Develop Reference

Connection string for MariaDB

I'm running CentOS v7.9 with MariaDB v5.5.68. I'm trying to access the MariaDB databases from a Win10 machine using Visual Studio Code with SQLTools & MySQL/MariaDB extensions.
I have configured MariaDB for remote access per this link: Configuring MariaDB for Remote Client Access
[mysqld]
skip-networking=0
skip-bind-address
I created the users and added the privileges - tested by logging in locally with 'bob' and viewing permissions in mysql.user. (BTW, in case not readily apparent, the UID, host, and PWD aren't real.)
CREATE USER 'bob'#'1.2.3.%' IDENTIFIED BY 'myPWD';
GRANT ALL PRIVILEGES ON *.* TO 'bob'#'1.2.3.%' IDENTIFIED BY 'myPWD';
However, when I try to log in remotely (from another Linux box) using mysql -u userID -h hostIP -p, I get the error:
ERROR 2003 (HY000): Can't connect to MySQL server on '1.2.3.4' (110)
When I try to make the database connection using VS Code, SQLTools tells me I've connected, but it won't show any tables, I'm not able to make any queries, and I get this error: Request connection/GetChildrenForTreeItemRequest failed with message: Handshake inactivity timeout.
I have reviewed this SO page and others, but still can't get the connection to work.
UPDATED for clarity - provides mysql.user and netstat info:
MariaDB [(none)]> select user, host from mysql.user;
+------+-------------+
| user | host |
+------+-------------+
| bob | 10.0.2.15 | # Can't connect
| rob | 127.0.0.1 | # Logs in locally via command line
| root | 127.0.0.1 | # Logs in locally via command line
| bob | 192.168.0.% | # Can't connect
| root | 192.168.0.% | # Can't connect
| root | ::1 | # Logs in locally via command line
| rob | localhost | # Logs in locally via command line
| root | localhost | # Logs in locally via command line
+------+-------------+
8 rows in set (0.00 sec)
$ > netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27 33813 -
Any help is much appreciated as I've been working this problem for 2+ days and have not made any headway.

Allow external access to specific user in MariaDB 10.3

I'm trying to configure a limited external access to MariaDB 10.3
What I want
The user can only access to a view from an external access but shouldn't be able to be connected as root even if he has the password.
Initial configuration
Using the default forge configuration we start with theses users:
$ mysql -u root -p
> use information_schema;
> select * from user_privileges;
Full result: https://pastebin.com/kNNVUjrz
TLDR;
Two root users:
root accessible from : [localhost, 127.0.0.1, ::1, 51.99.999.101*, %]
forge accessible from : [51.99.999.101*, %]
One weird user:
debian-sys-maint accessible from : [localhost]
.* This is obviously a fake public ip
Configuration I want
root accessible from : [localhost, 127.0.0.1, ::1, 51.99.999.101]
forge accessible from : [localhost, 127.0.0.1, ::1, 51.99.999.101]
dummyuser accessible form : [%]
The problem
When I remove the user 'forge'#'%' but keep 'forge'#'localhost', the user (dummyuser) has no more privileges.
ERROR 1045 (28000): Access denied for user 'dummyuser'#'%' (using password: YES)
Details of what I did
connected through SSH to the server
$ mysql -u forge -p
> create database mydb;
> create view mydb.v as select user();
> create user dummyuser identified by 'password';
> grant select on mydb.v to dummyuser;
> select * from information_schema.user_privileges where grantee like '%dummyuser%';
GRANTEE: 'dummyuser'#'%'
TABLE_CATALOG: def
PRIVILEGE_TYPE: USAGE
IS_GRANTABLE: NO
Connected through my local PC
$ mysql -u dummyuser -h 51.99.999.101 -p
> select * from mydb.v;
Returns what we want: dummyuser#adsl-178-xx-xxx-123.adslplus.ch
But now when I delete the user 'forge'#'%' through SSH (with root this time):
Important Note: Doing this step before creating the dummyuser did not solve the problem.
$ mysql -u root -p
> drop user 'forge'#'%';
> create user 'forge'#'localhost' identified by 'passowrd';
> grant all privileges on *.* to 'forge'#'localhost' with grant option;
> flush privileges;
Here come the problem: When I logon with dummyuser and try again:
$ mysql -u dummyuser -h 51.99.999.101 -p
> select * from mydb.v;
ERROR 1045 (28000): Access denied for user 'dummyuser'#'%' (using password: YES)

Start by finding out what rows exist in the grant tables. It looks like you may have done such, but let's do it two steps:
SELECT user, host FROM mysql.user;
Then, for each of those, do (with ... appropriately filled in):
SHOW GRANTS FOR '...'#'...'
Now take the GRANT ... TO ... statements that that produced, turn them into REVOKE ... FROM ... (and remove the password clause).
Run those REVOKEs plus any new GRANTs you need. But be sure that a typo does not lock you out. Stay connected while you connect elsewhere and check the results.

