Comments (24)
andrea-manzi
commented on August 12, 2024
Hi,
which version of the puppet-lcgdm module have you installed? and which version of DPM are you running? is your Mysql DB local to the HEAD node or remote?
thanks
Andrea
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
Hello,
pardon me for not providing this right a way.
lcgdm-lcgdm (v0.2.10)
dpm-python-1.8.10-1.el6.x86_64
dpm-server-mysql-1.8.10-1.el6.x86_64
dpm-xrootd-3.5.5-1.el6.x86_64
dpm-name-server-mysql-1.8.10-1.el6.x86_64
dpm-copy-server-mysql-1.8.10-1.el6.x86_64
dpm-libs-1.8.10-1.el6.x86_64
dpm-srm-server-mysql-1.8.10-1.el6.x86_64
dpm-rfio-server-1.8.10-1.el6.x86_64
dpm-contrib-admintools-0.2.1-1.el6.x86_64
dpm-1.8.10-1.el6.x86_64
dpm-dsi-1.9.5-13.el6.x86_64
puppet 3.8.4
Mysql is remote on second server.
mysql-server-5.1.69-1.el6_4.x86_64
mysql-5.1.69-1.el6_4.x86_64
mysql-libs-5.1.69-1.el6_4.x86_64
Both are SL6
I hope that this is all, if I will provide more
S
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
strange, cause it does not happen in my testbed. can you share your manifest for the headnode?
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
OK here you go. It is kind of redacted but all relevant info should be there
class roles::headnode_golias100_stage1 {
# balicky, ktere je potreba na node doinstalovat
package {
[
'screen',
'iperf',
'dstat',
'lfc-libs',
]:
ensure => present;
# balicky, s nogpg
# pro FAX
[
'xrootd-server-atlas-n2n-plugin',
'wlcg-voms-atlas',
'wlcg-voms-alice',
'wlcg-voms-ops',
]:
ensure => present,
install_options => ['--nogpgcheck'],
}
# v systemu je potreba mit tenlhe balicek, dpmko ho pouziva, protoze ho potrebuju mit uz ve stage1 udelal jsem to execem
exec { 'fetch-crl install':
command => '/usr/bin/yum -y install fetch-crl',
onlyif => '/usr/bin/test ! -n $(rpm -qa|grep fetch-crl)',
}->
# Umisteni klicku pro dpm
# adresare do kterych se umisti klic musi byt vytvorene
file {
'/etc/grid-security/mysql':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755';
# kopirovani klicu
['/etc/grid-security/mysql/hostcert.pem',
'/etc/grid-security/hostcert.pem']:
ensure => 'file',
source => 'puppet:///modules/fzu/dpm/golias100/cert/dpmcert.pem',
owner => 'root',
group => 'root',
mode => '0444';
['/etc/grid-security/hostkey.pem',
'/etc/grid-security/mysql/hostkey.pem']:
ensure => 'file',
source => 'puppet:///modules/fzu/dpm/golias100/cert/dpmkey.pem',
owner => 'root',
group => 'root',
mode => '0400';
# gai.conf, pro preference pro adresy ipv6
'/etc/gai.conf':
ensure => 'file',
source => 'puppet:///modules/fzu/dpm/golias100/gai.conf',
owner => 'root',
group => 'root',
mode => '0644';
# aby fungovaly nektere pythoni nastroje pro spravy dpm, vyzaduji totiz aby tohle meli nastavene: pristup do mysql
'/opt/lcg/etc/DPMCONFIG':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => '<TOO classified>';
'/opt/lcg/etc/DPMINFO':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => '<TOO classified>';
