1 (edited by ilijamt 2019-03-28 07:57:05)

Topic: Using external MySQL instance

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? yes
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I'm trying to install with an external MySQL (Percona 8.0) that is running group replication in a multi master mode.

export MYSQL_FRESH_INSTALLATION='NO'
export MYSQL_SERVER='172.16.0.14'
export MYSQL_PORT='3306'              
export MYSQL_SOCKET='/var/lib/mysql/mysql.sock'
export MYSQL_ROOT_USER='iredmail'      
export MYSQL_ROOT_PASSWD='bigpassword'

And running the installer still installs MySQL on my local machine, and because the user doesn't exist the whole installation crashes.

Is there an easy way to not install MySQL server on the local machine and just use an external MySQL instance?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by ilijamt 2019-03-28 07:56:51)

Re: Using external MySQL instance

Using the following parameters got me somewhere but still I have an issue with logging in to the MySQL server

export USE_EXISTING_MYSQL='YES'
export MYSQL_SERVER_ADDRESS='172.16.0.14'
export MYSQL_SERVER_PORT='3306'              
export MYSQL_ROOT_USER='iredmail'      
export MYSQL_ROOT_PASSWD='bigpassword'
export MYSQL_GRANT_HOST='%'

Now I'm greeted with errors like this.

ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory

I will try and create a user with standard authentication and try it like that.

3

Re: Using external MySQL instance

The user has been created with standard authentication, and verified that I can login to the user and that the user has all possible privileges.

export USE_EXISTING_MYSQL='YES'
export BACKEND_ORIG='MYSQL'
export MYSQL_SERVER_ADDRESS='172.16.0.14'
export MYSQL_SERVER_PORT='3306'              
export MYSQL_ROOT_USER='iredmail'      
export MYSQL_ROOT_PASSWD='bigpassword'
export MYSQL_GRANT_HOST='%'
ERROR 1044 (42000) at line 3 in file: '/opt/iRedMail-0.9.9/runtime/remote_grant_permission.sql': Access denied for user 'iredmail'@'%' to database 'mysql'
ERROR 1045 (28000) at line 6 in file: '/opt/iRedMail-0.9.9/runtime/remote_grant_permission.sql': Access denied for user 'iredmail'@'%' (using password: YES)
ERROR 1227 (42000) at line 9 in file: '/opt/iRedMail-0.9.9/runtime/remote_grant_permission.sql': Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
ERROR 1044 (42000) at line 2 in file: '/opt/iRedMail-0.9.9/samples/mysql/sql/delete_anonymous_user.sql': Access denied for user 'iredmail'@'%' to database 'mysql'
ERROR 1046 (3D000) at line 4 in file: '/opt/iRedMail-0.9.9/samples/mysql/sql/delete_anonymous_user.sql': No database selected
ERROR 1046 (3D000) at line 5 in file: '/opt/iRedMail-0.9.9/samples/mysql/sql/delete_anonymous_user.sql': No database selected
ERROR 1227 (42000) at line 7 in file: '/opt/iRedMail-0.9.9/samples/mysql/sql/delete_anonymous_user.sql': Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
ERROR 1142 (42000) at line 1: SELECT command denied to user 'iredmail'@'172.16.0.14' for table 'user'
ERROR 1142 (42000) at line 1: SELECT command denied to user 'iredmail'@'172.16.0.14' for table 'user'
ERROR 1044 (42000) at line 2 in file: '/opt/iRedMail-0.9.9/runtime/init_vmail_db.sql': Access denied for user 'iredmail'@'%' to database 'vmail'
ERROR 1064 (42000) at line 5 in file: '/opt/iRedMail-0.9.9/runtime/init_vmail_db.sql': You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY 'uUF8ImUmlA6744AYQf6xZ1svbJBjK4'' at line 1
ERROR 1064 (42000) at line 7 in file: '/opt/iRedMail-0.9.9/runtime/init_vmail_db.sql': You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY 'Hs6Tdv7S2bI6EfUL1y8jZE29rV5b8m'' at line 1
ERROR 1227 (42000) at line 10 in file: '/opt/iRedMail-0.9.9/runtime/init_vmail_db.sql': Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
ERROR 1044 (42000) at line 24 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': Access denied for user 'iredmail'@'%' to database 'vmail'
ERROR 1046 (3D000) at line 29 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 50 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 66 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 82 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 109 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 140 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 154 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1064 (42000) at line 170 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rank VARCHAR(255) NOT NULL DEFAULT 'normal',
    employeeid VARCHAR(255) DEFAULT' at line 20
ERROR 1046 (3D000) at line 267 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 301 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 318 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 335 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 354 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 374 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 383 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 410 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 419 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 430 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1046 (3D000) at line 444 in file: '/opt/iRedMail-0.9.9/runtime/iredmail.sql': No database selected
ERROR 1044 (42000) at line 1 in file: '/opt/iRedMail-0.9.9/runtime/add_first_domain_and_user.sql': Access denied for user 'iredmail'@'%' to database 'vmail'
ERROR 1046 (3D000) at line 4 in file: '/opt/iRedMail-0.9.9/runtime/add_first_domain_and_user.sql': No database selected
ERROR 1046 (3D000) at line 8 in file: '/opt/iRedMail-0.9.9/runtime/add_first_domain_and_user.sql': No database selected
ERROR 1046 (3D000) at line 27 in file: '/opt/iRedMail-0.9.9/runtime/add_first_domain_and_user.sql': No database selected
ERROR 1046 (3D000) at line 31 in file: '/opt/iRedMail-0.9.9/runtime/add_first_domain_and_user.sql': No database selected

4

Re: Using external MySQL instance

So I've narrowed down the problem to only these 3 files, they need to be patched/updated to work with the latest version. Will do it tomorrow when I have time.

patch:
* ./samples/iredmail/iredmail.mysql (rank is a reserved word)
* ./samples/mysql/sql/remote_grant_permission.sql (doesn't work anymore)
* ./samples/mysql/sql/init_vmail_db.sql (doesn't work anymore)

5

Re: Using external MySQL instance

So the fixes turned out to be way bigger. But I finally managed to get everything working.

How do I get my changes merged into the working tree?

6

Re: Using external MySQL instance

Did you get a patch for iRedMail-0.9.9?

7 (edited by ilijamt 2019-03-29 20:27:36)

Re: Using external MySQL instance

Yes here is the patch I built for this to work.

