pyrox.dev
nixos/release-notes: MySQL declarative users/databases
Documents a possible migration step required to use the new options.
authored by Rodney Lorrimar and committed by Robin Gloster 151b3446 3766637b
+39
nixos/doc/manual/release-notes/rl-1709.xml
+39
nixos/doc/manual/release-notes/rl-1709.xml
···
202
202
<command>gpgv</command>, etc.
203
203
</para>
204
204
</listitem>
205
+
206
+
<listitem>
207
+
<para>
208
+
<literal>services.mysql</literal> now has declarative
209
+
configuration of databases and users with the <literal>ensureDatabases</literal> and
210
+
<literal>ensureUsers</literal> options.
211
+
</para>
212
+
213
+
<para>
214
+
These options will never delete existing databases and users,
215
+
especially not when the value of the options are changed.
216
+
</para>
217
+
218
+
<para>
219
+
The MySQL users will be identified using
220
+
<link xlink:href="https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/">
221
+
Unix socket authentication</link>. This authenticates the
222
+
Unix user with the same name only, and that without the need
223
+
for a password.
224
+
</para>
225
+
226
+
<para>
227
+
If you have previously created a MySQL <literal>root</literal>
228
+
user <emphasis>with a password</emphasis>, you will need to add
229
+
<literal>root</literal> user for unix socket authentication
230
+
before using the new options. This can be done by running the
231
+
following SQL script:
232
+
233
+
<programlisting language="sql">
234
+
CREATE USER 'root'@'%' IDENTIFIED BY '';
235
+
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
236
+
FLUSH PRIVILEGES;
237
+
238
+
-- Optionally, delete the password-authenticated user:
239
+
-- DROP USER 'root'@'localhost';
240
+
</programlisting>
241
+
242
+
</para>
243
+
</listitem>
205
244
</itemizedlist>
206
245
207
246
<para>Other notable improvements:</para>