← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1638368] Re: new keystone db migrations require either SUPER or log_bin_trust_function_creators=1

 

Reviewed:  https://review.openstack.org/394603
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=52f58eb4df23706a17ee08052360f3973a93ef69
Submitter: Jenkins
Branch:    master

commit 52f58eb4df23706a17ee08052360f3973a93ef69
Author: Richard Avelar <csravelar@xxxxxxxxx>
Date:   Mon Nov 7 19:50:57 2016 +0000

    Doc warning for keystone db migration
    
    The new keystone upgrade features (keystone-manage db_sync --expand)
    requires for MySQL deployments that the keystone user is granted SUPER
    privilege or that set global log_bin_trust function_creators=1; is run.
    Adding a warning message to notify reader.
    
    Change-Id: I78738a335d14c6ad824c348a7385bb1ee8ad75bf
    Closes-Bug: 1638368


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1638368

Title:
  new keystone db migrations require either SUPER or
  log_bin_trust_function_creators=1

Status in OpenStack Identity (keystone):
  Fix Released
Status in puppet-keystone:
  New

Bug description:
  Upgrade Process Docs:
  http://docs.openstack.org/developer/keystone/upgrading.html#upgrading-
  without-downtime

  The new keystone upgrade features (keystone-manage db_sync --expand)
  require either that the keystone user has SUPER or that

  set global log_bin_trust_function_creators=1; is run.

  I'm not sure which is the better option but logging this anyway.

  Without that you get this error:

