SET @start_global_value = @@global.innodb_encryption_threads;
SET GLOBAL innodb_file_format = `Barracuda`;
SET GLOBAL innodb_file_per_table = ON;
SHOW VARIABLES LIKE 'innodb_encrypt%';
Variable_name	Value
innodb_encrypt_log	ON
innodb_encrypt_tables	OFF
innodb_encryption_rotate_key_age	15
innodb_encryption_rotation_iops	100
innodb_encryption_threads	0
DESCRIBE INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
Field	Type	Null	Key	Default	Extra
SPACE	int(11) unsigned	NO		0	
NAME	varchar(655)	YES		NULL	
ENCRYPTION_SCHEME	int(11) unsigned	NO		0	
KEYSERVER_REQUESTS	int(11) unsigned	NO		0	
MIN_KEY_VERSION	int(11) unsigned	NO		0	
CURRENT_KEY_VERSION	int(11) unsigned	NO		0	
KEY_ROTATION_PAGE_NUMBER	bigint(21) unsigned	YES		NULL	
KEY_ROTATION_MAX_PAGE_NUMBER	bigint(21) unsigned	YES		NULL	
create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb;
create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact;
create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic;
create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed;
create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant;
create procedure innodb_insert_proc (repeat_count int)
begin
declare current_num int;
set current_num = 0;
while current_num < repeat_count do
insert into innodb_normal values(current_num, substring(MD5(RAND()), -64));
set current_num = current_num + 1;
end while;
end//
commit;
set autocommit=0;
call innodb_insert_proc(2000);
commit;
set autocommit=1;
insert into innodb_compact select * from innodb_normal;
insert into innodb_dynamic select * from innodb_normal;
insert into innodb_compressed select * from innodb_normal;
insert into innodb_redundant select * from innodb_normal;
" Start encrypt tablespaces
SET GLOBAL innodb_encrypt_tables = on;
SET GLOBAL innodb_encryption_threads = 4;
# Wait max 5 min for key encryption threads to encrypt one space
# Success!
# Wait max 10 min for key encryption threads to encrypt all space
# Success!
# Now turn off encryption and wait for threads to decrypt everything
SET GLOBAL innodb_encrypt_tables = off;
set GLOBAL encryption_algorithm = aes_cbc;
# Wait max 10 min for key encryption threads to decrypt all space
# Success!
# Shutdown innodb_encryption_threads
SET GLOBAL innodb_encryption_threads=0;
# Turn on encryption
# since threads are off tables should remain unencrypted
SET GLOBAL innodb_encrypt_tables = on;
# Wait 15s to check that nothing gets encrypted
# Success!
# Startup innodb_encryption_threads
SET GLOBAL innodb_encryption_threads=4;
# Wait 1 min to check that it start encrypting again
# Success!
# Wait max 10 min for key encryption threads to decrypt all space
# Success!
SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted';
variable_value >= 0
1
SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted';
variable_value >= 0
1
SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed';
variable_value > 0
0
SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed';
variable_value > 0
0
drop procedure innodb_insert_proc;
drop table innodb_normal;
drop table innodb_compact;
drop table innodb_dynamic;
drop table innodb_compressed;
drop table innodb_redundant;