OpenStack Percona Cluster Charm

[juju upgrade-series] sstuser@localhost needs PROCESS privilege

Bug #1838044 reported by Alvaro Uria on 2019-07-26

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Percona Cluster Charm	Fix Released	High	Alex Kavanagh	OpenStack Percona Cluster Charm 20.02

Bug Description

When upgrading an OSCharms 19.04 environment (cloud:xenial-queens) from Xenial to Bionic, I had to recover the Percona-Xtradb cluster from one of the units (seed).

I used innobackupex to get the data and copy it to the donors, but I hit the following error (on the seed):
"""
Error: failed to execute query SHOW ENGINE INNODB STATUS: Access denied; you need (at least one of) the PROCESS privilege(s) for this operation
"""

mysql> show grants for sstuser@localhost;
+-------------------------------------------------------------------------------+
| Grants for sstuser@localhost |
+-------------------------------------------------------------------------------+
| GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'sstuser'@'localhost' |
+-------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> grant PROCESS on *.* to 'sstuser'@'localhost';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
"""

The post-series-upgrade hook may need to grant such permission (not sure if "ON *.*" is what it would be needed, though).

Thank you.

Tags:

Revision history for this message

Chris Sanders (chris.sanders) wrote on 2019-10-22:

Subscribing field-medium, this is still an active issue causing upgrade issues.

Revision history for this message

Drew Freiberger (afreiberger) wrote on 2019-10-23:

I think doing this in the pre-series-upgrade hook on the leader unit would better prepare the environment for the do-release-upgrade for SST user to have access to the new replication mechanism in pxc 5.70 on bionic.

Alex Kavanagh (ajkavanagh) on 2019-10-31

Changed in charm-percona-cluster:
importance:	Undecided → High
status:	New → Triaged

Alex Kavanagh (ajkavanagh) on 2019-11-08

tags:

added: series-upgrade

Revision history for this message

Alex Kavanagh (ajkavanagh) wrote on 2019-12-03:

So, the configure_sstuser(...) function gained knowledge about the PROCESS permission for bionic, (in commit 7d835b86) but this wasn't done for the series upgrade. Just need to 'teach' the charm to add the PROCESS permission to the user on upgrade (e.g. a function called upgrade_sstuser(...) or similar).

Changed in charm-percona-cluster:
milestone:	none → 20.02

Alex Kavanagh (ajkavanagh) on 2019-12-05

Changed in charm-percona-cluster:
assignee:	nobody → Alex Kavanagh (ajkavanagh)

Alex Kavanagh (ajkavanagh) on 2019-12-09

Changed in charm-percona-cluster:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-12-09: Fix proposed to charm-percona-cluster (master)

Fix proposed to branch: master
Review: https://review.opendev.org/698050

Revision history for this message

Alex Kavanagh (ajkavanagh) wrote on 2019-12-09:

Note that I've manually verified that the series-upgrade does add the PROCESS permission. After the full series upgrade across 3 ha percona-cluster units:

mysql> show grants for 'sstuser'@'localhost';
+----------------------------------------------------------------------------------------+
| Grants for sstuser@localhost |
+----------------------------------------------------------------------------------------+
| GRANT RELOAD, PROCESS, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'sstuser'@'localhost' |
+----------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-12-16: Fix merged to charm-percona-cluster (master)

Reviewed: https://review.opendev.org/698050
Committed: https://git.openstack.org/cgit/openstack/charm-percona-cluster/commit/?id=15e5042854f3dabd59abe8913ffe06e4a72de9e7
Submitter: Zuul
Branch: master

commit 15e5042854f3dabd59abe8913ffe06e4a72de9e7
Author: Alex Kavanagh <email address hidden>
Date: Mon Dec 9 17:32:45 2019 +0000

Ensure PROCESS perm for sstuser on series-upgrade

    This patch ensures that the PROCESS permission is added to the sstuser
    user during a series upgrade from xenial to bionic. Also patches the
    README to correct some of the commands in terms of order of parameters.

Change-Id: I8ddc21e3914e3da0f64ffcedef7a6a4bb18ba4cb
Closes-Bug: #1838044

Changed in charm-percona-cluster:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-12-16: Fix proposed to charm-percona-cluster (stable/19.10)

Fix proposed to branch: stable/19.10
Review: https://review.opendev.org/699195

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-01-15: Fix merged to charm-percona-cluster (stable/19.10)

Reviewed: https://review.opendev.org/699195
Committed: https://git.openstack.org/cgit/openstack/charm-percona-cluster/commit/?id=203b96135d283e74c3224fc3ff896bfa501474c2
Submitter: Zuul
Branch: stable/19.10

commit 203b96135d283e74c3224fc3ff896bfa501474c2
Author: Alex Kavanagh <email address hidden>
Date: Mon Dec 9 17:32:45 2019 +0000

Ensure PROCESS perm for sstuser on series-upgrade

Closes-Bug: #1838044
(cherry picked from commit 15e5042854f3dabd59abe8913ffe06e4a72de9e7)

Change-Id: Iede2faaa1a06228e12c0b03882ddccd56bcb99f8

Liam Young (gnuoy) on 2020-02-17

Changed in charm-percona-cluster:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.