Create a distributed MySQL environment
You can use an external MySQL database (an open-source database that runs on both Windows and Linux) with your existing on-premises installation. For example, this is necessary if you are using a distributed deployment of Contrast.
Tip
Work with your Operations and/or Database team to ensure a secure and durable installation.
You can use a snippet of Ansible that you can use to install the MySQL on Ubuntu 14.04.
You can also download the gpg. keyfile from MySQL. Contrast changes the bind address to "*", but recommends binding your MySQL server to the IP of your application server. Create a user and grants that offer access to only the Contrast schema and limited to the host IP address or subnet.
Steps
In the following steps, replace <jdbc.host>, <jdbc.port>, <jdbc.user>, <jdbc.pass>, and <jdbc.schema> with your host, port, user, password, and schema.
Install and configure a supported version of MySQL on the database server host.
Create a maintenance window for Contrast downtime.
Connect to MySQL.
Windows:
mysql -h <jdbc.host> -P <jdbc.port> -u <jdbc.user> -p <jdbc.schema>
Linux:
./mysql -h <jdbc.host> -P <jdbc.port> -u <jdbc.user> -p <jdbc.schema>
Create the Contrast database with this command:
create database <jdbc.schema>;Create a MySQL user with this command:
CREATE USER '<jdbc.user>'@'%' IDENTIFIED BY '<jdbc.pass>';
Grant permissions for the Contrast user with this command:
GRANT ALL PRIVILEGES ON *.* to '<jdbc.user>'@'%';.
Exit from MySQL.
Restore the MySQL backup. Replace
<backup_location>with your backup location and<backup_filename>with your backup filename.Windows:
mysql -h <jdbc.host> -P <jdbc.port> -u <jdbc.user> -p <jdbc.schema> < <backup_location>/<backup_filename>
Linux:
./mysql -h <jdbc.host> -P <jdbc.port> -u <jdbc.user> -p <jdbc.schema> < <backup_location>/<backup_filename>
Update the configuration in the encrypted properties editor. Edit the encrypted file
$CONTRAST_HOME/data/conf/database.properties. Look fordatabase.type; if it doesn’t exist, create a new property. Set this value todistributedand modify the database connection values to point to the distributed database you want to use.user@ubuntu:/opt/contrast/bin$ ./edit-properties -e ../data/esapi/ -f ../data/conf/database.properties jdbc.type : MYSQL database.prod.dir : /opt/contrast/data/db jdbc.debug : false jdbc.pass : pass jdbc.schema : contrast jdbc.host : ubuntu database.bk.time : 6:39:14 jdbc.port : 3306 database.bk.enabled : false database.enabled : true jdbc.url : jdbc:mysql://ubuntu:3306/contrast jdbc.user : contrast database.bk.dir : /opt/contrast/data/backups/db jdbc.dialect : com.aspectsecurity.contrast.teamserver.persistence.CustomMySQL5Dialect jdbc.driver : com.mysql.jdbc.Driver Enter the name of the property to edit [q to Quit]: database.type Create new Property [database.type](y/N): y Enter a value for the property: distributed jdbc.type : MYSQL database.prod.dir : /opt/contrast/data/db jdbc.debug : false jdbc.pass : pass jdbc.schema : contrast jdbc.host : ubuntu database.bk.time : 6:39:14 jdbc.port : 3306 database.bk.enabled : false database.enabled : true database.type : distributed jdbc.url : jdbc:mysql://ubuntu:3306/contrast jdbc.user : contrast database.bk.dir : /opt/contrast/data/backups/db jdbc.dialect : com.aspectsecurity.contrast.teamserver.persistence.CustomMySQL5Dialect jdbc.driver : com.mysql.jdbc.Driver Enter the name of the property to edit [q to Quit]:
Note
If you’re converting from a default embedded database configuration to a distributed configuration,
database.bk.enabledalso needs to be set tofalse. It’s your responsibility to configure your own backups when running a distributed database configuration with Contrast.If your on-premises installation is on a Windows system, remove the
contrast-serverservice dependency on MySQL.Before you restart Contrast, remove the
contrast-serverservice dependency on the MySQL service with the following command:sc config contrast-server depend= ""