Our organization is migrating our Prod and DMZ servers from 2008 R2 servers (EoL) to 2016 servers. We're starting by migrating our DB to the new Prod server, and was able to get that working; however, it was not talking to our current DMZ server, which should be a firewall issue, which I believe is resolved, when we open 3306 (the change had to be reverted for time).
My question is, ? I've looked at the server.xml files, I've looked at all the configs, and can't seem to find what links the two. Is it just the keystore files? I did a test reinstall of JSS on our DMZ server to try to get back to the initial setup screen. It prompted me to connect to Localhost, but that's not where the DB is, and was not able to get past the configuration screen of the first run.
Any help would be appreciated.
@notverypc is right...DataBase.xml is where you specify.
Are you running your MySQL instance on a separate server or on your production JSS?
Whichever one, You will need to drop into MySQL command line, setup a user for MySQL for your DMZ instance and grant permission to the database. The commands are specified in the installation guide, but you will want to run your grant command for ‘<yourdbuser>>@<<ipaddressofyourmysqlinstance>’ in addition to the one you already ran For your production database
It doesn’t necessarily need a “grant all” but it does need the ability to “modify” the database. I use the term “modify” loosely because that may well be a permission key and I don’t want to confuse the word with what is actually needed.
You will need the ability to “create” and “change” records given that you are allowing enrollment at a minimum.
The link above lists the actual syntax of permissions you can grant with MySQL 5.7...I would pay a friendly call to Jamf to confirm what is formally required for the limited DMZ instance to function. Most Jamf documentation does a “grant all.”
I'ts as I said earlier....
mysql -u root -p
Mysql> GRANT INSERT, SELECT, UPDATE, DELETE, LOCK TABLES ON <your database>.* TO ‘<dmz username>’@’<dmz ip address>’ IDENTIFIED BY ‘<password>’;
That's exactly the command you need to run on the Database. Been doin this for years in clustered env.