[19.04] grants for new shared-db clients are not created when a deployment is scaled from non-HA to HA
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Percona Cluster Charm |
Triaged
|
Medium
|
Unassigned |
Bug Description
When a deployment is scaled out from the non-HA configuration (for all API and DB units) to the HA configuration (2-unit in my case which uses "two_node: 1" mode for corosync) handling of shared-
1) non-HA bundle;
https:/
2) HA bundle:
https:/
juju deploy bundle.yaml
# let it settle
juju deploy --map-machines=
# observe failures
The problem manifests itself when either an API service tries to validate a keystone token in keystonemiddlewaere and accesses a keystone backend that does not have a grant on the database or when a keystone unit is accessed directly (e.g. if you need to issue a token).
For example, keystone has 2 units but grants are present only for a single one:
mysql> select * from INFORMATION_
+------
| GRANTEE | TABLE_CATALOG | TABLE_SCHEMA | PRIVILEGE_TYPE | IS_GRANTABLE |
+------
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
| 'keystone'
+------
18 rows in set (0.00 sec)
juju run --application keystone 'network-get shared-db'
- Stdout: |
bind-addresses:
- macaddress: 00:16:3e:62:d2:ae
interface
addresses:
- hostname: ""
address: 10.232.7.104
cidr: 10.232.0.0/21
egress-subnets:
- 10.232.7.104/32
ingress-
- 10.232.7.104
UnitId: keystone/1
- Stdout: |
bind-addresses:
- macaddress: 00:16:3e:1f:84:8f
interface
addresses:
- hostname: ""
address: 10.232.7.110
cidr: 10.232.0.0/21
egress-subnets:
- 10.232.7.110/32
ingress-
- 10.232.7.110
UnitId: keystone/0
tags: | added: scaleout |
Setting to 'incomplete' as min-cluster-size was not changed from 0 to 2 in the HA bundle which is likely the reason why this happened.