PDA

View Full Version : Please help, I'm missing something



Muerr
August 26th, 2008, 09:01 PM
I'm missing something but I can't think of what that might be. This configuration works on another system for another client. The grants are identical for the dbbackup user on both.



$ sudo mysql-zrm --action backup --backup-set dailyrun --verbose
backup:INFO: ZRM for MySQL Community Edition - version 1.2.1
backup:INFO: Reading options from file /etc/mysql-zrm/mysql-zrm.conf
dailyrun:backup:INFO: Reading options from file /etc/mysql-zrm/dailyrun/mysql-zrm.conf
dailyrun:backup:WARNING: Could not open file /etc/mysql-zrm/dailyrun/last_backup. No such file or directory
dailyrun:backup:INFO: Mail address: me@example.com is ok
dailyrun:backup:INFO: Using /usr/share/mysql-zrm/plugins/lvm-snapshot.pl as the default plugin since snapshot-plugin has not been specified
dailyrun:backup:INFO: ZRM Temporary configuration file = /etc/mysql-zrm/dailyrun/tmpps69K.conf
dailyrun:backup:INFO: {
dailyrun:backup:INFO: retention-policy=7D
dailyrun:backup:INFO: backup-level=0
dailyrun:backup:INFO: all-databases=1
dailyrun:backup:INFO: destination=/srv/mysql-zrm
dailyrun:backup:INFO: mailto=me@example.com
dailyrun:backup:INFO: socket=/var/run/mysqld/mysqld.sock
dailyrun:backup:INFO: snapshot-plugin=/usr/share/mysql-zrm/plugins/lvm-snapshot.pl
dailyrun:backup:INFO: password=******
dailyrun:backup:INFO: backup-mode=logical
dailyrun:backup:INFO: comment=Daily MySQL
dailyrun:backup:INFO: user=dbbackup
dailyrun:backup:INFO: compress=
dailyrun:backup:INFO: mysql-binlog-path=/var/log/mysql
dailyrun:backup:INFO: }
dailyrun:backup:INFO: Getting mysql variables
dailyrun:backup:INFO: mysqladmin --user="dbbackup" --password="*****" --socket="/var/run/mysqld/mysqld.sock" variables
dailyrun:backup:ERROR: Command returned error
dailyrun:backup:ERROR: Output of command: 'mysqladmin --user="dbbackup" --password="*****" --socket="/var/run/mysqld/mysqld.sock" variables' is {
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'dbbackup'@'localhost' (using password: YES)'
}
dailyrun:backup:ERROR: Cannot connect to mysql server!
dailyrun:backup:INFO: mailing file /tmp/DwEBwzvsID
dailyrun:backup:INFO: mail command is cat "/tmp/DwEBwzvsID"|mail -s "[ZRM for MySQL Report] ERROR during backup of backup-set dailyrun" me@example.com


However, using the same password as defined in the config file used (copy/paste), I can grab the variables with mysqladmin manually.



$ mysqladmin --user="dbbackup" --password="*****" --socket="/var/run/mysqld/mysqld.sock" variables
+---------------------------------+---------------------------------------------------------+
| Variable_name | Value |
+---------------------------------+---------------------------------------------------------+
| auto_increment_increment | 1 |
... snip ...

zmanda_jacob
August 27th, 2008, 12:49 PM
Can you try setting verbose=1 in your mysql-zrm.conf file and see if it gives you some additional information to troubleshoot with? Also, what are the privileges of the dbbackup user? As in what grant statement did you use(minus the password of course).

Muerr
August 27th, 2008, 05:25 PM
The run I pasted output from had the --verbose flag. I added verbose=1 to the config file and there was no change in the results.

Here is the statement from my grants.sql file that sets up the user.



GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'dbbackup'@'localhost' IDENTIFIED BY '*****' WITH GRANT OPTION;


Here's the user entry from the users table.



+-----------+----------+-----------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
| Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections |
+-----------+----------+-----------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+
| localhost | dbbackup | *************** | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 |
+-----------+----------+-----------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+

zmanda_jacob
August 28th, 2008, 12:30 PM
It looks like the permissions are correct. As a test can you set the privileges to 'dbbackup'@'%' and run it again?

The ZRM simply executes the mysqladmin command as displayed in the log file as the mysql user, so if you can execute that exact command as the mysql user and have it work then there isn't any reason why the ZRM wouldn't work with it because it uses the same command.

Muerr
August 28th, 2008, 03:56 PM
I did the mysqladmin variables command as the mysql user. That worked fine:



$ sudo su - mysql
Password:
-bash-3.2$ mysqladmin -u dbbackup -p variables
Enter password: same password
+---------------------------------+---------------------------------------------------------+
| Variable_name | Value |
+---------------------------------+---------------------------------------------------------+
other stuff snipped


I added @'%' for the user and the mysql-zrm still fails. Note that in the error message it mentions user@localhost, not user@%...

kulkarni_mangesh
August 29th, 2008, 01:05 AM
Does backup user “dbbackup” password contains any characters other than a-z A-Z 0-9 _ - / . = " ' ; + * and space ? If yes please set password which contains only these characters ( a-z A-Z 0-9 _ - / . = " ' ; + * and space ) and try.

Muerr
August 29th, 2008, 08:41 AM
I had @ and # in the password. I replaced both with different characters and mysql-zrm is fine, the backup completed. Thank you.

That doesn't make sense though because those characters are not an issue for me running mysqladmin with the same user and password. I can't seem to find a source on mysql.com stating what the valid characters for passwords are, but whatever those might be, I think ZRM should use the same characters.

kulkarni_mangesh
August 29th, 2008, 09:09 PM
This check is performed by ZRM not by MySQL. Due to security reason this might have done. Passing such characters through a network socket, might open shell for the user, as these characters might be treated as special ones on some platforms.