Page MenuHomePhabricator

Some of my tools don't have .my.cnf / can't create databases in tools-db
Closed, ResolvedPublic

Description

As tool user (e.g. local-tusc), I can connect to the tools-db server using the replica.my.cnf credentials, but cannot connect to the "mysql" database (as the "sql" command would), nor can I create tusc__something databases there.

Someone wrote on https://wikitech.wikimedia.org/wiki/User:Magnus_Manske/Migrating_from_toolserver that this requires a .my.cnf file for the tool. Some of my tools (e.g. flickr2commons) have that, others (e.g. tusc) don't.


Version: unspecified
Severity: normal

Details

Reference
bz48950

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:41 AM
bzimport added a project: Toolforge.
bzimport set Reference to bz48950.
Magnus created this task.May 29 2013, 7:01 PM
Petrb added a comment.May 30 2013, 8:03 AM

all new tools don't have .my.cnf by default, that is by design. The newly created replica.my.cnf contains access to both local and replicated db's (that doesn't apply for tools created before replica was working)

you should be able to type sql local in order to get connected to tools-db, the script automatically detect your configuration and attempt to use proper credentials.

This was designed by Coren so I can't tell you why is that, but IMHO users should rename replica.my.cnf to .my.cnf for all new tools and they will have access everywhere without troubles

I don't care what the file is called; I care that it doesn't work, neither as mysqlf nor as the tool user:

magnus@tools-login:~$ sql local
ERROR 1045 (28000): Access denied for user 'u3067'@'tools-login.pmtpa.wmflabs' (using password: YES)
magnus@tools-login:~$ become tusc
local-tusc@tools-login:~$ sql local
ERROR 1044 (42000): Access denied for user 'p50380g50556'@'%' to database 'mysql'

Re-opening this one.

coren added a comment.May 30 2013, 5:21 PM

Two different issues:

(a) Users (as opposed to tools) do not get access to the local database; it is unclear at this time whether they should.

(b) With the new scheme in place, users do not get a database created by default, but have the right to create new ones instead. The current 'sql' script should not attempt to connect to a database by default when requesting 'local'. I'll fix that.

Sorry if I don't make myself clear (but it's so clear in my head! ;-)

I want to create a database for a tool (e.g. "tusc"), on the tools-db server (as per recommendation).

I try to do that as the tool user, using the replica credentials, but it won't let me:

local-tusc@tools-login:~$ mysql --defaults-file=~/replica.my.cnf -h tools-db
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3340
Server version: 5.5.30-MariaDB-mariadb1~precise-log mariadb.org binary distribution

Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database tuscmain;
ERROR 1044 (42000): Access denied for user 'p50380g50556'@'%' to database 'tusc
main'

coren added a comment.May 30 2013, 6:06 PM

Ah!

The database needs to be created with the name of the /DB/ user, not that of the Unix account:

create database p50380g50556__main;

Should do what you expected.

Yes! Thank you, I'll add it to my labs survival notes :-)

Restricted Application added a project: Cloud-Services. · View Herald TranscriptAug 21 2015, 6:10 AM

@coren: I hit a similar issue when trying to create a database with my tool (pbbot):

$ cat replica.my.cnf | grep user
user='s52584'
$ sql local
MariaDB [(none)]> create database s52584__test;
ERROR 1044 (42000): Access denied for user 's52584'@'%' to database 's52584__test'

Apparently, I don't have the necessary grants to perform this action (per http://dev.mysql.com/doc/refman/5.7/en/grant.html#idm139794624158480) despite what says the help page:

MariaDB [(none)]> show grants;
+-----------------------------------------------------------------------------------------------------------+
| Grants for s52584@%                                                                                       |
+-----------------------------------------------------------------------------------------------------------+
| GRANT SHOW VIEW ON *.* TO 's52584'@'%' IDENTIFIED BY PASSWORD '__EDITED__' |
| GRANT SELECT, SHOW VIEW ON `%\_p`.* TO 's52584'@'%'                                                       |
+-----------------------------------------------------------------------------------------------------------+
2 rows in set (0.02 sec)

@PeterBowman See T130595. Comment there, this one is an old, resolved issue.