Managing	  a	  shared	  MySQL	  farm Thijs	  Feryn Evangelist +32	  (0)9	  218	  79	  06 thijs@combellgroup.com phpDay Fri...
About	  me I’m	  an	  evangelist	  at	  Combell
About	  me I’m	  a	  board	  member	  at	  PHPBenelux
I	  live	  in	  the	  wonderful	  city	  of	  Bruges      MPBecker	  -­‐	  Bruges	  by	  Night	  hYp://www.flickr.com/photo...
Follow	  me	  on	  TwiYer:	  @ThijsFerynGive	  me	  feedback:	  hYp://joind.in/3003  Read	  my	  blog:	  hYp://blog.feryn.eu
Challenges
Challenges  ✓Management	  across	  mulaple	  nodes  ✓Aggregaang	  data	  from	  mulaple	  nodes  ✓Name	  clashes  ✓Quota	 ...
Soluaons
Soluaons ✓Centralized	  provisioning	  database ✓GeYers	  on	  the	  provisioning	  database ✓Node	  mapper	  for	  user/d...
Provisioning	  plan
User         Database✓Id           ✓Id✓Prefix        ✓Node✓Username     ✓Prefix✓Password     ✓Database✓Enabled      ✓Quota✓D...
Mapping	  uses	  cases	  to	  SQL
MySQL	  authenacaaon	  &	  privilege	  system
✓Add	  user✓Delete	  user✓Reset	  user	  password✓Disable	  user✓Enable	  user
Add	  userINSERT INTO `user`(`prefix`,`username`,`password`,`createdate`)VALUES(‘test’,‘test_user’,‘mypass123’,NOW());
Delete	  userDELETE FROM `user`WHERE username=‘test_user’;DELETE u.*, db.* FROM `mysql`.`user` uLEFT JOIN `mysql`.`db` dbO...
Reset	  user	  passwordUPDATE `user`SET `password` = ‘newpass123’WHERE `username` = ‘test_user’;UPDATE `mysql`.`user`SET `...
Disable	  userUPDATE `user`SET `enabled` = 0WHERE `username` = ‘test_user’;UPDATE `mysql`.`user`SET `Host` = ‘localhost’WH...
Enable	  userUPDATE `user`SET `enabled` = 1WHERE `username` = ‘test_user’;UPDATE `mysql`.`user`SET `Host` = ‘%’WHERE `User...
✓Add	  database✓Delete	  database✓Set	  database	  quota✓Disable	  database✓Enable	  database
Add	  databaseINSERT INTO `database`(`node`,`prefix`,`database`,`quota`,`createdate`) VALUES(1,‘test’,‘test_db’,10,NOW());...
Delete	  databaseDELETE FROM `database`WHERE `database` = ‘test_db’;
Delete	  database                                          Are	                                       linked	  to	  this	 ...
Delete	  databaseDELETE u.*, db.*FROM `user` uLEFT JOIN `db` dbON(db.`User` = u.`User`)WHERE u.`User` IN(test_user’);     ...
Delete	  databaseDROP DATABASE test_db;
Set	  database	  quotaUPDATE `database`SET `quota` = 100WHERE `database` = ‘test_db’;
Disable	  databaseUPDATE `database` SET`enabled` = 0WHERE `database` = ‘test_db’;DELETE FROM `db`WHERE db = test_db’;
Enable	  databaseUPDATE `database` SET`enabled` = 1WHERE `database` = ‘test_db’;
Enable	  databaseSELECT u.username, u.writeFROM user uWHERE u.databaseId = 123                                     Find	  ...
Enable	  databaseINSERT INTO `db`(Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant...
Write	  Enable	  database                  permissionsVALUES(‘%’,‘test_db’,‘test_user’,Y,Y,Y,Y,Y,Y,N,Y,Y,Y,Y,Y,Y,Y,Y,Y,Y);...
✓Grant	  privilege✓Revoke	  privilege✓Enable	  database	  wriang✓Disable	  database	  wriang
Write	  Grant	  privilege            permissionsUPDATE `user`SET `databaseId`=123, `write`=1WHERE `username`= ‘test_user’;...
Grant	  privilege                                    Try	                             adding	  user	  or	                 ...
Grant	  privilegeINSERT INTO `db`(Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant...
Write	  Grant	  privilege                  permissionsVALUES(‘%’,‘test_db’,‘test_user’,Y,Y,Y,Y,Y,Y,N,Y,Y,Y,Y,Y,Y,Y,Y,Y,Y);...
Revoke	  privilegeUPDATE `user`SET `databaseId`= NULL, `write`= NULLWHERE `user`= ‘test_user’;DELETE u.*, db.* FROM `user`...
Enable	  database	  wriangUPDATE `user` SET `write`= 1WHERE `username` = ‘test_user’;
Enable	  database	  wriangUPDATE `db` SET`Select_priv` = Y,`Insert_priv` = Y,UPDATE `user`Y,`Delete_priv` 1`Update_priv` =...
Disable	  database	  wriangUPDATE `user` SET `write`= 0WHERE `username` = ‘test_user’;
Disable	  database	  wriangUPDATE `db` SET`Select_priv` = Y,`Insert_priv` = N,UPDATE `user`N,`Delete_priv` 1`Update_priv` ...
Quota	  management
Quota	  management✓Limits	  in	  provisioning	  database✓Current	  usage	  stored	  in	  INFORMATION_SCHEMA✓Raao	  calcula...
Quota	  managementSELECT `database`,`quota`FROM `database`SELECT TABLE_SCHEMA as `database`,ROUND(SUM(DATA_LENGTH + INDEX_...
Quota	  managementUPDATE `database`SET `overquota` = 1WHERE `database` = ‘test_db’;
Quota	  managementUPDATE `db` SET`Select_priv` = Y,`Insert_priv` = N,`Update_priv` = N,`Delete_priv` = Y,`Create_priv` = N...
Quota	  managementUPDATE `database`SET `overquota` = 0WHERE `database` = ‘test_db’;
Quota	  managementUPDATE `db` SET`Select_priv` = Y,`Insert_priv` = Y,`Update_priv` = Y,`Delete_priv` = Y,`Create_priv` = Y...
Goals
Single	  point	  of	  management
Single	  point	  of	  connecaon
Replicaaon	  &	  loadbalancing
Proxying	  strategies
Server	  proxy
Goal
Goal✓	  Accept	  connecaon	  using	  the	  proxy✓Hook	  into	  the	  authenacaaon✓Match	  user	  to	  the	  provisioning	 ...
Reality
Reality✓	  Accept	  connecaon	  using	  the	  proxy✓Hook	  into	  the	  authenacaaon✓Match	  user	  to	  the	  provisionin...
RealityConnecaon	  switching	  only	  happens	  in	  the	          connect_server	  hook  Auth	  info	  is	  only	  availa...
Bridge	  the	  gap     Redirect	  to	  node	  based	  on	  client	  IP
Let’s	  see	  some	  code	  !
Coderequire(luarocks.require)require(md5)require(Memcached)require(luasql.mysql)local	  memcache	  =	  Memcached.Connect()...
Codefunction	  error_result	  (msg)	   proxy.response	  =	  {	   	       type	  =	  proxy.MYSQLD_PACKET_ERR,	   	       er...
function	  node_get(ip)	     local	  node	  =	  memcache:get(md5.sumhexa(ip))Code	  	     if	  not	  node	  ==	  nil	  the...
function	  sql_get(ip)	  	       env	  =	  assert	  (luasql.mysql())Code	       con	  =	  assert	  (env:connect(mysqldatab...
Codefunction	  connect_server()	  	  	  	  selectedNode	  =	  node_get(proxy.connection.client.src.address)	  	  	  	  if	...
Reality  MySQL	  Proxy	  is	  not	  acavely	  supported
Client	  proxy
MySQL	  Naave	  Driver	  Plugins
MySQL	  Naave	  Driver	  Plugins✓	  Accept	  connecaon	  using	  the	  proxy✓Hook	  into	  the	  authenacaaon✓Match	  user...
