15.6.3.1. Creating a MySQL User Account for the Monitor Agent

The MySQL Enterprise Agent requires a user configured within each MySQL instance that is being monitored with suitable privileges to collect information about the server, including variable names, replication, and storage engine status information. The agent installer creates a suitable user for you during installation if you supply the installer with a user/password for a privileged user (such as the root user). This account information is used only during the installation to create the user, and is not written to any file. If you use this option, skip the remainder of this section.

Creating the Agent Account Manually

If you do not supply the root user information to the installer, create a user manually within your MySQL server and provide these credentials as the agent user/password combination during installation. The privileges required for this user account vary depending on the information you gather using the MySQL Enterprise Agent. The following privileges allow the Monitor Agent to perform its assigned duties without limitation:

  • SHOW DATABASES: The MySQL Enterprise Agent can gather inventory about the monitored MySQL server.

  • REPLICATION CLIENT: The MySQL Enterprise Agent can gather Replication master/slave status data. This privilege is only needed if you use the MySQL Replication Advisor Rules.

  • SELECT: The MySQL Enterprise Agent can collect statistics for table objects.

  • SUPER: The MySQL Enterprise Agent can execute SHOW ENGINE INNODB STATUS to collect data about InnoDB tables. This privilege is also required to obtain replication information using SHOW MASTER STATUS, and to temporarily switch off replication when populating the mysql.inventory table used to identify the MySQL instance.

  • PROCESS: When monitoring a MySQL server running MySQL 5.1.24 or above with InnoDB, the PROCESS privilege is required to execute SHOW ENGINE INNODB STATUS.

  • INSERT: Required to create the UUID required by the agent.

  • CREATE: The MySQL Enterprise Agent can create tables. During discovery, the agent creates the table inventory within the mysql database that stores the UUID for the server. Without this table, the agent cannot determine the UUID of the server, which it sends along with other information to MySQL Enterprise Service Manager.

For example, the following GRANT statement gives the agent the required SELECT, REPLICATION CLIENT, SHOW DATABASES and SUPER rights:

GRANT SELECT, REPLICATION CLIENT, SHOW DATABASES, SUPER, PROCESS
  ON *.*
  TO  'mysqluser'@'localhost'
  IDENTIFIED BY 'agent_password';

For security reasons, you might limit the CREATE and INSERT privileges to the agent so that it can only create tables within the mysql database:

GRANT CREATE, INSERT
  ON mysql.*
  TO  'mysqluser'@'localhost'
  IDENTIFIED BY 'agent_password';

To let replication discovery work, grant the SELECT privilege on the mysql.inventory table for each user with replication privileges on the corresponding replication master. This is required to let the MySQL Enterprise Agent read the replication master UUID. For example:

GRANT SELECT
  ON mysql.inventory
  TO  'replicationuser'@'%'
  IDENTIFIED BY 'replication_password';
Note

Perform this step after after running the agent on the corresponding MySQL server to ensure that the mysql.inventory table is created correctly. Run the agent, shut the agent down, run the above GRANT statement, and then restart the agent.

If the agent cannot access the information from the table, a warning containing this information is written to the agent log.

Note

You might disable logging for the grant statement to prevent the grant information being replicated to the slaves. In this case, execute the statement SET SQL_LOG_BIN=0 before executing the above GRANT statement.

In a typical configuration, the agent runs on the same machine as the MySQL server it is monitoring, so the host name is localhost. If the agent is running on a machine other than the one that hosts the monitored MySQL server, change localhost to the appropriate value. For more information about remote monitoring, see Section 15.6.3.7, “Configuring an Agent to Monitor a Remote MySQL Server”.

Copyright © 2010-2017 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout