The user accounts used to configure and administer a member
server instance in an InnoDB Cluster, InnoDB Cluster,
InnoDB ClusterSet, or InnoDB ReplicaSet deployment must have
full read and write privileges on the metadata tables, in
addition to full MySQL administrator privileges
(SUPER
, GRANT OPTION
,
CREATE
, DROP
and so on).
You can use the root
account on the servers
for this purpose, but if you do this, the
root
account on every member server in the
deployment must have the same password. This is not recommended
for security reasons. Instead, the recommended method is to set
up user accounts using AdminAPI's
dba.configureInstance()
and
setupAdminAccount()
operations. The format of
the user names accepted by these operations follows the standard
MySQL account name format, see
Specifying Account Names.
If you prefer to set up the user accounts yourself, the required permissions are listed in Configuring InnoDB Cluster Administrator Accounts Manually. If only read operations are needed (such as for monitoring purposes), an account with more restricted privileges can be used, as detailed by that topic.
Each account used to configure or administer an InnoDB Cluster, InnoDB ClusterSet, or InnoDB ReplicaSet deployment must exist on all the member server instances in the deployment, with the same user name, and the same password.
A server configuration account is required on each server
instance that is going to join an InnoDB Cluster,
InnoDB ClusterSet, or InnoDB ReplicaSet deployment. You
set this account up using a
dba.configureInstance()
command with the
clusterAdmin
option. For better security,
specify the password at the interactive prompt, otherwise
specify it using the clusterAdminPassword
option. Create the same account, with the same user name and
password, in the same way on every server instance that will
be part of the deployment - both the instance to which you
connect to create the deployment, and the instances that will
join after that.
The server configuration account that you create using the
dba.configureInstance()
operation is
not replicated to other servers in the
InnoDB Cluster, InnoDB ClusterSet, or InnoDB ReplicaSet
deployment. MySQL Shell disables binary logging for the
dba.configureInstance()
operation. This
means that you must create the account on every server
instance individually.
The clusterAdmin
option must be used with a
MySQL Shell connection based on a user which has the
privileges to create users with suitable privileges. In this
example the root user is used:
mysql-js> dba.configureInstance('root@ic-1:3306', {clusterAdmin: "'icadmin'@'ic-1%'"});
Administrator accounts can be used to administer a deployment
after you have completed the configuration process. You can
set up more than one of them. To create an administrator
account, you issue a
command after you have added all the instances to the
InnoDB Cluster or InnoDB ReplicaSet. The command creates
an account with the user name and password that you specify,
with all the required permissions. A transaction to create an
account with
cluster
.setupAdminAccount()
is written to the binary log and sent to all the other server
instances in the cluster to create the account on them.
cluster
.setupAdminAccount()
To use the setupAdminAccount()
operation,
you must be connected as a MySQL user with privileges to
create users, for example as root. The
setupAdminAccount(
operation also enables you to upgrade an existing MySQL
account with the necessary privileges before a
user
)dba.upgradeMetadata()
operation.
The mandatory user
argument is the
name of the MySQL account you want to create to be used to
administer the deployment. The format of the user names
accepted by the setupAdminAccount()
operation follows the standard MySQL account name format, see
Specifying Account Names. The user
argument format is
where username
[@host
]host
is optional and if it is
not provided it defaults to the %
wildcard
character.
For example, to create a user named
icadmin
to administer an
InnoDB Cluster assigned to the variable
myCluster
, issue:
mysql-js> myCluster.setupAdminAccount('icadmin')
Missing the password for new account icadmin@%. Please provide one.
Password for new account: ********
Confirm password: ********
Creating user icadmin@%.
Setting user password.
Account icadmin@% was successfully created.
If you have a server configuration account or administrator
account created with a version prior to MySQL Shell 8.0.20,
use the update
option with the
setupAdminAccount()
operation to upgrade
the privileges of the existing user. This is relevant during
an upgrade, to ensure that the user accounts are compatible.
For example, to upgrade the user named
icadmin
issue:
mysql-js> myCluster.setupAdminAccount('icadmin', {'update':1})
Updating user icadmin@%.
Account icadmin@% was successfully updated.
This is a special use of the
command that is not written to the binary log.
cluster
.setupAdminAccount()