DNS	  &	  hostnames             Hostname	  per	  account
What	  about	  PhpMyAdmin?
What	  about	  PhpMyAdmin?✓Use	  single	  signon	  auth	  module✓Use	  customized	  fallback	  auth	  module✓Detect	  link...
config.inc.php<?php$cfg[Servers][1][auth_type] = httpsoap;$cfg[Servers][1][host] = 1.2.3.4;$cfg[Servers][1][connect_type] =...
scripts/signon.php<?phpif (isset($_REQUEST[user])) {    try{        $soap = new SoapClient(http://my.soap-webservice.net/?...
scripts/signon.php    session_set_cookie_params(0, /, , 0);    $session_name = SSOSession;    session_name($session_name);...
scripts/signon-­‐logout.php<?phpsession_set_cookie_params(0, /, , 0);$session_name = SSOSession;session_name($session_name...
Customized	  fallback	  auth	  module✓Copy	  of	  ./libraries/auth/h4p.auth.lib.php✓Modify	  PMA_auth_set_user()	  funcaon...
libraries/auth/hYpsoap.auth.lib.php<?phpfunction PMA_auth_set_user(){    global $cfg, $server;    global $PHP_AUTH_USER, $...
libraries/auth/hYpsoap.auth.lib.phpif ($cfg[Server][user] != $PHP_AUTH_USER) {  $servers_cnt = count($cfg[Servers]);  for ...
Q&A
Managing a shared_mysql_farm_phpday2011
Managing a shared_mysql_farm_phpday2011
Managing a shared_mysql_farm_phpday2011
Upcoming SlideShare
Loading in …5
×

Managing a shared_mysql_farm_phpday2011

1,367 views
1,274 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,367
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Managing a shared_mysql_farm_phpday2011

  1. 1. Managing  a  shared  MySQL  farm Thijs  Feryn Evangelist +32  (0)9  218  79  06 thijs@combellgroup.com phpDay Friday  May  13th  2011 Verona,  Italy
  2. 2. About  me I’m  an  evangelist  at  Combell
  3. 3. About  me I’m  a  board  member  at  PHPBenelux
  4. 4. I  live  in  the  wonderful  city  of  Bruges MPBecker  -­‐  Bruges  by  Night  hYp://www.flickr.com/photos/galverson2/3715965933
  5. 5. Follow  me  on  TwiYer:  @ThijsFerynGive  me  feedback:  hYp://joind.in/3003 Read  my  blog:  hYp://blog.feryn.eu
  6. 6. Challenges
  7. 7. Challenges ✓Management  across  mulaple  nodes ✓Aggregaang  data  from  mulaple  nodes ✓Name  clashes ✓Quota  management
  8. 8. Soluaons
  9. 9. Soluaons ✓Centralized  provisioning  database ✓GeYers  on  the  provisioning  database ✓Node  mapper  for  user/db/privilege   management ✓INFORMATION_SCHEMA  for  quota   management ✓Prefixes  to  avoid  name  clashes
  10. 10. Provisioning  plan
  11. 11. User Database✓Id ✓Id✓Prefix ✓Node✓Username ✓Prefix✓Password ✓Database✓Enabled ✓Quota✓DatabaseId ✓Enabled✓Write ✓Overquota✓CreateDate ✓CreateDate✓UpdateDate ✓UpdateDate
  12. 12. Mapping  uses  cases  to  SQL
  13. 13. MySQL  authenacaaon  &  privilege  system
  14. 14. ✓Add  user✓Delete  user✓Reset  user  password✓Disable  user✓Enable  user
  15. 15. Add  userINSERT INTO `user`(`prefix`,`username`,`password`,`createdate`)VALUES(‘test’,‘test_user’,‘mypass123’,NOW());
  16. 16. Delete  userDELETE FROM `user`WHERE username=‘test_user’;DELETE u.*, db.* FROM `mysql`.`user` uLEFT JOIN `mysql`.`db` dbON(db.`User` = u.`User`)WHERE u.`User` = ‘test_user’;