'/etc/profile.d/dpns_host.sh':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => 'export DPNS_HOST=\'golias100.farm.particle.cz\';
export DPM_HOST=\'golias100.farm.particle.cz\';
export LFC_HOST=\'golias100.farm.particle.cz\';
export LCG_RFIO_TYPE=\'dpm\';';
'/opt/dpm-storage-dump.py':
ensure => 'file',
source => 'puppet:///modules/fzu/dpm/dpm-storage_dump.py',
owner => 'root',
group => 'root',
mode => '0755';
'/opt/generate_atlas_dumps.sh':
ensure => 'file',
source => 'puppet:///modules/fzu/dpm/generate_atlas_dumps.sh',
owner => 'root',
group => 'root',
require => File['/opt/dpm-storage-dump.py'],
mode => '0755';
}
# # DPM TUNNING:
# # viz. https://svnweb.cern.ch/trac/lcgdm/wiki/Dpm/Admin/TuningHints
include limits
limits::entry {
'hard nofile 70000':
domain => '*',
type => 'hard',
item => 'nofile',
value => '70000';
'soft nofile 68000':
domain => '*',
type => 'soft',
item => 'nofile',
value => '68000';
'hard nproc 70000':
domain => '*',
type => 'hard',
item => 'nproc',
value => '70000';
'soft nproc 68000':
domain => '*',
type => 'soft',
item => 'nproc',
value => '68000';
}
cron {
'edg-mkgridmap-cron':
command => '(date; /usr/sbin/edg-mkgridmap --output=/etc/grid-security/grid-mapfile --safe) >> /var/log/grid-mkgridmap.log 2>&1',
user => 'root',
hour =>
[
fqdn_rand(6, '2zMyQunrOueKxj4APki1Wlrkan/e'),
(fqdn_rand(6, '2zMyQunrOueKxj4APki1Wlrkan/e')+6),
(fqdn_rand(6, '2zMyQunrOueKxj4APki1Wlrkan/e')+12),
(fqdn_rand(6, '2zMyQunrOueKxj4APki1Wlrkan/e')+18)
],
minute => fqdn_rand(60, 'KrSORwSoPPWyhzTT2GJZTOrMqbWZ');
'dpm-storage-dump':
command => '/opt/generate_atlas_dumps.sh',
user => 'root',
monthday => '25',
hour => fqdn_rand(5, 'sy3MvnSoyCFYNxcg2xIm1rc+rLFmEDX'),
minute => fqdn_rand(60, 'Br1OPtFi0ZIR5u2ujTS79elNwoVmPI'),
require => File['/opt/generate_atlas_dumps.sh'];
}
}
class roles::headnode_golias100_stage2 (
$db_host,
$db_pass,
$db_user,
$debug,
$disk_nodes,
$local_db,
$localdomain,
$mysql_root_pass,
$token_password,
$volist,
$xrootd_sharedkey,
$groupmap,
$localmap
){
###### The simplest xrootd configuration.
# tohle zajistuje funkci FAX, <- at uz je to cokoli, tak je to navazena jako sluzba na xrootd, monitoring pro fax je na: http://1-dot-waniotest.appspot.com/
# clovek, ktery mi to pomahal rozjizdet: [email protected]
$atlas_fed = {
name => 'atlas',
fed_host => 'atlas-xrd-de.cern.ch',
xrootd_port => 1094,
cmsd_port => 1098,
local_port => 11000,
namelib_prefix => '/dpm/farm.particle.cz/home/atlas',
namelib => 'XrdOucName2NameLFC.so pssorigin=localhost sitename=praguelcg2',
paths => [ '/atlas' ]
}
###### Poradi pruchodu
#Class[Dmlite::Plugins::Memcache::Install] ~> Class[Dmlite::Dav::Service]
#Class[Dmlite::Plugins::Memcache::Install] ~> Class[Dmlite::Gridftp]
#Class[Dmlite::Plugins::Memcache::Install] ~> Class[Dmlite::Srm]
Class[Lcgdm::Dpm::Service] -> Class[Dmlite::Plugins::Adapter::Install]
Class[Dmlite::Head] -> Class[Dmlite::Plugins::Adapter::Install]
Class[Dmlite::Plugins::Adapter::Install] ~> Class[Dmlite::Srm]
Class[Dmlite::Plugins::Adapter::Install] ~> Class[Dmlite::Gridftp]