With the help of #rick-james I got a working case.
I had to (re)create a user 'forge'#'%' with the same restricted access than 'dummyuser'#'%'.
'forge'#'localhost' keep is privileges root
> show grants for root#localhost;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '*****' WITH GRANT OPTION
GRANT PROXY ON ''#'%' TO 'root'#'localhost' WITH GRANT OPTION
> show grants for forge#localhost;
GRANT ALL PRIVILEGES ON *.* TO 'forge'#'localhost' IDENTIFIED BY PASSWORD '*****' WITH GRANT OPTION
> show grants for 'forge'#'%';
GRANT USAGE ON *.* TO 'forge'#'%' IDENTIFIED BY PASSWORD '*****'
GRANT SELECT ON `mydb`.`v` TO 'forge'#'%'
> show grants for 'dummyuser'#'%';
GRANT USAGE ON *.* TO 'dummyuser'#'%' IDENTIFIED BY PASSWORD '*****'
GRANT SELECT ON `mydb`.`v` TO 'dummyuser'#'%'
Now when I create dummyuser3#% with the user forge#localhost and grant him: grant select on mydb.v to dummyuser3; the dummyuser3 will be able to select the view.
In case a user get access to forge#%, because of the restriction, it will only be able to select the view. Which is an acceptable solution.
[Edit] It works with THIS scenario: create view mydb.v as select user();
In a real world, my view is based on an another table. In that case, the user 'forge'#'%' also needs the privilege to select on that table.
This is a less acceptable solution. But that's the only one I got.
In definitive, the question is still open

MariaDB CONNECT engine to read external file

I would like to read an external file into MariaDB using the CONNECT engine. However, when trying to read from the file, I get an error message:
MariaDB [test]> create table test ( name varchar(100), team varchar(100) ) engine=CONNECT table_type=CSV file_name='/tmp/data.csv' header=1 sep_char=',' quoted=0;
Query OK, 0 rows affected (0.24 sec)
MariaDB [test]> select * from test;
ERROR 1296 (HY000): Got error 174 'Open() error 13 on /tmp/data.csv: Permission denied' from CONNECT
Checking the filesystem permissions gives me:
divingt#grisu ~ $ ls -l /tmp/data.csv
-rw-rw-rw- 1 divingt divingt 1658 Dec 31 13:59 /tmp/data.csv
So everybody should be able to read and write from the file.
Also in MYSQL the permissions allow for everything:
MariaDB [test]> SHOW GRANTS;
+------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''#'%' TO 'root'#'localhost' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
I run a Linux Mint system.
Thanks a lot for any help.

It turns out that the reason was that apparmor prevented mysqld from reading from reading the file. Disabling it (or changing the permissions) solved the problem.

Maxscale is writing on slave with router_options=master (slave/master replication) and listeners stopped

