Comments - Haproxy mysql-check user removal

3 years, 2 months ago Daniel Black

Re: Haproxy mysql-check user removal [Answer]

mysql-check requires a user. This is the answer given by the haproxy people too.

Per haproxy docs and other answers there is no password and setting one causes the check to fail. Because there is no password PASSWORD EXIRE options cannot be used. ACCOUNT LOCK I also checked isn't compatible with the haproxy mysql-check.

The user that haproxy uses does not need any access to anything. This is the default for a created user. Per the ha-proxy documentation it doesn't even execute a query and aborts very soon into the protocol.

What could be done is a constraint of the user to the network of the ha-proxy and apply resource constraints.

CREATE USER 'haproxycheck'@'192.168.2.20/255.255.255.252'   WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 0  MAX_STATEMENT_TIME 0.0000000001;

Any risk based assessment with a basic understanding of haproxy and mariadb and networking shouldn't have a problem here.

3 years, 2 months ago Daniel Black

Re: Haproxy mysql-check user removal

I'm looking at working with the haproxy development community to provide you an alternate solution. I hope these options are acceptable to you.

Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.

Comments - Haproxy mysql-check user removal

Products

Services

Pricing

Resources

About Us

Download MariaDB