From 1001654987b20fee97f71a2199f7a8ab2d0d5619 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 14 Sep 2016 09:48:13 +0300 Subject: [PATCH] Add utility scripts to make installation easier The `create_grants` scripts allow users to be easily "copied" to MaxScale. It queries the backend for grants for all users and converts them into similar grants for the MaxScale host. The `create_roles.sql` is a small set of queries which creates two utility roles, `proxy_authenticator` and `proxy_monitor`. These roles can be assigned to the actual service and monitor users with a single grant command. --- CMakeLists.txt | 2 + script/create_grants | 84 +++++++++++++++++++++++++++++++++++++++++ script/create_roles.sql | 7 ++++ 3 files changed, 93 insertions(+) create mode 100755 script/create_grants create mode 100644 script/create_roles.sql diff --git a/CMakeLists.txt b/CMakeLists.txt index 9119f5ad7..9d0773e25 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -205,6 +205,8 @@ install_file(${CMAKE_BINARY_DIR}/ReleaseNotes.txt core) install_file(${CMAKE_BINARY_DIR}/UpgradingToMaxScale12.txt core) install_file(server/maxscale.cnf.template core) install_file(server/maxscale_binlogserver_template.cnf core) +install_program(script/create_grants core) +install_file(script/create_roles.sql core) # Install the template into /etc if(WITH_MAXSCALE_CNF AND (NOT TARGET_COMPONENT OR "core" STREQUAL "${TARGET_COMPONENT}")) diff --git a/script/create_grants b/script/create_grants new file mode 100755 index 000000000..8dce0518d --- /dev/null +++ b/script/create_grants @@ -0,0 +1,84 @@ +#!/bin/bash + +# Copyright (c) 2016 MariaDB Corporation Ab +# +# Use of this software is governed by the Business Source License included +# in the LICENSE.TXT file and at www.mariadb.com/bsl. +# +# Change Date: 2019-07-01 +# +# On the date above, in accordance with the Business Source License, use +# of this software will be governed by version 2 or later of the General +# Public License. + +function runQuery(){ + mysql -s -s -h "$host" -P "$port" -u "$user" -p"$password" -e "$1" + if [ $? -ne 0 ] + then + echo "Failed to execute query: $1" + exit + fi +} + +# Transform grants to from external hosts to MaxScale's host +function getGrants(){ + result=$(runQuery "show grants for $1"|sed -e "s/@[^ ]*/@'$maxscalehost'/" -e "s/ *IDENTIFIED BY.*//" -e "s/$/;/") + echo "$result" +} + +user=$(whoami) +host=$(hostname) +port=3306 +include_root="and user <> 'root'" + +if [ "$1" == "--help" ] || [ $# -eq 0 ] +then + echo "Transform grants from original host to this host" + echo "" + echo "This script queries the backend database for a list of grants and outputs " + echo "copies of them with the hostnames replaced with the current server's hostname." + echo "The value of the hostname is the same you would get by doing a 'SELECT USER()'" + echo "query from this server." + echo "" + echo "Usage: $0 -u USER -p PASSWORD -h HOST -P PORT [-r]" + echo "-u USER Username" + echo "-p PASSWORD Password" + echo "-h HOST Database address ($host)" + echo "-P PORT Database port ($port)" + echo "-r Include root user in the grants" + exit +fi + +while getopts "u:p:h:P:r" var +do + case $var in + u) + user=$OPTARG + ;; + + p) + password=$OPTARG + ;; + + h) + host=$OPTARG + ;; + + P) + port=$OPTARG + ;; + r) + include_root="" + ;; + esac +done + +# Get the MaxScale hostname from the backend server +maxscalehost=$(runQuery "select user()") +maxscalehost=${maxscalehost#*@} + +# List all the users +runQuery "select concat(\"'\", user, \"'\", '@', \"'\", host, \"'\") from mysql.user where user <> '' and host <> '%' $include_root"|while read i +do + getGrants "$i" +done diff --git a/script/create_roles.sql b/script/create_roles.sql new file mode 100644 index 000000000..98d473c1c --- /dev/null +++ b/script/create_roles.sql @@ -0,0 +1,7 @@ +CREATE ROLE proxy_authenticator; +GRANT SELECT ON mysql.user TO proxy_authenticator; +GRANT SELECT ON mysql.db TO proxy_authenticator; +GRANT SELECT ON mysql.tables_priv TO proxy_authenticator; +GRANT SHOW DATABASES ON *.* TO proxy_authenticator; +CREATE ROLE proxy_monitor; +GRANT REPLICATION CLIENT ON *.* TO proxy_monitor;