yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #58489
[Bug 1638368] Re: new keystone db migrations require either SUPER or log_bin_trust_function_creators=1
Reviewed: https://review.openstack.org/394603
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=52f58eb4df23706a17ee08052360f3973a93ef69
Submitter: Jenkins
Branch: master
commit 52f58eb4df23706a17ee08052360f3973a93ef69
Author: Richard Avelar <csravelar@xxxxxxxxx>
Date: Mon Nov 7 19:50:57 2016 +0000
Doc warning for keystone db migration
The new keystone upgrade features (keystone-manage db_sync --expand)
requires for MySQL deployments that the keystone user is granted SUPER
privilege or that set global log_bin_trust function_creators=1; is run.
Adding a warning message to notify reader.
Change-Id: I78738a335d14c6ad824c348a7385bb1ee8ad75bf
Closes-Bug: 1638368
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1638368
Title:
new keystone db migrations require either SUPER or
log_bin_trust_function_creators=1
Status in OpenStack Identity (keystone):
Fix Released
Status in puppet-keystone:
New
Bug description:
Upgrade Process Docs:
http://docs.openstack.org/developer/keystone/upgrading.html#upgrading-
without-downtime
The new keystone upgrade features (keystone-manage db_sync --expand)
require either that the keystone user has SUPER or that
set global log_bin_trust_function_creators=1; is run.
I'm not sure which is the better option but logging this anyway.
Without that you get this error:
root@dev01-keystone-001:/var/log/mysql# keystone-manage db_sync --expand
2016-11-01 19:56:17.803 1 INFO migrate.versioning.api [-] 97 -> 98...
2016-11-01 19:56:17.821 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:17.821 1 INFO migrate.versioning.api [-] 98 -> 99...
2016-11-01 19:56:17.839 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:17.839 1 INFO migrate.versioning.api [-] 99 -> 100...
2016-11-01 19:56:17.855 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:17.856 1 INFO migrate.versioning.api [-] 100 -> 101...
2016-11-01 19:56:17.897 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:17.897 1 INFO migrate.versioning.api [-] 101 -> 102...
2016-11-01 19:56:17.961 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:17.961 1 INFO migrate.versioning.api [-] 102 -> 103...
2016-11-01 19:56:18.108 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:18.109 1 INFO migrate.versioning.api [-] 103 -> 104...
2016-11-01 19:56:18.132 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:18.132 1 INFO migrate.versioning.api [-] 104 -> 105...
2016-11-01 19:56:18.454 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:18.455 1 INFO migrate.versioning.api [-] 105 -> 106...
2016-11-01 19:56:18.680 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:18.680 1 INFO migrate.versioning.api [-] 106 -> 107...
2016-11-01 19:56:18.968 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:18.968 1 INFO migrate.versioning.api [-] 107 -> 108...
2016-11-01 19:56:19.324 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:19.325 1 INFO migrate.versioning.api [-] 108 -> 109...
2016-11-01 19:56:19.477 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:19.534 1 INFO migrate.versioning.api [-] 0 -> 1...
2016-11-01 19:56:19.550 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:19.550 1 INFO migrate.versioning.api [-] 1 -> 2...
2016-11-01 19:56:19.569 1 INFO migrate.versioning.api [-] done
2016-11-01 19:56:19.569 1 INFO migrate.versioning.api [-] 2 -> 3...
