Thursday, January 17, 2008

Zoned MySQL With Secure phpMyAdmin

Hello again,

In light of Sun's announcement of intent to acquire of MySQL AB, I thought it would be cool to show you how easy it is to set up a zone running MySQL with a fully configured and secure MySQL web console courtesy of phpMyAdmin.

This example does the following
  • adds a non-global zone called mysql,
  • places the zone in /zones/mysql,
  • sets the non-global zone root user password,
  • disables all un-necessary services,
  • adds a network interface,
  • sets up name resolution (e.g. DNS),
  • remotely installs apache2, phpmyadmin, mysql5, and php5_mysql from blastwave.org,
  • copies the simple mysql.sh script from the global zone into the non-global zone,
  • and lastly runs the mysql.sh script in the non-global zone.
Here is the example invocation of The Zone Manager:
# zonemgr -a add -n mysql -z /zones -P pw -s lock \
    -I "192.168.1.22|bfe0|24|mysql" \
    -C /etc/resolv.conf \
    -C "/etc/nsswitch.dns|/etc/nsswitch.conf" \
    -G apache2 -G phpmyadmin -G mysql5 -G php5_mysql \
    -C /mysql.sh -X /mysql.sh
Upon completion, I enter into my browser the secure URL https://mysql and voila, I get the following phpMyAdmin login page.



The default control user is myadmin and the default password is pw. However, you can specify these by passing the appropriate parameters to the mysql.sh script listed below:
Usage: mysql.sh [options]
where options include the following:
-m <password> # MySQL root user password. Defaults to pw
-u <user>     # Control user. Defaults to myadmin
-p <password> # Control user password. Defaults to pw
-h <zonehost> # Zone host name? Defaults to mysql
Of course, there are many other things that you could have also done with The Zone Manager like
  • Read-write mounted one or more directories from the global zone into the non-global zone with the -w flag,
  • Read-only mounted one or more directories from the global zone into the non-global zone with the -r flag,
  • Set the root user's home directory and shell,
  • Minimize (for whole root zones). e.g. Remove all un-necessary packages, or
  • Assign or revoke specific privileges of the zone.
Enjoy!

Brad

PS: In order to tantalize your taste buds, the next version of The Zone Manager also has the ability to assign to a non-global zone shared and dedicated resources such as CPUs, RAM, and swap. This next version also has a unified filesystem management format for formatting (optional) and mounting just about any storage device (including a file) for the dedicated use of a specific zone. Way cool!



Posted by Brad Diggs at 2:07 PM
Labels:

2 comments:

Ron said...

zonemgr & mysql.sh did the job of building the zone with no apparent problems. However, using firefox, https://canuck (an existing test IP) returned "canuck has sent an incorrect or unexpected message. Error Code: -12263

Any ideas? (I'm a SysAdmin, not an application expert.)

--ron

January 22, 2008 10:11 AM
Ron said...

Ignore the previous comment. My bad. Had I left your scripts unchanged, it would have worked flawlessly.As it was, I have an existing test IP. Onece I changes the conf files to point to host canuck, it worked. Nice product.

--ron

January 22, 2008 12:11 PM

Post a Comment

Subscribe to: Post Comments (Atom)