Use hosts IP address as user group instead of a guessed wildcard. #190
Commits on Jul 30, 2020
-
Use hosts IP address as user group instead of a guessed wildcard.
The wildcard approach has the issue, that it allows monitor connections to the MySQL nodes from a too big IP range. Having the first pxc nodes IP something like 10.1.2.3, proxysql-admin would create the monitor user with the host range of 10.%. This would contain the complete 10.0.0.0/8 network which most likely contain other systems that are not supposed to be allowed to connect to MySQL, even if we are just talking about the monitor user. Another issue with the current solution pops up, when the IP address of the pxc node does not share the same first octet with the ProxySQL IP. Example: ProxySQL IP: 172.18.1.1 PXC IP: 10.0.0.1 Then the ProxySQL-Admin script will anyways create the monitor user as monitor@10.%, resulting in ProxySQL not being able to connect. In this commit, we use ifconfig to get the actual IP of the ProxySQL node and will therefore only allow the ProxySQL node to connect as monitor user. Co-authored-by: Isobel <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.