Objective
Use an Amazon RDS database instance to host the Contrast database for a distributed EOP Installation.
Process
As documented in Step 6. here, the usual configuration for the Contrast database user is to grant all privileges using:
GRANT ALL PRIVILEGES ON *.* TO 'contrast'@'%';
With an RDS instance, even the admin user that is provided for managing your instance does not possess all privileges, so it will be impossible to configure the contrast user as suggested.
Instead, the maximum permission level you can set for the contrast user is as follows:
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'contrast'@'%' WITH GRANT OPTION;
In addition to configuring the user as such, the following steps need also be taken to avoid potential issues:
Modify RDS Database Parameters
In the Amazon RDS Management Console, edit the Parameter Group for the database as follows:
- Set
max_allowed_packet
to1073741824
(this allows the database to handle larger packets and strings). - Set the
log_bin_trust_function_creators
database parameter to1
(see here for details).
Modify Database Connection Properties
An additional change may be necessary if the following error is seen in the log:
ERROR (AgentMessageJpaDAO.java:80) Could not call Aggregate Master Procedure
If that error is logged then make the following change:
- Add the parameter
noAccessToProcedureBodies=true
to thejdbc.url
setting in thedatabase.properties
file (details on how to edit this file are here).
TLS Enabled Database Connections
If the RDS database instance requires TLS connections, please refer to the additional instructions in this article to complete the configuration.