Class[Dmlite::Plugins::Adapter::Install] ~> Class[Dmlite::Dav]
Dmlite::Plugins::Adapter::Create_config <| |> -> Class[Dmlite::Dav::Install]
Class[Dmlite::Plugins::Mysql::Install] ~> Class[Dmlite::Srm]
Class[Dmlite::Plugins::Mysql::Install] ~> Class[Dmlite::Gridftp]
Class[Dmlite::Plugins::Mysql::Install] ~> Class[Dmlite::Dav]
Class[fetchcrl::service]-> Class[Xrootd::Config]
Class[Bdii::Install] -> Class[Lcgdm::Bdii::Dpm]
Class[Lcgdm::Bdii::Dpm] -> Class[Bdii::Service]
augeas { 'golias100 tcp socket rececle':
context => '/files/etc/sysctl.conf',
changes => 'set net.ipv4.tcp_tw_recycle 0',
onlyif => 'get net.ipv4.tcp_tw_recycle != 0',
require => File['/etc/sysctl.conf'],
notify => Exec['sysctl-reload'],
}
#bdii installation and configuration with default values
include('bdii')
Class[Mysql::Server] -> Class[Lcgdm::Ns::Service]
class{
'mysql::server':
enabled => false;
### Memcached plugin
# 'memcached':
# max_memory => '6144',
# listen_ip => '127.0.0.1';
# 'dmlite::plugins::memcache':
# expiration_limit => 600,
# posix => 'on',
# func_counter => 'on',
# require => Class['memcached'];
###### DPM and DPNS daemon configuration.
###### (nastavi /usr/etc/NSCONFIG, /usr/etc/DPMCONFIG, /etc/sysconfig/dpm, /etc/sysconfig/dpnsdaemon, proste nameservry pro DPM)
'lcgdm':
dbflavor => 'mysql',
dbuser => $db_user,
dbpass => $db_pass,
# ! Pozor, pokud je db na jinem stroji musi se sem pridat
dbhost => $db_host,
domain => $localdomain,
volist => $volist;
'lcgdm::rfio':
dpmhost => $::fqdn;
###### VOMS configuration (same VOs as above).
# meni content souboru /etc/grid-security/vomsdir/*/*.lsc
'voms::alice':;
'voms::atlas':;
'voms::cms':;
'voms::dteam':;
'voms::lhcb':;
'voms::ops':;
###### dmlite configuration.
'dmlite::head':
token_password => $token_password,
mysql_username => $db_user,
mysql_password => $db_pass,
# ! Pozor, pokud je db na jinem stroji musi se sem pridat
mysql_host => $db_host;
###### Frontends based on dmlite.
'dmlite::dav':;
'dmlite::srm':;
###### dmlite shell configuration.
'dmlite::shell':;
'dmlite::gridftp':
dpmhost => $::fqdn;
# minimum co je potrebne pro xrootd
'xrootd::config':
xrootd_user => 'dpmmgr',
xrootd_group => 'dpmmgr';
'dmlite::xrootd':
nodetype => [ 'head' ],
domain => $localdomain,
dpm_xrootd_serverport => 1095,
dpm_xrootd_debug => $debug,
dpm_xrootd_sharedkey => $xrootd_sharedkey,
dpm_xrootd_fedredirs => { 'atlas' => $atlas_fed },
# sitename je potreba kvuli fax
site_name => 'praguelcg2',
# bylo to taky drive v cfengine:
# na webu je na to odkaz v: https://svnweb.cern.ch/trac/lcgdm/wiki/Dpm/Xroot/PuppetSetup#VOcentralmonitoring
# pry to slouzi na: VO central monitoring ,Add the following variables xrd_report and xrootd_monitor.
xrd_report => 'atl-prod05.slac.stanford.edu:9931 every 60s all -buff -poll sync',
xrootd_monitor => 'all flush 30s fstat 60 lfn ops xfr 5 window 5s dest fstat info user redir atlas-fax-eu-collector.cern.ch:9330';
# GIP installation and configuration
'lcgdm::bdii::dpm':
sitename => 'praguelcg2',
vos => $volist;
