Re: mysql user permissions bug?
I've resolved my issue, but I do think there is a bug here. It seems the SELECT, INSERT, UPDATE, DELETE permissions are all the management node's database user requires. However, even though there is a parameter in /etc/vcl/vcld.conf for LockerWrtUser, the value the management node will check in with is when: LockerWrtUser=vcl I am not sure why. -Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 On Apr 6, 2009, at 12:21 PM, Brian Bouterse wrote: I am doing a fresh installation and starting with a database built from the most recent vcl.sql from the SVN. I've configured my frontend and management node, according to these instructions: https://svn.apache.org/repos/asf/incubator/vcl/trunk/INSTALLATION I've added my management node to the DB, but I couldn't get the vcld process to start cleanly without the following complaint from the log: SNIP- |2615| WARNING |2615| 2009-04-06 12:17:50|2615| utils.pm:get_management_node_info(7206)|zero rows were returned from database select statement: |2615|SELECT |2615|managementnode.*, |2615|predictivemodule.name AS predictive_name, |2615|predictivemodule.prettyname AS predictive_prettyname, |2615|predictivemodule.description AS predictive_description, |2615|predictivemodule.perlpackage AS predictive_perlpackage, |2615| state.name AS statename |2615|FROM |2615|managementnode, |2615|module predictivemodule, |2615| state |2615|WHERE |2615|managementnode.predictivemoduleid = predictivemodule.id |2615| AND managementnode.stateid = state.id |2615|AND |2615|managementnode.hostname like 'dhcp15.cnl.ncsu.edu%' |2615| ( 0) utils.pm, notify (line: 691) |2615| (-1) utils.pm, get_management_node_info (line: 7206) |2615| (-2) vcld, main (line: 127) /usr/lib/sendmail: option requires an argument -- f 2009-04-06 12:17:50|2615|utils.pm:mail(1301)|SUCCESS -- Sending mail To: , PROBLEM -- vcld |2615| CRITICAL |2615| 2009-04-06 12:17:50|2615|vcld:main(131)|unable to retrieve management node information from database |2615| ( 0) utils.pm, notify (line: 691) |2615| (-1) vcld, main (line: 131) SNIP- I believe this is default user permissions bug because when I give my vcl user in the database full permissions (All Privileges) instead of the recommended in the instructions (SELECT, INSERT, UPDATE, DELETE), it works. What are the right permissions for a frontend user? What are the right permissions for a backend user? Do the instructions need to be updated? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796
Re: mysql user permissions bug?
The recommended permissions for the vcl user on the backend are correct (SELECT, INSERT, UPDATE, DELETE). Also it's probably not good to have anything remotely accessing your database with All Privileges - just from a security perspective. At some-point in the future we would like to moved to stored procedures - which would allow stricter permissions. Are the database and vcld running on the same machine? maybe the 'username'@'localhost' is creating a problem. Aaron --On April 6, 2009 12:21:30 PM -0400 Brian Bouterse bmbou...@ncsu.edu wrote: I am doing a fresh installation and starting with a database built from the most recent vcl.sql from the SVN. I've configured my frontend and management node, according to these instructions: https://svn.apache.org/repos/asf/incubator/vcl/trunk/INSTALLATION I've added my management node to the DB, but I couldn't get the vcld process to start cleanly without the following complaint from the log: SNIP- | 2615| WARNING | 2615| 2009-04-06 | 12:17:50|2615|utils.pm:get_management_node_info(7206)|zero rows were | returned from database select statement: | 2615|SELECT | 2615|managementnode.*, | 2615|predictivemodule.name AS predictive_name, | 2615|predictivemodule.prettyname AS predictive_prettyname, | 2615|predictivemodule.description AS predictive_description, | 2615|predictivemodule.perlpackage AS predictive_perlpackage, | 2615| state.name AS statename | 2615|FROM | 2615|managementnode, | 2615|module predictivemodule, | 2615| state | 2615|WHERE | 2615|managementnode.predictivemoduleid = predictivemodule.id | 2615| AND managementnode.stateid = state.id | 2615|AND | 2615|managementnode.hostname like 'dhcp15.cnl.ncsu.edu%' | 2615| ( 0) utils.pm, notify (line: 691) | 2615| (-1) utils.pm, get_management_node_info (line: 7206) | 2615| (-2) vcld, main (line: 127) /usr/lib/sendmail: option requires an argument -- f 2009-04-06 12:17:50|2615|utils.pm:mail(1301)|SUCCESS -- Sending mail To: , PROBLEM -- vcld | 2615| CRITICAL | 2615| 2009-04-06 12:17:50|2615|vcld:main(131)|unable to retrieve | management node information from database 2615| ( 0) utils.pm, notify | (line: 691) | 2615| (-1) vcld, main (line: 131) SNIP- I believe this is default user permissions bug because when I give my vcl user in the database full permissions (All Privileges) instead of the recommended in the instructions (SELECT, INSERT, UPDATE, DELETE), it works. What are the right permissions for a frontend user? What are the right permissions for a backend user? Do the instructions need to be updated? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796
Re: mysql user permissions bug?
Could you re-phrase this part? I don't understand what issue your highlighting? The value assigned to 'LockerWrtUser=' is the variable used when vcld starts to make the database connection. Aaron --On April 6, 2009 12:35:26 PM -0400 Brian Bouterse bmbou...@ncsu.edu wrote: I've resolved my issue, but I do think there is a bug here. It seems the SELECT, INSERT, UPDATE, DELETE permissions are all the management node's database user requires. However, even though there is a parameter in /etc/vcl/vcld.conf for LockerWrtUser, the value the management node will check in with is when: LockerWrtUser=vcl I am not sure why. -Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 On Apr 6, 2009, at 12:21 PM, Brian Bouterse wrote: I am doing a fresh installation and starting with a database built from the most recent vcl.sql from the SVN. I've configured my frontend and management node, according to these instructions: https://svn.apache.org/repos/asf/incubator/vcl/trunk/INSTALLATION I've added my management node to the DB, but I couldn't get the vcld process to start cleanly without the following complaint from the log: SNIP- | 2615| WARNING | 2615| 2009-04-06 12:17:50|2615| utils.pm:get_management_node_info(7206)|zero rows were returned from database select statement: | 2615|SELECT | 2615|managementnode.*, | 2615|predictivemodule.name AS predictive_name, | 2615|predictivemodule.prettyname AS predictive_prettyname, | 2615|predictivemodule.description AS predictive_description, | 2615|predictivemodule.perlpackage AS predictive_perlpackage, | 2615| state.name AS statename | 2615|FROM | 2615|managementnode, | 2615|module predictivemodule, | 2615| state | 2615|WHERE | 2615|managementnode.predictivemoduleid = predictivemodule.id | 2615| AND managementnode.stateid = state.id | 2615|AND | 2615|managementnode.hostname like 'dhcp15.cnl.ncsu.edu%' | 2615| ( 0) utils.pm, notify (line: 691) | 2615| (-1) utils.pm, get_management_node_info (line: 7206) | 2615| (-2) vcld, main (line: 127) /usr/lib/sendmail: option requires an argument -- f 2009-04-06 12:17:50|2615|utils.pm:mail(1301)|SUCCESS -- Sending mail To: , PROBLEM -- vcld | 2615| CRITICAL | 2615| 2009-04-06 12:17:50|2615|vcld:main(131)|unable to retrieve management node information from database | 2615| ( 0) utils.pm, notify (line: 691) | 2615| (-1) vcld, main (line: 131) SNIP- I believe this is default user permissions bug because when I give my vcl user in the database full permissions (All Privileges) instead of the recommended in the instructions (SELECT, INSERT, UPDATE, DELETE), it works. What are the right permissions for a frontend user? What are the right permissions for a backend user? Do the instructions need to be updated? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 Aaron Peeler OIT Advanced Computing College of Engineering-NCSU 919.513.4571 http://vcl.ncsu.edu
Re: mysql user permissions bug?
Even though LockerWrtUser is there to indicate which database user the management node should use to login to the db, the only value the daemon will start with is vcl. Has anyone ever gotten the vcld to start successfully and checkin with the database when using something other than 'vcl' (specified in vcld.conf as LockerWrtUser)? Is that clearer? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 On Apr 6, 2009, at 12:48 PM, Aaron Peeler wrote: Could you re-phrase this part? I don't understand what issue your highlighting? The value assigned to 'LockerWrtUser=' is the variable used when vcld starts to make the database connection. Aaron --On April 6, 2009 12:35:26 PM -0400 Brian Bouterse bmbou...@ncsu.edu wrote: I've resolved my issue, but I do think there is a bug here. It seems the SELECT, INSERT, UPDATE, DELETE permissions are all the management node's database user requires. However, even though there is a parameter in /etc/vcl/vcld.conf for LockerWrtUser, the value the management node will check in with is when: LockerWrtUser=vcl I am not sure why. -Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 On Apr 6, 2009, at 12:21 PM, Brian Bouterse wrote: I am doing a fresh installation and starting with a database built from the most recent vcl.sql from the SVN. I've configured my frontend and management node, according to these instructions: https://svn.apache.org/repos/asf/incubator/vcl/trunk/INSTALLATION I've added my management node to the DB, but I couldn't get the vcld process to start cleanly without the following complaint from the log: SNIP- | 2615| WARNING | 2615| 2009-04-06 12:17:50|2615| utils.pm:get_management_node_info(7206)|zero rows were returned from database select statement: | 2615|SELECT | 2615|managementnode.*, | 2615|predictivemodule.name AS predictive_name, | 2615|predictivemodule.prettyname AS predictive_prettyname, | 2615|predictivemodule.description AS predictive_description, | 2615|predictivemodule.perlpackage AS predictive_perlpackage, | 2615| state.name AS statename | 2615|FROM | 2615|managementnode, | 2615|module predictivemodule, | 2615| state | 2615|WHERE | 2615|managementnode.predictivemoduleid = predictivemodule.id | 2615| AND managementnode.stateid = state.id | 2615|AND | 2615|managementnode.hostname like 'dhcp15.cnl.ncsu.edu%' | 2615| ( 0) utils.pm, notify (line: 691) | 2615| (-1) utils.pm, get_management_node_info (line: 7206) | 2615| (-2) vcld, main (line: 127) /usr/lib/sendmail: option requires an argument -- f 2009-04-06 12:17:50|2615|utils.pm:mail(1301)|SUCCESS -- Sending mail To: , PROBLEM -- vcld | 2615| CRITICAL | 2615| 2009-04-06 12:17:50|2615|vcld:main(131)|unable to retrieve management node information from database | 2615| ( 0) utils.pm, notify (line: 691) | 2615| (-1) vcld, main (line: 131) SNIP- I believe this is default user permissions bug because when I give my vcl user in the database full permissions (All Privileges) instead of the recommended in the instructions (SELECT, INSERT, UPDATE, DELETE), it works. What are the right permissions for a frontend user? What are the right permissions for a backend user? Do the instructions need to be updated? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 Aaron Peeler OIT Advanced Computing College of Engineering-NCSU 919.513.4571 http://vcl.ncsu.edu
Re: mysql user permissions bug?
