The MySQL Enterprise Agent requires a user configured within each MySQL
instance that is being monitored with suitable privileges to
collect information about the server, including variable names,
replication, and storage engine status information. The agent
installer creates a suitable user for you during installation if
you supply the installer with a user/password for a privileged
user (such as the root user). This account
information is used only during the installation to create the
user, and is not written to any file. If you use this option, skip
the remainder of this section.
Creating the Agent Account Manually
If you do not supply the root user information to the installer, create a user manually within your MySQL server and provide these credentials as the agent user/password combination during installation. The privileges required for this user account vary depending on the information you gather using the MySQL Enterprise Agent. The following privileges allow the Monitor Agent to perform its assigned duties without limitation:
SHOW DATABASES: The MySQL Enterprise Agent can gather inventory about the monitored MySQL server.REPLICATION CLIENT: The MySQL Enterprise Agent can gather Replication master/slave status data. This privilege is only needed if you use the MySQL Replication Advisor Rules.SELECT: The MySQL Enterprise Agent can collect statistics for table objects.SUPER: The MySQL Enterprise Agent can executeSHOW ENGINE INNODB STATUSto collect data about InnoDB tables. This privilege is also required to obtain replication information usingSHOW MASTER STATUS, and to temporarily switch off replication when populating themysql.inventorytable used to identify the MySQL instance.PROCESS: When monitoring a MySQL server running MySQL 5.1.24 or above withInnoDB, thePROCESSprivilege is required to executeSHOW ENGINE INNODB STATUS.INSERT: Required to create the UUID required by the agent.CREATE: The MySQL Enterprise Agent can create tables. During discovery, the agent creates the tableinventorywithin themysqldatabase that stores the UUID for the server. Without this table, the agent cannot determine the UUID of the server, which it sends along with other information to MySQL Enterprise Service Manager.
For example, the following GRANT statement
gives the agent the required SELECT,
REPLICATION CLIENT, SHOW
DATABASES and SUPER rights:
GRANT SELECT, REPLICATION CLIENT, SHOW DATABASES, SUPER, PROCESS ON *.* TO 'mysqluser'@'localhost' IDENTIFIED BY 'agent_password';
For security reasons, you might limit the
CREATE and INSERT privileges
to the agent so that it can only create tables within the
mysql database:
GRANT CREATE, INSERT ON mysql.* TO 'mysqluser'@'localhost' IDENTIFIED BY 'agent_password';
To let replication discovery work, grant the
SELECT privilege on the
mysql.inventory table for each user with
replication privileges on the corresponding replication master.
This is required to let the MySQL Enterprise Agent read the replication
master UUID. For example:
GRANT SELECT ON mysql.inventory TO 'replicationuser'@'%' IDENTIFIED BY 'replication_password';
Perform this step after after running the
agent on the corresponding MySQL server to ensure that the
mysql.inventory table is created correctly.
Run the agent, shut the agent down, run the above
GRANT statement, and then restart the agent.
If the agent cannot access the information from the table, a warning containing this information is written to the agent log.
You might disable logging for the grant statement to prevent the
grant information being replicated to the slaves. In this case,
execute the statement SET SQL_LOG_BIN=0
before executing the above GRANT statement.
In a typical configuration, the agent runs on the same machine as
the MySQL server it is monitoring, so the host name is
localhost. If the agent is running on a
machine other than the one that hosts the monitored MySQL server,
change localhost to the appropriate
value. For more information about remote monitoring, see
Section 15.6.3.7, “Configuring an Agent to Monitor a Remote MySQL Server”.