ipv6 mode vip mysql grant not added unless vip configured on iface
Bug #1499643 reported by
Edward Hope-Morley
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ceilometer (Juju Charms Collection) |
Fix Released
|
High
|
Edward Hope-Morley | ||
cinder (Juju Charms Collection) |
Fix Released
|
High
|
Edward Hope-Morley | ||
glance (Juju Charms Collection) |
Fix Released
|
High
|
Edward Hope-Morley | ||
keystone (Juju Charms Collection) |
Fix Released
|
High
|
Edward Hope-Morley | ||
neutron-api (Juju Charms Collection) |
Fix Released
|
High
|
Edward Hope-Morley | ||
nova-cloud-controller (Juju Charms Collection) |
Fix Released
|
High
|
Edward Hope-Morley | ||
swift-proxy (Juju Charms Collection) |
Fix Released
|
High
|
Edward Hope-Morley |
Bug Description
When using our Openstack charms in ipv6 mode (prefer-ipv6=True) it appears that the shared-db relation only adds grants for addresses currently configured on the unit interface so if we have configured the charm to use a vip but the vip is not yet configured on an interface at the time the shared-db relation joins/changes, the vip will not be added to the grant list. Current solution is to either wait for all vips (corosync resource) to settle before adding shared-db relations or re-add the shared-db relation to pick up the vip.
Related branches
lp:~hopem/charm-helpers/lp1499643
- Liam Young (community): Approve
- OpenStack Charmers: Pending requested
-
Diff: 110 lines (+44/-4)2 files modifiedcharmhelpers/contrib/openstack/utils.py (+8/-1)
tests/contrib/openstack/test_os_utils.py (+36/-3)
lp:~hopem/charms/trusty/cinder/lp1499643
- Liam Young (community): Approve
-
Diff: 810 lines (+407/-53)11 files modifiedhooks/charmhelpers/contrib/network/ip.py (+5/-3)
hooks/charmhelpers/contrib/openstack/amulet/deployment.py (+9/-10)
hooks/charmhelpers/contrib/openstack/context.py (+52/-7)
hooks/charmhelpers/contrib/openstack/templating.py (+30/-2)
hooks/charmhelpers/contrib/openstack/utils.py (+181/-2)
hooks/charmhelpers/core/hookenv.py (+32/-0)
hooks/charmhelpers/core/hugepage.py (+8/-1)
hooks/charmhelpers/core/strutils.py (+30/-0)
tests/charmhelpers/contrib/amulet/deployment.py (+4/-2)
tests/charmhelpers/contrib/amulet/utils.py (+47/-16)
tests/charmhelpers/contrib/openstack/amulet/deployment.py (+9/-10)
lp:~hopem/charms/trusty/swift-proxy/lp1499643
- Liam Young (community): Approve
-
Diff: 2266 lines (+1613/-108)14 files modifiedcharmhelpers/contrib/network/ip.py (+5/-3)
charmhelpers/contrib/openstack/amulet/deployment.py (+23/-9)
charmhelpers/contrib/openstack/amulet/utils.py (+359/-0)
charmhelpers/contrib/openstack/context.py (+60/-16)
charmhelpers/contrib/openstack/templating.py (+30/-2)
charmhelpers/contrib/openstack/utils.py (+181/-2)
charmhelpers/contrib/storage/linux/ceph.py (+224/-2)
charmhelpers/core/hookenv.py (+32/-0)
charmhelpers/core/hugepage.py (+8/-1)
charmhelpers/core/strutils.py (+30/-0)
tests/charmhelpers/contrib/amulet/deployment.py (+4/-2)
tests/charmhelpers/contrib/amulet/utils.py (+275/-62)
tests/charmhelpers/contrib/openstack/amulet/deployment.py (+23/-9)
tests/charmhelpers/contrib/openstack/amulet/utils.py (+359/-0)
lp:~hopem/charms/trusty/nova-cloud-controller/lp1499643
- Liam Young (community): Approve
-
Diff: 760 lines (+478/-43)8 files modifiedhooks/charmhelpers/contrib/openstack/amulet/deployment.py (+10/-3)
hooks/charmhelpers/contrib/openstack/templating.py (+1/-0)
hooks/charmhelpers/contrib/openstack/utils.py (+181/-2)
hooks/charmhelpers/core/hookenv.py (+32/-0)
hooks/charmhelpers/core/host.py (+29/-12)
hooks/charmhelpers/core/hugepage.py (+8/-1)
tests/charmhelpers/contrib/amulet/utils.py (+194/-16)
tests/charmhelpers/contrib/openstack/amulet/deployment.py (+23/-9)
lp:~hopem/charms/trusty/ceilometer/lp1499643
- Liam Young (community): Approve
-
Diff: 810 lines (+407/-53)11 files modifiedcharmhelpers/contrib/network/ip.py (+5/-3)
charmhelpers/contrib/openstack/amulet/deployment.py (+9/-10)
charmhelpers/contrib/openstack/context.py (+52/-7)
charmhelpers/contrib/openstack/templating.py (+30/-2)
charmhelpers/contrib/openstack/utils.py (+181/-2)
charmhelpers/core/hookenv.py (+32/-0)
charmhelpers/core/hugepage.py (+8/-1)
charmhelpers/core/strutils.py (+30/-0)
tests/charmhelpers/contrib/amulet/deployment.py (+4/-2)
tests/charmhelpers/contrib/amulet/utils.py (+47/-16)
tests/charmhelpers/contrib/openstack/amulet/deployment.py (+9/-10)
lp:~hopem/charms/trusty/keystone/lp1499643
- Liam Young (community): Approve
-
Diff: 2301 lines (+1618/-93)16 files modifiedcharmhelpers/contrib/network/ip.py (+5/-3)
charmhelpers/contrib/openstack/amulet/deployment.py (+23/-9)
charmhelpers/contrib/openstack/amulet/utils.py (+359/-0)
charmhelpers/contrib/openstack/context.py (+60/-16)
charmhelpers/contrib/openstack/templating.py (+30/-2)
charmhelpers/contrib/openstack/utils.py (+232/-2)
charmhelpers/contrib/storage/linux/ceph.py (+226/-13)
charmhelpers/core/hookenv.py (+32/-0)
charmhelpers/core/host.py (+32/-16)
charmhelpers/core/hugepage.py (+8/-1)
charmhelpers/core/strutils.py (+30/-0)
tests/charmhelpers/contrib/amulet/deployment.py (+4/-2)
tests/charmhelpers/contrib/amulet/utils.py (+193/-19)
tests/charmhelpers/contrib/openstack/amulet/deployment.py (+23/-9)
tests/charmhelpers/contrib/openstack/amulet/utils.py (+359/-0)
unit_tests/test_keystone_hooks.py (+2/-1)
lp:~hopem/charms/trusty/neutron-api/lp1499643
- Liam Young (community): Approve
-
Diff: 2287 lines (+1616/-92)15 files modifiedhooks/charmhelpers/contrib/network/ip.py (+5/-3)
hooks/charmhelpers/contrib/openstack/amulet/deployment.py (+23/-9)
hooks/charmhelpers/contrib/openstack/amulet/utils.py (+359/-0)
hooks/charmhelpers/contrib/openstack/context.py (+60/-16)
hooks/charmhelpers/contrib/openstack/templating.py (+30/-2)
hooks/charmhelpers/contrib/openstack/utils.py (+232/-2)
hooks/charmhelpers/contrib/storage/linux/ceph.py (+226/-13)
hooks/charmhelpers/core/hookenv.py (+32/-0)
hooks/charmhelpers/core/host.py (+32/-16)
hooks/charmhelpers/core/hugepage.py (+8/-1)
hooks/charmhelpers/core/strutils.py (+30/-0)
tests/charmhelpers/contrib/amulet/deployment.py (+4/-2)
tests/charmhelpers/contrib/amulet/utils.py (+193/-19)
tests/charmhelpers/contrib/openstack/amulet/deployment.py (+23/-9)
tests/charmhelpers/contrib/openstack/amulet/utils.py (+359/-0)
lp:~hopem/charms/trusty/glance/lp1499643
- Liam Young (community): Approve
-
Diff: 1408 lines (+874/-79)14 files modifiedcharmhelpers/contrib/network/ip.py (+5/-3)
charmhelpers/contrib/openstack/amulet/deployment.py (+23/-9)
charmhelpers/contrib/openstack/amulet/utils.py (+359/-0)
charmhelpers/contrib/openstack/context.py (+52/-7)
charmhelpers/contrib/openstack/templating.py (+30/-2)
charmhelpers/contrib/openstack/utils.py (+232/-2)
charmhelpers/contrib/storage/linux/ceph.py (+2/-11)
charmhelpers/core/hookenv.py (+32/-0)
charmhelpers/core/host.py (+32/-16)
charmhelpers/core/hugepage.py (+8/-1)
charmhelpers/core/strutils.py (+30/-0)
tests/charmhelpers/contrib/amulet/deployment.py (+4/-2)
tests/charmhelpers/contrib/amulet/utils.py (+56/-16)
tests/charmhelpers/contrib/openstack/amulet/deployment.py (+9/-10)
affects: | charms → keystone (Juju Charms Collection) |
affects: | cinder (Ubuntu) → cinder (Juju Charms Collection) |
Changed in ceilometer (Juju Charms Collection): | |
status: | New → In Progress |
Changed in cinder (Juju Charms Collection): | |
status: | New → In Progress |
Changed in glance (Juju Charms Collection): | |
status: | New → In Progress |
Changed in keystone (Juju Charms Collection): | |
status: | New → In Progress |
Changed in neutron-api (Juju Charms Collection): | |
status: | New → In Progress |
Changed in nova-cloud-controller (Juju Charms Collection): | |
status: | New → In Progress |
Changed in swift-proxy (Juju Charms Collection): | |
status: | New → In Progress |
Changed in ceilometer (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in cinder (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in glance (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in keystone (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in neutron-api (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in nova-cloud-controller (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in swift-proxy (Juju Charms Collection): | |
importance: | Undecided → High |
