pt-table-checksum dies if creating the --replicate table fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Percona Toolkit moved to https://jira.percona.com/projects/PT |
Fix Released
|
Medium
|
Brian Fraser |
Bug Description
It's nice that pt-table-checksum automatically creates the database or table, but if I want it to run as a restricted user, currently I have to use a workaround:
08-21T10:44:34 Error executing CREATE DATABASE IF NOT EXISTS `percona` /... DBD::mysql::db do failed: Access denied for user 'checksum'@'%'...
I don't want it to have this privilege because I don't want it to accidentally create any database or table in case I mess something up. It should ideally catch this error, determine that the database exists, and go on. (If it's going to do that, though, it should just check if-exists before trying to create the database/table).
The workaround right now is to use --no-create-* options.
Related branches
- Brian Fraser (community): Approve
- Daniel Nichter: Approve
-
Diff: 590 lines (+319/-58) (has conflicts)6 files modifiedbin/pt-table-checksum (+203/-41)
lib/PerconaTest.pm (+7/-3)
lib/TableParser.pm (+8/-4)
t/lib/TableParser.t (+2/-2)
t/pt-table-checksum/error_handling.t (+93/-3)
t/pt-table-checksum/privs.t (+6/-5)
Changed in percona-toolkit: | |
importance: | Undecided → Medium |
Changed in percona-toolkit: | |
milestone: | none → 2.1.5 |
summary: |
- pt-table-checksum shouldn't die if it can't create db/table + pt-table-checksum dies if can't auto-create the --replicate table |
summary: |
- pt-table-checksum dies if can't auto-create the --replicate table + pt-table-checksum dies if auto-create the --replicate table fails |
summary: |
- pt-table-checksum dies if auto-create the --replicate table fails + pt-table-checksum dies if creating the --replicate table fails |
Changed in percona-toolkit: | |
status: | In Progress → Fix Committed |
Changed in percona-toolkit: | |
status: | Fix Committed → Fix Released |
I think we could catch this in particular by looking at the error message (iirc there's code in the branch history to deal with exactly that), but as of late we've been moving away from permission checks, since they didn't work on 5.5. Since there's a workaround, I'm not sure if adding those back would be a step forward?