24] Stephen Pietrowicz
[31 May 2007 10:51] harjeev chug
[22 Jun 2007 01:17] Peter McCulloch
[20 Jul 2007 16:42] Daren Schwenke
[03 Aug 2007 04:45] Jean-Guy Mossu
[20 Feb 2008 09:32] bodri bodri
[11 Mar 2008 20:12] Nathan Atkinson
[24 Mar 2008 08:35] Sourav Sipani
[02 Jul 2008 05:03] Michael Haselton
[22 Aug 2008 10:32] Aniruddha Shival
[28 Aug 2008 17:37] Jorge Urdaneta
[29 Aug 2008 22:19] Ben Wern
[05 Sep 2008 10:41] Pavel Alexeev
[19 Dec 2008 14:31] Felix Dierich
[09 Feb 2009 07:58] Gabriele Tozzi
[17 Feb 2009 23:20] Paul Craven
[21 Feb 2009 12:55] Thomas Ene
[27 Feb 2009 12:13] Pascal Calovini
[09 Mar 2009 09:03] Siu Ching Pong (Asuka Kenji)
[12 Mar 2009 19:41] Yu Chen
[02 Apr 2009 02:35] Noel Akins
[02 Apr 2009 13:09] Lars Monsees
[19 Apr 2009 17:30] Ryan Shillington
[22 Apr 2009 09:00] Jeff Peff
[04 May 2009 09:30] alastair knowles
[28 May 2009 11:42] Yuri Kirilin
[31 May 2009 04:37] Peter Thairu

Databases, Intermediate, MySQL, Uncategorized datetime, microsecond, millisecond, timestamp

I would like to start off by excusing myself for having had a broken link on http://www.securich.com/downloads.html when I published the latest blog post about Securich.

The tool is downloadable from there and anyone can use it for free in accordance to GPLv2.

I wanted to throw out tutorial about how to install it and use it (Note this tutorial is for version securich version 0.1.2):

Steps:
1. Download it,
2. Install it,
3. Create a role named 'role1' having privileges: select insert update
4. Check roles,
5. Check role privileges,
6. Create a first user john@machine.domain.com (granting privileges on a whole database employees apart from one table),
7. Create a second user paul@10.0.0.2 (granting privileges on all tables in world having word Country in them),
8. Create a third user peter@localhost (granting privileges on the database test),
9. Check user privileges for (paul),
10. Update role created above and see changes (add delete to role 1),
11. Update password (for paul) and see changes,
12. Clone user paul to judas,
13. Check user privileges
14. Check user,
15. Rename user judas to james,
16. Revoke privileges from third user disconnecting any existing connections from that user (useful if a security breach is suspected or if you are a security paranoid thus wanting to make sure the person you are blocking out won't have any more access as from that point onwards).

1. Go to www.securich.com downloads page and download the install script
2. Untar the install script and run it using ./securich_install.sh and it'll install everything automatically

dcassar@ubuntu:~/Desktop$ ./securich_install.sh
Enter version number: 0.1.1
Which kind of installation would you like to do?
1. Install from file on disk
2. Download and install (recommended)
Enter choice (default 2):

Installation starting
–2009-06-19 16:27:56– http://www.securich.com/downloads/securich.0.1.1.tar.gz
Resolving www.securich.com… 64.202.163.10
Connecting to www.securich.com|64.202.163.10|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 29217 (29K) [application/x-tar]
Saving to: `securich.0.1.1.tar.gz'

100%[=====================================================================================================>] 29,217 64.7K/s in 0.4s

2009-06-19 16:27:59 (64.7 KB/s) – 'securich.0.1.1.tar.gz' saved [29217/29217]

Enter mysql root Password (default ):
Enter mysql Hostname/IP (default 127.0.0.1): localhost
Enter mysql Port (default 3306): 3306
Installation complete

3. #log into mysql
use securich;
call create_update_role('role1','select');
call create_update_role('role1','insert');
call create_update_role('role1','update');
4. call check_roles();
5. call check_role_privileges('role1');
6. call grant_privileges('john' , 'machine.domain.com' , 'employees' , '' , 'alltables' , 'role1' , 'john@domain.com');
call revoke_privileges('john' , 'machine.domain.com' , 'employees' , 'salaries' , 'table' , 'role1' , 'N');
7. call grant_privileges('paul' , '10.0.0.2' , 'world' , '^Country' , 'regexp' , 'role1' , 'paul@domain.com');
8. call grant_privileges('peter' , 'localhost' , 'test' , '' , 'all' , 'role1' , 'peter@domain.com');
9. call check_full_user_entries('paul');
10. call create_update_role('role1','delete');
call check_full_user_entries('paul');
11. call set_password('paul' , '10.0.0.2' , 'password123');
12. call clone_user('paul' , '10.0.0.2' , 'judas' , '10.0.0.2' , 'judas@domain.com');
13. call check_full_user_entries('judas');
14. call check_user_privileges('judas' , '10.0.0.2' , 'world' , 'role1');
15. call rename_user('judas' , 'james' , 'james@domain.com');
16. call create_update_role('role2','execute');
17. call grant_privileges('peter' , 'localhost' , 'securich' , 'my_privileges' , 'storedprocedure' , 'role2' , 'peter@domain.com');

