openstack team mailing list archive

Thread
Date

Re: Incredibly odd mysql permission error

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Sylvain Bauza <sylvain.bauza@xxxxxxxxxxxx>
Date: Mon, 11 Mar 2013 15:11:23 +0100
In-reply-to: <CAK9s_NwoGED81p+ySStftLPJHZo6b9cta=+mrrn-Yk7Mcaq0Rg@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0

So as to reproduce the nova-manage SQL command, I would recommand totcpdump -A port 3306 on the host and get the SQL trace on what's failing.

Could you please explain further what is your HA config ? Are you usingpacemaker/heartbeat or any VIP ?


-Sylvain

Le 11/03/2013 14:23, Samuel Winchenbach a écrit :

Does anyone think this could be an openstack bug? I just want tocheck before submitting a bug report.

Sam

On Fri, Mar 8, 2013 at 4:02 PM, Jay Pipes <jaypipes@xxxxxxxxx<mailto:jaypipes@xxxxxxxxx>> wrote:


    Sorry, I really can't think of anything :(

    On 03/08/2013 03:52 PM, Samuel Winchenbach wrote:
    > I dropped those users and no change.
    >
    > I also set up general logging in mysql but it really doesn't
    provide any
    > additional information.  Any idea for a next step I could take?
    >
    > I am almost at the point of taking a tcpdump and trying to
    recreate the
    > salted password.  :/
    >
    > Thanks for the help
    >
    > Sam
    >
    >
    >
    >
    > On Fri, Mar 8, 2013 at 3:38 PM, Jay Pipes <jaypipes@xxxxxxxxx
    <mailto:jaypipes@xxxxxxxxx>
    > <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>> wrote:
    >
    >     I'm stumped :( Looks like everything is set up correctly to
    me. What is
    >     interested is that your nova user access works from test2,
    but there is
    >     no nova@test2 user in the mysql.user table. What about doing
    a DROP USER
    >     nova@test1; FLUSH PRIVILEGES; and then see if that fixes
    things... since
    >     the nova@10.21.0.0/255.255.0.0
    <http://nova@10.21.0.0/255.255.0.0>
    <http://nova@10.21.0.0/255.255.0.0>
    >     user is clearly working for the access
    >     from test2.
    >
    >     Also, I'd recommend highly removing the nova@% user.
    >
    >     Best,
    >     -jay
    >
    >     On 03/08/2013 03:09 PM, Samuel Winchenbach wrote:
    >     >
    >     > http://paste2.org/p/3085807
    >     >
    >     >
    >     > On Fri, Mar 8, 2013 at 2:46 PM, Jay Pipes
    <jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>
    >     > <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>>> wrote:
    >     >
    >     >     Please paste the results of SELECT User, Host,
    Password FROM
    >     mysql.user
    >     >     when running as root...
    >     >
    >     >     Thanks!
    >     >     -jay
    >     >
    >     >     On 03/08/2013 02:25 PM, Samuel Winchenbach wrote:
    >     >     > Here are my grants.  I don't know if this helps, but
    I did
    >     verify that
    >     >     > the password was identical for each grant:
    >     > http://paste2.org/p/3085361
    >     >     >
    >     >     >
    >     >     > On Fri, Mar 8, 2013 at 2:17 PM, Samuel Winchenbach
    >     >     <swinchen@xxxxxxxxx <mailto:swinchen@xxxxxxxxx>
    <mailto:swinchen@xxxxxxxxx <mailto:swinchen@xxxxxxxxx>>
    >     <mailto:swinchen@xxxxxxxxx <mailto:swinchen@xxxxxxxxx>
    <mailto:swinchen@xxxxxxxxx <mailto:swinchen@xxxxxxxxx>>>
    >     >     > <mailto:swinchen@xxxxxxxxx
    <mailto:swinchen@xxxxxxxxx> <mailto:swinchen@xxxxxxxxx
    <mailto:swinchen@xxxxxxxxx>>
    >     <mailto:swinchen@xxxxxxxxx <mailto:swinchen@xxxxxxxxx>
    <mailto:swinchen@xxxxxxxxx <mailto:swinchen@xxxxxxxxx>>>>> wrote:
    >     >     >
    >     >     >     root@test1:/var/log# mysql -hmysql-ha -unova
    >     >     > -p******************************** -e"SELECT User, Host,
    >     Password
    >     >     >     FROM mysql.user;"
    >     >     >     ERROR 1142 (42000) at line 1: SELECT command
    denied to user
    >     >     >     'nova'@'test1' for table 'user'
    >     >     >
    >     >     >
    >     >     >     On Fri, Mar 8, 2013 at 2:06 PM, Jay Pipes
    >     <jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>
    >     >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>>
    >     >     >     <mailto:jaypipes@xxxxxxxxx
    <mailto:jaypipes@xxxxxxxxx> <mailto:jaypipes@xxxxxxxxx
    <mailto:jaypipes@xxxxxxxxx>>
    >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>>>> wrote:
    >     >     >
    >     >     >         What does this show?
    >     >     >
    >     >     >         mysql -hmysql-ha -unova -p<PASS> -e"SELECT
    User, Host,
    >     >     Password FROM
    >     >     >         mysql.user"
    >     >     >
    >     >     >         -jay
    >     >     >
    >     >     >         On 03/08/2013 01:46 PM, Samuel Winchenbach
    wrote:
    >     >     >         > Sorry, that must have been a copy and
    paste error.
    >      Here
    >     >     is what I
