From e54a44d56a72d5df769cd0e2c79a4667d80a66c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 21 Sep 2018 11:18:34 +0300 Subject: [PATCH] Extend MDEV-13453 workaround explanations The example SQL now shows the extra grant required for 10.2 versions. Also removed duplicate user creation examples from the tutorials. --- Documentation/Getting-Started/Configuration-Guide.md | 11 +++++++---- .../Tutorials/Connection-Routing-Tutorial.md | 12 ++---------- Documentation/Tutorials/MaxScale-Tutorial.md | 3 +++ .../Tutorials/Read-Write-Splitting-Tutorial.md | 12 ++---------- 4 files changed, 14 insertions(+), 24 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 4399c719e..1ecc81c90 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -907,15 +907,18 @@ GRANT SELECT ON mysql.db TO 'maxscale'@'maxscalehost'; GRANT SELECT ON mysql.tables_priv TO 'maxscale'@'maxscalehost'; GRANT SELECT ON mysql.roles_mapping TO 'maxscale'@'maxscalehost'; GRANT SHOW DATABASES ON *.* TO 'maxscale'@'maxscalehost'; + +-- MariaDB from 10.2.2 to 10.2.10 requires extra grants +GRANT SELECT ON mysql.* TO 'maxscale'@'maxscalehost'; ``` +**Note:** MariaDB versions 10.2.10 and older require a `SELECT` grant on + `mysql.*` in addition to the normal grants. This is to work around MDEV-13453 + which was fixed in MariaDB 10.2.11. + See [MaxScale Troubleshooting](https://mariadb.com/kb/en/mariadb-enterprise/maxscale-troubleshooting/) for more information on how to troubleshoot authentication related problems. -**Note:** Due to a bug in MariaDB 10.2.9, if you see a - `SELECT command denied to user ... for table 'users'` - error, grant `SELECT ON mysql.*` to this user. - #### `password` diff --git a/Documentation/Tutorials/Connection-Routing-Tutorial.md b/Documentation/Tutorials/Connection-Routing-Tutorial.md index 608884ac5..d91c63d22 100644 --- a/Documentation/Tutorials/Connection-Routing-Tutorial.md +++ b/Documentation/Tutorials/Connection-Routing-Tutorial.md @@ -90,16 +90,8 @@ for the read service we use the _slave_ type. The final part of the service configuration is the `user` and `password` parameters that define the credentials that the service will use to populate the -user authentication data. To create this user, execute the following SQL commands. - -``` -CREATE USER 'maxscale'@'%' IDENTIFIED BY 'maxscale_pw'; -GRANT SELECT ON mysql.user TO 'maxscale'@'%'; -GRANT SELECT ON mysql.db TO 'maxscale'@'%'; -GRANT SELECT ON mysql.tables_priv TO 'maxscale'@'%'; -GRANT SELECT ON mysql.roles_mapping TO 'maxscale'@'%'; -GRANT SHOW DATABASES ON *.* TO 'maxscale'@'%'; -``` +user authentication data. These users were created at the start of the +[MaxScale Tutorial](MaxScale-Tutorial.md). **Note:** For increased security [encrypt your passwords in the configuration file](Encrypting-Passwords.md). diff --git a/Documentation/Tutorials/MaxScale-Tutorial.md b/Documentation/Tutorials/MaxScale-Tutorial.md index 81e0ec9fc..5bb8b69b2 100644 --- a/Documentation/Tutorials/MaxScale-Tutorial.md +++ b/Documentation/Tutorials/MaxScale-Tutorial.md @@ -35,6 +35,9 @@ GRANT SELECT ON mysql.db TO 'maxscale'@'%'; GRANT SELECT ON mysql.tables_priv TO 'maxscale'@'%'; GRANT SELECT ON mysql.roles_mapping TO 'maxscale'@'%'; GRANT SHOW DATABASES ON *.* TO 'maxscale'@'%'; + +-- MariaDB from 10.2.2 to 10.2.10 requires extra grants +GRANT SELECT ON mysql.* TO 'maxscale'@'%'; ``` These credentials will be used by the services in MaxScale to populate the user diff --git a/Documentation/Tutorials/Read-Write-Splitting-Tutorial.md b/Documentation/Tutorials/Read-Write-Splitting-Tutorial.md index df2ca623c..dd2328e15 100644 --- a/Documentation/Tutorials/Read-Write-Splitting-Tutorial.md +++ b/Documentation/Tutorials/Read-Write-Splitting-Tutorial.md @@ -72,16 +72,8 @@ or addresses of the servers. The final part of the service configuration is the `user` and `password` parameters that define the credentials that the service will use to populate the -user authentication data. To create this user, execute the following SQL commands. - -``` -CREATE USER 'maxscale'@'%' IDENTIFIED BY 'maxscale_pw'; -GRANT SELECT ON mysql.user TO 'maxscale'@'%'; -GRANT SELECT ON mysql.db TO 'maxscale'@'%'; -GRANT SELECT ON mysql.tables_priv TO 'maxscale'@'%'; -GRANT SELECT ON mysql.roles_mapping TO 'maxscale'@'%'; -GRANT SHOW DATABASES ON *.* TO 'maxscale'@'%'; -``` +user authentication data. These users were created at the start of the +[MaxScale Tutorial](MaxScale-Tutorial.md). **Note:** For increased security [encrypt your passwords in the configuration file](Encrypting-Passwords.md).