forked from percona/percona-server
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PS-5476: Report error when redo log encryption is requested without a…
… keyring Issue: when the server is started without a keyring, the redo log encryption checks were never performed, redo log encryption wasn't initialized, but the setting was left on, misleading the user. Later operations which triggered this check could possibly fail. Issue #2: redo log encryption didn't work properly when it was turned on using the command line: in some cases, the redo log remained unencrypted (until another operation triggered the redo log encryption setup methods to be called again) Both issues were caused by the refactoring of the periodic, once every second encryption checks in upstream, in PS-5189. This commit: * changes the code so redo log encryption routines are called at least twice during every startup with the encryption settings on. This fixes issue #2. * changes the code so redo log encryption routines are called at least once during every startup, even without a keyring, or a read-only server: this fixes issues #1 * adds a test ensuring that in an invalid configuration (without a keyring) the the server remains running, but the redo log encryption setting correctly displays the OFF status * adds a test ensuring that when the redo log is correctly configured (using the dynamic variable or a command line parameter) the log is encrypted, and no unencrypted data is present in it. * backports additional redo log related bugfixes/refactorings from 8.0 (92198f4). The original commit contains fixes for both the redo and the undo log, the backport only includes the redo log related parts refactored to match our changes.
- Loading branch information
Showing
21 changed files
with
365 additions
and
154 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# InnoDB transparent tablespace data encryption | ||
# This test case will verify that no unencrypted data is in the logs | ||
|
||
--source include/no_valgrind_without_big.inc | ||
--source include/have_innodb.inc | ||
--source include/not_embedded.inc | ||
|
||
# Test: command line parameter | ||
|
||
--let ABORT_ON=FOUND | ||
--source include/percona_log_encrypt_content_test.inc | ||
|
||
# Test: variable | ||
|
||
# Restart the server with keyring loaded | ||
--let restart_parameters="restart:$KEYRING_PARAMS" | ||
--source include/restart_mysqld_no_echo.inc | ||
|
||
--eval SET GLOBAL innodb_redo_log_encrypt=$LOG_ENCRYPT_TYPE | ||
|
||
--source include/percona_log_encrypt_content_test.inc | ||
|
||
# Restart the server with keyring loaded | ||
--let restart_parameters="restart:$KEYRING_PARAMS" | ||
--source include/restart_mysqld_no_echo.inc | ||
SET GLOBAL innodb_redo_log_encrypt=OFF; | ||
|
||
--let ABORT_ON=NOT_FOUND | ||
--source include/percona_log_encrypt_content_test.inc | ||
|
||
# Cleanup | ||
--eval SET GLOBAL innodb_redo_log_encrypt=$LOG_ENCRYPT_TYPE | ||
--remove_file $MYSQL_TMP_DIR/mysecret_keyring_content | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
|
||
CREATE TABLE t1(c1 INT, c2 char(20)) ENGINE = InnoDB; | ||
|
||
INSERT INTO t1 VALUES(0, "asdfghjkl"); | ||
INSERT INTO t1 VALUES(1, "qwertyuio"); | ||
INSERT INTO t1 VALUES(2, "zxcvbnm"); | ||
|
||
# Check file content | ||
--let $MYSQLD_DATADIR= `select @@datadir` | ||
--let SEARCH_PATTERN= asdfghjkl | ||
-- let SEARCH_FILE= $MYSQLD_DATADIR/ib_logfile0 | ||
-- source include/search_pattern_in_file.inc | ||
|
||
DROP TABLE t1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
mysql-test/suite/innodb/r/percona_log_encrypt_content_mk.result
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
CREATE TABLE t1(c1 INT, c2 char(20)) ENGINE = InnoDB; | ||
INSERT INTO t1 VALUES(0, "asdfghjkl"); | ||
INSERT INTO t1 VALUES(1, "qwertyuio"); | ||
INSERT INTO t1 VALUES(2, "zxcvbnm"); | ||
DROP TABLE t1; | ||
SET GLOBAL innodb_redo_log_encrypt=MASTER_KEY; | ||
CREATE TABLE t1(c1 INT, c2 char(20)) ENGINE = InnoDB; | ||