Can you take a look at what I've done and tell me if I overlooked something, currently I've managed to run it and installation is working properly.

export USE_EXISTING_MYSQL='YES'
export USE_MYSQL_CREATE_USER='YES'
export MYSQL_SERVER_ADDRESS='172.16.0.14'
export MYSQL_SERVER_PORT='3306'              
export MYSQL_ROOT_USER='iredmail'      
export MYSQL_ROOT_PASSWD='bigpassword'
export MYSQL_GRANT_HOST='%'

The diff is against the download version of 0.9.9 https://bitbucket.org/zhb/iredmail/down … .9.tar.bz2

diff --git a/conf/global b/conf/global
index e354bad..0ca86f8 100644
--- a/conf/global
+++ b/conf/global
@@ -74,6 +74,11 @@ export MYSQL_ROOT_USER="${MYSQL_ROOT_USER:=root}"
 
 # Use existing MySQL server, no matter it's local or remote.
 export USE_EXISTING_MYSQL="${USE_EXISTING_MYSQL:=NO}"
+
+# Create a MySQL user, as some of the latest version don't allow you to use
+# IDENTIFIED BY
+export USE_MYSQL_CREATE_USER="${USE_MYSQL_CREATE_USER:=NO}"
+
 # Create required SQL databases and records for applications
 # Should be set to NO if you're installing iRedMail with a MySQL cluster, and
 # you're installing on second or later nodes.
diff --git a/functions/amavisd.sh b/functions/amavisd.sh
index 29757d8..757614f 100644
--- a/functions/amavisd.sh
+++ b/functions/amavisd.sh
@@ -33,17 +33,29 @@ amavisd_initialize_db()
 -- Create database
 CREATE DATABASE ${AMAVISD_DB_NAME} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 
--- Grant privileges
-GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${AMAVISD_DB_PASSWD}';
--- GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${AMAVISD_DB_PASSWD}';
-
 -- Import Amavisd SQL template
 USE ${AMAVISD_DB_NAME};
 SOURCE ${AMAVISD_DB_MYSQL_TMPL};
 SOURCE ${SAMPLE_DIR}/amavisd/default_spam_policy.sql;
+EOF
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} <<EOF
+-- Grant privileges
+CREATE USER IF NOT EXISTS '${AMAVISD_DB_NAME}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${AMAVISD_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${AMAVISD_DB_NAME}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${AMAVISD_DB_PASSWD}';
+GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${MYSQL_GRANT_HOST}';
 FLUSH PRIVILEGES;
 EOF
+        else
+            ${MYSQL_CLIENT_ROOT} <<EOF
+-- Grant privileges
+GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${AMAVISD_DB_PASSWD}';
+-- GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${AMAVISD_DB_PASSWD}';
+FLUSH PRIVILEGES;
+EOF
+        fi
 
         # Generate .my.cnf file
         cat > /root/.my.cnf-${AMAVISD_DB_USER} <<EOF
diff --git a/functions/iredadmin.sh b/functions/iredadmin.sh
index a23bac1..2541a3d 100644
--- a/functions/iredadmin.sh
+++ b/functions/iredadmin.sh
@@ -72,10 +72,24 @@ CREATE DATABASE IF NOT EXISTS ${IREDADMIN_DB_NAME} DEFAULT CHARACTER SET utf8 CO
 # Import SQL template.
 USE ${IREDADMIN_DB_NAME};
 SOURCE ${IREDADMIN_HTTPD_ROOT}/SQL/iredadmin.mysql;
+EOF
+
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} <<EOF
+-- Grant privileges
+CREATE USER IF NOT EXISTS '${IREDADMIN_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${IREDADMIN_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${IREDADMIN_DB_USER}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${IREDADMIN_DB_PASSWD}';
+GRANT ALL ON ${IREDADMIN_DB_NAME}.* TO '${IREDADMIN_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT ALL ON ${IREDADMIN_DB_NAME}.* TO '${IREDADMIN_DB_USER}'@'${HOSTNAME}';
+FLUSH PRIVILEGES;
+EOF
+        else
+            ${MYSQL_CLIENT_ROOT} <<EOF
 GRANT ALL ON ${IREDADMIN_DB_NAME}.* TO '${IREDADMIN_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${IREDADMIN_DB_PASSWD}';
 -- GRANT ALL ON ${IREDADMIN_DB_NAME}.* TO '${IREDADMIN_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${IREDADMIN_DB_PASSWD}';
 FLUSH PRIVILEGES;
 EOF
+        fi
 
         # Generate .my.cnf file
         cat > /root/.my.cnf-${IREDADMIN_DB_USER} <<EOF
diff --git a/functions/iredapd.sh b/functions/iredapd.sh
index e8fbbe4..d52f90d 100644
--- a/functions/iredapd.sh
+++ b/functions/iredapd.sh
@@ -90,9 +90,6 @@ CREATE DATABASE IF NOT EXISTS ${IREDAPD_DB_NAME} DEFAULT CHARACTER SET utf8 COLL
 -- Import SQL template.
 USE ${IREDAPD_DB_NAME};
 SOURCE ${IREDAPD_ROOT_DIR_SYMBOL_LINK}/SQL/iredapd.mysql;
-GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${IREDAPD_DB_PASSWD}';
--- GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${IREDAPD_DB_PASSWD}';
-FLUSH PRIVILEGES;
 
