CREATE USER has been the standard way of creating users since MySQL-5.0 (2005).
The current syntax of INSERT INTO mysql.user won't actually work on MariaDB-10.4+. Because haproxy doesn't use any resources the MySQL executable comment syntax provides resource contraints to make it more palatable to risk adverse users. /*!50701 is a syntax recognised by MySQL and MariaDB 5.7.1+ when resource contraints where added. /*M!100201 is a MariaDB executable comment syntax recognised for MariaDB for the 10.2.1 where the MAX_STATEMENT_TIME was added. This patch may be backported as far as 2.0. --- doc/configuration.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 5d1c97bd3..a9bbf6fa4 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -8982,12 +8982,13 @@ option mysql-check [ user <username> [ { post-41 | pre-41 } ] ] one Client Authentication packet, and one QUIT packet, to correctly close MySQL session. We then parse the MySQL Handshake Initialization packet and/or Error packet. It is a basic but useful test which does not produce error nor - aborted connect on the server. However, it requires adding an authorization - in the MySQL table, like this : + aborted connect on the server. However, it requires an unlocked authorised + user without a password. To create a basic limited user in MySQL with + optional resource limits: - USE mysql; - INSERT INTO user (Host,User) values ('<ip_of_haproxy>','<username>'); - FLUSH PRIVILEGES; + CREATE USER '<username>'@'<ip_of_haproxy|network_of_haproxy/netmask>' + /*!50701 WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 0 */ + /*M!100201 MAX_STATEMENT_TIME 0.0001 */; If you don't specify a username (it is deprecated and not recommended), the check only consists in parsing the Mysql Handshake Initialization packet or -- 2.31.1