Fuel for OpenStack

mysql puppet module doesn't created grants correctly

Bug #1509069 reported by Stanislaw Bogatkin
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Committed
Medium
Sergii Golovatiuk
Fuel for OpenStack 9.0
6.1.x
Won't Fix
High
Fuel Sustaining
Fuel for OpenStack 6.1-updates
7.0.x
Fix Released
High
Michael Polenchuk
Fuel for OpenStack 7.0-mu-5
8.0.x
Fix Released
High
Alexey Stupnikov
Fuel for OpenStack 8.0-mu-4

Bug Description

We use old mysql module that created grants by manually execute sql statements into system table. It results to that fact that such grants don't distribute over cluster nodes.

We need either update our mysql module to upstream version where right way to give grants implemented or change current provider to use standard 'GRANT OPTION' instead of writing to system table.

Bartłomiej Piotrowski (bpiotrowski)
Changed in fuel:
status: New → Confirmed
Dmitry Pyzhov (dpyzhov)
tags: added: area-library
Maksim Malchuk (mmalchuk)
Changed in fuel:
assignee: Sergii Golovatiuk (sgolovatiuk) → Maksim Malchuk (mmalchuk)
status: Confirmed → In Progress
Sergii Golovatiuk (sgolovatiuk)
Changed in fuel:
assignee: Maksim Malchuk (mmalchuk) → Sergii Golovatiuk (sgolovatiuk)
Revision history for this message
Matthew Mosesohn (raytrac3r) wrote :

Sergii, what is the status? It's been in progress and assigned to you for a while.

Revision history for this message
Matthew Mosesohn (raytrac3r) wrote :

Currently, no deployments are broken as a result. It is a technical debt and requires some reworking to reintroduce grants correctly

tags: added: tech-debt
Changed in fuel:
importance: High → Medium
Revision history for this message
Sergii Golovatiuk (sgolovatiuk) wrote :

I agree with Matthew. grant tables are not synced between controllers. IT has very specific side effect but it doesn't break a deployment. There are some workarounds how to fix it. Lowering priority to medium i

Dmitry Pyzhov (dpyzhov)
Changed in fuel:
milestone: 8.0 → 9.0
Sergii Golovatiuk (sgolovatiuk)
Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
Sergii Golovatiuk (sgolovatiuk) wrote :

This issue was resolved by syncing to upstream mysql module (Change-Id: Idd0957c677b87a2d8794e993417ef9e2f0ddf4a6)

Now, I see the same grants on all controllers for all users.

Revision history for this message
Alexander Rubtsov (arubtsov) wrote :

Could you please backport the fix to MOS 7.0 ?

tags: added: customer-found
tags: added: sla2
Revision history for this message
Alexander Rubtsov (arubtsov) wrote :

sla2 for 7.0-updates

Revision history for this message
Alexander Rubtsov (arubtsov) wrote :

Please disregard my previous comment - I specified wrong SLA. The correct one is:
sla1 for 7.0-updates

tags: added: sla1
removed: sla2
Revision history for this message
Dmitry Klenov (dklenov) wrote :

Link to the fix: https://review.openstack.org/#/c/267232/

Revision history for this message
Vitaly Sedelnik (vsedelnik) wrote :

Won't Fix for 7.0-updates because this change is too risky to be accepted into stable branch:
1. Big and not self-contained change (+705, -6923 LOC), tens of files are changed
2. This is not a bug but substantial refactoring of galera and mysql puppet module.

tags: added: wontfix-risky
Revision history for this message
Michael Polenchuk (mpolenchuk) wrote :

What about to just update mysql grant provider plus related code that uses it?

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/7.0)

Fix proposed to branch: stable/7.0
Review: https://review.openstack.org/310860

Revision history for this message
Dmitry Klenov (dklenov) wrote :

Let's proceed with granular fix for 7.0 for this specific issue.

