Open Stack

Hi Clark, all,

https://review.openstack.org/#/c/76634/ has been merged, but I still
get 'command denied' errors [1].

Is there something else, that must be done before we can use new
privileges of openstack_citest user?

Thanks,
Roman

[1] http://logs.openstack.org/63/74963/4/check/gate-oslo-incubator-python27/e115a5f/console.html

On Wed, Feb 26, 2014 at 11:54 AM, Roman Podoliaka
<rpodolyaka at mirantis.com> wrote:
> Hi Clark,
>
>>>> I think we can safely GRANT ALL on *.* to openstack_citest at localhost and call that good enough
> Works for me.
>
> Thanks,
> Roman
>
> On Tue, Feb 25, 2014 at 8:29 PM, Clark Boylan <clark.boylan at gmail.com> wrote:
>> On Tue, Feb 25, 2014 at 2:33 AM, Roman Podoliaka
>> <rpodolyaka at mirantis.com> wrote:
>>> Hi all,
>>>
>>> [1] made it possible for openstack_citest MySQL user to create new
>>> databases in tests on demand (which is very useful for parallel
>>> running of tests on MySQL and PostgreSQL, thank you, guys!).
>>>
>>> Unfortunately, openstack_citest user can only create tables in the
>>> created databases, but not to perform SELECT/UPDATE/INSERT queries.
>>> Please see the bug [2] filed by Joshua Harlow.
>>>
>>> In PostgreSQL the user who creates a database, becomes the owner of
>>> the database (and can do everything within this database), and in
>>> MySQL we have to GRANT those privileges explicitly. But
>>> openstack_citest doesn't have the permission to do GRANT (even on its
>>> own databases).
>>>
>>> I think, we could overcome this issue by doing something like this
>>> while provisioning a node:
>>> GRANT ALL on `some_predefined_prefix_goes_here\_%`.* to
>>> 'openstack_citest'@'localhost';
>>>
>>> and then create databases giving them names starting with the prefix value.
>>>
>>> Is it an acceptable solution? Or am I missing something?
>>>
>>> Thanks,
>>> Roman
>>>
>>> [1] https://review.openstack.org/#/c/69519/
>>> [2] https://bugs.launchpad.net/openstack-ci/+bug/1284320
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>> The problem with the prefix approach is it doesn't scale. At some
>> point we will decide we need a new prefix then a third and so on
>> (which is basically what happened at the schema level). That said we
>> recently switched to using single use slaves for all unittesting so I
>> think we can safely GRANT ALL on *.* to openstack_citest at localhost and
>> call that good enough. This should work fine for upstream testing but
>> may not be super friendly to others using the puppet manifests on
>> permanent slaves. We can wrap the GRANT in a condition in puppet that
>> is set only on single use slaves if this is a problem.
>>
>> Clark
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev