Open Stack

On Tue, Feb 25, 2014 at 2:33 AM, Roman Podoliaka
<rpodolyaka at mirantis.com> wrote:
> Hi all,
>
> [1] made it possible for openstack_citest MySQL user to create new
> databases in tests on demand (which is very useful for parallel
> running of tests on MySQL and PostgreSQL, thank you, guys!).
>
> Unfortunately, openstack_citest user can only create tables in the
> created databases, but not to perform SELECT/UPDATE/INSERT queries.
> Please see the bug [2] filed by Joshua Harlow.
>
> In PostgreSQL the user who creates a database, becomes the owner of
> the database (and can do everything within this database), and in
> MySQL we have to GRANT those privileges explicitly. But
> openstack_citest doesn't have the permission to do GRANT (even on its
> own databases).
>
> I think, we could overcome this issue by doing something like this
> while provisioning a node:
> GRANT ALL on `some_predefined_prefix_goes_here\_%`.* to
> 'openstack_citest'@'localhost';
>
> and then create databases giving them names starting with the prefix value.
>
> Is it an acceptable solution? Or am I missing something?
>
> Thanks,
> Roman
>
> [1] https://review.openstack.org/#/c/69519/
> [2] https://bugs.launchpad.net/openstack-ci/+bug/1284320
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

The problem with the prefix approach is it doesn't scale. At some
point we will decide we need a new prefix then a third and so on
(which is basically what happened at the schema level). That said we
recently switched to using single use slaves for all unittesting so I
think we can safely GRANT ALL on *.* to openstack_citest at localhost and
call that good enough. This should work fine for upstream testing but
may not be super friendly to others using the puppet manifests on
permanent slaves. We can wrap the GRANT in a condition in puppet that
is set only on single use slaves if this is a problem.

Clark