Changes between Version 1 and Version 2 of DatabaseBasedAnalysis


Ignore:
Timestamp:
08/03/18 16:48:57 (6 years ago)
Author:
tbretz
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • DatabaseBasedAnalysis

    v1 v2  
    22
    33The database is hosted at '''ihp-pc45.ethz.ch'''
     4
    45== User ==
    56
    67First, you need a user. For the moment, a user 'fact' is available with the standard password. The user 'fact' is allowed to connect from everywhere if an encrypted connection is used. Usually, all reasonably recent mysql clients are using encrypted connections. So in most cases, a simple should be enough
    78
    8 {{{> mysql -h ihp-pc45.ethz.ch -u fact -p}}}
     9{{{> mysql -C -h ihp-pc45.ethz.ch -u fact -p}}}
    910
    1011To enforce encryption, --ssl (oder clients) or --ssl-mode=REQUIRED can be used. If you have problems with the connection, you can also try --protocol=TCP.
     12
     13If you access the database from outside of ETH, it is wise to enable compression with the -C option. Inside ETH (in particular on ihp-pc45), enabling -C is certainly a performance drawback and should be avoided.
    1114
    1215Note that the mysql client libraries at ISDC are too old and do not allow for encrypted connections. Thus no connection from ISDC is possible without tunnel. How to tunnel your connection is explained in the following. Note that it requires an account on ihp-pc45 (which I think should not be generally available). Thus this is mainly meant as a solution for automatic processes running at ISDC, for example, to update the database.
     
    1720
    1821{{{ISDC> ssh -x -C -n -N -q -L 10000:localhost:3306 ethz@ihp-pc45.ethz.ch}}}
     22
     23(It is wise to enable compression of the connection with the -C option)
    1924
    2025Note that after log-in this process seems to stall (nothing happens anymore). This is correct. The tunnel is open. It will forward the local port 10000 from the ISDC machine to the port 3306 on a machine which is accessible as 'locahost' from ihp-pc45.
     
    2833As the mysql connection now comes via the loopback interface and not via the external IP, the connection of the mysql client is allowed to be unencrypted.
    2934
    30 == backward Tunnel ==
     35== Backward Tunnel ==
    3136
    3237Assume that you are already logged into ihp-pc45.ethz.ch and want to execute a mysql at ISDC accessing ihp-pc45, a backward tunnel can be used:
    3338
    3439{{{ihp-pc45> ssh -x -C -n -N -q -R 10000:localhost:3306 user@isdc-nx.isdc.unige.ch}}}
     40
     41(It is wise to enable compression of the connection with the -C option)
    3542
    3643This command will log you into isdc-nx and (in parallel) create a tunnel from port 10000 at isdc-nx to port 3306 of a machine which is called 'localhost' from where you started the ssh connection (ihp-pc45).
     
    4350
    4451As the mysql connection now comes via the loopback interface and not via the external IP, the connection of the mysql client is allowed to be unencrypted.
     52
     53== rootifysql ==
     54
     55A convenient way to retrieve data is the ''rootifysql'' tool which is part of the FACT++ package. More details can be found either calling it with the --help option or at https://www.fact-project.org/logbook/showthread.php?tid=4192. The same access rules as if the native mysql client is used apply.
     56
     57== Other alternatives ===
     58