  root@dev01-keystone-001:/var/log/mysql# keystone-manage db_sync --expand
  2016-11-01 19:56:17.803 1 INFO migrate.versioning.api [-] 97 -> 98...
  2016-11-01 19:56:17.821 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:17.821 1 INFO migrate.versioning.api [-] 98 -> 99...
  2016-11-01 19:56:17.839 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:17.839 1 INFO migrate.versioning.api [-] 99 -> 100...
  2016-11-01 19:56:17.855 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:17.856 1 INFO migrate.versioning.api [-] 100 -> 101...
  2016-11-01 19:56:17.897 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:17.897 1 INFO migrate.versioning.api [-] 101 -> 102...
  2016-11-01 19:56:17.961 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:17.961 1 INFO migrate.versioning.api [-] 102 -> 103...
  2016-11-01 19:56:18.108 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:18.109 1 INFO migrate.versioning.api [-] 103 -> 104...
  2016-11-01 19:56:18.132 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:18.132 1 INFO migrate.versioning.api [-] 104 -> 105...
  2016-11-01 19:56:18.454 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:18.455 1 INFO migrate.versioning.api [-] 105 -> 106...
  2016-11-01 19:56:18.680 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:18.680 1 INFO migrate.versioning.api [-] 106 -> 107...
  2016-11-01 19:56:18.968 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:18.968 1 INFO migrate.versioning.api [-] 107 -> 108...
  2016-11-01 19:56:19.324 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:19.325 1 INFO migrate.versioning.api [-] 108 -> 109...
  2016-11-01 19:56:19.477 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:19.534 1 INFO migrate.versioning.api [-] 0 -> 1...
  2016-11-01 19:56:19.550 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:19.550 1 INFO migrate.versioning.api [-] 1 -> 2...
  2016-11-01 19:56:19.569 1 INFO migrate.versioning.api [-] done
  2016-11-01 19:56:19.569 1 INFO migrate.versioning.api [-] 2 -> 3...
  2016-11-01 19:56:19.881 1 CRITICAL keystone [-] OperationalError: (_mysql_exceptions.OperationalError) (1419, 'You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)') [SQL: "\nCREATE TRIGGER credential_insert_read_only BEFORE INSERT ON credential\nFOR EACH ROW\nBEGIN\n  SIGNAL SQLSTATE '45000'\n    SET MESSAGE_TEXT = 'Credential migration in progress. Cannot perform writes to credential table.';\nEND;\n"]
  2016-11-01 19:56:19.881 1 ERROR keystone Traceback (most recent call last):
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/usr/bin/keystone-manage", line 10, in <module>
  2016-11-01 19:56:19.881 1 ERROR keystone     sys.exit(main())
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/keystone/cmd/manage.py", line 44, in main
  2016-11-01 19:56:19.881 1 ERROR keystone     cli.main(argv=sys.argv, config_files=config_files)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/keystone/cmd/cli.py", line 1254, in main
  2016-11-01 19:56:19.881 1 ERROR keystone     CONF.command.cmd_class.main()
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/keystone/cmd/cli.py", line 438, in main
  2016-11-01 19:56:19.881 1 ERROR keystone     migration_helpers.expand_schema()
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/keystone/common/sql/migration_helpers.py", line 233, in expand_schema
  2016-11-01 19:56:19.881 1 ERROR keystone     _sync_repo(repo_name='expand_repo')
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/keystone/common/sql/migration_helpers.py", line 144, in _sync_repo
  2016-11-01 19:56:19.881 1 ERROR keystone     init_version=init_version, sanity_check=False)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/oslo_db/sqlalchemy/migration.py", line 78, in db_sync
  2016-11-01 19:56:19.881 1 ERROR keystone     migration = versioning_api.upgrade(engine, repository, version)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/migrate/versioning/api.py", line 186, in upgrade
  2016-11-01 19:56:19.881 1 ERROR keystone     return _migrate(url, repository, version, upgrade=True, err=err, **opts)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "<decorator-gen-15>", line 2, in _migrate
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/migrate/versioning/util/__init__.py", line 160, in with_engine
  2016-11-01 19:56:19.881 1 ERROR keystone     return f(*a, **kw)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/migrate/versioning/api.py", line 366, in _migrate
  2016-11-01 19:56:19.881 1 ERROR keystone     schema.runchange(ver, change, changeset.step)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/migrate/versioning/schema.py", line 93, in runchange
  2016-11-01 19:56:19.881 1 ERROR keystone     change.run(self.engine, step)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/migrate/versioning/script/py.py", line 148, in run
  2016-11-01 19:56:19.881 1 ERROR keystone     script_func(engine)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/keystone/common/sql/expand_repo/versions/003_add_key_hash_and_encrypted_blob_to_credential.py", line 128, in upgrade
  2016-11-01 19:56:19.881 1 ERROR keystone     migrate_engine.execute(credential_insert_trigger)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1991, in execute
  2016-11-01 19:56:19.881 1 ERROR keystone     return connection.execute(statement, *multiparams, **params)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 906, in execute
  2016-11-01 19:56:19.881 1 ERROR keystone     return self._execute_text(object, multiparams, params)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1054, in _execute_text
  2016-11-01 19:56:19.881 1 ERROR keystone     statement, parameters
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1146, in _execute_context
  2016-11-01 19:56:19.881 1 ERROR keystone     context)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1337, in _handle_dbapi_exception
  2016-11-01 19:56:19.881 1 ERROR keystone     util.raise_from_cause(newraise, exc_info)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/sqlalchemy/util/compat.py", line 202, in raise_from_cause
  2016-11-01 19:56:19.881 1 ERROR keystone     reraise(type(exception), exception, tb=exc_tb, cause=cause)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1139, in _execute_context
  2016-11-01 19:56:19.881 1 ERROR keystone     context)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/sqlalchemy/engine/default.py", line 450, in do_execute
  2016-11-01 19:56:19.881 1 ERROR keystone     cursor.execute(statement, parameters)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 205, in execute
  2016-11-01 19:56:19.881 1 ERROR keystone     self.errorhandler(self, exc, value)
  2016-11-01 19:56:19.881 1 ERROR keystone   File "/venv/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
  2016-11-01 19:56:19.881 1 ERROR keystone     raise errorclass, errorvalue
  2016-11-01 19:56:19.881 1 ERROR keystone OperationalError: (_mysql_exceptions.OperationalError) (1419, 'You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)') [SQL: "\nCREATE TRIGGER credential_insert_read_only BEFORE INSERT ON credential\nFOR EACH ROW\nBEGIN\n  SIGNAL SQLSTATE '45000'\n    SET MESSAGE_TEXT = 'Credential migration in progress. Cannot perform writes to credential table.';\nEND;\n"]

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1638368/+subscriptions