Changed in ceilometer (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in cinder (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in glance (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in keystone (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in neutron-api (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in nova-cloud-controller (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in swift-proxy (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in ceilometer (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in cinder (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in glance (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in keystone (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in neutron-api (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in nova-cloud-controller (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in swift-proxy (Juju Charms Collection): | |
milestone: | none → 15.10 |
Changed in ceilometer (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in cinder (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in glance (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in keystone (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in neutron-api (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in nova-cloud-controller (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in swift-proxy (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in keystone (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in neutron-api (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in nova-cloud-controller (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in cinder (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in glance (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in swift-proxy (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in ceilometer (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Ok having looked into this a little further, in ipv4 mode we do not acquire a grant for the vip but his does not appear to be a problem as long as the primary (non-vip) address of all units have grants. With ipv6 if we do the same i.e. acquire a grant for each base address, all is fine unless the node connecting has a second/vip address configured in which case the connection to mysql appears to come from the vip which has no grant and therefore fails e.g.
2: eth0: <BROADCAST, MULTICAST, UP,LOWER_ UP> mtu 1500 qlen 1000 1:0:f816: 3eff:fec6: 2a3c/64 scope global dynamic 3eff:fec6: 2a3c/64 scope link
inet6 2001:db8:
valid_lft 86189sec preferred_lft 14189sec
inet6 fe80::f816:
valid_lft forever preferred_lft forever
vs.
2: eth0: <BROADCAST, MULTICAST, UP,LOWER_ UP> mtu 1500 qlen 1000 1:0:d0cf: 528c:23eb: 5001/64 scope global 1:0:f816: 3eff:fe7e: a3b/64 scope global dynamic 3eff:fe7e: a3b/64 scope link
inet6 2001:db8:
valid_lft forever preferred_lft forever
inet6 2001:db8:
valid_lft 86203sec preferred_lft 14203sec
inet6 fe80::f816:
valid_lft forever preferred_lft forever
with grants:
-- Grants for 'keystone' @'2001: db8:1:0: f816:3eff: fe73:cd5f' @'2001: db8:1:0: f816:3eff: fe73:cd5f' IDENTIFIED BY PASSWORD '*D76D690319879 C126E329CD6616F 0ABC447EA717' ; @'2001: db8:1:0: f816:3eff: fe73:cd5f' ; @'2001: db8:1:0: f816:3eff: fe7e:a3b' @'2001: db8:1:0: f816:3eff: fe7e:a3b' IDENTIFIED BY PASSWORD '*D76D690319879 C126E329CD6616F 0ABC447EA717' ; @'2001: db8:1:0: f816:3eff: fe7e:a3b' ; @'2001: db8:1:0: f816:3eff: fec6:2a3c' @'2001: db8:1:0: f816:3eff: fec6:2a3c' IDENTIFIED BY PASSWORD '*D76D690319879 C126E329CD6616F 0ABC447EA717' ; @'2001: db8:1:0: f816:3eff: fec6:2a3c' ;
GRANT USAGE ON *.* TO 'keystone'
GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'
-- Grants for 'keystone'
GRANT USAGE ON *.* TO 'keystone'
GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'
-- Grants for 'keystone'
GRANT USAGE ON *.* TO 'keystone'
GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'
gives:
OperationalError: (OperationalError) (1130, "Host '2001:db8: 1:0:d0cf: 528c:23eb: 5001' is not allowed to connect to this MySQL server") None None
If I set a grant for the vip all is good. Perhaps this has something to do with scope global addresses taking precedence over scope global dynamic ones?