18. #connect to mysql using thirduser peter in another session
show databases;
use securich;
show tables;
call my_privileges('test');
show processlist;

19. call revoke_privileges('peter' , 'localhost' , 'test' , '' , '' , 'role1' , 'Y');

20. #as user peter again from 2nd open instance run
show processlist;

dcassar@ubuntu:~/Desktop$ ./securich_install.sh
Enter version number: 0.1.1
Which kind of installation would you like to do?
1. Install from file on disk
2. Download and install (recommended)
Enter choice (default 2):

Installation starting
–2009-06-19 16:27:56– http://www.securich.com/downloads/securich.0.1.1.tar.gz
Resolving www.securich.com… 64.202.163.10
Connecting to www.securich.com|64.202.163.10|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 29217 (29K) [application/x-tar]
Saving to: `securich.0.1.1.tar.gz'

100%[=====================================================================================================>] 29,217 64.7K/s in 0.4s

2009-06-19 16:27:59 (64.7 KB/s) – `securich.0.1.1.tar.gz' saved [29217/29217]

Enter mysql root Password (default ):
Enter mysql Hostname/IP (default 127.0.0.1): localhost
Enter mysql Port (default 3306): 3306
Installation complete
dcassar@ubuntu:~/Desktop$ mysql -u root -p -h 127.0.0.1 -P 3306 Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 429
Server version: 5.1.33 MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use securich;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> call create_update_role('role1','select');
Query OK, 0 rows affected, 5 warnings (0.03 sec)

mysql> call create_update_role('role1','insert');
Query OK, 0 rows affected (0.04 sec)

mysql> call create_update_role('role1','update');
Query OK, 0 rows affected (0.04 sec)

mysql> call check_roles();
+—-+——-+
| ID | ROLE |
+—-+——-+
| 1 | read |
| 2 | write |
| 3 | role1 |
+—-+——-+
3 rows in set (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

mysql> call check_role_privileges('role1');
+———–+
| PRIVILEGE |
+———–+
| INSERT |
| SELECT |
| UPDATE |
+———–+
3 rows in set (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

mysql> call grant_privileges('john' , 'machine.domain.com' , 'employees' , '' , 'alltables' , 'role1' , 'john@domain.com');
+——————————————————————————————–+
| USER_PASSWORD |
+——————————————————————————————–+
| Password for user — john — contactable at — john@domain.com — is — bfcbd8234d9eb44 — |
+——————————————————————————————–+
1 row in set (0.16 sec)

Query OK, 0 rows affected, 1 warning (0.16 sec)

mysql> call revoke_privileges('john' , 'machine.domain.com' , 'employees' , 'salaries' , 'table' , 'role1' , 'N');
Query OK, 0 rows affected (0.09 sec)

mysql> call grant_privileges('paul' , '10.0.0.2' , 'world' , '^Country' , 'regexp' , 'role1' , 'paul@domain.com');
+——————————————————————————————–+
| USER_PASSWORD |
+——————————————————————————————–+
| Password for user — paul — contactable at — paul@domain.com — is — bc4ab08785e1be6 — |
+——————————————————————————————–+
1 row in set (0.06 sec)

Query OK, 0 rows affected, 1 warning (0.06 sec)

mysql> call grant_privileges('peter' , 'localhost' , 'test' , '' , 'all' , 'role1' , 'peter@domain.com');
+——————————————————————————————-+
| USER_PASSWORD |
+——————————————————————————————-+
| Password for user — peter — contactable at — peter@domain.com — is — 7b3b4746d04b — |
+——————————————————————————————-+
1 row in set (0.04 sec)

