[Openstack] Incredibly odd mysql permission error
Sylvain Bauza
sylvain.bauza at digimind.com
Mon Mar 11 14:11:23 UTC 2013
So as to reproduce the nova-manage SQL command, I would recommand to
tcpdump -A port 3306 on the host and get the SQL trace on what's failing.
Could you please explain further what is your HA config ? Are you using
pacemaker/heartbeat or any VIP ?
-Sylvain
Le 11/03/2013 14:23, Samuel Winchenbach a écrit :
> Does anyone think this could be an openstack bug? I just want to
> check before submitting a bug report.
>
> Sam
>
>
> On Fri, Mar 8, 2013 at 4:02 PM, Jay Pipes <jaypipes at gmail.com
> <mailto:jaypipes at gmail.com>> wrote:
>
> Sorry, I really can't think of anything :(
>
> On 03/08/2013 03:52 PM, Samuel Winchenbach wrote:
> > I dropped those users and no change.
> >
> > I also set up general logging in mysql but it really doesn't
> provide any
> > additional information. Any idea for a next step I could take?
> >
> > I am almost at the point of taking a tcpdump and trying to
> recreate the
> > salted password. :/
> >
> > Thanks for the help
> >
> > Sam
> >
> >
> >
> >
> > On Fri, Mar 8, 2013 at 3:38 PM, Jay Pipes <jaypipes at gmail.com
> <mailto:jaypipes at gmail.com>
> > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>> wrote:
> >
> > I'm stumped :( Looks like everything is set up correctly to
> me. What is
> > interested is that your nova user access works from test2,
> but there is
> > no nova at test2 user in the mysql.user table. What about doing
> a DROP USER
> > nova at test1; FLUSH PRIVILEGES; and then see if that fixes
> things... since
> > the nova at 10.21.0.0/255.255.0.0
> <http://nova@10.21.0.0/255.255.0.0>
> <http://nova@10.21.0.0/255.255.0.0>
> > user is clearly working for the access
> > from test2.
> >
> > Also, I'd recommend highly removing the nova@% user.
> >
> > Best,
> > -jay
> >
> > On 03/08/2013 03:09 PM, Samuel Winchenbach wrote:
> > >
> > > http://paste2.org/p/3085807
> > >
> > >
> > > On Fri, Mar 8, 2013 at 2:46 PM, Jay Pipes
> <jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>
> > > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>>> wrote:
> > >
> > > Please paste the results of SELECT User, Host,
> Password FROM
> > mysql.user
> > > when running as root...
> > >
> > > Thanks!
> > > -jay
> > >
> > > On 03/08/2013 02:25 PM, Samuel Winchenbach wrote:
> > > > Here are my grants. I don't know if this helps, but
> I did
> > verify that
> > > > the password was identical for each grant:
> > > http://paste2.org/p/3085361
> > > >
> > > >
> > > > On Fri, Mar 8, 2013 at 2:17 PM, Samuel Winchenbach
> > > <swinchen at gmail.com <mailto:swinchen at gmail.com>
> <mailto:swinchen at gmail.com <mailto:swinchen at gmail.com>>
> > <mailto:swinchen at gmail.com <mailto:swinchen at gmail.com>
> <mailto:swinchen at gmail.com <mailto:swinchen at gmail.com>>>
> > > > <mailto:swinchen at gmail.com
> <mailto:swinchen at gmail.com> <mailto:swinchen at gmail.com
> <mailto:swinchen at gmail.com>>
> > <mailto:swinchen at gmail.com <mailto:swinchen at gmail.com>
> <mailto:swinchen at gmail.com <mailto:swinchen at gmail.com>>>>> wrote:
> > > >
> > > > root at test1:/var/log# mysql -hmysql-ha -unova
> > > > -p******************************** -e"SELECT User, Host,
> > Password
> > > > FROM mysql.user;"
> > > > ERROR 1142 (42000) at line 1: SELECT command
> denied to user
> > > > 'nova'@'test1' for table 'user'
> > > >
> > > >
> > > > On Fri, Mar 8, 2013 at 2:06 PM, Jay Pipes
> > <jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>
> > > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>>
> > > > <mailto:jaypipes at gmail.com
> <mailto:jaypipes at gmail.com> <mailto:jaypipes at gmail.com
> <mailto:jaypipes at gmail.com>>
> > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>>>> wrote:
> > > >
> > > > What does this show?
> > > >
> > > > mysql -hmysql-ha -unova -p<PASS> -e"SELECT
> User, Host,
> > > Password FROM
> > > > mysql.user"
> > > >
> > > > -jay
> > > >
> > > > On 03/08/2013 01:46 PM, Samuel Winchenbach
> wrote:
> > > > > Sorry, that must have been a copy and
> paste error.
> > Here
> > > is what I
> > > > > actually ran:
> > > > >
> > > > > http://paste2.org/p/3084996
> > > > >
> > > > >
> > > > > On Fri, Mar 8, 2013 at 12:40 PM, Jay Pipes
> > > <jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>
> > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>>
> > > > <mailto:jaypipes at gmail.com
> <mailto:jaypipes at gmail.com>
> > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>>>
> > > > > <mailto:jaypipes at gmail.com
> <mailto:jaypipes at gmail.com>
> > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>>
> > > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>
> > <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>
> <mailto:jaypipes at gmail.com <mailto:jaypipes at gmail.com>>>>>> wrote:
> > > > >
> > > > > On 03/08/2013 12:19 PM, Samuel
> Winchenbach wrote:
> > > > > > Hi All,
> > > > > >
> > > > > > I have two nodes (test1 and test2)
> that I am
> > trying to
> > > > set up in a
> > > > > > highly available configuration.
> > > > > >
> > > > > > During the setup process I tried running
> > "nova-manage
> > > > service list" on
> > > > > > both nodes. It worked fine on
> test2, but
> > fails on
> > > > test1 even
> > > > > though I
> > > > > > can connect to the database with the
> mysql
> > client from
> > > > test1.
> > > > > >
> > > > > > Here is a screen capture that shows
> the setup on
> > > the two
> > > > nodes are
> > > > > > basically identical:
> > http://paste2.org/p/3084223
> > > > >
> > > > > In the above paste you are doing:
> > > > >
> > > > > mysql -unova - hmysql-ha -u root
> nova
> > > > > -p********************************
> > > > >
> > > > > Note you are supplying 2 -u arguments,
> and mysql
> > > will take
> > > > the second
> > > > > (root).
> > > > >
> > > > > -jay
> > > > >
> > > > >
> _______________________________________________
> > > > > Mailing list:
> https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack>
> > > > > Post to :
> openstack at lists.launchpad.net <mailto:openstack at lists.launchpad.net>
> > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>>
> > > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>>>
> > > > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>>
> > > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>>>>
> > > > > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>>
> > > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>>>
> > > > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>>
> > > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> > <mailto:openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>>>>>
> > > > > Unsubscribe :
> https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack>
> > > > > More help :
> https://help.launchpad.net/ListHelp
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130311/37cd0d49/attachment.html>
More information about the Openstack
mailing list