Keystone, MySQL and Fedora 18

Posted on March 8, 2013 by Adam Young

It looks like the access model for MySQL has changed between F17 and F18.

openstack-db fails with a permission on the root user.Â However, the following works:

As the keystone user (I suspect the openstack-db call made the keystone user, or maybe that is done by the RPM install?)
run mysql,Â (no params, using the default identification, which I assume is PAM based?)
create a user named keystone.
and grant that user perms to create a db.

su - keystone
mysql

create user 'keystone'@'localhost' identified by 'keystone';
grant allÂ  PRIVILEGES on *.* to 'keystone'@'localhost';

exit mysql and log in as that user:

mysql --user=keystone --password=keystone

Create the keystone database:

create database keystone;

Log out and run the dbsync

keystone-manage db_sync

Obviously, this leaves the DB User with too many permissions, but it is a start.

If I now try to run the command

openstack-db --service glance --init
Please enter the password for the 'root' MySQL user:

Even setting the password in MySQL doesn’t work

UPDATE mysql.user SET Password=PASSWORD('keystone') WHERE User='root' AND Host='localhost';

[root@f18-keystone mysql]# openstack-db --service glance --init
Please enter the password for the 'root' MySQL user:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Failed to connect to the MySQL server.Â  Please check your root user credentials.

I tried it with the unix password as well.

Note that I can connect using the following SQL Alchemy URL:

connection = mysql://keystone:keystone@localhost/keystone?unix_socket=/var/lib/mysql/mysql.sock

I think this is preferable to exposing TCP sockets around in the case that the Keystone server and MySQL server are co-located.

Meet the Red Hat OpenStack Team: Adam Young

Posted on February 18, 2013 by Adam Young

We thought it would be a good idea to have a “Meet the Red Hat Open Stack Team” series of blog post. This is me.
Continue reading →

Using Puppet to setup PostgreSQL for Keystone on Fedora

Posted on February 7, 2013 by Adam Young

Using Puppet to manage software configuration makes sense. Setting up PostgreSQL support for Keystone development and testing has been my excuse to learn it.

sudo yum install puppet
sudo puppet module install puppetlabs/postgresql

Then create a file /etc/puppet/site.pp

Put this line in it:

class { 'postgresql::server': }

postgresql::db{ 'keystone':
  user          => 'keystone',
  password      => 'keystone',
  grant         => 'all',
}

sudo  puppet apply --verbose /etc/puppet/site.pp

Confirm that postgresql is running:

systemctl status postgresql.service

Should get you

postgresql.service - PostgreSQL database server
	  Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled)
	  Active: active (running) since Thu, 03 Jan 2013 13:26:46 -0500; 43min ago
	 Process: 17529 ExecStop=/usr/bin/pg_ctl stop -D ${PGDATA} -s -m fast (code=exited, status=0/SUCCESS)
	 Process: 17553 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS)
	 Process: 17545 ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGDATA} (code=exited, status=0/SUCCESS)
	Main PID: 17556 (postgres)
	  CGroup: name=systemd:/system/postgresql.service
		  â”œ 17556 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
		  â”œ 17557 postgres: logger process   
		  â”œ 17559 postgres: writer process   
		  â”œ 17560 postgres: wal writer process   
		  â”œ 17561 postgres: autovacuum launcher process   
		  â”” 17562 postgres: stats collector process

Test we can connect to the PostgreSQL command line tool:

psql -h localhost -U keystone keystone 
Password for user keystone: 
psql (9.1.7)
Type "help" for help.

keystone=> \d

To run the Keystone unit test test against the database, alter the file /opt/stack/keystone/tests/backend_sql.conf. Comment out the sqlite connection line, and uncomment the postgresql line.

[sql]
#connection = sqlite://
#To Test MySQL:
#connection = mysql://root:keystone@localhost/keystone?charset=utf8
#To Test PostgreSQL:
connection = postgresql://keystone:keystone@localhost/keystone?client_encoding=utf8
idle_timeout = 200

Then you can run the unit tests with

./run_tests.sh -N test_sql_upgrade

If the tests fail (and they will), they will leave the database in an unusable state. You can drop the database and recreate with puppet:

sudo su postgres -c "dropdb keystone"
sudo  puppet apply --verbose /etc/puppet/site.pp

A SQL upgrade script in Keystone

Posted on January 18, 2013 by Adam Young

The SQL migration mechanism in Keystone is interesting enough to warrant some attention. If you need to modify the SQL database in any of the Open Stack projects, you are going to use a similar approach. Here is a step by step I have recorded of a SQL upgrade script I am writing for a feature in Keystone.
Continue reading →

Reviewing Code

Posted on December 13, 2012 by Adam Young

Code reviews are vital to the success of any software project. In Open Stack, code must be reviewed to be accepted. If there are not enough people doing code reviews, the reviews get stagnant, and the project can’t move forward.

Right now, there are only three active core contributors focused on Keystone.Â There are a couple people that are core on multiple projects the pay attention to Keystone from time to time, but mostly it is just three of us.

Continue reading →

Keystone and Eclipse PyDev

Posted on December 13, 2012 by Adam Young

“Step through your code” –some of the best advice I ever got, from Code Complete.

I am a fan of Eclipse. Although I am conversant in VI and Fluent in emacs, I tend to write code in Eclipse. While the Python source code browsing is only mediocre when compared with the Java support, the integrated debugging is very powerful. Here is how I have set things up to work for Keystone.

Continue reading →

What changed in that latest patch?

Posted on December 12, 2012 by Adam Young

Gerrit is great, but one thing it does not do well is tell you the differences in an update to a review request. Here’s how I found I could focus review requests to just the deltas between submissions.
Continue reading →

Three Mistakes in Go

Posted on December 10, 2012 by Adam Young

“Go (Chinese: åœæ£‹ wÃ©iqÃ, Japanese: å›²ç¢ igo, ^{[nb 2]} Korean: ë°”ë‘‘ baduk, Vietnamese: cá» vÃ¢y, common meaning: “encircling game”) is a board game for two players that originated in China more than 2,500 years ago.” — From the Wikipedia Article

I love this game. It keeps me humble. No other game teaches so much so simply. Go is about influence. But sometimes, it is about tactics. I recently lost a game. I made not 1, but 3 mistakes, that cost me the game. If I had not made any one of these three I would have won, and quite soundly. Instead, I lost by 1.5 points, a very close game.

Continue reading →

Keeping Development Code Current

Posted on November 27, 2012 by Adam Young

Embracing change is hard.Â Accepting criticism on code you worked so hard to prepare for review can be hard on the ego.Â But when you have additional work that is underway that depends on submissions undergoing review, it can also be a challenge to your organizational skills.Â I’ve recently learned a trick aboutÂ git that makes this easier in the context of Open Stack development.

Continue reading →