Revision history for this message
Vitaly Sedelnik (vsedelnik) wrote :

Won't Fix for 6.1-updates because it requires substantial refactoring of mysql puppet module

Revision history for this message
Vitaly Sedelnik (vsedelnik) wrote :

Targeted to 8.0-mu-2 as backport to 8.0 is required before merging backport to 7.0

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-library (stable/7.0)

Change abandoned by Fuel DevOps Robot (<email address hidden>) on branch: stable/7.0
Review: https://review.openstack.org/310860
Reason: This review is > 4 weeks without comment and currently blocked by a core reviewer with a -2. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and contacting the reviewer with the -2 on this review to ensure you address their concerns.

Revision history for this message
Vitaly Sedelnik (vsedelnik) wrote :

Removed from 8.0-mu-2 as there is no fix on review

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/8.0)

Fix proposed to branch: stable/8.0
Review: https://review.openstack.org/333463

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to puppet-modules/puppet-openstacklib (mos-8.0)

Fix proposed to branch: mos-8.0
Change author: Alexey Stupnikov <email address hidden>
Review: https://review.fuel-infra.org/22512

Revision history for this message
Alexey Stupnikov (astupnikov) wrote :

Waiting for MU nomination for 8.0.x series.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-library (stable/7.0)

Change abandoned by Fuel DevOps Robot (<email address hidden>) on branch: stable/7.0
Review: https://review.openstack.org/310860
Reason: This review is > 4 weeks without comment and currently blocked by a core reviewer with a -2. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and contacting the reviewer with the -2 on this review to ensure you address their concerns.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-library (stable/8.0)

Change abandoned by Fuel DevOps Robot (<email address hidden>) on branch: stable/8.0
Review: https://review.openstack.org/333463
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/7.0)

Fix proposed to branch: stable/7.0
Review: https://review.openstack.org/355884

Revision history for this message
Alexey Stupnikov (astupnikov) wrote :

Fix https://review.openstack.org/355884 for MOS 7.0 works well in our lab.

Output: http://pastebin.com/TiR0SXYX

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (stable/7.0)

Reviewed: https://review.openstack.org/355884
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=acce7b7cef569db389826171fc5a9d8b8fdfb4c3
Submitter: Jenkins
Branch: stable/7.0

commit acce7b7cef569db389826171fc5a9d8b8fdfb4c3
Author: Mikhail <email address hidden>
Date: Tue Aug 16 14:48:13 2016 +0300

    Fixed granting of privileges for mysql entities

    In this patch we use 'GRANT PRIVILEGES' command
    instead of writing directly to the table

    Change-Id: Ibde624bc1f35f45d5fab7257dbd81e7e78bdd2f3
    Closes-Bug: #1509069

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/8.0)

Fix proposed to branch: stable/8.0
Review: https://review.openstack.org/359985

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (stable/8.0)

Reviewed: https://review.openstack.org/359985
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=3e27e0ac8ed8ce67a05c321240358545a6ff5cb2
Submitter: Jenkins
Branch: stable/8.0

commit 3e27e0ac8ed8ce67a05c321240358545a6ff5cb2
Author: Mikhail <email address hidden>
Date: Tue Aug 16 14:48:13 2016 +0300

    Fixed granting of privileges for mysql entities

    In this patch we use 'GRANT PRIVILEGES' command
    instead of writing directly to the table

    Change-Id: Ibde624bc1f35f45d5fab7257dbd81e7e78bdd2f3
    Closes-Bug: #1509069
    (cherry picked from commit acce7b7cef569db389826171fc5a9d8b8fdfb4c3)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-library (stable/7.0)

Change abandoned by Fuel DevOps Robot (<email address hidden>) on branch: stable/7.0
Review: https://review.openstack.org/310860
Reason: This review is > 4 weeks without comment and currently blocked by a core reviewer with a -2. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and contacting the reviewer with the -2 on this review to ensure you address their concerns.

Revision history for this message
Ekaterina Shutova (eshutova) wrote :

Verified on MOS 8.0 + mu4 updates.
Privileges are granted for created user https://paste.mirantis.net/show/6292/

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.