Personal tools

Difference between revisions of "Remote Client Access"

From Rivendell Wiki

Jump to: navigation, search
(Created page with "By default and for good security reasons, Rivendell and MySQL are configured to only allow connections on localhost. Here are the steps I've gone through to allow remote Riven...")
 
(No difference)

Latest revision as of 15:10, 21 February 2018

By default and for good security reasons, Rivendell and MySQL are configured to only allow connections on localhost. Here are the steps I've gone through to allow remote Rivendell clients and the Rivendell applications for Windows to access the Rivendell DB on what I'll refer to as the "Rivendell Server." Note that these procedures have been tested with Debian and Suse so these directions may have to be adjusted a bit to fit your flavor of Linux.

Prepare your Rivendell Server for MySQL

Ensure that the mysql server is running (i.e. /etc/init.d/mysql start).

Install MySQL Administrator (mysql-admin) if you prefer to use a graphical interface to edit the database otherwise it's NOT required. (Note: MySQL Administrator that ships with Suse 10.0 has bugs that prevent it from making the changes outlined below.)

Configure Rivendell DB for remote access with MySQL Administrator

Load the MySQL Administrator GUI. From a console:

mysql-admin

server: localhost
username: root
password: <your root password>

In MySQL Administrator:

  • Select User Administration
  • Right-click rduser (or whatever your rivendell user for mysql is) in User Accounts
  • Select Add Host from the popup menu
  • Select Any Host for full remote access (least secure) or use the Hostname or IP box to allow certain remote PCs to connect
  • When done adding a host, click Apply Changes
  • With rduser still selected, change to the Schema Privileges tab
  • Select Rivendell from the Schema list
  • Assign all Privileges EXCEPT: GRANT, REFERENCES, CREATE_TMP_TABLE, and LOCK_TABLES
  • Click Apply Changes when done
  • Close mysql-admin

Configure Rivendell DB for remote access withOUT MySQL Administrator

From a console:

mysql --user=root mysql -p
#enter your mysql root password when asked

In mysql console:

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER
  ON Rivendell.*
  TO 'rduser'@'%'
  IDENTIFIED BY 'letmein';
#you should see a message such as: Query OK, 0 rows affected (0.05 sec)
#just replace the...
#"rduser" -- with rivendell mysql user name
#"%" -- with IP of remote host or hostname to allow only one specific host
#"letmein" -- with the correct rivendell db password
exit

Configure MySQL to allow remote connections

At a console as root:

netstat -an|grep 3306 #change 3306 if your mysql port is different
  #that will give you something like:
  #tcp  0   0 127.0.0.1:3306    0.0.0.0:*  LISTEN
  #note the "127.0.0.1:3306" which indicates MySQL is only monitoring for 
     local connections on port 3306
  #You want to see something like:
  #tcp  0   0 0.0.0.0:3306      0.0.0.0:*  LISTEN
  #note the "0.0.0.0:3306" which indicates MySQL is monitoring 
     all network adapters 
#open /etc/mysql/my.cnf in your favorite editor (i.e. vi /etc/mysql/my.cnf)
#find "bind-address            = 127.0.0.1" and replace it with 
bind-address = 0.0.0.0
#save the file and restart mysql:
/etc/init.d/mysql restart
#test the change by:
netstat -an|grep 3306 #this should give you the second set of 
                         results listed above

Open up local firewall (if enabled) to allow connections

This varies per Linux distribution.

SUSE

Add "MySQL Remote Access" to Allowed Services in the Firewall under Security and Users.

Testing MySQL Connection from a remote (Linux/Windows) client

From a DOS Prompt or console

telnet <rivendell_server> 3306 #where <rivendell_server> is the name/IP 
                                  of your Rivendell Server
#you should see a string containing the version of mysql and gibberish
#type in anything and you'll eventually see "Bad handshake" 
   and the connection will be lost
#NOTE: if you see something like "Host '192.168.0.10' is not allowed to connect to 
   this MySQL server," you have to revisit the section above pertaining to using 
   MySQL Administrator to allow rduser to connect to mysql.

Your remote Windows or Linux box will now be able to connect to the Rivendell Server. If something went wrong during the Remote_Client_Access#Configure Rivendell DB for remote access with MySQL Administrator setup, you will still NOT be able to log into to MySQL.

NOTE: The instructions above should be modified to meet the security demands of your particular installation. Opening MySQL to remote connections is inherently risky and should only be done with proper precautions.


Configure NFS on the server

SUSE yast2 GUI

On SUSE 10.2, ensure that the yast2-nfs-server package is installed.

  • Start "yast2"
  • In the "Network Services" category select "NFS Server".
  • Start the NFS Server.
  • Click the "Add Directory" button.
  • Set "/var/snd" as the directory to export.
  • For a more secure environment, set a better host wild card matching, ex: 192.168.1.0/255.255.255.0 . Optionally, for a less secure environment, leave the deafult host wild card of "*".
  • Set NFS options to read-write, ex: rw,root_squash,sync. NOTE: options should be comma seperated, do not enter spaces between them.
  • Click the "Finish" button.

command line (ex: Debian)

Ensure that an NFS enabled kernel is installed. From the command line:

aptitude install nfs-kernel-server
$EDIT /etc/exports
  # add an entry to share /var/snd, something like the following
  # /var/snd 192.168.1.0/255.255.255.0(rw,root_squash,sync)
exportfs -rv # for re-export and verbose


Configure NFS on the client

SUSE yast2 GUI

  • Start "yast2"
  • In the "Network Services" category select "NFS Client".
  • Click the "Add" button.
  • Set the NFS Server hostname of your server.
  • Set the remote filesystem (ex: /var/snd)
  • Set the local mount point (ex: /var/snd)
  • Options can be left to default.
  • Click the "Finish" button.

command line (ex: Debian)

From the command line:

$EDIT /etc/fstab
  # add an entry to mount /var/snd from the server, something like the following
  # rivserver:/var/snd /var/snd   nfs     defaults                    0   0
mount /var/snd

Testing NFS on the client and server

Confirm that the Rivendell users can read and write to the /var/snd directory. Simply editing a file on both the client and the workstation to confirm that both can make edits should be a sufficient test.

Add client workstations to the Rivendell system

  • On a machine connected to the Rivendell server (ex: the server itself) start the "rdadmin" utility.
  • Select "Manage Hosts"
  • Click "Add" on the workstation list
  • Set a new host name on the Add Host dialog and click OK

Configure a client workstation to connect to the Rivendell server

First configure Rivendell on the workstation to talk to the server.

  • $EDIT /etc/rd.conf
  • In the [mySQL] section, set the Hostname to the name of the server configured above.
  • Ensure that in the [Identity] section that the Password value there is the same on all clients and the server.
  • Stop and start all rivendell daemons (a reboot may be easiest).

Once the Rivendell daemons have been restarted on the workstation configure the sound devices on the workstation.

  • Start rdadmin
  • Select Manage Hosts
  • Select the workstation and Edit
  • Set the Card and Port for the various audio apps as the required.

misc information

For NFS to work correctly, the "uid" for a user must match on all machines (server and workstations). This can be accomplished by setting up an NIS or LDAP server (more effort but better for large deployments) or by manually configuring the uids to match in /etc/passwd and /etc/group on all machines.

Some info on unix file permissions: http://www.dartmouth.edu/~rc/help/faq/permissions.html

Some info on the linux filesystem hierarchy: http://www.pathname.com/fhs/

Information on NFS exports:

man 5 exports


Template:Languages