}
###### You can define your pools here (example is commented).
###### (nastavi novy pool)
#Class[Lcgdm::Dpm::Service] -> Lcgdm::Dpm::Pool <| |>
#lcgdm::dpm::pool{
# 'augerpool1':
# def_filesize => '1024M';
# 'heppool1':
# def_filesize => '200M';
#}
###### You can define your filesystems here (example is commented).
###### (prida filesystem do poolu)
###### (pozor tenhle modul neni dostatecne osetren, kdyz uz tam pool ma tak zacne rvat error... , coz se stane hned pri druhem pruchodu pokud fs nevymazem)
######
#lcgdm::dpm::filesystem {
# 'dpmpool12.farm.particle.cz-/mnt/fs1':
# pool => 'augerpool1',
# server => 'dpmpool12.farm.particle.cz',
# fs => '/mnt/fs1',
#}
lcgdm::shift::trust_value{
'DPM TRUST':
component => 'DPM',
host => $disk_nodes;
'DPNS TRUST':
component => 'DPNS',
host => $disk_nodes;
'RFIO TRUST':
component => 'RFIOD',
host => $disk_nodes,
all => true;
}
lcgdm::shift::protocol{
'PROTOCOLS':
component => 'DPM',
proto => 'rfio gsiftp http https xroot';
}
voms::client{
misc voms config ...
}
lcgdm::mkgridmap::file {
'lcgdm-mkgridmap':
configfile => '/etc/lcgdm-mkgridmap.conf',
mapfile => '/etc/lcgdm-mapfile',
localmapfile => '/etc/lcgdm-mapfile-local',
logfile => '/var/log/lcgdm-mkgridmap.log',
groupmap => $groupmap,
localmap => $localmap;
}
file {
'grid-mapfile-local':
ensure => 'file',
name => '/etc/grid-security/grid-mapfile-local',
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/fzu/dpm/golias100/grid-mapfile-local',
backup => false;
}
service {
'dpmcopyd':
ensure => 'running',
enable => true;
}
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
2 things,
since you are using a remote DB , you should pass to the lcgdm class the mysqlroot pass as described at
and in the shift conf i think you should add the hostname of the headnode not only the disknodes as in the template:
https://github.com/cern-it-sdc-id/lcgdm-puppet-examples/blob/master/dpm/head/headnode.pp#L189
let me know if this fix your issue
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
mysqlroot pass is in hiera... othervise module is failing
And headnode is in disknodes variabe - it is just varible named from tradition.
All was working until upgrade of module as a part of effort to get webdav monitoring working.
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
well, you need to the pass to access mysql remote ( the same in case your Mysql was local)
you can avoid it in this case by just doing manually what puppet is doing..
based on this template
https://github.com/cern-it-sdc-id/puppet-lcgdm/blob/master/templates/mysql/my.cnf.erb
you have just to create a file /root/.my.cnf with dbhost and pass
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
All that is ok
/root/.my.cnf is created as it should be... By puppet.
All variables are set in hiera, so they are available to puppet for use.
The only thing is that puppet is reloading dpnsdaemon due to its effort to change permissions on DBs.
Even when I grant PERMs as ALL by hand on sql server puppet is still tring to do that again.
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected] |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT CREATE USER ON *.* TO 'dpm'@'golias100.farm.particle.cz' IDENTIFIED BY PASSWORD '*hash' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON `dpm_db`.* TO 'dpm'@'golias100.farm.particle.cz' WITH GRANT OPTION |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON `cns_db`.* TO 'dpm'@'golias100.farm.particle.cz' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
this is grants AFTER
GRANT ALL ON cns_db.* TO 'dpm'@'golias100.farm.particle.cz';
GRANT ALL ON dpm_db.* TO 'dpm'@'golias100.farm.particle.cz';
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
ok sorry i misunsterstood your comment about mysqlroot,
this is what i see in my testbed MySQL for a remote Head node user
mysql> show grants for 'dpmdbuser'@'dpmhead01-nodb.cern.ch';
+-------------------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected] |
+-------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON . TO 'dpmdbuser'@'dpmhead01-nodb.cern.ch' IDENTIFIED BY PASSWORD '372BEA942D7F1C8A92BD36E202EC7A82C8817C0B' |
| GRANT ALL PRIVILEGES ON cns_db. TO 'dpmdbuser'@'dpmhead01-nodb.cern.ch' WITH GRANT OPTION |
| GRANT ALL PRIVILEGES ON dpm_db.* TO 'dpmdbuser'@'dpmhead01-nodb.cern.ch' WITH GRANT OPTION |
+-------------------------------------------------------------------------------------------------------------------------------+
so the ALL PRIVILIEGIES are there and puppet does not try to recreate it
just to compare everything, which version of mysql puppet module you have?
