From 54ad9496cd9ab18e65150794ade09dafdec7dd27 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Wed, 26 Feb 2014 11:44:45 -0800 Subject: [PATCH] Optionally give mysql user all global privs. One our single use unittest slaves we want to allow unittests to create and destroy arbitrary mysql database schemas. The simplest way to do this is to grant all priveleges to the test user on the mysql server globally. This is safe because the nodes are thrown away post test. Change-Id: Ic92ff2f9c752d955e6f82eb4b88330b5448cfa75 --- modules/jenkins/manifests/slave.pp | 13 ++++++++----- .../files/nodepool/scripts/prepare_node.sh | 5 +++-- .../files/nodepool/scripts/prepare_node_bare.sh | 5 ++++- .../files/nodepool/scripts/prepare_node_py3k.sh | 3 ++- .../openstack_project/manifests/single_use_slave.pp | 12 +++++++----- 5 files changed, 24 insertions(+), 14 deletions(-) diff --git a/modules/jenkins/manifests/slave.pp b/modules/jenkins/manifests/slave.pp index aec58c3240..46b36e4ba4 100644 --- a/modules/jenkins/manifests/slave.pp +++ b/modules/jenkins/manifests/slave.pp @@ -6,7 +6,8 @@ class jenkins::slave( $bare = false, $user = true, $python3 = false, - $include_pypy = false + $include_pypy = false, + $all_mysql_privs = false, ) { include pip @@ -285,10 +286,12 @@ class jenkins::slave( require => Database_user['openstack_citest@localhost'], } - database_grant { 'openstack_citest@localhost': - privileges => ['CREATE_PRIV', 'DROP_PRIV'], - provider => 'mysql', - require => Database_user['openstack_citest@localhost'], + if ($all_mysql_privs == true) { + database_grant { 'openstack_citest@localhost': + privileges => ['all'], + provider => 'mysql', + require => Database_user['openstack_citest@localhost'], + } } # The puppetlabs postgres module does not manage the postgres user diff --git a/modules/openstack_project/files/nodepool/scripts/prepare_node.sh b/modules/openstack_project/files/nodepool/scripts/prepare_node.sh index 624b7a16e1..fb45e0f9a6 100755 --- a/modules/openstack_project/files/nodepool/scripts/prepare_node.sh +++ b/modules/openstack_project/files/nodepool/scripts/prepare_node.sh @@ -21,6 +21,7 @@ SUDO=$2 BARE=$3 PYTHON3=${4:-false} PYPY=${5:-false} +ALL_MYSQL_PRIVS=${6:-false} sudo hostname $HOSTNAME wget https://git.openstack.org/cgit/openstack-infra/config/plain/install_puppet.sh @@ -30,10 +31,10 @@ sudo git clone --depth=1 git://git.openstack.org/openstack-infra/config.git \ sudo /bin/bash /root/config/install_modules.sh if [ -z "$NODEPOOL_SSH_KEY" ] ; then sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \ - -e "class {'openstack_project::single_use_slave': sudo => $SUDO, bare => $BARE, python3 => $PYTHON3, include_pypy => $PYPY, }" + -e "class {'openstack_project::single_use_slave': sudo => $SUDO, bare => $BARE, python3 => $PYTHON3, include_pypy => $PYPY, all_mysql_privs => $ALL_MYSQL_PRIVS, }" else sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \ - -e "class {'openstack_project::single_use_slave': install_users => false, sudo => $SUDO, bare => $BARE, python3 => $PYTHON3, include_pypy => $PYPY, ssh_key => '$NODEPOOL_SSH_KEY', }" + -e "class {'openstack_project::single_use_slave': install_users => false, sudo => $SUDO, bare => $BARE, python3 => $PYTHON3, include_pypy => $PYPY, all_mysql_privs => $ALL_MYSQL_PRIVS, ssh_key => '$NODEPOOL_SSH_KEY', }" fi sudo mkdir -p /opt/git diff --git a/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh b/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh index b36724538b..f21c800d72 100755 --- a/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh +++ b/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh @@ -19,8 +19,11 @@ HOSTNAME=$1 SUDO='false' BARE='false' +PYTHON3='false' +PYPY='false' +ALL_MYSQL_PRIVS='true' -./prepare_node.sh "$HOSTNAME" "$SUDO" "$BARE" +./prepare_node.sh "$HOSTNAME" "$SUDO" "$BARE" "$PYTHON3" "$PYPY" "$ALL_MYSQL_PRIVS" sync sleep 5 diff --git a/modules/openstack_project/files/nodepool/scripts/prepare_node_py3k.sh b/modules/openstack_project/files/nodepool/scripts/prepare_node_py3k.sh index 2ed0f27a90..5b29c299ca 100755 --- a/modules/openstack_project/files/nodepool/scripts/prepare_node_py3k.sh +++ b/modules/openstack_project/files/nodepool/scripts/prepare_node_py3k.sh @@ -21,5 +21,6 @@ SUDO='false' BARE='false' PYTHON3='true' PYPY='true' +ALL_MYSQL_PRIVS='true' -./prepare_node.sh "$HOSTNAME" "$SUDO" "$BARE" "$PYTHON3" "$PYPY" +./prepare_node.sh "$HOSTNAME" "$SUDO" "$BARE" "$PYTHON3" "$PYPY" "$ALL_MYSQL_PRIVS" diff --git a/modules/openstack_project/manifests/single_use_slave.pp b/modules/openstack_project/manifests/single_use_slave.pp index 92b2db83ac..245e080632 100644 --- a/modules/openstack_project/manifests/single_use_slave.pp +++ b/modules/openstack_project/manifests/single_use_slave.pp @@ -14,6 +14,7 @@ class openstack_project::single_use_slave ( $python3 = false, $include_pypy = false, $automatic_upgrades = false, + $all_mysql_privs = false, $ssh_key = $openstack_project::jenkins_ssh_key ) inherits openstack_project { class { 'openstack_project::template': @@ -26,10 +27,11 @@ class openstack_project::single_use_slave ( ['-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT'], } class { 'jenkins::slave': - ssh_key => $ssh_key, - sudo => $sudo, - bare => $bare, - python3 => $python3, - include_pypy => $include_pypy, + ssh_key => $ssh_key, + sudo => $sudo, + bare => $bare, + python3 => $python3, + include_pypy => $include_pypy, + all_mysql_privs => $all_mysql_privs, } }