Query OK, 0 rows affected (0.04 sec)

mysql> call check_full_user_entries('paul');
+———-+———-+————–+—————–+——-+———–+——-+
| USERNAME | HOSTNAME | DATABASENAME | TABLENAME | ROLE | PRIVILEGE | STATE |
+———-+———-+————–+—————–+——-+———–+——-+
| paul | 10.0.0.2 | world | Country | role1 | INSERT | A |
| paul | 10.0.0.2 | world | Country | role1 | SELECT | A |
| paul | 10.0.0.2 | world | Country | role1 | UPDATE | A |
| paul | 10.0.0.2 | world | CountryLanguage | role1 | INSERT | A |
| paul | 10.0.0.2 | world | CountryLanguage | role1 | SELECT | A |
| paul | 10.0.0.2 | world | CountryLanguage | role1 | UPDATE | A |
+———-+———-+————–+—————–+——-+———–+——-+
6 rows in set (0.01 sec)

Query OK, 0 rows affected, 4 warnings (0.01 sec)

mysql> call create_update_role('role1','delete');
Query OK, 0 rows affected (0.09 sec)

mysql> call check_full_user_entries('paul');
+———-+———-+————–+—————–+——-+———–+——-+
| USERNAME | HOSTNAME | DATABASENAME | TABLENAME | ROLE | PRIVILEGE | STATE |
+———-+———-+————–+—————–+——-+———–+——-+
| paul | 10.0.0.2 | world | Country | role1 | DELETE | A |
| paul | 10.0.0.2 | world | Country | role1 | INSERT | A |
| paul | 10.0.0.2 | world | Country | role1 | SELECT | A |
| paul | 10.0.0.2 | world | Country | role1 | UPDATE | A |
| paul | 10.0.0.2 | world | CountryLanguage | role1 | DELETE | A |
| paul | 10.0.0.2 | world | CountryLanguage | role1 | INSERT | A |
| paul | 10.0.0.2 | world | CountryLanguage | role1 | SELECT | A |
| paul | 10.0.0.2 | world | CountryLanguage | role1 | UPDATE | A |
+———-+———-+————–+—————–+——-+———–+——-+
8 rows in set (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

mysql> call set_password('paul' , '10.0.0.2' , 'password123');
Query OK, 1 row affected (0.02 sec)

mysql> call clone_user('paul' , '10.0.0.2' , 'judas' , '10.0.0.2' , 'judas@domain.com');
+———————————————————————————————-+
| USER_PASSWORD |
+———————————————————————————————-+
| Password for user — judas — contactable at — judas@domain.com — is — 70d5b79d80fab04 — |
+———————————————————————————————-+
1 row in set (0.01 sec)

Query OK, 0 rows affected, 1 warning (0.10 sec)

mysql> call check_full_user_entries('judas');
+———-+———-+————–+—————–+——-+———–+——-+
| USERNAME | HOSTNAME | DATABASENAME | TABLENAME | ROLE | PRIVILEGE | STATE |
+———-+———-+————–+—————–+——-+———–+——-+
| judas | 10.0.0.2 | world | Country | role1 | DELETE | A |
| judas | 10.0.0.2 | world | Country | role1 | INSERT | A |
| judas | 10.0.0.2 | world | Country | role1 | SELECT | A |
| judas | 10.0.0.2 | world | Country | role1 | UPDATE | A |
| judas | 10.0.0.2 | world | CountryLanguage | role1 | DELETE | A |
| judas | 10.0.0.2 | world | CountryLanguage | role1 | INSERT | A |
| judas | 10.0.0.2 | world | CountryLanguage | role1 | SELECT | A |
| judas | 10.0.0.2 | world | CountryLanguage | role1 | UPDATE | A |
+———-+———-+————–+—————–+——-+———–+——-+
8 rows in set (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

mysql> call check_user_privileges('judas' , '10.0.0.2' , 'world' , 'role1');
+———–+
| PRIVILEGE |
+———–+
| DELETE |
| INSERT |
| SELECT |
| UPDATE |
+———–+
4 rows in set (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

mysql> call rename_user('judas' , 'james' , 'james@domain.com');
+———————————————————————————————-+
| USER_PASSWORD |
+———————————————————————————————-+
| Password for user — james — contactable at — james@domain.com — is — 85c2fc100d83884 — |
+———————————————————————————————-+
1 row in set (0.02 sec)

Query OK, 0 rows affected, 1 warning (0.11 sec)

mysql> call create_update_role('role2','execute');
Query OK, 0 rows affected (0.09 sec)

mysql> call grant_privileges('peter' , 'localhost' , 'securich' , 'my_privileges' , 'storedprocedure' , 'role2' , 'peter@domain.com');
Query OK, 0 rows affected (0.08 sec)

mysql> call revoke_privileges('peter' , 'localhost' , 'test' , '' , '' , 'role1' , 'Y');
Query OK, 0 rows affected (0.15 sec)

mysql>

dcassar@ubuntu:~/Desktop$ mysql -u peter -p7b3b4746d04b -h 127.0.0.1 -P 3306
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 437
Server version: 5.1.33 MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show processlist;
+—–+——-+—————–+——+———+——+——-+——————+
| Id | User | Host | db | Command | Time | State | Info |
+—–+——-+—————–+——+———+——+——-+——————+
| 437 | peter | localhost:49022 | NULL | Query | 0 | NULL | show processlist |
+—–+——-+—————–+——+———+——+——-+——————+
1 row in set (0.00 sec)

mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| securich |
| test |
+——————–+
3 rows in set (0.00 sec)

mysql> use securich;
Database changed
mysql> show tables;
Empty set (0.00 sec)

