diff options
| author | Jan Lindström <jan.lindstrom@mariadb.com> | 2017-08-29 14:23:34 +0300 |
|---|---|---|
| committer | Jan Lindström <jan.lindstrom@mariadb.com> | 2017-08-29 14:23:34 +0300 |
| commit | 352d27ce36bc807f0c3c803e192ad1851f7f86a0 (patch) | |
| tree | 8b667bf665f6721f722850e8f22b94e59c171bdf /mysql-test/suite/encryption/r/innodb_encryption.result | |
| parent | dda40b930498b70bb5546f857b27744039a5649d (diff) | |
| download | mariadb-git-352d27ce36bc807f0c3c803e192ad1851f7f86a0.tar.gz | |
MDEV-13557: Startup failure, unable to decrypt ibdata1
Fixes also MDEV-13488: InnoDB writes CRYPT_INFO even though
encryption is not enabled.
Problem was that we created encryption metadata (crypt_data) for
system tablespace even when no encryption was enabled and too early.
System tablespace can be encrypted only using key rotation.
Test innodb-key-rotation-disable, innodb_encryption, innodb_lotoftables
require adjustment because INFORMATION_SCHEMA INNODB_TABLESPACES_ENCRYPTION
contain row only if tablespace really has encryption metadata.
fil_crypt_set_thread_cnt: Send message to background encryption threads
if they exits when they are ready. This is required to find tablespaces
requiring key rotation if no other changes happen.
fil_crypt_find_space_to_rotate: Decrease the amount of time waiting
when nothing happens to better enable key rotation on startup.
fsp_header_init: Write encryption metadata to page 0 only if tablespace is
encrypted or encryption is disabled by table option.
i_s_dict_fill_tablespaces_encryption : Skip tablespaces that do not
contain encryption metadata. This is required to avoid too early
wait condition trigger in encrypted -> unencrypted state transfer.
open_or_create_data_files: Do not create encryption metadata
by default to system tablespace.
Diffstat (limited to 'mysql-test/suite/encryption/r/innodb_encryption.result')
| -rw-r--r-- | mysql-test/suite/encryption/r/innodb_encryption.result | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/mysql-test/suite/encryption/r/innodb_encryption.result b/mysql-test/suite/encryption/r/innodb_encryption.result index ce494098d44..9194412133d 100644 --- a/mysql-test/suite/encryption/r/innodb_encryption.result +++ b/mysql-test/suite/encryption/r/innodb_encryption.result @@ -8,25 +8,22 @@ innodb_encrypt_tables ON innodb_encryption_rotate_key_age 15 innodb_encryption_rotation_iops 100 innodb_encryption_threads 4 -DESCRIBE INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION; -Field Type Null Key Default Extra -SPACE int(11) unsigned NO 0 -NAME varchar(655) YES NULL -ENCRYPTION_SCHEME int(11) unsigned NO 0 -KEYSERVER_REQUESTS int(11) unsigned NO 0 -MIN_KEY_VERSION int(11) unsigned NO 0 -CURRENT_KEY_VERSION int(11) unsigned NO 0 -KEY_ROTATION_PAGE_NUMBER bigint(21) unsigned YES NULL -KEY_ROTATION_MAX_PAGE_NUMBER bigint(21) unsigned YES NULL -CURRENT_KEY_ID int(11) unsigned NO 0 -ROTATING_OR_FLUSHING int(1) unsigned NO 0 -# Wait max 5 min for key encryption threads to encrypt one space -# Success! -# Wait max 10 min for key encryption threads to encrypt all space +SET GLOBAL innodb_encrypt_tables = ON; +# Wait max 10 min for key encryption threads to encrypt all spaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +NAME +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +NAME +./ibdata1 # Success! # Now turn off encryption and wait for threads to decrypt everything SET GLOBAL innodb_encrypt_tables = off; -# Wait max 10 min for key encryption threads to decrypt all space +# Wait max 10 min for key encryption threads to encrypt all spaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +NAME +./ibdata1 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +NAME # Success! # Shutdown innodb_encryption_threads SET GLOBAL innodb_encryption_threads=0; @@ -34,16 +31,20 @@ SET GLOBAL innodb_encryption_threads=0; # since threads are off tables should remain unencrypted SET GLOBAL innodb_encrypt_tables = on; # Wait 15s to check that nothing gets encrypted +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +NAME +./ibdata1 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +NAME # Success! # Startup innodb_encryption_threads SET GLOBAL innodb_encryption_threads=@start_global_value; -# Wait 1 min to check that it start encrypting again -# Success! -# -# Check that restart with encryption turned off works -# even if spaces are encrypted -# -# First wait max 10 min for key encryption threads to encrypt all spaces +# Wait max 10 min for key encryption threads to encrypt all spaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +NAME +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +NAME +./ibdata1 # Success! # Restart mysqld --innodb_encrypt_tables=0 --innodb_encryption_threads=0 SHOW VARIABLES LIKE 'innodb_encrypt%'; @@ -53,9 +54,8 @@ innodb_encrypt_tables OFF innodb_encryption_rotate_key_age 15 innodb_encryption_rotation_iops 100 innodb_encryption_threads 0 -SELECT COUNT(*) > 0 as should_be_1 -FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION -WHERE MIN_KEY_VERSION <> 0; -should_be_1 -1 -# Restart mysqld again...with default options +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +NAME +./ibdata1 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +NAME |