  17. 17. Reset  user  passwordUPDATE `user`SET `password` = ‘newpass123’WHERE `username` = ‘test_user’;UPDATE `mysql`.`user`SET `Password` = PASSWORD(‘newpass123’)WHERE `User`= ‘test_user’;
  18. 18. Disable  userUPDATE `user`SET `enabled` = 0WHERE `username` = ‘test_user’;UPDATE `mysql`.`user`SET `Host` = ‘localhost’WHERE `User`= ‘test_user’
  19. 19. Enable  userUPDATE `user`SET `enabled` = 1WHERE `username` = ‘test_user’;UPDATE `mysql`.`user`SET `Host` = ‘%’WHERE `User`= ‘test_user’
  20. 20. ✓Add  database✓Delete  database✓Set  database  quota✓Disable  database✓Enable  database
  21. 21. Add  databaseINSERT INTO `database`(`node`,`prefix`,`database`,`quota`,`createdate`) VALUES(1,‘test’,‘test_db’,10,NOW());CREATE DATABASE test_db1;
  22. 22. Delete  databaseDELETE FROM `database`WHERE `database` = ‘test_db’;
  23. 23. Delete  database Are   linked  to  this   databaseSELECT u.usernameFROM `user` uWHERE u.databaseId = 123GROUP BY u.username; Find   deletable  users  to   delete  from  MySQL     privileges  system
  24. 24. Delete  databaseDELETE u.*, db.*FROM `user` uLEFT JOIN `db` dbON(db.`User` = u.`User`)WHERE u.`User` IN(test_user’); Delete these  users  from   MySQL    privileges   system
  25. 25. Delete  databaseDROP DATABASE test_db;
  26. 26. Set  database  quotaUPDATE `database`SET `quota` = 100WHERE `database` = ‘test_db’;
  27. 27. Disable  databaseUPDATE `database` SET`enabled` = 0WHERE `database` = ‘test_db’;DELETE FROM `db`WHERE db = test_db’;
  28. 28. Enable  databaseUPDATE `database` SET`enabled` = 1WHERE `database` = ‘test_db’;
  29. 29. Enable  databaseSELECT u.username, u.writeFROM user uWHERE u.databaseId = 123 Find   user  mappings   to  re-­‐enable
  30. 30. Enable  databaseINSERT INTO `db`(Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Execute_priv)
  31. 31. Write  Enable  database permissionsVALUES(‘%’,‘test_db’,‘test_user’,Y,Y,Y,Y,Y,Y,N,Y,Y,Y,Y,Y,Y,Y,Y,Y,Y); Read-­‐ only   permissionsVALUES(‘%’,‘test_db’,‘test_user’,Y,N,N,N,N,N,N,N,N,N,N,N,N,Y,N,N,Y);
  32. 32. ✓Grant  privilege✓Revoke  privilege✓Enable  database  wriang✓Disable  database  wriang
  33. 33. Write  Grant  privilege permissionsUPDATE `user`SET `databaseId`=123, `write`=1WHERE `username`= ‘test_user’; Read-­‐ only   permissionsUPDATE `user`SET `databaseId`=123, `write`=0WHERE `username`= ‘test_user’;
  34. 34. Grant  privilege Try   adding  user  or   catch  duplicate   user  errorINSERT INTO `user`(Host,User,Password)VALUES(‘%’,‘test_user’,PASSWORD(‘password’));
  35. 35. Grant  privilegeINSERT INTO `db`(Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Execute_priv)
  36. 36. Write  Grant  privilege permissionsVALUES(‘%’,‘test_db’,‘test_user’,Y,Y,Y,Y,Y,Y,N,Y,Y,Y,Y,Y,Y,Y,Y,Y,Y); Read-­‐ only   permissionsVALUES(‘%’,‘test_db’,‘test_user’,Y,N,N,N,N,N,N,N,N,N,N,N,N,Y,N,N,Y);
