CREATE USER has been the standard way of creating users since
MySQL-5.0 (2005).
The current syntax of INSERT INTO mysql.user won't actually work
on MariaDB-10.4+.
Because haproxy doesn't use any resources the MySQL executable comment
syntax provides resource contraints to make it more palatable
to risk adverse users.
/*!50701 is a syntax recognised by MySQL and MariaDB 5.7.1+ when
resource contraints where added.
/*M!100201 is a MariaDB executable comment syntax recognised for MariaDB
for the 10.2.1 where the MAX_STATEMENT_TIME was added.
This patch may be backported as far as 2.0.
---
doc/configuration.txt | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 5d1c97bd3..a9bbf6fa4 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8982,12 +8982,13 @@ option mysql-check [ user <username> [ { post-41 |
pre-41 } ] ]
one Client Authentication packet, and one QUIT packet, to correctly close
MySQL session. We then parse the MySQL Handshake Initialization packet and/or
Error packet. It is a basic but useful test which does not produce error nor
- aborted connect on the server. However, it requires adding an authorization
- in the MySQL table, like this :
+ aborted connect on the server. However, it requires an unlocked authorised
+ user without a password. To create a basic limited user in MySQL with
+ optional resource limits:
- USE mysql;
- INSERT INTO user (Host,User) values ('<ip_of_haproxy>','<username>');
- FLUSH PRIVILEGES;
+ CREATE USER '<username>'@'<ip_of_haproxy|network_of_haproxy/netmask>'
+ /*!50701 WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 0 */
+ /*M!100201 MAX_STATEMENT_TIME 0.0001 */;
If you don't specify a username (it is deprecated and not recommended), the
check only consists in parsing the Mysql Handshake Initialization packet or
--
2.31.1
