Create a distributed MySQL environment

You can use an external MySQL database (an open-source database that runs on both Windows and Linux) with your existing on-premises installation. For example, this is necessary if you are using a distributed deployment of Contrast.

  1. Install and configure a supported version of MySQL on the database server host.

  2. Create a maintenance window for Contrast downtime.

  3. Back up the embedded MySQL database.

  4. Connect to MySQL. Replace <jdbc.host>, <jdbc.port>, <jdbc.user> and <jdbc.schema> with your host, port, user and schema.

    • Windows:

      mysql -h <jdbc.host> -P <jdbc.port> -u <jdbc.user> -p <jdbc.schema>
    • Linux:

      ./mysql -h <jdbc.host> -P <jdbc.port> -u <jdbc.user> -p <jdbc.schema>
  5. Create the Contrast database with create database <jdbc.schema>;.

  6. Grant permissions to the Contrast user with GRANT ALL PRIVILEGES ON *.* to 'contrast'@'%';.

  7. Exit from MySQL.

  8. Restore the MySQL backup. Replace <backup_location> with your backup location and <backup_filename> with your backup filename.

    • Windows:

      mysql -h <jdbc.host> -P <jdbc.port> -u <jdbc.user> -p <jdbc.schema> < <backup_location>/<backup_filename>
    • Linux:

      ./mysql -h <jdbc.host> -P <jdbc.port> -u <jdbc.user> -p <jdbc.schema> < <backup_location>/<backup_filename>
  9. Update the configuration in the encrypted properties editor. Edit the encrypted file $CONTRAST_HOME/data/conf/database.properties. Look for database.type; if it doesn’t exist, create a new property. Set this value to distributed and modify the database connection values to point to the distributed database you want to use.

    user@ubuntu:/opt/contrast/bin$ ./edit-properties  -e ../data/esapi/ -f ../data/conf/database.properties
    jdbc.type                                         : MYSQL
    database.prod.dir                                 : /opt/contrast/data/db
    jdbc.debug                                        : false
    jdbc.pass                                         : pass
    jdbc.schema                                       : contrast
    jdbc.host                                         : ubuntu
    database.bk.time                                  : 6:39:14
    jdbc.port                                         : 3306
    database.bk.enabled                               : false
    database.enabled                                  : true
    jdbc.url                                          : jdbc:mysql://ubuntu:3306/contrast
    jdbc.user                                         : contrast
    database.bk.dir                                   : /opt/contrast/data/backups/db
    jdbc.dialect                                      : com.aspectsecurity.contrast.teamserver.persistence.CustomMySQL5Dialect
    jdbc.driver                                       : com.mysql.jdbc.Driver
    
    Enter the name of the property to edit [q to Quit]: database.type
    Create new Property [database.type](y/N): y
    Enter a value for the property: distributed
    
    jdbc.type                                         : MYSQL
    database.prod.dir                                 : /opt/contrast/data/db
    jdbc.debug                                        : false
    jdbc.pass                                         : pass
    jdbc.schema                                       : contrast
    jdbc.host                                         : ubuntu
    database.bk.time                                  : 6:39:14
    jdbc.port                                         : 3306
    database.bk.enabled                               : false
    database.enabled                                  : true
    database.type                                     : distributed
    jdbc.url                                          : jdbc:mysql://ubuntu:3306/contrast
    jdbc.user                                         : contrast
    database.bk.dir                                   : /opt/contrast/data/backups/db
    jdbc.dialect                                      : com.aspectsecurity.contrast.teamserver.persistence.CustomMySQL5Dialect
    jdbc.driver                                       : com.mysql.jdbc.Driver
    
    Enter the name of the property to edit [q to Quit]:

    Note

    If you’re converting from a default embedded database configuration to a distributed configuration, database.bk.enabled also needs to be set to false. It’s your responsibility to configure your own backups when running a distributed database configuration with Contrast.

  10. Restart Contrast.

Tip

Work with your Operations and/or Database team to ensure a secure and durable installation.

You can use a snippet of Ansible that you can use to install the MySQL on Ubuntu 14.04.

You can also download the gpg. keyfile from MySQL. Contrast changes the bind address to "*" above for illustration, but recommends binding your MySQL server to the IP of your application server. Create a user and grants that offer access to only the Contrast schema and limited to the host IP address or subnet.