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
├── CERNOps-fetchcrl (v1.0.0)
├── ceritsc-yum (v0.9.6)
├── csail-shell_config (v0.0.1)
├── derdanne-nfs (v0.0.10)
├── desalvo-cvmfs (v0.1.3)
├── elasticsearch-elasticsearch (v0.10.1)
├── erwbgy-limits (v0.3.1)
├── evenup-kibana (v2.3.0)
├── evenup-sssd (v0.3.0)
├── fiddyspence-sysctl (v1.1.0)
├── fzu (???)
├── ispavailability-file_concat (v0.3.0)
├── jhoblitt-ganglia (v2.1.0)
├── jhoblitt-smartd (v2.6.0)
├── lcgdm-bdii (v0.1.3)
├── lcgdm-dmlite (v0.3.11)
├── lcgdm-gridftp (v0.1.2)
├── lcgdm-lcgdm (v0.2.10)
├── lcgdm-voms (v0.2.2)
├── lcgdm-xrootd (v0.1.3)
├── logrotate_fzu-template_test (v0.0.1)
├── maestrodev-wget (v1.7.1)
├── managed_interface (v0.0.1)
├── munin_extra_plugins (???)
├── nanliu-staging (v1.0.3)
├── pdxcat-autofs (v1.1.0)
├── puppetlabs-apt (v1.8.0)
├── puppetlabs-concat (v1.2.5)
├── puppetlabs-denyhosts (v0.1.0)
├── puppetlabs-firewall (v1.7.1)
├── puppetlabs-inifile (v1.4.2)
├── puppetlabs-java (v1.4.1)
├── puppetlabs-lvm (v0.5.0)
├── puppetlabs-motd (v1.1.0)
├── puppetlabs-mysql (v3.6.0)
├── puppetlabs-ntp (v3.1.1)
├── puppetlabs-postgresql (v4.6.0)
├── puppetlabs-puppetdb (v5.0.0)
├── puppetlabs-stdlib (v4.11.0)
├── razorsedge-network (v3.2.0)
├── richardc-datacat (v0.6.2)
├── saz-memcached (v2.8.1)
├── ssm-munin (v0.0.10)
├── thias-apache_httpd (v1.0.0)
├── thias-nagios (v1.0.6)
├── thias-php (v1.1.1)
└── thias-selinux (v1.0.4)
Taht's all module we use
Some are our not used tests
I personally think its problem with mysql package version
But as we are a big dpm site (2.95 PiB in dpm) we do not want any downtime
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
so regarding the mysql module, here i'm using the version 3.1.0 , it's managed centrally so i cannot ask to upgrade now easily, but i can do some tests without passing from the puppet master to see if this problem happens with 3.6.0.
