Details
-
New Feature
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
1.2.0
-
None
-
2017-25
Description
User grant information warning messages (not able to process grants properly?)
I notice on startup of MaxScale when using the binlog router module the following messages:
Oct 5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Failed to add user user1@host1.example.com for service [binlog_service]. This user will be unavailable via MaxScale.
|
Oct 5 09:42:36 maxscale.example.com MaxScale[41563]: Error: Failed to obtain address for host host2.example.com, Name or service not known
|
Oct 5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Failed to add user user1@host2.example.com for service [binlog_service]. This user will be unavailable via MaxScale.
|
Oct 5 09:42:36 maxscale.example.com MaxScale[41563]: Error: Failed to obtain address for host host2%, Name or service not known
|
Oct 5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Failed to add user user3@host2% for service [binlog_service]. This user will be unavailable via MaxScale.
|
Oct 5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Duplicate MySQL user found for service [binlog_service]: user4@10.% for database: mysql
|
Oct 5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Duplicate MySQL user found for service [binlog_service]: user4@10.% for database: performance_schema
|
Oct 5 09:42:36 maxscale.example.com MaxScale[41563]: Error: Failed to obtain address for host %host4%.example.com, Name or service not known
|
Oct 5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Failed to add user user5@%host4%.example.com for service [binlog_service]. This user will be unavailable via MaxScale.
|
Note: these are modified to not show real user names.
It seems clear from the logging that MaxScale is not able to handle usernames of the following types:
- with explicit access to multiple databases
- with hostnames containing % wildcard values
- it also looks like it it tries to resolve the grants on startup and this is not dynamic.
Behaviour therefore does not seem to match MySQL/MariaDB. The error messages are confusing and you do not allow grants for several users which if I was trying to provide access to maxscale as a proxy would be problematic. Grants are often hard to change and compliance may make it difficult to provide more access than currently configured, so enabling maxscale to recognise these cases better would be most helpful.
For the binlog router this is not such an issue as access credentials and the number of users involved is much smaller but even so seeing these messages every time MaxScale starts up looks confusing.