    >     >     >         > actually ran:
    >     >     >         >
    >     >     >         > http://paste2.org/p/3084996
    >     >     >         >
    >     >     >         >
    >     >     >         > On Fri, Mar 8, 2013 at 12:40 PM, Jay Pipes
    >     >     <jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>
    >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>>
    >     >     >         <mailto:jaypipes@xxxxxxxxx
    <mailto:jaypipes@xxxxxxxxx>
    >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>>>
    >     >     >         > <mailto:jaypipes@xxxxxxxxx
    <mailto:jaypipes@xxxxxxxxx>
    >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>>
    >     >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>
    >     <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>
    <mailto:jaypipes@xxxxxxxxx <mailto:jaypipes@xxxxxxxxx>>>>>> wrote:
    >     >     >         >
    >     >     >         >     On 03/08/2013 12:19 PM, Samuel
    Winchenbach wrote:
    >     >     >         >     > Hi All,
    >     >     >         >     >
    >     >     >         >     > I have two nodes (test1 and test2)
    that I am
    >     trying to
    >     >     >         set up in a
    >     >     >         >     > highly available configuration.
    >     >     >         >     >
    >     >     >         >     > During the setup process I tried running
    >     "nova-manage
    >     >     >         service list" on
    >     >     >         >     > both nodes.   It worked fine on
    test2, but
    >     fails on
    >     >     >         test1 even
    >     >     >         >     though I
    >     >     >         >     > can connect to the database with the
    mysql
    >     client from
    >     >     >         test1.
    >     >     >         >     >
    >     >     >         >     > Here is a screen capture that shows
    the setup on
    >     >     the two
    >     >     >         nodes are
    >     >     >         >     > basically identical:
    > http://paste2.org/p/3084223
    >     >     >         >
    >     >     >         >     In the above paste you are doing:
    >     >     >         >
    >     >     >         >     mysql -unova -     hmysql-ha -u  root
         nova
    >     >     >         > -p********************************
    >     >     >         >
    >     >     >         >     Note you are supplying 2 -u arguments,
    and mysql
    >     >     will take
    >     >     >         the second
    >     >     >         >     (root).
    >     >     >         >
    >     >     >         >     -jay
    >     >     >         >
    >     >     >         >
    _______________________________________________
    >     >     >         >     Mailing list:
    https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack>
    >     >     >         >     Post to     :
    openstack@xxxxxxxxxxxxxxxxxxx <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>>
    >     >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>>>
    >     >     >         <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>>
    >     >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>>>>
    >     >     >         >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>>
    >     >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>>>
    >     >     >         <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>>
    >     >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    >     <mailto:openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>>>>>
    >     >     >         >     Unsubscribe :
    https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack>
    >     >     >         >     More help   :
    https://help.launchpad.net/ListHelp
    >     >     >         >
    >     >     >         >
    >     >     >
    >     >     >
    >     >     >
    >     >
    >     >
    >
    >




_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: Incredibly odd mysql permission error
From: Samuel Winchenbach, 2013-03-11

References

Incredibly odd mysql permission error
From: Samuel Winchenbach, 2013-03-08
Re: Incredibly odd mysql permission error
From: Jay Pipes, 2013-03-08
Re: Incredibly odd mysql permission error
From: Samuel Winchenbach, 2013-03-08
Re: Incredibly odd mysql permission error
From: Jay Pipes, 2013-03-08
Re: Incredibly odd mysql permission error
From: Samuel Winchenbach, 2013-03-08
Re: Incredibly odd mysql permission error
From: Samuel Winchenbach, 2013-03-08
Re: Incredibly odd mysql permission error
From: Jay Pipes, 2013-03-08
Re: Incredibly odd mysql permission error
From: Samuel Winchenbach, 2013-03-08
Re: Incredibly odd mysql permission error
From: Jay Pipes, 2013-03-08
Re: Incredibly odd mysql permission error
From: Samuel Winchenbach, 2013-03-08
Re: Incredibly odd mysql permission error
From: Jay Pipes, 2013-03-08
Re: Incredibly odd mysql permission error
From: Samuel Winchenbach, 2013-03-11