@@ -166,13 +166,19 @@ MySQL. See :ref:`install-database-on-separate-node`.
166166
167167 setenforce permissive
168168
169-
170- on the database.
169+
170+
171+ The cloudstack-setup-databases script is used for creating the cloudstack
172+ databases (cloud, cloud_usage), creating a user (cloud), granting permissions
173+ to the user and preparing the tables for the first startup of the management
174+ server.
175+
176+ The following command creates the "cloud" user on the database.
171177
172178 .. parsed-literal ::
173179
174180 cloudstack-setup-databases cloud:<dbpassword>@localhost \
175- --deploy-as=root:<password> \
181+ [ --deploy-as=root:<password> | --schema-only ] \
176182 -e <encryption_type> \
177183 -m <management_server_key> \
178184 -k <database_key> \
@@ -187,6 +193,37 @@ MySQL. See :ref:`install-database-on-separate-node`.
187193 the root user is deploying the database and creating the "cloud"
188194 user.
189195
196+ - (Optional) There is an option to bypass the creating of the databases,
197+ user and granting permissions to the user. This is useful if you don't
198+ want to expose your root credentials but still want the database to
199+ be prepared for first start up. These skipped steps will have had to be
200+ done manually prior to executing this script. This behaviour can be
201+ envoked by passing the --schema-only flag. This flag conflicts with the
202+ --deploy-as flag so the two cannot be used together. To set up the
203+ databases and user manually before executing the script with the flag,
204+ these commands can be executed:
205+
206+ .. code :: mysql
207+
208+ -- Create the cloud and cloud_usage databases
209+ CREATE DATABASE `cloud`;
210+ CREATE DATABASE `cloud_usage`;
211+
212+ -- Create the cloud user
213+ CREATE USER cloud@`localhost` identified by '<password>';
214+ CREATE USER cloud@`%` identified by '<password>';
215+
216+ -- Grant all privileges to the cloud user on the databases
217+ GRANT ALL ON cloud.* to cloud@`localhost`;
218+ GRANT ALL ON cloud.* to cloud@`%`;
219+
220+ GRANT ALL ON cloud_usage.* to cloud@`localhost`;
221+ GRANT ALL ON cloud_usage.* to cloud@`%`;
222+
223+ -- Grant process list privilege for all other databases
224+ GRANT process ON *.* TO cloud@`localhost`;
225+ GRANT process ON *.* TO cloud@`%`;
226+
190227\_ type, use file or web to indicate the
191228 technique used to pass in the database encryption password.
192229 Default: file. See :ref: `about-password-key-encryption `.
@@ -207,7 +244,6 @@ MySQL. See :ref:`install-database-on-separate-node`.
207244 cluster management server node IP. If not specified, the local IP
208245 address will be used.
209246
210-
211247 When this script is finished, you should see a message like
212248 “Successfully initialized the database.”
213249
@@ -363,8 +399,23 @@ same node for MySQL. See `“Install the Database on the Management Server Node
363399
364400#. Return to the root shell on your first Management Server.
365401
366- #. Set up the database. The following command creates the cloud user on
367- the database.
402+ #. Set up the database.
403+
404+ The cloudstack-setup-databases script is used for creating the cloudstack
405+ databases (cloud, cloud_usage), creating a user (cloud), granting permissions
406+ to the user and preparing the tables for the first startup of the management
407+ server.
408+
409+ The following command creates the cloud user on the database.
410+
411+ .. parsed-literal ::
412+
413+ cloudstack-setup-databases cloud:<dbpassword>@<ip address mysql server> \
414+ [ --deploy-as=root:<password> | --schema-only ]\
415+ -e <encryption_type> \
416+ -m <management_server_key> \
417+ -k <database_key> \
418+ -i <management_server_ip>
368419
369420
370421 user. You can choose to provide no password.
@@ -374,15 +425,46 @@ same node for MySQL. See `“Install the Database on the Management Server Node
374425 the root user is deploying the database and creating the cloud
375426 user.
376427
428+ - (Optional) There is an option to bypass the creating of the databases,
429+ user and granting permissions to the user. This is useful if you don't
430+ want to expose your root credentials but still want the database to
431+ be prepared for first start up. These skipped steps will have had to be
432+ done manually prior to executing this script. This behaviour can be
433+ envoked by passing the --schema-only flag. This flag conflicts with the
434+ --deploy-as flag so the two cannot be used together. To set up the
435+ databases and user manually before executing the script with the flag,
436+ these commands can be executed:
437+
438+ .. code :: mysql
439+
440+ -- Create the cloud and cloud_usage databases
441+ CREATE DATABASE `cloud`;
442+ CREATE DATABASE `cloud_usage`;
443+
444+ -- Create the cloud user
445+ CREATE USER cloud@`localhost` identified by '<password>';
446+ CREATE USER cloud@`%` identified by '<password>';
447+
448+ -- Grant all privileges to the cloud user on the databases
449+ GRANT ALL ON cloud.* to cloud@`localhost`;
450+ GRANT ALL ON cloud.* to cloud@`%`;
451+
452+ GRANT ALL ON cloud_usage.* to cloud@`localhost`;
453+ GRANT ALL ON cloud_usage.* to cloud@`%`;
454+
455+ -- Grant process list privilege for all other databases
456+ GRANT process ON *.* TO cloud@`localhost`;
457+ GRANT process ON *.* TO cloud@`%`;
458+
377459\_ type, use file or web to indicate the
378460 technique used to pass in the database encryption password.
379461 Default: file. See :ref: `about-password-key-encryption `.
380462
381463 - (Optional) For management\_ server\_ key, substitute the default key
382464 that is used to encrypt confidential parameters in the CloudStack
383465 properties file. Default: password. It is highly recommended that
384- you replace this with a more secure value. See About Password and
385- Key Encryption .
466+ you replace this with a more secure value. See
467+ :ref: ` about-password-key-encryption ` .
386468
387469 - (Optional) For database\_ key, substitute the default key that is
388470 used to encrypt confidential parameters in the CloudStack
0 commit comments