请问大家有categraf监控mysql的最小化权限设置吗

Viewed 74

categraf v0.2.35

因公司制度要求mysql不能用root这样的权限账号,我参考msyql_exporter的配置创建监控账号如下:

mysql> GRANT REPLICATION CLIENT, PROCESS ON *.* TO 
'mysqld_exporter'@'localhost' identified by 'arms_prometheus2022';      
mysql> GRANT SELECT ON performance_schema.* TO 'mysqld_exporter'@'localhost';
mysql> FLUSH PRIVILEGES;

这样启动categraf后,监控页面看起来是正常的,但是categraf日志一直有报错,

categraf: 2023/04/10 14:00:45 mysql.go:198: E! failed to ping mysql: Error 1045: Access denied for user 'exporter'@'172.2.2.6' (using password: YES)

找到198行,是个db.ping()

请问下有没有一个的最小化权限设置

1 Answers

你授权时指定的机器是localhost,但是categraf请求的时候,走的是ip,所以你得把ip授权进去,比如:

mysql> GRANT REPLICATION CLIENT, PROCESS ON *.* TO 
'mysqld_exporter'@'172.2.2.6' identified by 'arms_prometheus2022';      
mysql> GRANT SELECT ON performance_schema.* TO 'mysqld_exporter'@'172.2.2.6';
mysql> FLUSH PRIVILEGES;

或者直接指定为 % 授权所有机器:

mysql> GRANT REPLICATION CLIENT, PROCESS ON *.* TO 
'mysqld_exporter'@'%' identified by 'arms_prometheus2022';      
mysql> GRANT SELECT ON performance_schema.* TO 'mysqld_exporter'@'%';
mysql> FLUSH PRIVILEGES;