Yes - we are using different names for the value LockerWrtUser=. Actually we have several vcl-wrt vcl-wcu, vcl-dev, etc This is defined when adding the user to the database. From the install instructions file under step 2. 2) create a user with SELECT, INSERT, UPDATE, and DELETE privileges on the database from #1 (GRANT SELECT,INSERT,UPDATE,DELETE ON vcl.* TO 'insert user here'@'localhost' IDENTIFIED BY 'insert pwd here';) The username at 'insert user here'@'localhost' can be anything you want. It does have to be defined in the vcld.conf file at the required variable 'LockerWrtUser'. vcld needs to know what to connect as. -A --On April 6, 2009 12:58:42 PM -0400 Brian Bouterse bmbou...@ncsu.edu wrote: Even though LockerWrtUser is there to indicate which database user the management node should use to login to the db, the only value the daemon will start with is vcl. Has anyone ever gotten the vcld to start successfully and checkin with the database when using something other than 'vcl' (specified in vcld.conf as LockerWrtUser)? Is that clearer? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 On Apr 6, 2009, at 12:48 PM, Aaron Peeler wrote: Could you re-phrase this part? I don't understand what issue your highlighting? The value assigned to 'LockerWrtUser=' is the variable used when vcld starts to make the database connection. Aaron --On April 6, 2009 12:35:26 PM -0400 Brian Bouterse bmbou...@ncsu.edu wrote: I've resolved my issue, but I do think there is a bug here. It seems the SELECT, INSERT, UPDATE, DELETE permissions are all the management node's database user requires. However, even though there is a parameter in /etc/vcl/vcld.conf for LockerWrtUser, the value the management node will check in with is when: LockerWrtUser=vcl I am not sure why. -Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 On Apr 6, 2009, at 12:21 PM, Brian Bouterse wrote: I am doing a fresh installation and starting with a database built from the most recent vcl.sql from the SVN. I've configured my frontend and management node, according to these instructions: https://svn.apache.org/repos/asf/incubator/vcl/trunk/INSTALLATION I've added my management node to the DB, but I couldn't get the vcld process to start cleanly without the following complaint from the log: SNIP- | 2615| WARNING | 2615| 2009-04-06 12:17:50|2615| utils.pm:get_management_node_info(7206)|zero rows were returned from database select statement: | 2615|SELECT | 2615|managementnode.*, | 2615|predictivemodule.name AS predictive_name, | 2615|predictivemodule.prettyname AS predictive_prettyname, | 2615|predictivemodule.description AS predictive_description, | 2615|predictivemodule.perlpackage AS predictive_perlpackage, | 2615| state.name AS statename | 2615|FROM | 2615|managementnode, | 2615|module predictivemodule, | 2615| state | 2615|WHERE | 2615|managementnode.predictivemoduleid = predictivemodule.id | 2615| AND managementnode.stateid = state.id | 2615|AND | 2615|managementnode.hostname like 'dhcp15.cnl.ncsu.edu%' | 2615| ( 0) utils.pm, notify (line: 691) | 2615| (-1) utils.pm, get_management_node_info (line: 7206) | 2615| (-2) vcld, main (line: 127) /usr/lib/sendmail: option requires an argument -- f 2009-04-06 12:17:50|2615|utils.pm:mail(1301)|SUCCESS -- Sending mail To: , PROBLEM -- vcld | 2615| CRITICAL | 2615| 2009-04-06 12:17:50|2615|vcld:main(131)|unable to retrieve management node information from database | 2615| ( 0) utils.pm, notify (line: 691) | 2615| (-1) vcld, main (line: 131) SNIP- I believe this is default user permissions bug because when I give my vcl user in the database full permissions (All Privileges) instead of the recommended in the instructions (SELECT, INSERT, UPDATE, DELETE), it works. What are the right permissions for a frontend user? What are the right permissions for a backend user? Do the instructions need to be updated? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 /vcl.ncsu.edu
Re: mysql user permissions bug?
BTW - what username are trying to use besides 'vcl'. It's possible there is a bug in the portion that is parsing vcld.conf and it's not picking up specific characters. Aaron