 -- Enable greylisting by default.
 SOURCE ${IREDAPD_ROOT_DIR_SYMBOL_LINK}/SQL/enable_global_greylisting.sql;
@@ -104,6 +101,23 @@ SOURCE ${IREDAPD_ROOT_DIR_SYMBOL_LINK}/SQL/greylisting_whitelist_domains.sql;
 SOURCE ${IREDAPD_ROOT_DIR_SYMBOL_LINK}/SQL/wblist_rdns.sql;
 EOF
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} <<EOF
+    -- Grant privileges
+CREATE USER IF NOT EXISTS '${IREDAPD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${IREDAPD_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${IREDAPD_DB_USER}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${IREDAPD_DB_PASSWD}';
+GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT ALL ON '${IREDAPD_DB_NAME}'.* TO '${IREDAPD_DB_USER}'@'${HOSTNAME}';
+FLUSH PRIVILEGES;
+EOF
+        else
+            ${MYSQL_CLIENT_ROOT} <<EOF
+GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${IREDAPD_DB_PASSWD}';
+-- GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${IREDAPD_DB_PASSWD}';
+FLUSH PRIVILEGES;
+EOF
+        fi
+
         # Generate .my.cnf file
         cat > /root/.my.cnf-${IREDAPD_DB_USER} <<EOF
 [client]
diff --git a/functions/mysql.sh b/functions/mysql.sh
index 4f0cff8..1ad1f7b 100644
--- a/functions/mysql.sh
+++ b/functions/mysql.sh
@@ -208,7 +208,12 @@ mysql_grant_permission_on_remote_server()
     if [ X"${USE_EXISTING_MYSQL}" == X'YES' -a X"${MYSQL_SERVER_ADDRESS}" != X'127.0.0.1' ]; then
         ECHO_DEBUG "Grant access privilege to ${MYSQL_ROOT_USER}@${MYSQL_GRANT_HOST} ..."
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            cp -f ${SAMPLE_DIR}/mysql/sql/remote_grant_permission_user.sql ${RUNTIME_DIR}/remote_grant_permission.sql
+        else
             cp -f ${SAMPLE_DIR}/mysql/sql/remote_grant_permission.sql ${RUNTIME_DIR}/
+        fi
+
         perl -pi -e 's#PH_MYSQL_ROOT_USER#$ENV{MYSQL_ROOT_USER}#g' ${RUNTIME_DIR}/remote_grant_permission.sql
         perl -pi -e 's#PH_MYSQL_GRANT_HOST#$ENV{MYSQL_GRANT_HOST}#g' ${RUNTIME_DIR}/remote_grant_permission.sql
         perl -pi -e 's#PH_HOSTNAME#$ENV{HOSTNAME}#g' ${RUNTIME_DIR}/remote_grant_permission.sql
@@ -250,7 +255,12 @@ mysql_remove_insecure_data()
 mysql_import_vmail_users()
 {
     ECHO_DEBUG "Generate sample SQL templates."
+    if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+        cp -f ${SAMPLE_DIR}/mysql/sql/init_vmail_db_user.sql ${RUNTIME_DIR}/init_vmail_db.sql
+    else
         cp -f ${SAMPLE_DIR}/mysql/sql/init_vmail_db.sql ${RUNTIME_DIR}/
+    fi
+
     cp -f ${SAMPLE_DIR}/iredmail/iredmail.mysql ${RUNTIME_DIR}/iredmail.sql
     cp -f ${SAMPLE_DIR}/mysql/sql/add_first_domain_and_user.sql ${RUNTIME_DIR}/
 
diff --git a/functions/netdata.sh b/functions/netdata.sh
index 9b3fe47..5c31193 100644
--- a/functions/netdata.sh
+++ b/functions/netdata.sh
@@ -90,10 +90,18 @@ netdata_module_config()
     # MySQL & PostgreSQL
     if [ X"${BACKEND}" == X'OPENLDAP' -o X"${BACKEND}" == X'MYSQL' ]; then
         ECHO_DEBUG "Create MySQL user ${NETDATA_DB_USER} with minimal privilege: USAGE."
+        if [ X"${USE_EXISTING_MYSQL}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} >> ${INSTALL_LOG} 2>&1 <<EOF
+CREATE USER IF NOT EXISTS '${NETDATA_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${NETDATA_DB_PASSWD}';
+GRANT USAGE ON *.* TO ${NETDATA_DB_USER}@${MYSQL_GRANT_HOST};
+FLUSH PRIVILEGES;
+EOF
+        else
             ${MYSQL_CLIENT_ROOT} >> ${INSTALL_LOG} 2>&1 <<EOF
 GRANT USAGE ON *.* TO ${NETDATA_DB_USER}@${MYSQL_GRANT_HOST} IDENTIFIED BY '${NETDATA_DB_PASSWD}';
 FLUSH PRIVILEGES;
 EOF
+        fi
 
         ECHO_DEBUG "Generate ${NETDATA_CONF_PLUGIN_MYSQL}."
         backup_file ${NETDATA_CONF_PLUGIN_MYSQL}
diff --git a/functions/roundcubemail.sh b/functions/roundcubemail.sh
index b845e81..2fe3613 100644
--- a/functions/roundcubemail.sh
+++ b/functions/roundcubemail.sh
@@ -42,8 +42,6 @@ rcm_initialize_db()
         ${MYSQL_CLIENT_ROOT} <<EOF
 -- Create database and grant privileges
 CREATE DATABASE ${RCM_DB_NAME} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
-GRANT ALL ON ${RCM_DB_NAME}.* TO "${RCM_DB_USER}"@"${MYSQL_GRANT_HOST}" IDENTIFIED BY '${RCM_DB_PASSWD}';
--- GRANT ALL ON ${RCM_DB_NAME}.* TO "${RCM_DB_USER}"@"${HOSTNAME}" IDENTIFIED BY '${RCM_DB_PASSWD}';
 
 -- Import Roundcubemail SQL template
 USE ${RCM_DB_NAME};
@@ -52,6 +50,22 @@ SOURCE ${RCM_HTTPD_ROOT}/SQL/mysql.initial.sql;
 FLUSH PRIVILEGES;
 EOF
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} <<EOF
+-- Grant privileges
+CREATE USER IF NOT EXISTS '${RCM_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${RCM_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${RCM_DB_USER}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${RCM_DB_PASSWD}';
+GRANT ALL ON ${RCM_DB_NAME}.* TO '${RCM_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT ALL ON ${RCM_DB_NAME}.* TO '${RCM_DB_USER}'@'${HOSTNAME}';
+FLUSH PRIVILEGES;
+EOF
+        else
+            ${MYSQL_CLIENT_ROOT} <<EOF
+GRANT ALL ON ${RCM_DB_NAME}.* TO "${RCM_DB_USER}"@"${MYSQL_GRANT_HOST}" IDENTIFIED BY '${RCM_DB_PASSWD}';
+-- GRANT ALL ON ${RCM_DB_NAME}.* TO "${RCM_DB_USER}"@"${HOSTNAME}" IDENTIFIED BY '${RCM_DB_PASSWD}';
+EOF
+        fi
+
         # Generate .my.cnf file
         cat > /root/.my.cnf-${RCM_DB_USER} <<EOF
 [client]
diff --git a/functions/sogo.sh b/functions/sogo.sh
index 6cf538b..9293d34 100644
--- a/functions/sogo.sh
+++ b/functions/sogo.sh
@@ -34,15 +34,27 @@ sogo_initialize_db()
 CREATE DATABASE ${SOGO_DB_NAME} CHARSET='UTF8';
 EOF
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+        cat >> ${tmp_sql} <<EOF
+    -- Grant privileges
+CREATE USER IF NOT EXISTS '${SOGO_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${SOGO_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${SOGO_DB_USER}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${SOGO_DB_PASSWD}';
+GRANT ALL ON ${SOGO_DB_NAME}.* TO '${SOGO_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT ALL ON ${SOGO_DB_NAME}.* TO '${SOGO_DB_USER}'@'${HOSTNAME}';
+FLUSH PRIVILEGES;
+EOF
+        else
         cat >> ${tmp_sql} <<EOF
 GRANT ALL ON ${SOGO_DB_NAME}.* TO ${SOGO_DB_USER}@"${MYSQL_GRANT_HOST}" IDENTIFIED BY "${SOGO_DB_PASSWD}";
 -- GRANT ALL ON ${SOGO_DB_NAME}.* TO ${SOGO_DB_USER}@"${HOSTNAME}" IDENTIFIED BY "${SOGO_DB_PASSWD}";
 EOF
+        fi
+
 
         if [ X"${BACKEND}" == X'MYSQL' ]; then
             cat >> ${tmp_sql} <<EOF
-GRANT SELECT ON ${VMAIL_DB_NAME}.mailbox TO ${SOGO_DB_USER}@"${MYSQL_GRANT_HOST}";
--- GRANT SELECT ON ${VMAIL_DB_NAME}.mailbox TO ${SOGO_DB_USER}@"${HOSTNAME}";
+GRANT SELECT ON ${VMAIL_DB_NAME}.mailbox TO ${SOGO_DB_USER}@'${MYSQL_GRANT_HOST}';
+-- GRANT SELECT ON ${VMAIL_DB_NAME}.mailbox TO ${SOGO_DB_USER}@'${HOSTNAME}';
 CREATE VIEW ${SOGO_DB_NAME}.${SOGO_DB_VIEW_AUTH} (c_uid, c_name, c_password, c_cn, mail, domain) AS SELECT username, name, password, name, username, domain FROM ${VMAIL_DB_NAME}.mailbox WHERE enablesogo=1 AND active=1;
 EOF
         fi
diff --git a/samples/iredmail/iredmail.mysql b/samples/iredmail/iredmail.mysql
index f176528..5fe7427 100644
--- a/samples/iredmail/iredmail.mysql
+++ b/samples/iredmail/iredmail.mysql
@@ -186,7 +186,7 @@ CREATE TABLE IF NOT EXISTS mailbox (
     domain VARCHAR(255) NOT NULL DEFAULT '',
     transport VARCHAR(255) NOT NULL DEFAULT '',
     department VARCHAR(255) NOT NULL DEFAULT '',
-    rank VARCHAR(255) NOT NULL DEFAULT 'normal',
+    `rank` VARCHAR(255) NOT NULL DEFAULT 'normal',
     employeeid VARCHAR(255) DEFAULT '',
     isadmin TINYINT(1) NOT NULL DEFAULT 0,
     isglobaladmin TINYINT(1) NOT NULL DEFAULT 0,
@@ -434,7 +434,7 @@ CREATE TABLE IF NOT EXISTS `used_quota` (
     `domain` VARCHAR(255) NOT NULL DEFAULT '',
     PRIMARY KEY (`username`),
     INDEX (domain)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- Trigger `used_quota_before_insert` is used to set `used_quota.domain`.
 -- NOTE: `used_quota.domain` is not used by Dovecot, but used in iRedAdmin to
diff --git a/samples/mysql/sql/init_vmail_db_user.sql b/samples/mysql/sql/init_vmail_db_user.sql
new file mode 100644
index 0000000..91aa76b
--- /dev/null
+++ b/samples/mysql/sql/init_vmail_db_user.sql
@@ -0,0 +1,22 @@
+-- Create database for virtual hosts
+CREATE SCHEMA IF NOT EXISTS `PH_VMAIL_DB_NAME` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+
+-- START Permissions: PH_VMAIL_DB_BIND_USER
+
+CREATE USER IF NOT EXISTS 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST' IDENTIFIED WITH mysql_native_password BY 'PH_VMAIL_DB_BIND_PASSWD';
+-- CREATE USER IF NOT EXISTS 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST' IDENTIFIED WITH mysql_native_password BY 'PH_VMAIL_DB_BIND_PASSWD';
+GRANT SELECT ON `PH_VMAIL_DB_NAME`.* TO 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST';
+-- GRANT SELECT ON 'PH_VMAIL_DB_NAME'.* TO 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST';
+
+-- END Permissions: PH_VMAIL_DB_BIND_USER
+
+-- START Permissions: PH_VMAIL_DB_ADMIN_USER
+
+CREATE USER IF NOT EXISTS 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST' IDENTIFIED WITH mysql_native_password BY 'PH_VMAIL_DB_ADMIN_PASSWD';
+-- CREATE USER IF NOT EXISTS 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST' IDENTIFIED WITH mysql_native_password BY 'PH_VMAIL_DB_ADMIN_PASSWD';
+GRANT SELECT ON `PH_VMAIL_DB_NAME`.* TO 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST';
+-- GRANT SELECT ON 'PH_VMAIL_DB_NAME'.* TO 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST';
+
+-- END Permissions: PH_VMAIL_DB_ADMIN_USER
+
+FLUSH PRIVILEGES;
diff --git a/samples/mysql/sql/remote_grant_permission_user.sql b/samples/mysql/sql/remote_grant_permission_user.sql
new file mode 100644
index 0000000..c1ad391
--- /dev/null
+++ b/samples/mysql/sql/remote_grant_permission_user.sql
@@ -0,0 +1,10 @@
+-- Grant access privilege to ${MYSQL_ROOT_USER}@${MYSQL_GRANT_HOST} ...'
+
+USE mysql;
+
+-- Allow access from MYSQL_GRANT_HOST with password
+
+GRANT ALL PRIVILEGES ON *.* TO 'PH_MYSQL_ROOT_USER'@'PH_MYSQL_GRANT_HOST' WITH GRANT OPTION;
+-- GRANT ALL PRIVILEGES ON *.* TO 'PH_MYSQL_ROOT_USER'@'PH_MYSQL_GRANT_HOST' WITH GRANT OPTION;
+
+FLUSH PRIVILEGES;

8

Re: Using external MySQL instance

Hello ZhangHuangbin's

Can you tell me what are the implication of modifying the iredadmin tables, so they are compliant with group replication?

