Page MenuHomePhabricator
Create Task
Maniphest T346603

openstack: eqiad1: review DB grants for new network setup
Closed, ResolvedPublic
Actions

Description

I'm seeing errors like these:

Sep 18 08:47:31 cloudcontrol1005 keystone-wsgi-public[771419]: 2023-09-18 08:47:31.759 771419 ERROR keystone.server.flask.request_processing.middleware.auth_context [None req-5ab047f3-c8bd-498d-89fa-42c0a8ef5bfd novaadmin admin - - default default] (pymysql.err.OperationalError) (1045, "Access denied for user 'keysto>
                                                               (Background on this error at: https://sqlalche.me/e/14/e3q8): sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1045, "Access denied for user 'keystone'@'172.20.1.2' (using password: YES)")
                                                               (Background on this error at: https://sqlalche.me/e/14/e3q8)

The address 172.20.1.2 is cloudlb1001.private.eqiad.wikimedia.cloud

Details

SubjectRepoBranchLines +/-
dbutils: introduce statement defineoperations/puppetproduction+64 -10
Customize query in gerrit

Related Objects
Search...

Event Timeline

aborrero changed the task status from Open to In Progress.Sep 18 2023, 8:49 AM
aborrero triaged this task as High priority.
aborrero created this task.
aborrero moved this task from Backlog to In progress on the cloud-services-team (FY2023/2024-Q1-Q2) board.
aborrero moved this task from Backlog to Doing on the User-aborrero board.
aborrero added a comment.Sep 18 2023, 9:05 AM

The templates were already in place:

root@cloudcontrol1005:~# find /etc/ -name *_grants.mysql
/etc/keystone/keystone_grants.mysql
/etc/nova/nova_cell_grants.mysql
/etc/nova/nova_grants.mysql
/etc/nova/nova_api_grants.mysql
/etc/cinder/cinder_grants.mysql
/etc/prometheus/prometheus_grants.mysql
/etc/prometheus/prometheus_performance_grants.mysql
/etc/heat/heat_grants.mysql
/etc/neutron/neutron_grants.mysql
/etc/magnum/magnum_grants.mysql
/etc/glance/glance_grants.mysql
/etc/trove/trove_grants.mysql
/etc/placement/placement_grants.mysql
root@cloudcontrol1005:~# for i in $(find /etc/ -name *_grants.mysql) ; do mysql -u root < $i ; done

This should be automated via puppet ...

gerritbot added a comment.Sep 18 2023, 9:58 AM

Change 958432 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] dbutils: introduce statement define

https://gerrit.wikimedia.org/r/958432

gerritbot added a project: Patch-For-Review.Sep 18 2023, 9:58 AM
gerritbot added a comment.Sep 18 2023, 10:03 AM

Change 958432 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] dbutils: introduce statement define

https://gerrit.wikimedia.org/r/958432

Maintenance_bot removed a project: Patch-For-Review.Sep 18 2023, 10:11 AM
aborrero removed a subtask: T346619: openstack: consider automating DB grants.Sep 18 2023, 10:34 AM
aborrero closed this task as Resolved.Sep 18 2023, 10:36 AM
aborrero mentioned this in T346441: openstack eqiad1: verify new control plane works with cloudlb.Sep 18 2023, 10:57 AM
fnegri moved this task from In progress to Done on the cloud-services-team (FY2023/2024-Q1-Q2) board.Sep 20 2023, 9:10 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL