Objective
Use an Azure MySQL database instance to host the Contrast database for a distributed EOP Installation.
Legacy "Azure Database for MySQL" instances are 8.0.15, which the Contrast Installer will reject, so it is highly recommended to use the newer "Azure Database for MySQL - Flexible Server" which is MySQL version 8.0.32.
Process
Configure the Database User Permissions
As documented in Step 7 here, the usual configuration for the Contrast database user is to grant all privileges using the following query:
GRANT ALL PRIVILEGES ON *.* TO 'contrast'@'%';
However, with an Azure MySQL database, even the admin user that is provided for managing your instance does not possess all privileges (you will receive an Error Code 1045: Access denied when attempting to grant all privileges to any user), so it will be impossible to configure the contrast user as suggested.
Instead, the maximum permission level you can set for the contrast user is as follows:
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE ROLE, DROP ROLE ON *.* TO 'contrast'@'%' WITH GRANT OPTION;
Modify Server Parameters
In addition to configuring the user as above, the following changes to the Database Server Parameters should also be taken to avoid potential issues:
In the Azure Management Console, edit the Server Parameters for the database as follows:
- Set
max_allowed_packet
to1073741824
(this allows the database to handle larger packets and strings). - Set the
log_bin_trust_function_creators
parameter toON
. - Set the
explicit_defaults_for_timestamp
parameter toOFF
. - Set the
wait_timeout parameter
to360
(to avoid this issue).
TLS Enabled Database Connections
If the Azure database instance requires TLS connections, please refer to the additional instructions in this article to complete the configuration.