These are the tables that need a primary key to be able to work with group replication.

iredadmin.deleted_mailboxes
iredadmin.log
iredadmin.updatelog
ALTER TABLE `iredadmin`.`deleted_mailboxes` 
ADD PRIMARY KEY (`id`);
;

ALTER TABLE `iredadmin`.`log` 
ADD PRIMARY KEY (`id`);
;

ALTER TABLE `iredadmin`.`updatelog` 
ADD PRIMARY KEY (`id`);
;

More databases to follow

9

Re: Using external MySQL instance

Here are the full changes required.

-- iredadmin

ALTER TABLE `iredadmin`.`deleted_mailboxes` 
ADD PRIMARY KEY (`id`);
;

ALTER TABLE `iredadmin`.`updatelog` 
ADD PRIMARY KEY (`id`);
;

ALTER TABLE `iredadmin`.`log` 
ADD PRIMARY KEY (`id`);
;


-- RoundCube

ALTER TABLE `roundcubemail`.`cache_index` 
DROP FOREIGN KEY `user_id_fk_cache_index`;
ALTER TABLE `roundcubemail`.`cache_index` 
ADD CONSTRAINT `user_id_fk_cache_index`
  FOREIGN KEY (`user_id`)
  REFERENCES `roundcubemail`.`users` (`user_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

ALTER TABLE `roundcubemail`.`cache` 
DROP FOREIGN KEY `user_id_fk_cache`;
ALTER TABLE `roundcubemail`.`cache` 
ADD CONSTRAINT `user_id_fk_cache`
  FOREIGN KEY (`user_id`)
  REFERENCES `roundcubemail`.`users` (`user_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

ALTER TABLE `roundcubemail`.`cache_messages` 
DROP FOREIGN KEY `user_id_fk_cache_messages`;
ALTER TABLE `roundcubemail`.`cache_messages` 
ADD CONSTRAINT `user_id_fk_cache_messages`
  FOREIGN KEY (`user_id`)
  REFERENCES `roundcubemail`.`users` (`user_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

ALTER TABLE `roundcubemail`.`cache_thread` 
DROP FOREIGN KEY `user_id_fk_cache_thread`;
ALTER TABLE `roundcubemail`.`cache_thread` 
ADD CONSTRAINT `user_id_fk_cache_thread`
  FOREIGN KEY (`user_id`)
  REFERENCES `roundcubemail`.`users` (`user_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

ALTER TABLE `roundcubemail`.`contactgroupmembers` 
DROP FOREIGN KEY `contact_id_fk_contacts`,
DROP FOREIGN KEY `contactgroup_id_fk_contactgroups`;
ALTER TABLE `roundcubemail`.`contactgroupmembers` 
ADD CONSTRAINT `contact_id_fk_contacts`
  FOREIGN KEY (`contact_id`)
  REFERENCES `roundcubemail`.`contacts` (`contact_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION,
ADD CONSTRAINT `contactgroup_id_fk_contactgroups`
  FOREIGN KEY (`contactgroup_id`)
  REFERENCES `roundcubemail`.`contactgroups` (`contactgroup_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

ALTER TABLE `roundcubemail`.`contactgroups` 
DROP FOREIGN KEY `user_id_fk_contactgroups`;
ALTER TABLE `roundcubemail`.`contactgroups` 
ADD CONSTRAINT `user_id_fk_contactgroups`
  FOREIGN KEY (`user_id`)
  REFERENCES `roundcubemail`.`users` (`user_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

ALTER TABLE `roundcubemail`.`contacts` 
DROP FOREIGN KEY `user_id_fk_contacts`;
ALTER TABLE `roundcubemail`.`contacts` 
ADD CONSTRAINT `user_id_fk_contacts`
  FOREIGN KEY (`user_id`)
  REFERENCES `roundcubemail`.`users` (`user_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

ALTER TABLE `roundcubemail`.`dictionary` 
DROP FOREIGN KEY `user_id_fk_dictionary`;
ALTER TABLE `roundcubemail`.`dictionary` 
ADD CONSTRAINT `user_id_fk_dictionary`
  FOREIGN KEY (`user_id`)
  REFERENCES `roundcubemail`.`users` (`user_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

ALTER TABLE `roundcubemail`.`identities` 
DROP FOREIGN KEY `user_id_fk_identities`;
ALTER TABLE `roundcubemail`.`identities` 
ADD CONSTRAINT `user_id_fk_identities`
  FOREIGN KEY (`user_id`)
  REFERENCES `roundcubemail`.`users` (`user_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

ALTER TABLE `roundcubemail`.`searches` 
DROP FOREIGN KEY `user_id_fk_searches`;
ALTER TABLE `roundcubemail`.`searches` 
ADD CONSTRAINT `user_id_fk_searches`
  FOREIGN KEY (`user_id`)
  REFERENCES `roundcubemail`.`users` (`user_id`)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION;

-- Sogo

ALTER TABLE `sogo`.`sogo_acl` 
ADD COLUMN `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT FIRST,
ADD PRIMARY KEY (`id`);
;

ALTER TABLE `sogo`.`sogo_alarms_folder` 
ADD COLUMN `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT FIRST,
ADD PRIMARY KEY (`id`);
;

-- vmail

ALTER TABLE `vmail`.`deleted_mailboxes` 
ADD PRIMARY KEY (`id`);
;

10

Re: Using external MySQL instance

- For "iredadmin" and "vmail" databases, it's ok. I will merge this change and the `rank` one.
- Not sure about "roundcube" and "sogo" because it's not developed by us and may need time to dive into this. I suggest posting to their mailing lists or issue trackers to ask them to add them.

11

Re: Using external MySQL instance

Perfect thanks for the SQL changes, but what about the code changes to make it work with group replication on MySQL?

I tried to open a PR but I get Access Denied on your repo.

