Is there any way to access MySQL query or binary logs?
If not, what is the recommended practice for MySQL audit logging?
Is it possible to change the password of the root user on a database and not have the aptible-cli print out the root password when tunneling?
Does aptible support master/slave replication?
Access to MySQL logs is coming pretty soon (although you’ll need to enable the general query log at runtime for queries to be logged in the first place).
You can change the root password as well as the aptible user’s password if you’d like (via MySQL directly; note that
root's password defaults to being the same as
aptible's). You can also change the privileges of the aptible user, as well as create entirely new users.
However, the CLI will always print the aptible user’s default password (i.e. the one Aptible originally created for you).
This means that:
- If you change aptible’s privileges, then users will get unprivileged credentials (this might be what you want here).
- If you change aptible’s password (and the root password!), then users will get a password that’s not correct (this is likely to lead to poor UX).
If you want to see exactly how we setup MySQL users, you can look here at the code that does so: docker-mysql/run-database.sh at 98723b02ae3ab468cf08018cfad4e93739f9df9f · aptible/docker-mysql · GitHub
Yes. For now, you have to file a request via a support ticket and we’ll the slave up for you (it’s actually fully automated on our end, though).
Database logs are not available on Enclave: https://www.aptible.com/blog/database-logs/
Just tried this:
SET global general_log = on;
SET global general_log = 1;
(logged in with the root user). Neither of these have enabled query logging (I’m tailing the logs from the database).
I checked the two variables on the server, and it looks like the query log is writing to a file (not stdout). You may need to symlink the file to /dev/stdout (whatever it is for the container).
show variables like 'general_log%'; general_log ON general_log_file /var/db/mysql.log