[request-tracker-maintainers] Bug#506487: Bug#506487: request-tracker3.8: cannot configure remote mysql server

Sat Nov 22 07:01:09 UTC 2008

clone 506487 -1 -2
retitle -1 database installation script output gets hidden by debconf prompts
reassign -1 dbconfig-common/1.8.39
severity -1 normal
retitle -2 configurable hostname part when GRANTing mysql privileges on a remote server
reassign -2 dbconfig-common/1.8.39
severity -2 wishlist
thanks

On Fri, Nov 21, 2008 at 06:15:18PM -0500, Antoine Beaupre wrote:
> Package: request-tracker3.8
> Version: 3.8.1-1~experimental1~bpo40+1
> Severity: important
> 
> It seems that this package has trouble configuring the database server through the dbconfig interface. During the dbc_go() step, we get an access denied:
> 
> DBI connect('dbname=rtdb;host=mysql.koumbit.net','rtuser',...) failed: Access denied for user 'rtuser'@'192.168.0.42' (using password: YES) at /usr/share/perl5/DBIx/SearchBuilder/Handle.pm line 106
> 
> The problem, i think, is that it shouldn't try to connect with the `rtuser' user, but with the *censored* user prompted through debconf.

No, at this point it should be using the unprivileged user and not
the database admin user to connect. I think the privilege GRANTs just
aren't working.

> The other problem is that the GRANT is created with rtuser at localhost but we would need rtuser@% or something like that. At some point in the various attempts to 
> make it work, it seemed that the grant was created with a "shell.koumbit.net" host, but that's also wrong since we connect through an internal interface and the 
> DNS doesn't point there.
> 
> So, in summary, i think the problem is that the db init scripts do not create the GRANT properly.

The database and the GRANTs are managed by dbconfig-common, not the
request-tracker3.8 scripts.

Looking at /usr/share/dbconfig-common/internal/mysql:

 GRANT ALL PRIVILEGES ON \`$dbc_dbname\`.* TO \`$dbc_dbuser\`@'$l_dballow' IDENTIFIED BY '`dbc_mysql_escape_str $dbc_dbpass`';

where

 if [ ! "${dbc_dbserver:-}" ] || [ "$dbc_dbserver" = "localhost" ]; then
  l_dballow=localhost
 else
  l_dballow=`hostname`
 fi

The grant should thus have been allowed for rtuser at shell.koumbit.net,
not rtuser at localhost, in the first place. No idea how the @localhost
happened. Can you reproduce that?

If @shell.koumbit.net wouldn't have worked either, you apparently need
a way to optionally configure the `hostname` part. That would need to
be somewhere in dbconfig-common. I'm cloning a wishlist bug for it.

> Also note that I had to change the dbconfig-common file below to be able to see the error, otherwise debconf would just replace it and hide the error. I removed 
> the "exec" word and added a sleep 5 as last line of the script.

I think this is worth another bug, cloning. It should probably be
fixed in dbconfig-common too by improving logging of the script
call or at least sleeping a bit before invoking dbc_install_error().

(For reference, this would be somewhere around 
 view +/via\ scriptfile/ dpkg/postinst
)
-- 
Niko Tyni   ntyni at debian.org