I've configured on 2 servers(srv50/51),
one of them is Master and the second one is slave,
Here the configuration of my configuration file /etc/maxscale.cnf :
[Read-Only Service]
type=service
router=readconnroute
servers=server50, server51
user=YYYYYYYYYYYYY
passwd=XXXXXXXXXXXXXX
router_options=slave
[Write-Only Service]
type=service
router=readconnroute
servers=server50, server51
user=YYYYYYYYYYYYY
passwd=XXXXXXXXXXXXXX
router_options=master
[Read-Only Listener]
type=listener
service=Read-Only Service
protocol=MySQLClient
port=4008
[Write-Only Listener]
type=listener
service=Write-Only Service
protocol=MySQLClient
port=4009
As i understool the router_options look who is the master and send the writing query to the master
Maxscale (via maxadmin) seems to discover the 2 serveur and understand witch one is the Master :
MaxScale> list servers
Servers.
-------------------+-----------------+-------+-------------+--------------------
Server | Address | Port | Connections | Status
-------------------+-----------------+-------+-------------+--------------------
server51 | 192.168.0.51 | 3306 | 0 | Slave, Running
server50 | 192.168.0.50 | 3306 | 0 | Master, Running
-------------------+-----------------+-------+-------------+--------------------
But even if I connect in Mysql in local on my Maxscale Write-Only Listener port (4009), Listener are in Stopped mode, is it normal ?
MaxScale> list listeners
Listeners.
---------------------+--------------------+-----------------+-------+--------
Service Name | Protocol Module | Address | Port | State
---------------------+--------------------+-----------------+-------+--------
Read-Only Service | MySQLClient | * | 4008 | Stopped
Write-Only Service | MySQLClient | * | 4009 | Stopped
MaxAdmin Service | maxscaled | * | 6603 | Running
---------------------+--------------------+-----------------+-------+--------
I've try to create a database in srv51 (slave), and it was created only on srv51, not in srv50.
Is something wrong in my configuration ? It's strange because it's not my first cluster, and on other cluster all write go to the master (but listeners are Running). Do i don't understand well the meaning of "router_options=master" ? How to start listeners ? I prefere to keep the 51 in Write list to detect topology change
===== UPDATE =====
After watching Log file /var/log/maxscale/maxscale1.log
I found that my monitor user didn't have the correct password :
[MySQL Monitor]
type=monitor
module=mysqlmon
servers=server50, server51
user=MONITOR
passwd=MONITOR_PASS
monitor_interval=10000
I corrected password for user and restarted maxscale, Now everything is running :
MaxScale> list listeners
Listeners.
---------------------+--------------------+-----------------+-------+--------
Service Name | Protocol Module | Address | Port | State
---------------------+--------------------+-----------------+-------+--------
Read-Only Service | MySQLClient | * | 4008 | Running
Write-Only Service | MySQLClient | * | 4009 | Running
MaxAdmin Service | maxscaled | * | 6603 | Running
---------------------+--------------------+-----------------+-------+--------
But write query are still done on Slave and not on Master

Thanks to MariaDb support, I was trying to connect like this :
mysql -h localhost --port=4009 -u USER -p
But Maxscale & Mysql were installed in the same server, even if Mysql bind port 3306, when you specify 'localhost', the connection is done on Mysql port 3306 and not in Maxscale port 4009, the port is ignore !!
The solution is to connect like this :
mysql -h 127.0.0.1 --port=4009 -u USER -p
or like this :
mysql -h localhost --protocol=tcp --port=4009 -u USER -p
I've try both solution and they works.
The solution about the listener not Running is on update of the question.

If writes are done on the slaves, the simplest explanation would be that you're executing writes on the wrong port or your configuration is wrong. To diagnose these problems, enable the info log level by adding log_info=true under the [maxscale] section.
If enabling the info log and inspecting the log files does not provide any clues, I'd suggest opening a bug report on the Maxscale Jira.

elastix cdr stop working

CDR was working before 19 march. Unfortunately i dont remember what kind of changes i made to configuration, but this exactly not changes to CDR config.
elastix 2.4.0
asterisk 11.7.0
mysql 5.0.95
elastix*CLI> cdr show status
Call Detail Record (CDR) settings
----------------------------------
Logging: Disabled
Mode: Simple
/etc/asterisk/cdr.conf
[general]
enable=yes
unanswered = yes
/etc/asterisk/cdr_mysql.conf
[global]
hostname = localhost
dbname=asteriskcdrdb
password = *MYPASSWROD*
user = asteriskcdruser
userfield=1
;port=3306
;sock=/tmp/mysql.sock
loguniqueid=yes
mysql> SHOW GRANTS FOR 'asteriskcdruser'#'localhost';
+-----------------------------------------------------------------------------------------------+
| Grants for asteriskcdruser#localhost |
+-----------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'asteriskcdruser'#'localhost' IDENTIFIED BY PASSWORD 'HASHHERE' |
| GRANT ALL PRIVILEGES ON `asteriskcdrdb`.* TO 'asteriskcdruser'#'localhost' |
+-----------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

Try do
asterisk -rx " module reload"
For mysql info see
asterisk -rx "cdr mysql status"