Description:
Fabric uses the same user/password to access the backing store, each of the instances which are defined as part of HA groups, and for replication.

The docs ( http://dev.mysql.com/doc/mysql-utilities/1.4/en/fabric-create-user.html ) suggest the following permissions:
CREATE USER 'fabric'@'localhost' IDENTIFIED BY 'secret';
GRANT ALL ON *.* TO 'fabric'@'localhost';
The problem with those permissions is that it only works if all of your MySQL instances are on 'localhost' and the fabric manger is on 'localhost'.

Fabric uses the same user to initiate replication from one instance to another, so a dependency is created whereby all permutations of server<->client must be accounted for in the grants.

The simplest solution is something like this:

CREATE USER 'fabric'@'10.1.2.%' IDENTIFIED BY 'foo';

This particular dependency isn't explained in the docs and leaves people scratching their head when they add a host to a group, promote it as master, then add a slave to the group and get a permissions error from the slave.

The docs on user permissions and replication need to be expanded to illustrate this multi-way dependency.

I'm not aware of this dependency being explained in the mysqlfailover docs either, customers must just be using 'replication'@'%'

How to repeat:
Attempt to follow current instructions in a multi-host environment

Suggested fix:
Update documentation with a multi-host example.

Thank you for the bug report. Verified as described.

Posted by developer:
 
Fabric v1.4 (and its docs) are no longer maintained, but the user and permission system was rewritten in 1.5.5+ and 1.6.2+, and here are those docs:

http://dev.mysql.com/doc/mysql-fabric/1.6/en/fabric-create-user.html

However, because they still only refer to localhost, this bug remains open, and a related todo was created.

Status updated to 'Won't fix' (Fabric is now covered under Oracle Lifetime Sustaining Support)