From c7c14e1c43dbdfd8303e0a27265f55afda129ad0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= Date: Wed, 6 Oct 2021 13:19:59 +0000 Subject: [PATCH] Fix privileges for MariaDB 10.5 "BINLOG MONITOR" and "SLAVE MONITOR" replace "REPLICATION CLIENT" (which is now an alias for "BINLOG MONITOR"). The validation in Ansible MySQL collection is too simple to understand aliases and breaks. Hence, let's use the canonical names and adapt per service according to its needs. Change-Id: I1175e4846384accd19942620dc155d0c5728e64b --- ansible/roles/mariadb/tasks/register.yml | 2 +- ansible/roles/prometheus/tasks/bootstrap.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/mariadb/tasks/register.yml b/ansible/roles/mariadb/tasks/register.yml index 68d00bf6c5..74894a5af9 100644 --- a/ansible/roles/mariadb/tasks/register.yml +++ b/ansible/roles/mariadb/tasks/register.yml @@ -57,7 +57,7 @@ name: "{{ mariadb_backup_database_user }}" password: "{{ mariadb_backup_database_password }}" host: "%" - priv: "*.*:CREATE TABLESPACE,RELOAD,PROCESS,SUPER,LOCK TABLES,REPLICATION CLIENT" + priv: "*.*:CREATE TABLESPACE,RELOAD,PROCESS,SUPER,LOCK TABLES,BINLOG MONITOR" append_privs: True when: - enable_mariabackup | bool diff --git a/ansible/roles/prometheus/tasks/bootstrap.yml b/ansible/roles/prometheus/tasks/bootstrap.yml index 7447eebdff..62420b24f5 100644 --- a/ansible/roles/prometheus/tasks/bootstrap.yml +++ b/ansible/roles/prometheus/tasks/bootstrap.yml @@ -11,7 +11,7 @@ name: "{{ prometheus_mysql_exporter_database_user }}" password: "{{ prometheus_mysql_exporter_database_password }}" host: "%" - priv: "*.*:PROCESS,REPLICATION CLIENT,SELECT" + priv: "*.*:PROCESS,SLAVE MONITOR,SELECT" append_privs: "yes" run_once: True delegate_to: "{{ groups['prometheus'][0] }}"