  37. 37. Revoke  privilegeUPDATE `user`SET `databaseId`= NULL, `write`= NULLWHERE `user`= ‘test_user’;DELETE u.*, db.* FROM `user` u LEFT JOIN`db` db ON(db.`User` = u.`User`) WHEREu.`User` = ‘test_user’;
  38. 38. Enable  database  wriangUPDATE `user` SET `write`= 1WHERE `username` = ‘test_user’;
  39. 39. Enable  database  wriangUPDATE `db` SET`Select_priv` = Y,`Insert_priv` = Y,UPDATE `user`Y,`Delete_priv` 1`Update_priv` = SET `write`= = Y,WHERE `username` = ‘test_user’;`Create_priv` = Y,`Drop_priv` = Y,`Grant_priv` = N,`References_priv` = Y,`Index_priv` = Y,`Alter_priv` = Y,`Create_tmp_table_priv`=Y,`Lock_tables_priv` =Y,`Create_view_priv` = Y,`Show_view_priv` =Y,`Create_routine_priv` = Y,`Alter_routine_priv` = Y,`Execute_priv` = YWHERE `db`= ‘test_db’ AND `user` = ‘test_user’;
  40. 40. Disable  database  wriangUPDATE `user` SET `write`= 0WHERE `username` = ‘test_user’;
  41. 41. Disable  database  wriangUPDATE `db` SET`Select_priv` = Y,`Insert_priv` = N,UPDATE `user`N,`Delete_priv` 1`Update_priv` = SET `write`= = N,WHERE `username` = ‘test_user’;`Create_priv` = N,`Drop_priv` = N,`Grant_priv` = N,`References_priv` = N,`Index_priv` = N,`Alter_priv` = N,`Create_tmp_table_priv`=N,`Lock_tables_priv` =N,`Create_view_priv` = N,`Show_view_priv` =Y,`Create_routine_priv` = N,`Alter_routine_priv` = N,`Execute_priv` = YWHERE `db`= ‘test_db’ AND `user` = ‘test_user’;
  42. 42. Quota  management
  43. 43. Quota  management✓Limits  in  provisioning  database✓Current  usage  stored  in  INFORMATION_SCHEMA✓Raao  calculated  via  cron  task✓Write  permissions  disabled  while  over  quota
  44. 44. Quota  managementSELECT `database`,`quota`FROM `database`SELECT TABLE_SCHEMA as `database`,ROUND(SUM(DATA_LENGTH + INDEX_LENGTH)/1048576,2) as `usage`FROM `information_schema`.`TABLES`GROUP BY TABLE_SCHEMA
  45. 45. Quota  managementUPDATE `database`SET `overquota` = 1WHERE `database` = ‘test_db’;
  46. 46. Quota  managementUPDATE `db` SET`Select_priv` = Y,`Insert_priv` = N,`Update_priv` = N,`Delete_priv` = Y,`Create_priv` = N,`Drop_priv` = Y,`Grant_priv` = N,`References_priv` = N,`Index_priv` = N,`Alter_priv` = N,`Create_tmp_table_priv` =N,`Lock_tables_priv` = N,`Create_view_priv` = N,`Show_view_priv` =Y,`Create_routine_priv` = N,`Alter_routine_priv` = N,`Execute_priv` =Y WHERE `db`= ‘test_database’
  47. 47. Quota  managementUPDATE `database`SET `overquota` = 0WHERE `database` = ‘test_db’;
  48. 48. Quota  managementUPDATE `db` SET`Select_priv` = Y,`Insert_priv` = Y,`Update_priv` = Y,`Delete_priv` = Y,`Create_priv` = Y,`Drop_priv` = Y,`Grant_priv` = N,`References_priv` = Y,`Index_priv` = Y,`Alter_priv` = Y,`Create_tmp_table_priv`=Y,`Lock_tables_priv` = Y,`Create_view_priv` = Y,`Show_view_priv` =Y,`Create_routine_priv` = Y,`Alter_routine_priv` = Y,`Execute_priv` =Y WHERE `db`= ‘test_db’
  49. 49. Goals
  50. 50. Single  point  of  management
  51. 51. Single  point  of  connecaon
  52. 52. Replicaaon  &  loadbalancing
  53. 53. Proxying  strategies
  54. 54. Server  proxy
  55. 55. Goal
