Difference between revisions of "Remote Client Access"
From Rivendell Wiki
(Created page with "By default and for good security reasons, Rivendell and MySQL are configured to only allow connections on localhost. Here are the steps I've gone through to allow remote Riven...") |
(No difference)
|
Latest revision as of 15:10, 21 February 2018
By default and for good security reasons, Rivendell and MySQL are configured to only allow connections on localhost. Here are the steps I've gone through to allow remote Rivendell clients and the Rivendell applications for Windows to access the Rivendell DB on what I'll refer to as the "Rivendell Server." Note that these procedures have been tested with Debian and Suse so these directions may have to be adjusted a bit to fit your flavor of Linux.
Contents
- 1 Prepare your Rivendell Server for MySQL
- 2 Configure Rivendell DB for remote access with MySQL Administrator
- 3 Configure Rivendell DB for remote access withOUT MySQL Administrator
- 4 Configure MySQL to allow remote connections
- 5 Open up local firewall (if enabled) to allow connections
- 6 Testing MySQL Connection from a remote (Linux/Windows) client
- 7 Configure NFS on the server
- 8 Configure NFS on the client
- 9 Testing NFS on the client and server
- 10 Add client workstations to the Rivendell system
- 11 Configure a client workstation to connect to the Rivendell server
- 12 misc information
Prepare your Rivendell Server for MySQL
Ensure that the mysql server is running (i.e. /etc/init.d/mysql start).
Install MySQL Administrator (mysql-admin) if you prefer to use a graphical interface to edit the database otherwise it's NOT required. (Note: MySQL Administrator that ships with Suse 10.0 has bugs that prevent it from making the changes outlined below.)
Configure Rivendell DB for remote access with MySQL Administrator
Load the MySQL Administrator GUI. From a console:
mysql-admin
server: localhost
username: root
password: <your root password>
In MySQL Administrator:
- Select User Administration
- Right-click rduser (or whatever your rivendell user for mysql is) in User Accounts
- Select Add Host from the popup menu
- Select Any Host for full remote access (least secure) or use the Hostname or IP box to allow certain remote PCs to connect
- When done adding a host, click Apply Changes
- With rduser still selected, change to the Schema Privileges tab
- Select Rivendell from the Schema list
- Assign all Privileges EXCEPT: GRANT, REFERENCES, CREATE_TMP_TABLE, and LOCK_TABLES
- Click Apply Changes when done
- Close mysql-admin
Configure Rivendell DB for remote access withOUT MySQL Administrator
From a console:
mysql --user=root mysql -p #enter your mysql root password when asked
In mysql console:
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON Rivendell.* TO 'rduser'@'%' IDENTIFIED BY 'letmein'; #you should see a message such as: Query OK, 0 rows affected (0.05 sec) #just replace the... #"rduser" -- with rivendell mysql user name #"%" -- with IP of remote host or hostname to allow only one specific host #"letmein" -- with the correct rivendell db password exit
Configure MySQL to allow remote connections
At a console as root:
netstat -an|grep 3306 #change 3306 if your mysql port is different #that will give you something like: #tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN #note the "127.0.0.1:3306" which indicates MySQL is only monitoring for local connections on port 3306
#You want to see something like: #tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN #note the "0.0.0.0:3306" which indicates MySQL is monitoring all network adapters
#open /etc/mysql/my.cnf in your favorite editor (i.e. vi /etc/mysql/my.cnf) #find "bind-address = 127.0.0.1" and replace it with bind-address = 0.0.0.0 #save the file and restart mysql: /etc/init.d/mysql restart
#test the change by: netstat -an|grep 3306 #this should give you the second set of results listed above
Open up local firewall (if enabled) to allow connections
This varies per Linux distribution.
SUSE
Add "MySQL Remote Access" to Allowed Services in the Firewall under Security and Users.
Testing MySQL Connection from a remote (Linux/Windows) client
From a DOS Prompt or console
telnet <rivendell_server> 3306 #where <rivendell_server> is the name/IP of your Rivendell Server #you should see a string containing the version of mysql and gibberish #type in anything and you'll eventually see "Bad handshake" and the connection will be lost #NOTE: if you see something like "Host '192.168.0.10' is not allowed to connect to this MySQL server," you have to revisit the section above pertaining to using MySQL Administrator to allow rduser to connect to mysql.
Your remote Windows or Linux box will now be able to connect to the Rivendell Server. If something went wrong during the Remote_Client_Access#Configure Rivendell DB for remote access with MySQL Administrator setup, you will still NOT be able to log into to MySQL.
NOTE: The instructions above should be modified to meet the security demands of your particular installation. Opening MySQL to remote connections is inherently risky and should only be done with proper precautions.
Configure NFS on the server
SUSE yast2 GUI
On SUSE 10.2, ensure that the yast2-nfs-server package is installed.
- Start "yast2"
- In the "Network Services" category select "NFS Server".
- Start the NFS Server.
- Click the "Add Directory" button.
- Set "/var/snd" as the directory to export.
- For a more secure environment, set a better host wild card matching, ex: 192.168.1.0/255.255.255.0 . Optionally, for a less secure environment, leave the deafult host wild card of "*".
- Set NFS options to read-write, ex: rw,root_squash,sync. NOTE: options should be comma seperated, do not enter spaces between them.
- Click the "Finish" button.
command line (ex: Debian)
Ensure that an NFS enabled kernel is installed. From the command line:
aptitude install nfs-kernel-server $EDIT /etc/exports # add an entry to share /var/snd, something like the following # /var/snd 192.168.1.0/255.255.255.0(rw,root_squash,sync) exportfs -rv # for re-export and verbose
Configure NFS on the client
SUSE yast2 GUI
- Start "yast2"
- In the "Network Services" category select "NFS Client".
- Click the "Add" button.
- Set the NFS Server hostname of your server.
- Set the remote filesystem (ex: /var/snd)
- Set the local mount point (ex: /var/snd)
- Options can be left to default.
- Click the "Finish" button.
command line (ex: Debian)
From the command line:
$EDIT /etc/fstab # add an entry to mount /var/snd from the server, something like the following # rivserver:/var/snd /var/snd nfs defaults 0 0 mount /var/snd
Testing NFS on the client and server
Confirm that the Rivendell users can read and write to the /var/snd directory. Simply editing a file on both the client and the workstation to confirm that both can make edits should be a sufficient test.
Add client workstations to the Rivendell system
- On a machine connected to the Rivendell server (ex: the server itself) start the "rdadmin" utility.
- Select "Manage Hosts"
- Click "Add" on the workstation list
- Set a new host name on the Add Host dialog and click OK
Configure a client workstation to connect to the Rivendell server
First configure Rivendell on the workstation to talk to the server.
- $EDIT /etc/rd.conf
- In the [mySQL] section, set the Hostname to the name of the server configured above.
- Ensure that in the [Identity] section that the Password value there is the same on all clients and the server.
- Stop and start all rivendell daemons (a reboot may be easiest).
Once the Rivendell daemons have been restarted on the workstation configure the sound devices on the workstation.
- Start rdadmin
- Select Manage Hosts
- Select the workstation and Edit
- Set the Card and Port for the various audio apps as the required.
misc information
For NFS to work correctly, the "uid" for a user must match on all machines (server and workstations). This can be accomplished by setting up an NIS or LDAP server (more effort but better for large deployments) or by manually configuring the uids to match in /etc/passwd and /etc/group on all machines.
Some info on unix file permissions: http://www.dartmouth.edu/~rc/help/faq/permissions.html
Some info on the linux filesystem hierarchy: http://www.pathname.com/fhs/
Information on NFS exports:
man 5 exports