2016-11-01 19:56:19.881 1 CRITICAL keystone [-] OperationalError: (_mysql_exceptions.OperationalError) (1419, 'You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)') [SQL: "\nCREATE TRIGGER credential_insert_read_only BEFORE INSERT ON credential\nFOR EACH ROW\nBEGIN\n SIGNAL SQLSTATE '45000'\n SET MESSAGE_TEXT = 'Credential migration in progress. Cannot perform writes to credential table.';\nEND;\n"]
2016-11-01 19:56:19.881 1 ERROR keystone Traceback (most recent call last):
2016-11-01 19:56:19.881 1 ERROR keystone File "/usr/bin/keystone-manage", line 10, in <module>
2016-11-01 19:56:19.881 1 ERROR keystone sys.exit(main())
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/keystone/cmd/manage.py", line 44, in main
2016-11-01 19:56:19.881 1 ERROR keystone cli.main(argv=sys.argv, config_files=config_files)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/keystone/cmd/cli.py", line 1254, in main
2016-11-01 19:56:19.881 1 ERROR keystone CONF.command.cmd_class.main()
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/keystone/cmd/cli.py", line 438, in main
2016-11-01 19:56:19.881 1 ERROR keystone migration_helpers.expand_schema()
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/keystone/common/sql/migration_helpers.py", line 233, in expand_schema
2016-11-01 19:56:19.881 1 ERROR keystone _sync_repo(repo_name='expand_repo')
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/keystone/common/sql/migration_helpers.py", line 144, in _sync_repo
2016-11-01 19:56:19.881 1 ERROR keystone init_version=init_version, sanity_check=False)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/oslo_db/sqlalchemy/migration.py", line 78, in db_sync
2016-11-01 19:56:19.881 1 ERROR keystone migration = versioning_api.upgrade(engine, repository, version)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/migrate/versioning/api.py", line 186, in upgrade
2016-11-01 19:56:19.881 1 ERROR keystone return _migrate(url, repository, version, upgrade=True, err=err, **opts)
2016-11-01 19:56:19.881 1 ERROR keystone File "<decorator-gen-15>", line 2, in _migrate
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/migrate/versioning/util/__init__.py", line 160, in with_engine
2016-11-01 19:56:19.881 1 ERROR keystone return f(*a, **kw)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/migrate/versioning/api.py", line 366, in _migrate
2016-11-01 19:56:19.881 1 ERROR keystone schema.runchange(ver, change, changeset.step)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/migrate/versioning/schema.py", line 93, in runchange
2016-11-01 19:56:19.881 1 ERROR keystone change.run(self.engine, step)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/migrate/versioning/script/py.py", line 148, in run
2016-11-01 19:56:19.881 1 ERROR keystone script_func(engine)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/keystone/common/sql/expand_repo/versions/003_add_key_hash_and_encrypted_blob_to_credential.py", line 128, in upgrade
2016-11-01 19:56:19.881 1 ERROR keystone migrate_engine.execute(credential_insert_trigger)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1991, in execute
2016-11-01 19:56:19.881 1 ERROR keystone return connection.execute(statement, *multiparams, **params)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 906, in execute
2016-11-01 19:56:19.881 1 ERROR keystone return self._execute_text(object, multiparams, params)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1054, in _execute_text
2016-11-01 19:56:19.881 1 ERROR keystone statement, parameters
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1146, in _execute_context
2016-11-01 19:56:19.881 1 ERROR keystone context)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1337, in _handle_dbapi_exception
2016-11-01 19:56:19.881 1 ERROR keystone util.raise_from_cause(newraise, exc_info)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/sqlalchemy/util/compat.py", line 202, in raise_from_cause
2016-11-01 19:56:19.881 1 ERROR keystone reraise(type(exception), exception, tb=exc_tb, cause=cause)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1139, in _execute_context
2016-11-01 19:56:19.881 1 ERROR keystone context)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/default.py", line 450, in do_execute
2016-11-01 19:56:19.881 1 ERROR keystone cursor.execute(statement, parameters)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 205, in execute
2016-11-01 19:56:19.881 1 ERROR keystone self.errorhandler(self, exc, value)
2016-11-01 19:56:19.881 1 ERROR keystone File "/venv/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
2016-11-01 19:56:19.881 1 ERROR keystone raise errorclass, errorvalue
2016-11-01 19:56:19.881 1 ERROR keystone OperationalError: (_mysql_exceptions.OperationalError) (1419, 'You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)') [SQL: "\nCREATE TRIGGER credential_insert_read_only BEFORE INSERT ON credential\nFOR EACH ROW\nBEGIN\n SIGNAL SQLSTATE '45000'\n SET MESSAGE_TEXT = 'Credential migration in progress. Cannot perform writes to credential table.';\nEND;\n"]
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1638368/+subscriptions