INSERT INTO t1 VALUES(0, "asdfghjkl"); | ||
INSERT INTO t1 VALUES(1, "qwertyuio"); | ||
INSERT INTO t1 VALUES(2, "zxcvbnm"); | ||
DROP TABLE t1; | ||
SET GLOBAL innodb_redo_log_encrypt=OFF; | ||
CREATE TABLE t1(c1 INT, c2 char(20)) ENGINE = InnoDB; | ||
INSERT INTO t1 VALUES(0, "asdfghjkl"); | ||
INSERT INTO t1 VALUES(1, "qwertyuio"); | ||
INSERT INTO t1 VALUES(2, "zxcvbnm"); | ||
DROP TABLE t1; | ||
SET GLOBAL innodb_redo_log_encrypt=MASTER_KEY; |
18 changes: 18 additions & 0 deletions
18
mysql-test/suite/innodb/r/percona_log_encrypt_content_rk.result
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
CREATE TABLE t1(c1 INT, c2 char(20)) ENGINE = InnoDB; | ||
INSERT INTO t1 VALUES(0, "asdfghjkl"); | ||
INSERT INTO t1 VALUES(1, "qwertyuio"); | ||
INSERT INTO t1 VALUES(2, "zxcvbnm"); | ||
DROP TABLE t1; | ||
SET GLOBAL innodb_redo_log_encrypt=KEYRING_KEY; | ||
CREATE TABLE t1(c1 INT, c2 char(20)) ENGINE = InnoDB; | ||
INSERT INTO t1 VALUES(0, "asdfghjkl"); | ||
INSERT INTO t1 VALUES(1, "qwertyuio"); | ||
INSERT INTO t1 VALUES(2, "zxcvbnm"); | ||
DROP TABLE t1; | ||
SET GLOBAL innodb_redo_log_encrypt=OFF; | ||
CREATE TABLE t1(c1 INT, c2 char(20)) ENGINE = InnoDB; | ||
INSERT INTO t1 VALUES(0, "asdfghjkl"); | ||
INSERT INTO t1 VALUES(1, "qwertyuio"); | ||
INSERT INTO t1 VALUES(2, "zxcvbnm"); | ||
DROP TABLE t1; | ||
SET GLOBAL innodb_redo_log_encrypt=KEYRING_KEY; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
call mtr.add_suppression("Encryption can't find master key, please check the keyring plugin is loaded."); | ||
call mtr.add_suppression("Can't set redo log tablespace to be encrypted."); | ||
select @@innodb_redo_log_encrypt; | ||
@@innodb_redo_log_encrypt | ||
off | ||
Pattern "Can't set redo log tablespace to be encrypted." found | ||
Pattern "Encryption can't find master key, please check the keyring plugin is loaded." found |
4 changes: 4 additions & 0 deletions
4
mysql-test/suite/innodb/t/percona_log_encrypt_content_mk-master.opt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
$KEYRING_PLUGIN_OPT | ||
$KEYRING_PLUGIN_EARLY_LOAD | ||
--loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring_content | ||
--innodb_redo_log_encrypt=MASTER_KEY |
2 changes: 2 additions & 0 deletions
2
mysql-test/suite/innodb/t/percona_log_encrypt_content_mk.test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--let LOG_ENCRYPT_TYPE=MASTER_KEY | ||
--source include/percona_log_encrypt_content.inc |
4 changes: 4 additions & 0 deletions
4
mysql-test/suite/innodb/t/percona_log_encrypt_content_rk-master.opt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
$KEYRING_PLUGIN_OPT | ||
$KEYRING_PLUGIN_EARLY_LOAD | ||
--loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring_content | ||
--innodb_redo_log_encrypt=KEYRING_KEY |
2 changes: 2 additions & 0 deletions
2
mysql-test/suite/innodb/t/percona_log_encrypt_content_rk.test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--let LOG_ENCRYPT_TYPE=KEYRING_KEY | ||
--source include/percona_log_encrypt_content.inc |
1 change: 1 addition & 0 deletions
1
mysql-test/suite/innodb/t/percona_log_encrypt_failure-master.opt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
--innodb-redo-log-encrypt=MASTER_KEY |
11 changes: 11 additions & 0 deletions
11
mysql-test/suite/innodb/t/percona_log_encrypt_failure.test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
call mtr.add_suppression("Encryption can't find master key, please check the keyring plugin is loaded."); | ||
call mtr.add_suppression("Can't set redo log tablespace to be encrypted."); | ||
select @@innodb_redo_log_encrypt; | ||
|
||
|
||
--let SEARCH_FILE= $MYSQLTEST_VARDIR/log/mysqld.1.err | ||
--let SEARCH_PATTERN=Can't set redo log tablespace to be encrypted. | ||
--source include/search_pattern.inc | ||
--let SEARCH_PATTERN=Encryption can't find master key, please check the keyring plugin is loaded. | ||
--source include/search_pattern.inc | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.