Skip to Content

Enable root user on Rackspace MySQL Cloud Database

Posted on

We work a lot with Rackspace Cloud Databases but the root user is disabled by default.

More often than not we require access as root to our MySQL instances. In most cases this is needed to fine-tune user permissions.

This can’t be done through the Rackspace Cloud portal, but it is possible using their API. Please note that by enabling the root user, Rackspace support might no longer be unable to support your database if you make changes to the core MySQL configuration.

Before you get started, make sure you install jq. I’m using this tool to filter the JSON responses in the commands below.

Gather data

First, we need to know our username and API key. You can find those on account.rackspace.com by going to My Profile & Settings. Let’s store them in environment variables to easily reuse them in our commands:

export RACKSPACE_USER=steven
export RACKSPACE_KEY=abc123..

We also need to know the region our database is in:

export RACKSPACE_REGION=ORD

Get an access token

To get started, we first need to obtain an access token. We’ll send an authentication request and store the result in a temporary file:

curl https://identity.api.rackspacecloud.com/v2.0/tokens \
    -X POST \
    -H "Content-type: application/json" \
    -d "{\"auth\":{\"RAX-KSKEY:apiKeyCredentials\":{\"username\":\"$RACKSPACE_USER\",\"apiKey\":\"$RACKSPACE_KEY\"}}}" \
    > /tmp/response.json

Using the jq command, we’ll extract the values we need:

cat /tmp/response.json | \
  jq '{token: .access.token.id, url: .access.serviceCatalog[] | select(.name=="cloudDatabases") | .endpoints[] | select(.region==env.RACKSPACE_REGION) | .publicURL}'

The resulting JSON object should contain your access token, along with the API endpoint to use:

{  
   "token": "AABd8...6zsFo",  
   "url": "https://ord.databases.api.rackspacecloud.com/v1.0/12345"  
}

Let’s store these values as environment variables for later use:

export RACKSPACE_TOKEN=`cat /tmp/response.json | jq --raw-output '.access.token.id'`
export RACKSPACE_URL=`cat /tmp/response.json | jq --raw-output '.access.serviceCatalog[] | select(.name=="cloudDatabases") | .endpoints[] | select(.region==env.RACKSPACE_REGION) | .publicURL'`

Find the database ID

You can use the API to get the list of databases to find the ID, or you can simply copy the identifier from the Rackspace Cloud portal (look for UUID).

Assuming your database name is mydatabase, you can use the following command to query the API and filter the response using jq:

curl \
  -H "X-Auth-Token: $RACKSPACE_TOKEN" \
  -H 'Content-Type: application/json' \
  "$RACKSPACE_URL/instances" \
  | jq '.instances[] | select(.name=="mydatabase") | .id'

Store the ID in an environment variable:

export RACKSPACE_DB_ID=abc123..

Enable the root user

By sending a POST request to the /root end-point, the API will both enable the root user and generate a new password:

curl \
  -X POST \
  -H "X-Auth-Token: $RACKSPACE_TOKEN" \
  -H 'Content-Type: application/json' \
  "$RACKSPACE_URL/instances/$RACKSPACE_DB_ID/root" | jq

You will get a newly generated root password in return:

{
  "user": {
    "password": "abc123..",
    "name": "root"
  }
}

To generate a new password, simply submit another POST request.

Verify

Double check root access is now enabled by sending a GET request to the same URL:

curl \
  -H "X-Auth-Token: $RACKSPACE_TOKEN" \
  -H 'Content-Type: application/json' \
  "$RACKSPACE_URL/instances/$RACKSPACE_DB_ID/root" | jq

You should see the following response:

{
  "rootEnabled": true
}

Store your password in a secure place and connect as root to make the required changes to your database configuration.

comments powered by Disqus