# MySql

This page contains the setup guide and reference information for the MySql source connector.

• Make sure that your Mysql database is up and running
• Create a dedicated read-only user with access to all tables needed.

This is dependent on your networking setup with Mysql database.

This step is optional but highly recommended to allow for better permission control and auditing. Alternatively, you can connect with an existing user in your database.

To create a dedicated database user, run the following commands against your database:

 CREATE USER 'demo_user'@'%' IDENTIFIED BY 'your_password_here';

So, demo_user is created. Now you have to grant some permission so that we can access data.

 GRANT SELECT, RELOAD ON <database name> TO 'demo_user'@'%';

Mysql supports different types of permission. See the official documentation of Mysql

We also support connection to a MySQl instance via an SSH Tunnel. The reason you might want to do this because it is not possible (or against security policy) to connect to the database directly (e.g. it does not have a public IP address).

When using an SSH tunnel, you are configuring Kursaha server to connect to an intermediate server (a.k.a. a bastion sever) that does have direct access to the database. Kursaha server connects to the bastion and then asks the bastion to connect directly to the server.

Using this feature requires additional configuration, when creating the source. We will talk through what each piece of configuration means.

• Configure all fields for the source as you normally would, except SSH Tunnel Method.
• SSH Tunnel Method defaults to No Tunnel (meaning a direct connection). If you want to use an SSH Tunnel choose SSH Key Authentication or Password Authentication.

• Choose Key Authentication if you will be using an RSA private key as your secret for establishing the SSH Tunnel (see below for more information on generating this key).
• If you are using SSH Key Authentication, then SSH Private Key should be set to the RSA Private Key that you are using to create the SSH connection. This should be the full contents of the key file starting with -----BEGIN RSA PRIVATE KEY----- and ending with -----END RSA PRIVATE KEY-----.

The connector expects an RSA key in PEM format. To generate this key:

ssh-keygen -t rsa -m PEM -f myuser_rsa

This produces the private key in pem format, and the public key remains in the standard format used by the authorized_keys file on your bastion host. The public key should be added to your bastion host to whichever user you want to use with Datasource. The private key is provided via copy-and-paste to the Datasource configuration screen, so it may log in to the bastion.

• Choose Password Authentication if you will be using a password as your secret for establishing the SSH Tunnel.
• If you are using Password Authentication, then SSH Login Username should be set to the password of the User from the previous step. If you are using SSH Key Authentication leave this blank. Again, this is not the MySQl password, but the password for the OS-user that Kursaha server is using to perform commands on the bastion.