Configuring a distributed EOP Installation using an Azure MySQL database instance

  • Updated

Objective

Use an Azure MySQL database instance to host the Contrast database for a distributed EOP Installation.

As documented in the Contrast System Requirements, current versions of Contrast (3.9.1 and above) require MySQL 8.0.27 at a minimum. 
Legacy "Azure Database for MySQL" instances are 8.0.15, which the Contrast Installer will reject, so it is highly recommended to use the newer "Azure Database for MySQL - Flexible Server" which is MySQL version 8.0.32.

Process

Configure the Database User Permissions

As documented in Step 7 here, the usual configuration for the Contrast database user is to grant all privileges using the following query:

 GRANT ALL PRIVILEGES ON *.* TO 'contrast'@'%';

However, with an Azure MySQL database, even the admin user that is provided for managing your instance does not possess all privileges (you will receive an Error Code 1045: Access denied when attempting to grant all privileges to any user), so it will be impossible to configure the contrast user as suggested.

Instead, the maximum permission level you can set for the contrast user is as follows:

GRANT 
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES,
INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE,
REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE,
ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE ROLE, DROP ROLE 
ON *.* TO 'contrast'@'%' WITH GRANT OPTION;

Modify Server Parameters

In addition to configuring the user as above, the following changes to the Database Server Parameters should also be taken to avoid potential issues:

In the Azure Management Console, edit the Server Parameters for the database as follows:

  • Set max_allowed_packet to 1073741824 (this allows the database to handle larger packets and strings).
  • Set the log_bin_trust_function_creators parameter to ON.
  • Set the explicit_defaults_for_timestamp parameter to OFF.
  • Set the wait_timeout parameter to 360 (to avoid this issue).

TLS Enabled Database Connections

If the Azure database instance requires TLS connections, please refer to the additional instructions in this article to complete the configuration.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request