12

Re: Using external MySQL instance

Here is an upto date patch against 0.9.9

diff --git a/conf/global b/conf/global
index e354bad..0ca86f8 100644
--- a/conf/global
+++ b/conf/global
@@ -74,6 +74,11 @@ export MYSQL_ROOT_USER="${MYSQL_ROOT_USER:=root}"
 
 # Use existing MySQL server, no matter it's local or remote.
 export USE_EXISTING_MYSQL="${USE_EXISTING_MYSQL:=NO}"
+
+# Create a MySQL user, as some of the latest version don't allow you to use
+# IDENTIFIED BY
+export USE_MYSQL_CREATE_USER="${USE_MYSQL_CREATE_USER:=NO}"
+
 # Create required SQL databases and records for applications
 # Should be set to NO if you're installing iRedMail with a MySQL cluster, and
 # you're installing on second or later nodes.
diff --git a/functions/amavisd.sh b/functions/amavisd.sh
index 29757d8..757614f 100644
--- a/functions/amavisd.sh
+++ b/functions/amavisd.sh
@@ -33,17 +33,29 @@ amavisd_initialize_db()
 -- Create database
 CREATE DATABASE ${AMAVISD_DB_NAME} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 
--- Grant privileges
-GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${AMAVISD_DB_PASSWD}';
--- GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${AMAVISD_DB_PASSWD}';
-
 -- Import Amavisd SQL template
 USE ${AMAVISD_DB_NAME};
 SOURCE ${AMAVISD_DB_MYSQL_TMPL};
 SOURCE ${SAMPLE_DIR}/amavisd/default_spam_policy.sql;
+EOF
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} <<EOF
+-- Grant privileges
+CREATE USER IF NOT EXISTS '${AMAVISD_DB_NAME}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${AMAVISD_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${AMAVISD_DB_NAME}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${AMAVISD_DB_PASSWD}';
+GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${MYSQL_GRANT_HOST}';
 FLUSH PRIVILEGES;
 EOF
+        else
+            ${MYSQL_CLIENT_ROOT} <<EOF
+-- Grant privileges
+GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${AMAVISD_DB_PASSWD}';
+-- GRANT SELECT,INSERT,UPDATE,DELETE ON ${AMAVISD_DB_NAME}.* TO '${AMAVISD_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${AMAVISD_DB_PASSWD}';
+FLUSH PRIVILEGES;
+EOF
+        fi
 
         # Generate .my.cnf file
         cat > /root/.my.cnf-${AMAVISD_DB_USER} <<EOF
diff --git a/functions/iredadmin.sh b/functions/iredadmin.sh
index a23bac1..2541a3d 100644
--- a/functions/iredadmin.sh
+++ b/functions/iredadmin.sh
@@ -72,10 +72,24 @@ CREATE DATABASE IF NOT EXISTS ${IREDADMIN_DB_NAME} DEFAULT CHARACTER SET utf8 CO
 # Import SQL template.
 USE ${IREDADMIN_DB_NAME};
 SOURCE ${IREDADMIN_HTTPD_ROOT}/SQL/iredadmin.mysql;
+EOF
+
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} <<EOF
+-- Grant privileges
+CREATE USER IF NOT EXISTS '${IREDADMIN_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${IREDADMIN_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${IREDADMIN_DB_USER}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${IREDADMIN_DB_PASSWD}';
+GRANT ALL ON ${IREDADMIN_DB_NAME}.* TO '${IREDADMIN_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT ALL ON ${IREDADMIN_DB_NAME}.* TO '${IREDADMIN_DB_USER}'@'${HOSTNAME}';
+FLUSH PRIVILEGES;
+EOF
+        else
+            ${MYSQL_CLIENT_ROOT} <<EOF
 GRANT ALL ON ${IREDADMIN_DB_NAME}.* TO '${IREDADMIN_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${IREDADMIN_DB_PASSWD}';
 -- GRANT ALL ON ${IREDADMIN_DB_NAME}.* TO '${IREDADMIN_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${IREDADMIN_DB_PASSWD}';
 FLUSH PRIVILEGES;
 EOF
+        fi
 
         # Generate .my.cnf file
         cat > /root/.my.cnf-${IREDADMIN_DB_USER} <<EOF
diff --git a/functions/iredapd.sh b/functions/iredapd.sh
index e8fbbe4..d52f90d 100644
--- a/functions/iredapd.sh
+++ b/functions/iredapd.sh
@@ -90,9 +90,6 @@ CREATE DATABASE IF NOT EXISTS ${IREDAPD_DB_NAME} DEFAULT CHARACTER SET utf8 COLL
 -- Import SQL template.
 USE ${IREDAPD_DB_NAME};
 SOURCE ${IREDAPD_ROOT_DIR_SYMBOL_LINK}/SQL/iredapd.mysql;
-GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${IREDAPD_DB_PASSWD}';
--- GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${IREDAPD_DB_PASSWD}';
-FLUSH PRIVILEGES;
 
 -- Enable greylisting by default.
 SOURCE ${IREDAPD_ROOT_DIR_SYMBOL_LINK}/SQL/enable_global_greylisting.sql;
@@ -104,6 +101,23 @@ SOURCE ${IREDAPD_ROOT_DIR_SYMBOL_LINK}/SQL/greylisting_whitelist_domains.sql;
 SOURCE ${IREDAPD_ROOT_DIR_SYMBOL_LINK}/SQL/wblist_rdns.sql;
 EOF
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} <<EOF
+    -- Grant privileges
+CREATE USER IF NOT EXISTS '${IREDAPD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${IREDAPD_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${IREDAPD_DB_USER}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${IREDAPD_DB_PASSWD}';
+GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT ALL ON '${IREDAPD_DB_NAME}'.* TO '${IREDAPD_DB_USER}'@'${HOSTNAME}';
+FLUSH PRIVILEGES;
+EOF
+        else
+            ${MYSQL_CLIENT_ROOT} <<EOF
+GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED BY '${IREDAPD_DB_PASSWD}';
+-- GRANT ALL ON ${IREDAPD_DB_NAME}.* TO '${IREDAPD_DB_USER}'@'${HOSTNAME}' IDENTIFIED BY '${IREDAPD_DB_PASSWD}';
+FLUSH PRIVILEGES;
+EOF
+        fi
+
         # Generate .my.cnf file
         cat > /root/.my.cnf-${IREDAPD_DB_USER} <<EOF
 [client]
diff --git a/functions/mysql.sh b/functions/mysql.sh
index 4f0cff8..1ad1f7b 100644
--- a/functions/mysql.sh
+++ b/functions/mysql.sh
@@ -208,7 +208,12 @@ mysql_grant_permission_on_remote_server()
     if [ X"${USE_EXISTING_MYSQL}" == X'YES' -a X"${MYSQL_SERVER_ADDRESS}" != X'127.0.0.1' ]; then
         ECHO_DEBUG "Grant access privilege to ${MYSQL_ROOT_USER}@${MYSQL_GRANT_HOST} ..."
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            cp -f ${SAMPLE_DIR}/mysql/sql/remote_grant_permission_user.sql ${RUNTIME_DIR}/remote_grant_permission.sql
+        else
             cp -f ${SAMPLE_DIR}/mysql/sql/remote_grant_permission.sql ${RUNTIME_DIR}/
+        fi
+
         perl -pi -e 's#PH_MYSQL_ROOT_USER#$ENV{MYSQL_ROOT_USER}#g' ${RUNTIME_DIR}/remote_grant_permission.sql
         perl -pi -e 's#PH_MYSQL_GRANT_HOST#$ENV{MYSQL_GRANT_HOST}#g' ${RUNTIME_DIR}/remote_grant_permission.sql
         perl -pi -e 's#PH_HOSTNAME#$ENV{HOSTNAME}#g' ${RUNTIME_DIR}/remote_grant_permission.sql
@@ -250,7 +255,12 @@ mysql_remove_insecure_data()
 mysql_import_vmail_users()
 {
     ECHO_DEBUG "Generate sample SQL templates."
+    if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+        cp -f ${SAMPLE_DIR}/mysql/sql/init_vmail_db_user.sql ${RUNTIME_DIR}/init_vmail_db.sql
+    else
         cp -f ${SAMPLE_DIR}/mysql/sql/init_vmail_db.sql ${RUNTIME_DIR}/
+    fi
+
     cp -f ${SAMPLE_DIR}/iredmail/iredmail.mysql ${RUNTIME_DIR}/iredmail.sql
     cp -f ${SAMPLE_DIR}/mysql/sql/add_first_domain_and_user.sql ${RUNTIME_DIR}/
 