  56. 56. Goal✓  Accept  connecaon  using  the  proxy✓Hook  into  the  authenacaaon✓Match  user  to  the  provisioning  DB✓Fetch  node  from  provisioning✓Switch  to  the  right  node➡Effecave  proxying  soluaon
  57. 57. Reality
  58. 58. Reality✓  Accept  connecaon  using  the  proxy✓Hook  into  the  authenacaaon✓Match  user  to  the  provisioning  DB✓Fetch  node  from  provisioning✓Switch  to  the  right  node➡Effecave  proxying  soluaon
  59. 59. RealityConnecaon  switching  only  happens  in  the   connect_server  hook Auth  info  is  only  available  starang  from   the  read_auth  hook
  60. 60. Bridge  the  gap Redirect  to  node  based  on  client  IP
  61. 61. Let’s  see  some  code  !
  62. 62. Coderequire(luarocks.require)require(md5)require(Memcached)require(luasql.mysql)local  memcache  =  Memcached.Connect()-­‐-­‐-­‐  configlocal  mysqlhost  =  "localhost"local  mysqluser  =  "myUser"local  mysqlpassword  =  "MyPwDsesd"local  mysqldatabase  =  "test"-­‐-­‐  debuglocal  debug  =  true Dependencies  &  config
  63. 63. Codefunction  error_result  (msg)   proxy.response  =  {     type  =  proxy.MYSQLD_PACKET_ERR,     errmsg  =  msg,     errcode  =  7777,     sqlstate  =  X7777,   }   return  proxy.PROXY_SEND_RESULTend Custom  MySQL  errors
  64. 64. function  node_get(ip)   local  node  =  memcache:get(md5.sumhexa(ip))Code     if  not  node  ==  nil  then        return  loadstring(return  ..memcache:get(md5.sumhexa(ip)))()       end     node  =  sql_get(ip)   if  node  ==  nil  then          return  nil   end      memcache:set(md5.sumhexa(ip),  node,  3600)        return  nodeend Get  node  from  cache  or  database
  65. 65. function  sql_get(ip)     env  =  assert  (luasql.mysql())Code   con  =  assert  (env:connect(mysqldatabase,mysqluser,mysqlpassword,mysqlhost))   cur  =  assert  (con:execute(string.format("SELECT  n.`id`  FROM  `accesslist`  a  JOIN  `node`  n  ON(n.id=a.node)  WHERE  a.`ip`  =  %s",ip)))     row  =  cur:fetch  ({},  "a")   if  cur:numrows()  ==  0  then     return  nil   end   cur:close()   con:close()   env:close()   return  row.idend Get  node  from  provisioning  database
  66. 66. Codefunction  connect_server()        selectedNode  =  node_get(proxy.connection.client.src.address)        if  selectedNode  ==  nil  then                return  error_result(string.format("No  info  found  in  the  cluster  for  IP  %s",proxy.connection.client.src.address))        end        proxy.connection.backend_ndx  =  selectedNode    end Retrieve  and  switch  to  node
  67. 67. Reality MySQL  Proxy  is  not  acavely  supported
  68. 68. Client  proxy
  69. 69. MySQL  Naave  Driver  Plugins
  70. 70. MySQL  Naave  Driver  Plugins✓  Accept  connecaon  using  the  proxy✓Hook  into  the  authenacaaon✓Match  user  to  the  provisioning  DB✓Fetch  node  from  provisioning✓Switch  to  the  right  node✓Doesn’t  work  for  remote  connecaons➡Effecave  proxying  soluaon
  71. 71. DNS  &  hostnames Hostname  per  account
  72. 72. What  about  PhpMyAdmin?