In the meantime you can try to comment out the code from the module at
https://github.com/cern-it-sdc-id/puppet-lcgdm/blob/master/manifests/dpm/mysql.pp#L20
and
https://github.com/cern-it-sdc-id/puppet-lcgdm/blob/master/manifests/ns/mysql.pp#L13
so that the grants are not changed every time
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
sorry the second code link is
https://github.com/cern-it-sdc-id/puppet-lcgdm/blob/master/manifests/ns/mysql.pp#L22
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
Ok thank you for workaround - I even tried to change grants to what mysql is reporting
['ALL']
->
['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'CREATE', 'DROP', 'REFERENCES', 'INDEX', 'ALTER', 'CREATE TEMPORARY TABLES', 'LOCK TABLES' ]
But it again translates into ALL at the end... ;-)
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
i just did the test with mysql-puppet 3.6.0 and i cannot reproduce your issue.
regarding the version of mysql on both client and server i have 5.1.73-5.
the other difference i see is that the grants on the DB for your headnode access were configured by YAIM first right? cause in my case i do it on an existing db but configured since the beginning with puppet. i will check possible differences in this part
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
Yes that is very very possible. I do not know it for sure. I work here around 9 months. So I cant be sure.
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
just checked YAIM and this is what it's doing:
mysql -h ${DPM_DB_HOST} --pass=$MYSQL_PASSWORD --exec "grant all on ${DPM_DB}.* to '$DPM_DB_USER'@'$DPM_HOST' identified by '$DPM_DB_PASSWORD' with grant option" || return 1
mysql -h ${DPM_DB_HOST} --pass=$MYSQL_PASSWORD --exec "grant all on ${DPNS_DB}.* to '$DPM_DB_USER'@'$DPM_HOST' identified by '$DPM_DB_PASSWORD' with grant option" || return 1
so i don't understand why you have a different set of grants on your DB..
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
even update on mysql module wont help (v 3.6.2)
I even tried to drop users and recrreate them but no luck
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
mysql user dump
SELECT * FROM mysql.user WHERE User='dpm' \G
*************************** 1. row ***************************
Host: golias100
User: dpm
Password: 00a530e0527d883d
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: Y
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
*************************** 2. row ***************************
Host: golias100.farm.particle.cz
User: dpm
Password: 00a530e0527d883d
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: Y
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
*************************** 3. row ***************************
Host: %
User: dpm
Password: 00a530e0527d883d
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: Y
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
*************************** 4. row ***************************
Host: localhost
User: dpm
Password: 00a530e0527d883d
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: Y
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
*************************** 5. row ***************************
monitoring users
*************************** 7. row ***************************
Host: sql2.farm.particle.cz
User: dpm
Password: *43C5F05EAA73C59F8B8572373CBC6E3A607DA86A
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: Y
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
7 rows in set (0.00 sec)
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
interesting ...
in my case the same command give this output:
*************************** 13. row ***************************
Host: dpm-test01.cern.ch
User: dpmdbuser
Password: *372BEA942D7F1C8A92BD36E202EC7A82C8817C0B
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
which means that you have given to your user the privilegies on all the DB ( . ) while my grants are only for the DPM DB
intact your grants already showed it and i overlooked
GRANT CREATE USER ON . TO 'dpm'@'golias100.farm.particle.cz' IDENTIFIED BY PASSWORD '*hash'
you don't have to give privilegies on all Mysql ( actulally is also dangerous as your dpm user is like root now..)
and i guess this is why puppet is complaining... |
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
Hi again,
even when I drop all users dpm I get:
------------------------------+
| GRANT USAGE ON *.* TO 'dpm'@'sql2.farm.particle.cz' IDENTIFIED BY PASSWORD '*hash' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON `dpm_db`.* TO 'dpm'@'sql2.farm.particle.cz' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON `cns_db`.* TO 'dpm'@'sql2.farm.particle.cz' |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+
So it is same as before
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
I have reported that to puppetlabs since this bug is more related to them.
I will keep you posted.
from puppet-lcgdm.
andrea-manzi
commented on August 12, 2024
sorry busy period..thanks for following up this ! do you have the link to the ticket you reported?
thanks a lot!
from puppet-lcgdm.
samuraiii
commented on August 12, 2024
Here it is https://tickets.puppetlabs.com/browse/MODULES-3000
from puppet-lcgdm.
johnwarburton
commented on August 12, 2024
I had this issue today - fixed with running mysql_upgrade
I have updated the puppet ticket as well
from puppet-lcgdm.
Related Issues (5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-lcgdm.