Create a DPA repository that uses CyberArk for authentication
If you plan to configure DPA to use CyberArk, you can use credentials stored in CyberArk to authenticate the repository administrator account. To create a repository that uses CyberArk credentials, you must run a script to create the required database structures, and then use the DPA REST API to create the repository.
If you created the DPA repository before integrating DPA with CyberArk, you can update the existing repository to use CyberArk credentials.
- Make sure the following prerequisites are met:
- Make sure a supported database version is installed on the database server and that it meets all other system requirements.
- If you create the repository on a different computer (not the server where DPA was installed), make sure the required firewall port is open. By default, port 8124 must be open.
- The DPA server connects to the repository through a TCP/IP connection. Make sure that connection is not blocked by a firewall.
- Run a script to create the required database structures:
- Depending on your repository database type, copy one of the scripts under Scripts to create the required database structures.
- Edit the script to replace the placeholders in angle brackets (for example,
<DATABASE NAME>
) with the actual values. - Connect to the database as a user with the necessary privileges:
- SQL Server: SYSADMIN
- Oracle: database administrator (DBA)
- MySQL: repository administrator
- Azure SQL DB: repository administrator
- Run the script.
-
Send an API request to create the DPA repository. See API request to create the repository for information about the information the request must include, and examples of the request sent using the curl command line tool.
For more information about working with the DPA REST API, see Automate tasks with the DPA REST API.
Scripts to create the required database structures
Before you send an API request to create the repository, edit and run one of the following scripts to prepare the database server and create structures needed by the DPA repository. The scripts create an empty database (or tablespace) and a repository user with the required permissions.
SQL Server
create database <DATABASE NAME>; create login <REPOSITORY USER NAME> with password=N'<REPOSITORY USER PASSWORD>', default_database=<DATABASE NAME>, check_expiration=off, check_policy=off; use [<DATABASE NAME>]; create schema ignite; create user <REPOSITORY USER NAME> for login <REPOSITORY USER NAME> with default_schema = ignite; sp_addrolemember "db_owner", <REPOSITORY USER NAME>;
Oracle
CREATE TABLESPACE <TABLESPACE NAME> DATAFILE '<TABLESPACE FILE NAME>.dat' SIZE 500M AUTOEXTEND ON ONLINE; CREATE USER <REPOSITORY USER NAME> IDENTIFIED BY <REPOSITORY USER PASSWORD>; GRANT CREATE TABLE TO <REPOSITORY USER NAME>; GRANT CREATE SEQUENCE TO <REPOSITORY USER NAME>; GRANT CREATE SESSION TO <REPOSITORY USER NAME>; GRANT SELECT ANY DICTIONARY TO <REPOSITORY USER NAME>;
MySQL 5.7 and earlier
CREATE DATABASE <DATABASE NAME> CHARACTER SET utf8 COLLATE utf8_unicode_ci; CREATE USER '<REPOSITORY USER NAME>'@'%' IDENTIFIED BY '<REPOSITORY USER PASSWORD>'; GRANT ALL PRIVILEGES ON <DATABASE NAME>.* TO '<REPOSITORY USER NAME>'@'%';
MySQL 8
For MySQL 8, the authentication plugin must be specified for the user.
CREATE DATABASE <DATABASE NAME> CHARACTER SET utf8 COLLATE utf8_unicode_ci; CREATE USER '<REPOSITORY USER NAME>'@'%' IDENTIFIED WITH mysql_native_password BY '<REPOSITORY USER PASSWORD>'; GRANT ALL PRIVILEGES ON <DATABASE NAME>.* TO '<REPOSITORY USER NAME>'@'%';
Azure SQL DB
create database <DATABASE NAME>; use[<DATABASE NAME>]; create user [<REPOSITORY USER NAME>] with password=N'<REPOSITORY USER PASSWORD>', default_schema = [ignite]; alter role db_owner add member <REPOSITORY USER NAME>; go create schema [ignite] authorization [<REPOSITORY USER NAME>];
API request to create the repository
The API request to create the repository must include the following information. You can use the curl command line tool or any other REST client capable of sending requests. Examples are provided in the following section.
Element | Value |
---|---|
Endpoint URL | http://<DPA Server>:<DPA port>/iwc/rest/repository/create |
Method | POST |
Headers | Content-Type: application/json |
Body for a SQL Server repository | { "databaseType": "SQLSERVER", "hostName": "<DATABASE HOSTNAME>", "port": "<DATABASE PORT>", "database": "<DATABASE NAME>", "cyberArkQuery": "<CYBERARK QUERY>", "contactEmail": "<EMAIL>", "contactName": "<NAME>" } |
Body for an Oracle repository | { "databaseType": "ORACLE", "hostName": "<DATABASE HOSTNAME>", "port": "<DATABASE PORT>", "sid": "<SID>", "tablespace": "<TABLESPACE>", "cyberArkQuery": "<CYBERARK QUERY>", "contactEmail": "<EMAIL>", "contactName": "<NAME>" } |
Body for a MySQL repository | { "databaseType": "MYSQL", "hostName": "<DATABASE HOSTNAME>", "port": "<DATABASE PORT>", "database": "<DATABASE NAME>", "cyberArkQuery": "<CYBERARK QUERY>", "contactEmail": "<EMAIL>", "contactName": "<NAME>" } |
Body for an Azure SQL DB repository | { "databaseType": "AZURESQLDB", "hostName": "<DATABASE HOSTNAME>", "port": "<DATABASE PORT>", "database": "<DATABASE NAME>", "cyberArkQuery": "<CYBERARK QUERY>", "contactEmail": "<EMAIL>", "contactName": "<NAME>" } |
Examples of repository creation requests
The following examples use the curl command line tool to send a repository creation request to the DPA API. The placeholders enclosed in angle brackets (for example <DATABASE HOSTNAME>
) must be replaced with actual values.
SQL Server example using curl
curl -X POST -H 'Content-Type: application/json' -d '{ \"databaseType\": \"SQLSERVER\", \"hostName\": \"<DATABASE HOSTNAME>\", \"port\": \"<DATABASE PORT>\", \"database\": \"<DATABASE NAME>\", \"cyberArkQuery\": \"<CYBERARK QUERY>\", \"contactEmail\": \"<EMAIL>\", \"contactName\": \"<NAME>\" }' http://localhost:8124/iwc/rest/repository/create
Oracle example using curl
curl -X POST -H 'Content-Type: application/json' -d '{ \"databaseType\": \"ORACLE\", \"hostName\": \"<DATABASE HOSTNAME>\", \"port\": \"<DATABASE PORT>\", \"sid\": \"<SID>\", \"tablespace\": \"<TABLESPACE>\", \"cyberArkQuery\": \"<CYBERARK QUERY>\", \"contactEmail\": \"<EMAIL>\", \"contactName\": \"<NAME>\" }' http://localhost:8124/iwc/rest/repository/create
MySQL example using curl
curl -X POST -H 'Content-Type: application/json' -d '{ \"databaseType\": \"MYSQL\", \"hostName\": \"<DATABASE HOSTNAME>\", \"port\": \"<DATABASE PORT>\", \"database\": \"<DATABASE NAME>\", \"cyberArkQuery\": \"<CYBERARK QUERY>\", \"contactEmail\": \"<EMAIL>\", \"contactName\": \"<NAME>\" }' http://localhost:8124/iwc/rest/repository/create
Azure SQL DB example using curl
curl -X POST -H 'Content-Type: application/json' -d '{ \"databaseType\": \"AZURESQLDB\", \"hostName\": \"<DATABASE HOSTNAME>\", \"port\": \"<DATABASE PORT>\", \"database\": \"<DATABASE NAME>\", \"cyberArkQuery\": \"<CYBERARK QUERY>\", \"contactEmail\": \"<EMAIL>\", \"contactName\": \"<NAME>\" }' http://localhost:8124/iwc/rest/repository/create
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.