Open Stack

Slave images are auto rebuilt daily, so, probably, it's not happens
yet for all providers.

Anyway I see the following in nodepool logs:

2014-02-28 02:24:09,255 INFO
nodepool.image.build.rax-ord.bare-precise: notice:
/Stage[main]/Jenkins::Slave/Mysql::Db[openstack_citest]/Database_grant[openstack_citest at localhost/openstack_citest]/privileges:
privileges changed '' to 'all'

On Fri, Feb 28, 2014 at 12:28 PM, Roman Podoliaka
<rpodolyaka at mirantis.com> wrote:
> Hi Clark, all,
>
> https://review.openstack.org/#/c/76634/ has been merged, but I still
> get 'command denied' errors [1].
>
> Is there something else, that must be done before we can use new
> privileges of openstack_citest user?
>
> Thanks,
> Roman
>
> [1] http://logs.openstack.org/63/74963/4/check/gate-oslo-incubator-python27/e115a5f/console.html
>
> On Wed, Feb 26, 2014 at 11:54 AM, Roman Podoliaka
> <rpodolyaka at mirantis.com> wrote:
>> Hi Clark,
>>
>>>>> I think we can safely GRANT ALL on *.* to openstack_citest at localhost and call that good enough
>> Works for me.
>>
>> Thanks,
>> Roman
>>
>> On Tue, Feb 25, 2014 at 8:29 PM, Clark Boylan <clark.boylan at gmail.com> wrote:
>>> On Tue, Feb 25, 2014 at 2:33 AM, Roman Podoliaka
>>> <rpodolyaka at mirantis.com> wrote:
>>>> Hi all,
>>>>
>>>> [1] made it possible for openstack_citest MySQL user to create new
>>>> databases in tests on demand (which is very useful for parallel
>>>> running of tests on MySQL and PostgreSQL, thank you, guys!).
>>>>
>>>> Unfortunately, openstack_citest user can only create tables in the
>>>> created databases, but not to perform SELECT/UPDATE/INSERT queries.
>>>> Please see the bug [2] filed by Joshua Harlow.
>>>>
>>>> In PostgreSQL the user who creates a database, becomes the owner of
>>>> the database (and can do everything within this database), and in
>>>> MySQL we have to GRANT those privileges explicitly. But
>>>> openstack_citest doesn't have the permission to do GRANT (even on its
>>>> own databases).
>>>>
>>>> I think, we could overcome this issue by doing something like this
>>>> while provisioning a node:
>>>> GRANT ALL on `some_predefined_prefix_goes_here\_%`.* to
>>>> 'openstack_citest'@'localhost';
>>>>
>>>> and then create databases giving them names starting with the prefix value.
>>>>
>>>> Is it an acceptable solution? Or am I missing something?
>>>>
>>>> Thanks,
>>>> Roman
>>>>
>>>> [1] https://review.openstack.org/#/c/69519/
>>>> [2] https://bugs.launchpad.net/openstack-ci/+bug/1284320
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>> The problem with the prefix approach is it doesn't scale. At some
>>> point we will decide we need a new prefix then a third and so on
>>> (which is basically what happened at the schema level). That said we
>>> recently switched to using single use slaves for all unittesting so I
>>> think we can safely GRANT ALL on *.* to openstack_citest at localhost and
>>> call that good enough. This should work fine for upstream testing but
>>> may not be super friendly to others using the puppet manifests on
>>> permanent slaves. We can wrap the GRANT in a condition in puppet that
>>> is set only on single use slaves if this is a problem.
>>>
>>> Clark
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Sincerely yours,
Sergey Lukjanov
Savanna Technical Lead
Mirantis Inc.