Fixes gh-1194 Mention 'replication' role in replication manual and tutorial.

84b0085c · ocelot-inc · da4986d8 · 84b0085c · 84b0085c · 84b0085c
Commit 84b0085c authored 9 years ago by ocelot-inc
--- a/doc/sphinx/book/box/authentication.rst
+++ b/doc/sphinx/book/box/authentication.rst
@@ -370,6 +370,8 @@ privileges in a role and then grant or revoke the role. Role information is
 in the _user space but the third field - the type field - is 'role' rather
 than 'user'.

+.. _rep-role:
+
 If a role R1 is granted a privilege X, and user U1 is granted a privilege
 "role R1", then user U1 in effect has privilege X. Then if a role R2 is
 granted a privilege Y, and role R1 is granted a privilege "role R2",

--- a/doc/sphinx/book/replication/1-1.rst
+++ b/doc/sphinx/book/replication/1-1.rst
@@ -13,7 +13,10 @@
    <...> I> creating ./00000000000000000000.xlog.inprogress'
    ---
    ...
-    tarantool> box.schema.user.grant('replicator', 'read,write', 'universe')
+    tarantool> box.schema.role.grant('replication','read,write','universe')
+    ---
+    ...
+    tarantool> box.schema.user.grant('replicator','execute','role','replication')
    ---
    ...
    tarantool> box.space._cluster:select({0}, {iterator = 'GE'})

--- a/doc/sphinx/book/replication/index.rst
+++ b/doc/sphinx/book/replication/index.rst
@@ -65,17 +65,21 @@ file and the WAL .xlog files), then starting replication again - the replica
 will then catch up with the master by retrieving all the master's tuples.
 Again, this procedure works only if the master's WAL files are present.

-.. NOTE::
-
-    Replication parameters are "dynamic", which allows the replica to become
-    a master and vice versa with the help of the :func:`box.cfg` statement.
-
-.. NOTE::
-
-    The replica does not inherit the master's configuration parameters, such
-    as the ones that cause the :ref:`snapshot daemon <book-cfg-snapshot_daemon>` to run on the master.
-    To get the same behavior, one would have to set the relevant parameters explicitly
-    so that they are the same on both master and replica.
+NOTE:
+Replication parameters are "dynamic", which allows the replica to become
+a master and vice versa with the help of the :func:`box.cfg` statement.
+
+NOTE:
+The replica does not inherit the master's configuration parameters, such
+as the ones that cause the :ref:`snapshot daemon <book-cfg-snapshot_daemon>` to run on the master.
+To get the same behavior, one would have to set the relevant parameters explicitly
+so that they are the same on both master and replica.
+
+NOTE:
+Replication requires privileges. Privileges for accessing spaces could be granted directly
+to the user who will start the replica. However, it is more usual to
+grant privileges for accessing spaces to a :ref:`role <rep-role>`, and then grant the
+role to the user who will start the replica.

 =====================================================================
                Recovering from a degraded state
@@ -278,7 +282,8 @@ servers will end up with different contents.

    :Q: What if replication causes security concerns?
    :A: Prevent unauthorized replication sources by associating a password with
-        every user that has access privileges for the relevant spaces. That way,
+        every user that has access privileges for the relevant spaces, and every
+        user that has a replication :ref:`role <rep-role>`. That way,
        the :ref:`URI` for the :confval:`replication_source` parameter will
        always have to have the long form
        ``replication_source='username:password@host:port'``
@@ -370,7 +375,8 @@ On the first shell, which we'll call Terminal #1, execute these commands:
    $ ~/tarantool/src/tarantool
    tarantool> box.cfg{listen = 3301}
    tarantool> box.schema.user.create('replicator', {password = 'password'})
-    tarantool> box.schema.user.grant('replicator', 'read,write', 'universe')
+    tarantool> box.schema.role.grant('replication','read,write','universe')
+    tarantool> box.schema.user.grant('replicator','execute','role','replication')
    tarantool> box.space._cluster:select({0}, {iterator = 'GE'})

 The result is that a new cluster is set up, and the server's UUID is displayed. Now the

--- a/doc/sphinx/reference/csv.rst
+++ b/doc/sphinx/reference/csv.rst
@@ -77,7 +77,7 @@ The possible options which can be passed to csv functions are:
        ...

    Readable file :file:`./file.csv` contains two CSV records.
-    Explanation of fio is in section` :ref:`fio <fio-section>`.
+    Explanation of fio is in section :ref:`fio <fio-section>`.
    Source CSV file and example respectively:

    .. code-block:: tarantoolsession

--- a/doc/sphinx/reference/msgpack.rst
+++ b/doc/sphinx/reference/msgpack.rst
@@ -77,12 +77,12 @@ displays each result in hexadecimal. |br|
 |nbsp| |nbsp| :codenormal:`print('array encoding:',o1)` |br|
 |nbsp| |nbsp| :codenormal:`print('map encoding:  ',o2)` |br|
 Result: |br|
-:codenormal:`array encoding: 92 a1 41 a1 42` |br|
-:codenormal:`map encoding:   82 1 a1 41 2 a1 42` |br|
+|nbsp| |nbsp| :codenormal:`array encoding: 92 a1 41 a1 42` |br|
+|nbsp| |nbsp| :codenormal:`map encoding:   82 1 a1 41 2 a1 42` |br|
 The MsgPack Specification_ page explains that
-the first string means |br|
+the first encoding means |br|
 fixarray(2), fixstr(1),"A",fixstr(1),"B" |br|
-and the second string means |br|
+and the second encoding means |br|
 fixmap(2), key(1), fixstr(1),"A",key(2),fixstr(2),"B".

 .. _MsgPack: http://msgpack.org/