libMySQLIndex.so permissions issue

Hello everyone,

Sorry to be a right PITA with all my postings, but I’m under the gun here a little bit and in researching the capabilities of Orthanc I’m getting into areas where I’ve not ventured before. I’m enjoying but as you can see, I’m leaning on some awesome feedback from this forum to whet my appetite for more!

I’m working on a DEV Orthanc running in AWS with RDS MySQL and as the wonderful logging is showing me as I attempt to run my container, I’m adding the required permissions to the DB user … which is really useful, so thank you!

I’m now coming up with the following error as I start the container which I don’t seem to be able to move past:

Startup command: Orthanc /run/secrets/
W0124 20:38:01.303118 main.cpp:2017] Orthanc version: 1.11.2
W0124 20:38:01.304172 OrthancConfiguration.cpp:107] Scanning folder “/run/secrets/” for configuration files
W0124 20:38:01.305136 OrthancConfiguration.cpp:56] Reading the configuration from: “/run/secrets/dicomCreds.json”
W0124 20:38:01.310667 OrthancConfiguration.cpp:56] Reading the configuration from: “/run/secrets/dicomSecrets.json”
W0124 20:38:01.349495 main.cpp:911] Loading plugin(s) from: /usr/share/orthanc/plugins/libOrthancMySQLIndex.so
W0124 20:38:01.362093 PluginsManager.cpp:258] Registering plugin ‘mysql-index’ (version 4.3)
W0124 20:38:01.365277 PluginsManager.cpp:157] The index plugin will use 5 connection(s) to the database, and will retry up to 10 time(s) in the case of a collision
W0124 20:38:01.366086 main.cpp:1685] Using a custom database from plugins
W0124 20:38:01.366811 OrthancInitialization.cpp:504] Storage directory: “/var/lib/orthanc/db”
E0124 20:38:01.467690 PluginsManager.cpp:153] The MySQL user is not allowed to create triggers => 2 possible solutions:
E0124 20:38:01.468733 PluginsManager.cpp:153] 1- Give the SUPER privilege to the MySQL database user, or
E0124 20:38:01.469465 PluginsManager.cpp:153] 2- Run “set global log_bin_trust_function_creators=1;” as MySQL root user.
E0124 20:38:01.470218 PluginsManager.cpp:153] Once you are done, drop and recreate the MySQL database
E0124 20:38:01.471095 PluginsManager.cpp:153] Error with the database engine: Need to fix the MySQL permissions for “CREATE TRIGGER”
W0124 20:38:01.481386 PluginsManager.cpp:208] Unregistering plugin ‘mysql-index’ (version 4.3)
W0124 20:38:01.483142 PluginsManager.cpp:157] MySQL index is finalizing
E0124 20:38:01.485265 main.cpp:2074] Uncaught exception, stopping now: [Error with the database engine] (code 11)
W0124 20:38:01.486648 main.cpp:2105] Orthanc has stopped
exited with code 255

I’m using the Osimis:22.12.2 container, which equates to (I guess) Orthanc v1.11.2

AWS RDS is unable to permit adding a user with the SUPER privilege which is fine as I’m able to set log_bin_trust_function_creators within my DB cluster parameter group. It wasn’t set before, so I’ve added it with a value of 1, restarted the DB instance, deleted the database and then re-created it again.

Unfortunately, I’m still getting the same error in the startup of Orthanc:

E0124 20:38:01.467690 PluginsManager.cpp:153] The MySQL user is not allowed to create triggers => 2 possible solutions:
E0124 20:38:01.468733 PluginsManager.cpp:153] 1- Give the SUPER privilege to the MySQL database user, or
E0124 20:38:01.469465 PluginsManager.cpp:153] 2- Run “set global log_bin_trust_function_creators=1;” as MySQL root user.

My current MySQL section within Orthanc.json file is as follows:

“MySQL”: {
“Host”: “rds-cluster.rds.amazonaws.com”,
“Username”: “orthanc_user”,
“Password”: “orthanc_passwd”,
“EnableSsl”: true,
“SslVerifyServerCertificates”: true,
“SslCACertificates”: “/etc/orthanc/certs/AWSCABundle.pem”,
“Database”: “orthanc”,
“EnableIndex”: true,
“EnableStorage”: false,
“Lock”: false,
“IndexConnectionsCount”: 5
},

I did try temporarily setting Orthanc up with the administrative credentials for the RDS cluster completely, and it started up without any issue, so I know that it’s possible, however thats obviously not practical.

Can anyone give me a clue as to how to proceed?

Kindest regards

BNOEAFK

As a follow up to this, it would appear that GRANT ALL on orthanc.* TO ‘orthanc_user’@‘remote_host’ IDENTIFIED BY ‘orthanc_passwd’; works. I may try to whittle this down more so that I can pinpoint exactly which permissions are actually required, but for the moment I’m able to move forward. I’ll post any updates in due course.

Screenshot from 2023-01-24 12-49-55.png