DOC: config: use CREATE USER for mysql-check

CREATE USER has been the standard way of creating users since
MySQL-5.0 (2005).

The current syntax of INSERT INTO mysql.user won't actually work
on MariaDB-10.4+.

Because haproxy doesn't use any resources the MySQL executable comment
syntax provides resource contraints to make it more palatable
to risk adverse users.

/*!50701 is a syntax recognised by MySQL and MariaDB 5.7.1+ when
resource contraints where added.

/*M!100201 is a MariaDB executable comment syntax recognised for MariaDB
for the 10.2.1 where the MAX_STATEMENT_TIME was added.

This patch may be backported as far as 2.0.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 51f65ae9d9202cb7e795104efcc17a12e69d0f68..f514c8e991318aa9b46e15938ecb6c8d13af2675 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8984,12 +8984,13 @@ option mysql-check [ user <username> [ { post-41 | pre-41 } ] ]
   one Client Authentication packet, and one QUIT packet, to correctly close
   MySQL session. We then parse the MySQL Handshake Initialization packet and/or
   Error packet. It is a basic but useful test which does not produce error nor
-  aborted connect on the server. However, it requires adding an authorization
-  in the MySQL table, like this :
+  aborted connect on the server. However, it requires an unlocked authorised
+  user without a password. To create a basic limited user in MySQL with
+  optional resource limits:
 
-      USE mysql;
-      INSERT INTO user (Host,User) values ('<ip_of_haproxy>','<username>');
-      FLUSH PRIVILEGES;
+      CREATE USER '<username>'@'<ip_of_haproxy|network_of_haproxy/netmask>'
+      /*!50701 WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 0 */
+      /*M!100201 MAX_STATEMENT_TIME 0.0001 */;
 
   If you don't specify a username (it is deprecated and not recommended), the
   check only consists in parsing the Mysql Handshake Initialization packet or