Hi Clark, >>> I think we can safely GRANT ALL on *.* to openstack_citest@localhost and >>> call that good enough Works for me.
Thanks, Roman On Tue, Feb 25, 2014 at 8:29 PM, Clark Boylan <clark.boy...@gmail.com> wrote: > On Tue, Feb 25, 2014 at 2:33 AM, Roman Podoliaka > <rpodoly...@mirantis.com> wrote: >> Hi all, >> >> [1] made it possible for openstack_citest MySQL user to create new >> databases in tests on demand (which is very useful for parallel >> running of tests on MySQL and PostgreSQL, thank you, guys!). >> >> Unfortunately, openstack_citest user can only create tables in the >> created databases, but not to perform SELECT/UPDATE/INSERT queries. >> Please see the bug [2] filed by Joshua Harlow. >> >> In PostgreSQL the user who creates a database, becomes the owner of >> the database (and can do everything within this database), and in >> MySQL we have to GRANT those privileges explicitly. But >> openstack_citest doesn't have the permission to do GRANT (even on its >> own databases). >> >> I think, we could overcome this issue by doing something like this >> while provisioning a node: >> GRANT ALL on `some_predefined_prefix_goes_here\_%`.* to >> 'openstack_citest'@'localhost'; >> >> and then create databases giving them names starting with the prefix value. >> >> Is it an acceptable solution? Or am I missing something? >> >> Thanks, >> Roman >> >> [1] https://review.openstack.org/#/c/69519/ >> [2] https://bugs.launchpad.net/openstack-ci/+bug/1284320 >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > The problem with the prefix approach is it doesn't scale. At some > point we will decide we need a new prefix then a third and so on > (which is basically what happened at the schema level). That said we > recently switched to using single use slaves for all unittesting so I > think we can safely GRANT ALL on *.* to openstack_citest@localhost and > call that good enough. This should work fine for upstream testing but > may not be super friendly to others using the puppet manifests on > permanent slaves. We can wrap the GRANT in a condition in puppet that > is set only on single use slaves if this is a problem. > > Clark > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
