Add utility scripts to make installation easier
The `create_grants` scripts allow users to be easily "copied" to MaxScale. It queries the backend for grants for all users and converts them into similar grants for the MaxScale host. The `create_roles.sql` is a small set of queries which creates two utility roles, `proxy_authenticator` and `proxy_monitor`. These roles can be assigned to the actual service and monitor users with a single grant command.
This commit is contained in:
Markus Makela
@ -205,6 +205,8 @@ install_file(${CMAKE_BINARY_DIR}/ReleaseNotes.txt core)
|
||||
install_file(${CMAKE_BINARY_DIR}/UpgradingToMaxScale12.txt core)
|
||||
install_file(server/maxscale.cnf.template core)
|
||||
install_file(server/maxscale_binlogserver_template.cnf core)
|
||||
install_program(script/create_grants core)
|
||||
install_file(script/create_roles.sql core)
|
||||
|
||||
# Install the template into /etc
|
||||
if(WITH_MAXSCALE_CNF AND (NOT TARGET_COMPONENT OR "core" STREQUAL "${TARGET_COMPONENT}"))
|
||||
|
||||
61
script/create_grants
Executable file
61
script/create_grants
Executable file
@ -0,0 +1,61 @@
|
||||
#!/bin/bash
|
||||
|
||||
function runQuery(){
|
||||
mysql -s -s -h $host -P $port -u $user -p$password -e "$1"
|
||||
if [ $? -ne 0 ]
|
||||
then
|
||||
echo "Failed to execute query: $1"
|
||||
exit
|
||||
fi
|
||||
}
|
||||
|
||||
# Transform grants to from external hosts to MaxScale's host
|
||||
function getGrants(){
|
||||
result=$(runQuery "show grants for $1"|sed -e "s/@[^ ]*/@'$maxscalehost'/" -e "s/ *IDENTIFIED BY.*//" -e "s/$/;/")
|
||||
echo "$result"
|
||||
}
|
||||
|
||||
user=$(whoami)
|
||||
host=$(hostname)
|
||||
port=3306
|
||||
include_root="and user <> 'root'"
|
||||
|
||||
if [ "$1" == "--help" ] || [ $# -eq 0 ]
|
||||
then
|
||||
echo "$0 -u USER -p PASSWORD -h HOST -P PORT [-r]"
|
||||
exit
|
||||
fi
|
||||
|
||||
while getopts "u:p:h:P:r" var
|
||||
do
|
||||
case $var in
|
||||
u)
|
||||
user=$OPTARG
|
||||
;;
|
||||
|
||||
p)
|
||||
password=$OPTARG
|
||||
;;
|
||||
|
||||
h)
|
||||
host=$OPTARG
|
||||
;;
|
||||
|
||||
P)
|
||||
port=$OPTARG
|
||||
;;
|
||||
r)
|
||||
include_root=""
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Get the MaxScale hostname from the backend server
|
||||
maxscalehost=$(runQuery "select user()")
|
||||
maxscalehost=${maxscalehost#*@}
|
||||
|
||||
# List all the users
|
||||
runQuery "select concat(\"'\", user, \"'\", '@', \"'\", host, \"'\") from mysql.user where user <> '' and host <> '%' $include_root"|while read i
|
||||
do
|
||||
getGrants "$i"
|
||||
done
|
||||
7
script/create_roles.sql
Normal file
7
script/create_roles.sql
Normal file
@ -0,0 +1,7 @@
|
||||
CREATE ROLE proxy_authenticator;
|
||||
GRANT SELECT ON mysql.user TO proxy_authenticator;
|
||||
GRANT SELECT ON mysql.db TO proxy_authenticator;
|
||||
GRANT SELECT ON mysql.tables_priv TO proxy_authenticator;
|
||||
GRANT SHOW DATABASES ON *.* TO proxy_authenticator;
|
||||
CREATE ROLE proxy_monitor;
|
||||
GRANT REPLICATION CLIENT ON *.* TO proxy_monitor;
|
||||
Reference in New Issue
Block a user