search

tinv33043 / mysql-master-ha

Automatically exported from code.google.com/p/mysql-master-ha
0 stars 0 forks source link

MySQL permission check needed. #8

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. add user without SELECT privileges.
2. run masterha_check_repl
3. error will be "User repLAN does not exist or does not have REPLICATION SLAVE 
privilege"

User had REPLICATION SLAVE privileges.  Added code to DBHelper.pm to die on 
execute() and print DBI error string.

Output with debug:

Thu Nov 10 16:52:46 2011 - [warning] Global configuration file 
/etc/masterha_default.cnf not found. Skipping.
Thu Nov 10 16:52:46 2011 - [info] Reading application default configurations 
from /etc/wcdb_mha.cnf..
Thu Nov 10 16:52:46 2011 - [info] Reading server configurations from 
/etc/wcdb_mha.cnf..
Thu Nov 10 16:52:46 2011 - [info] MHA::MasterMonitor version 0.52.
Thu Nov 10 16:52:46 2011 - [info] Dead Servers:
Thu Nov 10 16:52:46 2011 - [info] Alive Servers:

... REMOVED ...

Thu Nov 10 16:52:46 2011 - [info] Checking replication filtering settings..
Thu Nov 10 16:52:46 2011 - [info]  binlog_do_db= , binlog_ignore_db= 
Thu Nov 10 16:52:46 2011 - [info]  Replication filtering check ok.
repl_user: repLAN
user: repLAN
Repl_User_SQL: SELECT Repl_slave_priv AS Value FROM mysql.user WHERE user = ?
Thu Nov 10 16:52:46 2011 - 
[error][/usr/local/lib/perl5/site_perl/5.10.0/MHA/MasterMonitor.pm, ln315] 
Error happend on checking configurations. SELECT command denied to user 
'mha'@'XXX.XX.XXX.XX' for table 'user' at 
/usr/local/lib/perl5/site_perl/5.10.0/MHA/DBHelper.pm line 212.
Thu Nov 10 16:52:46 2011 - 
[error][/usr/local/lib/perl5/site_perl/5.10.0/MHA/MasterMonitor.pm, ln396] 
Error happened on monitoring servers.
Thu Nov 10 16:52:46 2011 - [info] Got exit code 1 (Not master dead).

The problem is that the mha user does not have access to query the mysql table! 
 Not a bug, but would be useful to display the proper error.

Original issue reported on code.google.com by djunt...@gmail.com on 10 Nov 2011 at 9:56

GoogleCodeExporter commented 9 years ago 
Also, there is an issue with this permission select stmt:

SELECT Repl_slave_priv AS Value FROM mysql.user WHERE user = ?

may needed be:

SELECT Repl_slave_priv AS Value FROM mysql.user WHERE user = ? AND Host = ?

Because there could be more than one user for different hosts, especially if 
the slave servers are on different networks.

Original comment by djunt...@gmail.com on 10 Nov 2011 at 11:52

GoogleCodeExporter commented 9 years ago

Original comment by Yoshinor...@gmail.com on 17 Nov 2011 at 7:14