8.2 Creating NF Users

This section provides the procedure to create NF users when required.

1. Perform the following steps to verify if the users exist or not:
   1. Log in to a ndbappmysqld pod. Enter the password when prompted.

      $ kubectl -n <namespace>  exec -it ndbappmysqld-0 -- mysql -h 127.0.0.1 -uroot -p

      For example:

      $ kubectl -n cluster1 exec -it ndbappmysqld-0 -- mysql -h 127.0.0.1 -uroot -p
      Enter Password:

   2. Check if NF specific user accounts exists. If users doesn't exist, then create user accounts using step 2:

      mysql> select user, host  from mysql.user;

      Sample output:

      +------------------+-----------+
      | user             | host      |
      +------------------+-----------+
      | occnerepluser    | %         |
      | occneuser        | %         |
      | healthchecker    | localhost |
      | mysql.infoschema | localhost |
      | mysql.session    | localhost |
      | mysql.sys        | localhost |
      | root             | localhost |
      +------------------+-----------+
      7 rows in set (0.00 sec)

   3. Verify the GRANTS for the NF user:

      mysql>SHOW GRANTS FOR <user_name>;

      For example:

      mysql> SHOW GRANTS FOR NFUSER;

      Sample output:

      +--------------------------------------------------------------+
      | Grants for NFUSER@%                                          |
      +--------------------------------------------------------------+
      | GRANT USAGE ON *.* TO `NFUSER`@`%`                           |
      | GRANT NDB_STORED_USER ON *.* TO `NFUSER`@`%`                 |
      | GRANT ALL PRIVILEGES ON `replication_info`.* TO `NFUSER`@`%` |
      +--------------------------------------------------------------+
      3 rows in set (0.00 sec)

2. Perform the following steps to create user and grant privileges if the user doesn't exist:
   1. Log in to a ndbappmysqld pod. Enter the password when prompted.

      $ kubectl -n <namespace>  exec -it ndbappmysqld-0 -- mysql -h 127.0.0.1 -uroot -p

      For example:

      $ kubectl -n cluster1 exec -it ndbappmysqld-0 -- mysql -h 127.0.0.1 -uroot -p

      Sample output:

      
      Defaulted container "mysqlndbcluster" out of: mysqlndbcluster, init-sidecar
      Enter password:

   2. Before creating the user and granting privilege, run the following command to turn off binlogging on one of the ndbappmysqld pods:

      mysql>SET sql_log_bin = OFF;

      Sample output:

      Query OK, 0 rows affected (0.00 sec)

   3. Run the following to create the NF user if required:

      mysql> CREATE USER IF NOT EXISTS '<USERNAME>'@'%' IDENTIFIED BY '<USERPASSWORD>';

      For example:

      mysql> CREATE USER IF NOT EXISTS 'NFUSER';

      Sample output:

      Query OK, 0 rows affected (0.02 sec)

   4. Provide the required privileges to the NF user on the NF specific databases:

      mysql> GRANT ALL PRIVILEGES ON <DATABASENAME>.* TO '<USERNAME>'@'%';
      mysql> GRANT NDB_STORED_USER ON *.* TO '<USERNAME>'@'%';   
      mysql> FLUSH PRIVILEGES;

      Example with sample output:

      mysql> GRANT ALL PRIVILEGES ON nfdatabase.* TO 'NFUSER'@'%';
      Query OK, 0 rows affected (0.01 sec)
      mysql> GRANT NDB_STORED_USER ON *.* TO 'NFUSER'@'%';
      Query OK, 0 rows affected (0.13 sec)
      mysql> FLUSH PRIVILEGES;
      Query OK, 0 rows affected (0.01 sec)

   5. Turn on the binlogging on the same ndbappmysqld pod before you exit from the session:

      mysql>SET sql_log_bin = ON;

      Sample output:

      Query OK, 0 rows affected (0.00 sec)

   6. Exit the session:

      $ mysql> exit;

      Note:

      For a specific use case to create user and grant privilege, check with the with the respective NFs.