**** Note that the only privileges peter has on securich is on the stored procedure 'my_privileges' and definitely no tables

mysql> call my_privileges('test');
+———–+
| PRIVILEGE |
+———–+
| DELETE |
| INSERT |
| SELECT |
| UPDATE |
+———–+
4 rows in set (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

mysql> show processlist;
+—–+——-+—————–+——+———+——+——-+——————+
| Id | User | Host | db | Command | Time | State | Info |
+—–+——-+—————–+——+———+——+——-+——————+
| 437 | peter | localhost:49022 | NULL | Query | 0 | NULL | show processlist |
+—–+——-+—————–+——+———+——+——-+——————+
1 row in set (0.00 sec)

****** – In the meantime the dba revoked rights with terminate live connections from peter@localhost

mysql> show processlist;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect…
ERROR 1045 (28000): Access denied for user 'peter'@'localhost' (using password: YES)
ERROR:
Can't connect to the server

mysql>

I truly hope you enjoyed this run through. I excuse myself it's a tad too long, but I wished to illustrate some of the cool features of this package.

Cheers,
Darren

PS don't forget to check out Securich HERE

Advanced, MySQL, Uncategorized MySQL, mysql roles, mysql security, password, password history, privileges, roles, security

Giving a bunch of mysql instances something you do everyday and you might think ….. how should I do it? Write a bunch of selects and inserts manually? nahh that takes s**tload of time, should I run binlogs collected from a live system on my test server? nahh thats not practical nor is it real since it doesn’t contain selects, should I gather the general query log and try that out? nahhh  …..

MySQL has been kind enough to supply us with their mysql_slap which does the job for us and given I needed to do a proof of concept on monitoring a group of 4 circular replicated servers I wrote a small script which does the job of slapping them with a varying level of concurrancy, iterations, number of queries and connections for as long as you like.

Here it is and I hope some of you might find it useful for slapping their own test servers :).

#!/bin/bash

NumberOfConcurrentLoads=4
LOGFILE=randomslap-4n-circularreplication

load () {

run=0
#Obtaining pid of the current process
PID=$$

echo "MySQL Slap random loading MySQL instances" >> $LOGFILE-$PID.log
echo "Loading child $a out of $NumberOfConcurrentLoads" >> $LOGFILE-$PID.log
echo "Starting at: `date`" >> $LOGFILE-$PID.log
echo ""

while [ 1 ]
do

#Generate a few values for the actual command to run through
prt=$((RANDOM%4+17001)) #ports being 17001,17002,17003,17004
cnc=$((RANDOM%50+1)) #number of concurrent sessions
itr=$((RANDOM%9+1)) #number of iterations
noq=$((RANDOM%100+50)) #number of queries
sec=$((RANDOM%30+10)) #seconds idle after finishing the process

echo "Run number $run" >> $LOGFILE-$PID.log
echo `date +%Y/%m/%d---%H:%M | sed 's/---/ /'` >> $LOGFILE-$PID.log

echo "Port=$prt" >> $LOGFILE-$PID.log
echo "Concurrency=$cnc" >> $LOGFILE-$PID.log
echo "Iterations=$itr" >> $LOGFILE-$PID.log
echo "Number-Of-Queries=$noq" >> $LOGFILE-$PID.log
echo "Breaktime=$sec" >> $LOGFILE-$PID.log

echo "Output:" >> $LOGFILE-$PID.log
mysqlslap --user=root --password='msandbox' --auto-generate-sql -vv -h hostname -P $prt --concurrency=$cnc --iterations=$itr --number-of-queries=$noq >> $LOGFILE-$PID.log

run=`expr $run + 1`
sleep $sec

done

}
#Fork a number of concurrent scripts to emulate more of a realistic load rather than one process connecting to just one server at a time
for ((a=1;a<=NumberOfConcurrentLoads;a++))
do
load &
done

If you are wondering … yes I totally indendate my code :) but the html version came out this way and I didn’t bother with indenting it using html really.

Beginner, Databases, Intermediate, MySQL, Uncategorized benchmarking, monitoring, mysqlslap, testing