[MariaDB] Fix privileges for mysql-exporter user used by prometheus exporter
Change-Id: I1a2ba8d2525d28d1179a64d5c815e2f32ef56744
This commit is contained in:
Markin, Sergiy (sm515x)
parent
1e56dd59ea
commit
9d9edbded5
@ -15,7 +15,7 @@ apiVersion: v1
|
|||||||
appVersion: v10.2.31
|
appVersion: v10.2.31
|
||||||
description: OpenStack-Helm MariaDB
|
description: OpenStack-Helm MariaDB
|
||||||
name: mariadb
|
name: mariadb
|
||||||
version: 0.2.20
|
version: 0.2.21
|
||||||
home: https://mariadb.com/kb/en/
|
home: https://mariadb.com/kb/en/
|
||||||
icon: http://badges.mariadb.org/mariadb-badge-180x60.png
|
icon: http://badges.mariadb.org/mariadb-badge-180x60.png
|
||||||
sources:
|
sources:
|
||||||
|
|||||||
@ -16,6 +16,30 @@ limitations under the License.
|
|||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
# SLAVE MONITOR
|
||||||
|
# Grants ability to SHOW SLAVE STATUS, SHOW REPLICA STATUS,
|
||||||
|
# SHOW ALL SLAVES STATUS, SHOW ALL REPLICAS STATUS, SHOW RELAYLOG EVENTS.
|
||||||
|
# New privilege added in MariaDB Enterprise Server 10.5.8-5. Alias for REPLICA MONITOR.
|
||||||
|
#
|
||||||
|
# REPLICATION CLIENT
|
||||||
|
# Grants ability to SHOW MASTER STATUS, SHOW SLAVE STATUS, SHOW BINARY LOGS. In ES10.5,
|
||||||
|
# is an alias for BINLOG MONITOR and the capabilities have changed. BINLOG MONITOR grants
|
||||||
|
# ability to SHOW MASTER STATUS, SHOW BINARY LOGS, SHOW BINLOG EVENTS, and SHOW BINLOG STATUS.
|
||||||
|
|
||||||
|
mariadb_version=$(mysql --defaults-file=/etc/mysql/admin_user.cnf -e "status" | grep -E '^Server\s+version:')
|
||||||
|
echo "Current database ${mariadb_version}"
|
||||||
|
|
||||||
|
if [[ ! -z ${mariadb_version} && -z $(grep -E '10.2|10.3|10.4' <<< ${mariadb_version}) ]]; then
|
||||||
|
# In case MariaDB version is 10.2.x-10.4.x - we use old privileges definitions
|
||||||
|
if ! mysql --defaults-file=/etc/mysql/admin_user.cnf -e \
|
||||||
|
"CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \
|
||||||
|
GRANT PROCESS, BINLOG MONITOR, SLAVE MONITOR, SELECT ON *.* TO '${EXPORTER_USER}'@'%' ${MARIADB_X509}; \
|
||||||
|
FLUSH PRIVILEGES;" ; then
|
||||||
|
echo "ERROR: Could not create user: ${EXPORTER_USER}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# here we use new MariaDB privileges definitions defines since version 10.5
|
||||||
if ! mysql --defaults-file=/etc/mysql/admin_user.cnf -e \
|
if ! mysql --defaults-file=/etc/mysql/admin_user.cnf -e \
|
||||||
"CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \
|
"CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \
|
||||||
GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO '${EXPORTER_USER}'@'%' ${MARIADB_X509}; \
|
GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO '${EXPORTER_USER}'@'%' ${MARIADB_X509}; \
|
||||||
@ -23,3 +47,4 @@ if ! mysql --defaults-file=/etc/mysql/admin_user.cnf -e \
|
|||||||
echo "ERROR: Could not create user: ${EXPORTER_USER}"
|
echo "ERROR: Could not create user: ${EXPORTER_USER}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|||||||
@ -36,4 +36,5 @@ mariadb:
|
|||||||
- 0.2.18 Updated naming for subchart compatibility
|
- 0.2.18 Updated naming for subchart compatibility
|
||||||
- 0.2.19 Update default image value to Wallaby
|
- 0.2.19 Update default image value to Wallaby
|
||||||
- 0.2.20 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1; Uplift Mariadb-ingress to 1.1.3
|
- 0.2.20 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1; Uplift Mariadb-ingress to 1.1.3
|
||||||
|
- 0.2.21 Fix mysql exporter user privileges
|
||||||
...
|
...
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user