Closed Bug 660842 Opened 13 years ago Closed 13 years ago

Set up different PostgreSQL account for processors

Categories

(Data & BI Services Team :: DB: MySQL, task)

Product:
Data & BI Services Team
Component:
DB: MySQL
Type:
task
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: laura, Assigned: mpressman)

References

Details

As above.  This is part of bug 629144.
Completed with 1.7.8 push.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
apparently, the new "monitor" user cannot insert into the private priority jobs table owned by the "processor" user.  

2011-06-02 23:03:06,939 ERROR - priorityLoopingThread - Caught Error:
<class 'psycopg2.ProgrammingError'>
2011-06-02 23:03:06,939 ERROR - priorityLoopingThread - permission
denied for relation priority_jobs_1158

The ability of the monitor to write to the private priority jobs table is pivotal to the communication between those two processes.  The processors themselves are responsible for creating there own private priority jobs tables.  Under the new system of each process having its own username, will the processors have to explicitly grant insert permission to the monitor?  Or is there a way for the monitor to automatically have this privilege?
Blocks: 661760
Severity: normal → critical
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
No longer blocks: 661760
Assignee: josh → mpressman
Severity: critical → blocker
Assignee: mpressman → server-ops
Component: Socorro → Server Operations
Product: Webtools → mozilla.org
QA Contact: socorro → mrz
Target Milestone: 1.7.8 → ---
Version: 1.7 → other
Assignee: server-ops → mpressman
Component: Server Operations → Server Operations: Database
Since I am not sure of how locked down we want the 'monitor' user, I can go about this several ways. I can change the monitor to a superuser which will allow it access to all objects, I can explicitly give it permissions to objects that already exist or change the 'monitor' user to be a member of 'processor' table which will allow it access to all 'processor' objects

Any ideas?
the monitor should be allowed to access all "processor" objects.  Let's set it there and see how it goes.
breakpad=# grant processor to monitor;
GRANT ROLE
breakpad=#
the permission errors are no longer happening in the logs.  I think we can call this fixed.
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → FIXED
Matt, can you add that grant statement to the 1.7.8 upgrade scripts, just so it's in SVN?

Thanks.
Product: mozilla.org → Data & BI Services Team
You need to log in before you can comment on or make changes to this bug.