  73. 73. What  about  PhpMyAdmin?✓Use  single  signon  auth  module✓Use  customized  fallback  auth  module✓Detect  linked  database  &  node✓Switch  to  node
  74. 74. config.inc.php<?php$cfg[Servers][1][auth_type] = httpsoap;$cfg[Servers][1][host] = 1.2.3.4;$cfg[Servers][1][connect_type] = tcp;$cfg[Servers][1][compress] = false;$cfg[Servers][1][extension] = mysql;$cfg[Servers][1][AllowNoPassword] = false;$cfg[Servers][2][auth_type] = httpsoap;$cfg[Servers][2][host] = 1.2.3.5;$cfg[Servers][2][connect_type] = tcp;$cfg[Servers][2][compress] = false;$cfg[Servers][2][extension] = mysql;$cfg[Servers][2][AllowNoPassword] = false;$cfg[Servers][3][extension] = mysql;$cfg[Servers][3][auth_type] = signon;$cfg[Servers][3][SignonSession] = SSOSession;$cfg[Servers][3][SignonURL] = scripts/signon.php;$cfg[Servers][3][LogoutURL] = scripts/signon-logout.php;
  75. 75. scripts/signon.php<?phpif (isset($_REQUEST[user])) {    try{        $soap = new SoapClient(http://my.soap-webservice.net/?WSDL);        $user = $soap->user_getByUsername($_REQUEST[user]);        if(!isset($_REQUEST[hash])){           die("No hash submitted");        }        if(sha1($user->username.$user->password.azertyuiop) !== $_REQUEST[hash]){            die("Invalid hash");        }    } catch (Exception $e){        die("No such user");    }...
  76. 76. scripts/signon.php session_set_cookie_params(0, /, , 0);    $session_name = SSOSession;    session_name($session_name);    session_start();    $_SESSION[PMA_single_signon_user] = $user->username;    $_SESSION[PMA_single_signon_password] = $user->password;    $_SESSION[PMA_single_signon_host] = $user->node;    $_SESSION[PMA_single_signon_port] = 3306;    $id = session_id();    session_write_close();    header(Location: ../index.php?server=3);} else {    header(Location: ../index.php?server=1); exit();}
  77. 77. scripts/signon-­‐logout.php<?phpsession_set_cookie_params(0, /, , 0);$session_name = SSOSession;session_name($session_name);session_start();session_destroy();header(Location: ../index.php?server=1);
  78. 78. Customized  fallback  auth  module✓Copy  of  ./libraries/auth/h4p.auth.lib.php✓Modify  PMA_auth_set_user()  funcaon✓Implement  detecaon  logic✓Communicates  with  provisioning  service✓Retrieves  database  &  node✓Switches  to  node
  79. 79. libraries/auth/hYpsoap.auth.lib.php<?phpfunction PMA_auth_set_user(){    global $cfg, $server;    global $PHP_AUTH_USER, $PHP_AUTH_PW;    try{        $soap = new SoapClient(http://my.soap-webservice.net/?WSDL);        $user = $soap->user_getByUsername($PHP_AUTH_USER);        $cfg[Server][host] = $user->node;    } catch (Exception $e){        PMA_auth();        return true;    }...
  80. 80. libraries/auth/hYpsoap.auth.lib.phpif ($cfg[Server][user] != $PHP_AUTH_USER) { $servers_cnt = count($cfg[Servers]);  for ($i = 1; $i <= $servers_cnt; $i++) {   if (isset($cfg[Servers][$i])    && ($cfg[Servers][$i][host] == $cfg[Server][host] && $cfg[Servers][$i][user] == $PHP_AUTH_USER)) {     $server = $i;                $cfg[Server] = $cfg[Servers][$i];                break;            }        }    }    $cfg[Server][user]     = $PHP_AUTH_USER;    $cfg[Server][password] = $PHP_AUTH_PW;    return true;}
  81. 81. Q&A

×