diff --git a/functions/netdata.sh b/functions/netdata.sh
index 9b3fe47..5c31193 100644
--- a/functions/netdata.sh
+++ b/functions/netdata.sh
@@ -90,10 +90,18 @@ netdata_module_config()
     # MySQL & PostgreSQL
     if [ X"${BACKEND}" == X'OPENLDAP' -o X"${BACKEND}" == X'MYSQL' ]; then
         ECHO_DEBUG "Create MySQL user ${NETDATA_DB_USER} with minimal privilege: USAGE."
+        if [ X"${USE_EXISTING_MYSQL}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} >> ${INSTALL_LOG} 2>&1 <<EOF
+CREATE USER IF NOT EXISTS '${NETDATA_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${NETDATA_DB_PASSWD}';
+GRANT USAGE ON *.* TO ${NETDATA_DB_USER}@${MYSQL_GRANT_HOST};
+FLUSH PRIVILEGES;
+EOF
+        else
             ${MYSQL_CLIENT_ROOT} >> ${INSTALL_LOG} 2>&1 <<EOF
 GRANT USAGE ON *.* TO ${NETDATA_DB_USER}@${MYSQL_GRANT_HOST} IDENTIFIED BY '${NETDATA_DB_PASSWD}';
 FLUSH PRIVILEGES;
 EOF
+        fi
 
         ECHO_DEBUG "Generate ${NETDATA_CONF_PLUGIN_MYSQL}."
         backup_file ${NETDATA_CONF_PLUGIN_MYSQL}
diff --git a/functions/roundcubemail.sh b/functions/roundcubemail.sh
index b845e81..2fe3613 100644
--- a/functions/roundcubemail.sh
+++ b/functions/roundcubemail.sh
@@ -42,8 +42,6 @@ rcm_initialize_db()
         ${MYSQL_CLIENT_ROOT} <<EOF
 -- Create database and grant privileges
 CREATE DATABASE ${RCM_DB_NAME} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
-GRANT ALL ON ${RCM_DB_NAME}.* TO "${RCM_DB_USER}"@"${MYSQL_GRANT_HOST}" IDENTIFIED BY '${RCM_DB_PASSWD}';
--- GRANT ALL ON ${RCM_DB_NAME}.* TO "${RCM_DB_USER}"@"${HOSTNAME}" IDENTIFIED BY '${RCM_DB_PASSWD}';
 
 -- Import Roundcubemail SQL template
 USE ${RCM_DB_NAME};
@@ -52,6 +50,22 @@ SOURCE ${RCM_HTTPD_ROOT}/SQL/mysql.initial.sql;
 FLUSH PRIVILEGES;
 EOF
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+            ${MYSQL_CLIENT_ROOT} <<EOF
+-- Grant privileges
+CREATE USER IF NOT EXISTS '${RCM_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${RCM_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${RCM_DB_USER}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${RCM_DB_PASSWD}';
+GRANT ALL ON ${RCM_DB_NAME}.* TO '${RCM_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT ALL ON ${RCM_DB_NAME}.* TO '${RCM_DB_USER}'@'${HOSTNAME}';
+FLUSH PRIVILEGES;
+EOF
+        else
+            ${MYSQL_CLIENT_ROOT} <<EOF
+GRANT ALL ON ${RCM_DB_NAME}.* TO "${RCM_DB_USER}"@"${MYSQL_GRANT_HOST}" IDENTIFIED BY '${RCM_DB_PASSWD}';
+-- GRANT ALL ON ${RCM_DB_NAME}.* TO "${RCM_DB_USER}"@"${HOSTNAME}" IDENTIFIED BY '${RCM_DB_PASSWD}';
+EOF
+        fi
+
         # Generate .my.cnf file
         cat > /root/.my.cnf-${RCM_DB_USER} <<EOF
 [client]
diff --git a/functions/sogo.sh b/functions/sogo.sh
index 6cf538b..9293d34 100644
--- a/functions/sogo.sh
+++ b/functions/sogo.sh
@@ -34,15 +34,27 @@ sogo_initialize_db()
 CREATE DATABASE ${SOGO_DB_NAME} CHARSET='UTF8';
 EOF
 
+        if [ X"${USE_MYSQL_CREATE_USER}" == X'YES' ]; then
+        cat >> ${tmp_sql} <<EOF
+    -- Grant privileges
+CREATE USER IF NOT EXISTS '${SOGO_DB_USER}'@'${MYSQL_GRANT_HOST}' IDENTIFIED WITH mysql_native_password BY '${SOGO_DB_PASSWD}';
+-- CREATE USER IF NOT EXISTS '${SOGO_DB_USER}'@'${HOSTNAME}' IDENTIFIED WITH mysql_native_password BY '${SOGO_DB_PASSWD}';
+GRANT ALL ON ${SOGO_DB_NAME}.* TO '${SOGO_DB_USER}'@'${MYSQL_GRANT_HOST}';
+-- GRANT ALL ON ${SOGO_DB_NAME}.* TO '${SOGO_DB_USER}'@'${HOSTNAME}';
+FLUSH PRIVILEGES;
+EOF
+        else
         cat >> ${tmp_sql} <<EOF
 GRANT ALL ON ${SOGO_DB_NAME}.* TO ${SOGO_DB_USER}@"${MYSQL_GRANT_HOST}" IDENTIFIED BY "${SOGO_DB_PASSWD}";
 -- GRANT ALL ON ${SOGO_DB_NAME}.* TO ${SOGO_DB_USER}@"${HOSTNAME}" IDENTIFIED BY "${SOGO_DB_PASSWD}";
 EOF
+        fi
+
 
         if [ X"${BACKEND}" == X'MYSQL' ]; then
             cat >> ${tmp_sql} <<EOF
-GRANT SELECT ON ${VMAIL_DB_NAME}.mailbox TO ${SOGO_DB_USER}@"${MYSQL_GRANT_HOST}";
--- GRANT SELECT ON ${VMAIL_DB_NAME}.mailbox TO ${SOGO_DB_USER}@"${HOSTNAME}";
+GRANT SELECT ON ${VMAIL_DB_NAME}.mailbox TO ${SOGO_DB_USER}@'${MYSQL_GRANT_HOST}';
+-- GRANT SELECT ON ${VMAIL_DB_NAME}.mailbox TO ${SOGO_DB_USER}@'${HOSTNAME}';
 CREATE VIEW ${SOGO_DB_NAME}.${SOGO_DB_VIEW_AUTH} (c_uid, c_name, c_password, c_cn, mail, domain) AS SELECT username, name, password, name, username, domain FROM ${VMAIL_DB_NAME}.mailbox WHERE enablesogo=1 AND active=1;
 EOF
         fi
diff --git a/samples/iredmail/iredmail.mysql b/samples/iredmail/iredmail.mysql
index f176528..5fe7427 100644
--- a/samples/iredmail/iredmail.mysql
+++ b/samples/iredmail/iredmail.mysql
@@ -186,7 +186,7 @@ CREATE TABLE IF NOT EXISTS mailbox (
     domain VARCHAR(255) NOT NULL DEFAULT '',
     transport VARCHAR(255) NOT NULL DEFAULT '',
     department VARCHAR(255) NOT NULL DEFAULT '',
-    rank VARCHAR(255) NOT NULL DEFAULT 'normal',
+    `rank` VARCHAR(255) NOT NULL DEFAULT 'normal',
     employeeid VARCHAR(255) DEFAULT '',
     isadmin TINYINT(1) NOT NULL DEFAULT 0,
     isglobaladmin TINYINT(1) NOT NULL DEFAULT 0,
@@ -434,7 +434,7 @@ CREATE TABLE IF NOT EXISTS `used_quota` (
     `domain` VARCHAR(255) NOT NULL DEFAULT '',
     PRIMARY KEY (`username`),
     INDEX (domain)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- Trigger `used_quota_before_insert` is used to set `used_quota.domain`.
 -- NOTE: `used_quota.domain` is not used by Dovecot, but used in iRedAdmin to
diff --git a/samples/mysql/sql/init_vmail_db_user.sql b/samples/mysql/sql/init_vmail_db_user.sql
new file mode 100644
index 0000000..10e106d
--- /dev/null
+++ b/samples/mysql/sql/init_vmail_db_user.sql
@@ -0,0 +1,22 @@
+-- Create database for virtual hosts
+CREATE SCHEMA IF NOT EXISTS `PH_VMAIL_DB_NAME` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+
+-- START Permissions: PH_VMAIL_DB_BIND_USER
+
+CREATE USER IF NOT EXISTS 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST' IDENTIFIED WITH mysql_native_password BY 'PH_VMAIL_DB_BIND_PASSWD';
+-- CREATE USER IF NOT EXISTS 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST' IDENTIFIED WITH mysql_native_password BY 'PH_VMAIL_DB_BIND_PASSWD';
+GRANT SELECT ON `PH_VMAIL_DB_NAME`.* TO 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST';
+-- GRANT SELECT ON 'PH_VMAIL_DB_NAME'.* TO 'PH_VMAIL_DB_BIND_USER'@'PH_MYSQL_GRANT_HOST';
+
+-- END Permissions: PH_VMAIL_DB_BIND_USER
+
+-- START Permissions: PH_VMAIL_DB_ADMIN_USER
+
+CREATE USER IF NOT EXISTS 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST' IDENTIFIED WITH mysql_native_password BY 'PH_VMAIL_DB_ADMIN_PASSWD';
+-- CREATE USER IF NOT EXISTS 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST' IDENTIFIED WITH mysql_native_password BY 'PH_VMAIL_DB_ADMIN_PASSWD';
+GRANT SELECT,INSERT,DELETE,UPDATE ON `PH_VMAIL_DB_NAME`.* TO 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST';
+-- GRANT SELECT,INSERT,DELETE,UPDATE ON 'PH_VMAIL_DB_NAME'.* TO 'PH_VMAIL_DB_ADMIN_USER'@'PH_MYSQL_GRANT_HOST';
+
+-- END Permissions: PH_VMAIL_DB_ADMIN_USER
+
+FLUSH PRIVILEGES;
diff --git a/samples/mysql/sql/remote_grant_permission_user.sql b/samples/mysql/sql/remote_grant_permission_user.sql
new file mode 100644
index 0000000..3e1b3e3
--- /dev/null
+++ b/samples/mysql/sql/remote_grant_permission_user.sql
@@ -0,0 +1,9 @@
+-- Grant access privilege to ${MYSQL_ROOT_USER}@${MYSQL_GRANT_HOST} ...'
+
+USE mysql;
+
+-- Allow access from MYSQL_GRANT_HOST with password
+GRANT ALL PRIVILEGES ON *.* TO 'PH_MYSQL_ROOT_USER'@'PH_MYSQL_GRANT_HOST' WITH GRANT OPTION;
+-- GRANT ALL PRIVILEGES ON *.* TO 'PH_MYSQL_ROOT_USER'@'PH_HOSTNAME' WITH GRANT OPTION;
+
+FLUSH PRIVILEGES;
\ No newline at end of file