diff options
| author | Jan Lindström <jan.lindstrom@mariadb.com> | 2017-02-02 15:35:26 +0200 |
|---|---|---|
| committer | Jan Lindström <jan.lindstrom@mariadb.com> | 2017-02-02 15:48:41 +0200 |
| commit | af6646ace3f243fa82537abb16f56d2ea42a3d06 (patch) | |
| tree | ddc5199a58a9b6350112fd5cc279722b94ab21f8 /mysql-test/suite/encryption/t/innodb-key-rotation-disable.test | |
| parent | bc4686f0f4d17dc57dd727c9f5390caa3022bdca (diff) | |
| download | mariadb-git-10.1-MDEV-11738.tar.gz | |
MDEV-11738: Mariadb uses 100% of several of my 8 cpus doing nothing10.1-MDEV-11738
MDEV-11581: Mariadb starts innodb encryption threads
when key has not changed or data scrubbing turned off
Introduce a new configuration variable innodb-encryption-keyrotation
that is by default ON (key rotation is done periodially). If set
OFF there is no periodical key rotation. If key rotation is
disabled we do not allow changing innodb-encrypt-tables as
it would not have any effect.
When a new tables are created they are added to list of tablespaces
needing key rotation and encryption threads are informed this
by setting an event. Encryption threads do not periodically
iterate all tablespaces on fil_system, instead they wait unil
event is received.
When event is received only tablespaces on key rotation list
are iterated and if necessary encryption for them is started.
Similarly scrubbing is done only if scrubbing is enabled.
fil0crypt.cc: Introduced a vector where new tablespaces
requiring encryption are added. New functions
fil_crypt_add_space_to_keyrotation will add tablespace
to vector and fil_crypt_get_space_from_keyrotaion()
will get tablespace from vector if any are present.
fil_crypt_set_keyrotation() is new function to set
value for global configuration variable.
fil_crypt_find_space_to_rotate(): if key rotation
is enabled look tablespaces from fil_system and if not
look only from key rotation vector.
fil0fil.cc: fil_create_new_single_table_tablespace()
if table requires key rotation add tablespace
to vector.
ha_innodb.cc: add innodb-encryption-keyrotation
global configuration parameter and method to
update its value. Issue error if innodb-encrypt-tables
is tried to change when key rotation is disabled.
srv0srv.h, srv0srv.cc: Add status variable to contain the
key rotation vector length.
Diffstat (limited to 'mysql-test/suite/encryption/t/innodb-key-rotation-disable.test')
| -rw-r--r-- | mysql-test/suite/encryption/t/innodb-key-rotation-disable.test | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test new file mode 100644 index 00000000000..3ad80c8f87d --- /dev/null +++ b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test @@ -0,0 +1,95 @@ +-- source include/have_innodb.inc +-- source include/have_file_key_management_plugin.inc + +SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; + +--disable_query_log +--disable_warnings +let $innodb_compression_algorithm_orig=`SELECT @@innodb_compression_algorithm`; +let $innodb_file_format_orig = `SELECT @@innodb_file_format`; +let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`; +let $encryption = `SELECT @@innodb_encrypt_tables`; +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; +# zlib +set global innodb_compression_algorithm = 1; +--enable_warnings +--enable_query_log + +create database enctests; +use enctests; +create table t1(a int not null primary key, b char(200)) engine=innodb; +create table t2(a int not null primary key, b char(200)) engine=innodb row_format=compressed; +create table t3(a int not null primary key, b char(200)) engine=innodb page_compressed=yes; +create table t4(a int not null primary key, b char(200)) engine=innodb encrypted=yes; +create table t5(a int not null primary key, b char(200)) engine=innodb encrypted=yes row_format=compressed; +create table t6(a int not null primary key, b char(200)) engine=innodb encrypted=yes page_compressed=yes; +create table t7(a int not null primary key, b char(200)) engine=innodb encrypted=no; +create table t8(a int not null primary key, b char(200)) engine=innodb encrypted=no row_format=compressed; +create table t9(a int not null primary key, b char(200)) engine=innodb encrypted=no page_compressed=yes; + +insert into t1 values (1, 'secredmessage'); +insert into t2 values (1, 'secredmessage'); +insert into t3 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); +insert into t4 values (1, 'secredmessage'); +insert into t5 values (1, 'secredmessage'); +insert into t6 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); +insert into t7 values (1, 'publicmessage'); +insert into t8 values (1, 'publicmessage'); +insert into t9 values (1, 'pugliccompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); + +--echo # should list tables t1-t6 +SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'enctests%'; +--echo # should list tables t7-t9 +SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 and NAME LIKE 'enctests%'; + +--error 1231 +SET GLOBAL innodb_encrypt_tables=OFF; +--error 1231 +SET GLOBAL innodb_encrypt_tables=ON; + +--let $MYSQLD_DATADIR=`select @@datadir` +--let t1_IBD = $MYSQLD_DATADIR/enctests/t1.ibd +--let t2_IBD = $MYSQLD_DATADIR/enctests/t2.ibd +--let t3_IBD = $MYSQLD_DATADIR/enctests/t3.ibd +--let t4_IBD = $MYSQLD_DATADIR/enctests/t4.ibd +--let t5_IBD = $MYSQLD_DATADIR/enctests/t5.ibd +--let t6_IBD = $MYSQLD_DATADIR/enctests/t6.ibd +--let t7_IBD = $MYSQLD_DATADIR/enctests/t7.ibd +--let t8_IBD = $MYSQLD_DATADIR/enctests/t8.ibd +--let t9_IBD = $MYSQLD_DATADIR/enctests/t9.ibd +--let SEARCH_RANGE = 10000000 +--let SEARCH_PATTERN=secred +--echo # t1 default on expecting NOT FOUND +-- let SEARCH_FILE=$t1_IBD +-- source include/search_pattern_in_file.inc +--echo # t2 default on expecting NOT FOUND +-- let SEARCH_FILE=$t2_IBD +-- source include/search_pattern_in_file.inc +--echo # t3 default on expecting NOT FOUND +-- let SEARCH_FILE=$t3_IBD +-- source include/search_pattern_in_file.inc +--echo # t4 on expecting NOT FOUND +-- let SEARCH_FILE=$t4_IBD +-- source include/search_pattern_in_file.inc +--echo # t5 on expecting NOT FOUND +-- let SEARCH_FILE=$t5_IBD +-- source include/search_pattern_in_file.inc +--echo # t6 on expecting NOT FOUND +-- let SEARCH_FILE=$t6_IBD +-- source include/search_pattern_in_file.inc +--let SEARCH_PATTERN=public + +use test; +drop database enctests; +# reset system + +--disable_query_log +--disable_warnings +EVAL SET GLOBAL innodb_compression_algorithm = $innodb_compression_algorithm_orig; +EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig; +EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig; +set global innodb_compression_algorithm = DEFAULT; +--enable_warnings +--enable_query_log |