[MXS-391] Add support for wildcards in hostnames Created: 2015-10-05  Updated: 2017-12-01  Resolved: 2017-01-16

Status: Closed
Project: MariaDB MaxScale
Component/s: Core
Affects Version/s: 1.2.0
Fix Version/s: 2.1.0

Type: New Feature Priority: Minor
Reporter: Simon J Mudd Assignee: Esa Korhonen
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
PartOf
includes MXS-510 Wildcards in host names are not suppo... Closed
Problem/Incident
causes MXS-1078 Refactor dbusers.c Closed
Relates
relates to MXS-287 Access databases from command line fa... Closed
Sprint: 2017-25

 Description   

User grant information warning messages (not able to process grants properly?)

I notice on startup of MaxScale when using the binlog router module the following messages:

Oct  5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Failed to add user user1@host1.example.com for service [binlog_service]. This user will be unavailable via MaxScale.
 
Oct  5 09:42:36 maxscale.example.com MaxScale[41563]: Error: Failed to obtain address for host host2.example.com, Name or service not known
 
Oct  5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Failed to add user user1@host2.example.com for service [binlog_service]. This user will be unavailable via MaxScale.
 
Oct  5 09:42:36 maxscale.example.com MaxScale[41563]: Error: Failed to obtain address for host host2%, Name or service not known
 
Oct  5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Failed to add user user3@host2% for service [binlog_service]. This user will be unavailable via MaxScale.
 
Oct  5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Duplicate MySQL user found for service [binlog_service]: user4@10.% for database: mysql
 
Oct  5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Duplicate MySQL user found for service [binlog_service]: user4@10.% for database: performance_schema
 
Oct  5 09:42:36 maxscale.example.com MaxScale[41563]: Error: Failed to obtain address for host %host4%.example.com, Name or service not known
 
Oct  5 09:42:36 maxscale.example.com MaxScale[41563]: Warning: Failed to add user user5@%host4%.example.com for service [binlog_service]. This user will be unavailable via MaxScale.

Note: these are modified to not show real user names.

It seems clear from the logging that MaxScale is not able to handle usernames of the following types:

  • with explicit access to multiple databases
  • with hostnames containing % wildcard values
  • it also looks like it it tries to resolve the grants on startup and this is not dynamic.

Behaviour therefore does not seem to match MySQL/MariaDB. The error messages are confusing and you do not allow grants for several users which if I was trying to provide access to maxscale as a proxy would be problematic. Grants are often hard to change and compliance may make it difficult to provide more access than currently configured, so enabling maxscale to recognise these cases better would be most helpful.

For the binlog router this is not such an issue as access credentials and the number of users involved is much smaller but even so seeing these messages every time MaxScale starts up looks confusing.

 Comments   
Comment by markus makela [ 2015-10-26 ]

Access for explicit databases should work. The messages in that log are warning about another grant resulting in the same user@host:database combination. This usually happens when hostnames resolve to IP addresses.

The lack of support for wildcard hostnames is a known issue.

MaxScale does reload the grants if a conflict is found. This is only done if authentication fails or if done manually via maxadmin. There is no probing of the database for grant changes so revocations of grants result in a successful connection which fails on the next query. A failure to authenticate with the backend will cause the grants to be reloaded again.

Generated at Thu Feb 08 03:58:56 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.