From: Daniel Black Date: Thu, 1 Jul 2021 02:09:32 +0000 (+1000) Subject: DOC: config: use CREATE USER for mysql-check X-Git-Tag: v2.5-dev2~53 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d3e7dc498baeab3535fcaf48f8983138d35442f5;p=thirdparty%2Fhaproxy.git DOC: config: use CREATE USER for mysql-check CREATE USER has been the standard way of creating users since MySQL-5.0 (2005). The current syntax of INSERT INTO mysql.user won't actually work on MariaDB-10.4+. Because haproxy doesn't use any resources the MySQL executable comment syntax provides resource contraints to make it more palatable to risk adverse users. /*!50701 is a syntax recognised by MySQL and MariaDB 5.7.1+ when resource contraints where added. /*M!100201 is a MariaDB executable comment syntax recognised for MariaDB for the 10.2.1 where the MAX_STATEMENT_TIME was added. This patch may be backported as far as 2.0. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 51f65ae9d9..f514c8e991 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -8984,12 +8984,13 @@ option mysql-check [ user [ { post-41 | pre-41 } ] ] one Client Authentication packet, and one QUIT packet, to correctly close MySQL session. We then parse the MySQL Handshake Initialization packet and/or Error packet. It is a basic but useful test which does not produce error nor - aborted connect on the server. However, it requires adding an authorization - in the MySQL table, like this : + aborted connect on the server. However, it requires an unlocked authorised + user without a password. To create a basic limited user in MySQL with + optional resource limits: - USE mysql; - INSERT INTO user (Host,User) values ('',''); - FLUSH PRIVILEGES; + CREATE USER ''@'' + /*!50701 WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 0 */ + /*M!100201 MAX_STATEMENT_TIME 0.0001 */; If you don't specify a username (it is deprecated and not recommended), the check only consists in parsing the Mysql Handshake Initialization packet or