mirror of
https://github.com/MariaDB/server.git
synced 2025-06-04 18:03:14 +03:00
352d27ce36
Fixes also MDEV-13488: InnoDB writes CRYPT_INFO even though encryption is not enabled. Problem was that we created encryption metadata (crypt_data) for system tablespace even when no encryption was enabled and too early. System tablespace can be encrypted only using key rotation. Test innodb-key-rotation-disable, innodb_encryption, innodb_lotoftables require adjustment because INFORMATION_SCHEMA INNODB_TABLESPACES_ENCRYPTION contain row only if tablespace really has encryption metadata. fil_crypt_set_thread_cnt: Send message to background encryption threads if they exits when they are ready. This is required to find tablespaces requiring key rotation if no other changes happen. fil_crypt_find_space_to_rotate: Decrease the amount of time waiting when nothing happens to better enable key rotation on startup. fsp_header_init: Write encryption metadata to page 0 only if tablespace is encrypted or encryption is disabled by table option. i_s_dict_fill_tablespaces_encryption : Skip tablespaces that do not contain encryption metadata. This is required to avoid too early wait condition trigger in encrypted -> unencrypted state transfer. open_or_create_data_files: Do not create encryption metadata by default to system tablespace.
241 lines
6.8 KiB
Plaintext
241 lines
6.8 KiB
Plaintext
-- source include/have_innodb.inc
|
|
-- source include/have_example_key_management_plugin.inc
|
|
-- source include/big_test.inc
|
|
|
|
# embedded does not support restart
|
|
-- source include/not_embedded.inc
|
|
|
|
--disable_query_log
|
|
let $innodb_file_format_orig = `SELECT @@innodb_file_format`;
|
|
let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`;
|
|
let $innodb_encryption_threads_orig = `SELECT @@global.innodb_encryption_threads`;
|
|
--enable_query_log
|
|
|
|
# empty the change buffer and the undo logs to avoid extra reads
|
|
SET GLOBAL innodb_fast_shutdown=0;
|
|
--source include/restart_mysqld.inc
|
|
|
|
SET GLOBAL innodb_file_format = `Barracuda`;
|
|
SET GLOBAL innodb_file_per_table = ON;
|
|
|
|
SHOW VARIABLES LIKE 'innodb_encrypt%';
|
|
|
|
#
|
|
# This will create 100 tables where that could be
|
|
# encrypted an unencrypt
|
|
#
|
|
create database innodb_encrypted_1;
|
|
use innodb_encrypted_1;
|
|
show status like 'innodb_pages0_read%';
|
|
set autocommit=0;
|
|
let $tables = 100;
|
|
|
|
--disable_query_log
|
|
while ($tables)
|
|
{
|
|
eval create table t_$tables (a int not null primary key, b varchar(200)) engine=innodb
|
|
stats_persistent=0;
|
|
commit;
|
|
let $rows = 100;
|
|
while($rows)
|
|
{
|
|
eval insert into t_$tables values ($rows, substring(MD5(RAND()), -64));
|
|
dec $rows;
|
|
}
|
|
commit;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
|
|
set autocommit=1;
|
|
commit work;
|
|
show status like 'innodb_pages0_read%';
|
|
#
|
|
# Verify
|
|
#
|
|
--echo # should be empty
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'innodb_encrypted%';
|
|
|
|
#
|
|
# This will create 100 tables that are encrypted always
|
|
#
|
|
create database innodb_encrypted_2;
|
|
use innodb_encrypted_2;
|
|
show status like 'innodb_pages0_read%';
|
|
set autocommit=0;
|
|
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval create table t_$tables (a int not null primary key, b varchar(200)) engine=innodb
|
|
stats_persistent=0 encrypted=yes;
|
|
commit;
|
|
let $rows = 100;
|
|
while($rows)
|
|
{
|
|
eval insert into t_$tables values ($rows, substring(MD5(RAND()), -64));
|
|
dec $rows;
|
|
}
|
|
commit;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
|
|
commit work;
|
|
set autocommit=1;
|
|
show status like 'innodb_pages0_read%';
|
|
#
|
|
# Verify
|
|
#
|
|
--echo # should contain 100 tables
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
--echo # should contain 0 tables
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
#
|
|
# This will create 100 tables that are not encrypted
|
|
#
|
|
create database innodb_encrypted_3;
|
|
use innodb_encrypted_3;
|
|
show status like 'innodb_pages0_read%';
|
|
set autocommit=0;
|
|
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval create table t_$tables (a int not null primary key, b varchar(200)) engine=innodb
|
|
stats_persistent=0 encrypted=no;
|
|
commit;
|
|
let $rows = 100;
|
|
while($rows)
|
|
{
|
|
eval insert into t_$tables values ($rows, substring(MD5(RAND()), -64));
|
|
dec $rows;
|
|
}
|
|
commit;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
|
|
commit work;
|
|
set autocommit=1;
|
|
show status like 'innodb_pages0_read%';
|
|
#
|
|
# Verify
|
|
#
|
|
--echo # should contain 100 tables
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
--echo # should contain 100 tables
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
use test;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
SET GLOBAL innodb_encrypt_tables = on;
|
|
SET GLOBAL innodb_encryption_threads=4;
|
|
|
|
--let $wait_timeout= 600
|
|
--let $wait_condition=SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
|
|
--source include/wait_condition.inc
|
|
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
--echo # Success!
|
|
--echo # Restart mysqld --innodb_encrypt_tables=0 --innodb_encryption_threads=0
|
|
-- let $restart_parameters=--innodb_encrypt_tables=0 --innodb_encryption_threads=0
|
|
-- source include/restart_mysqld.inc
|
|
|
|
--echo # Restart Success!
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
use test;
|
|
show status like 'innodb_pages0_read%';
|
|
use innodb_encrypted_1;
|
|
show status like 'innodb_pages0_read%';
|
|
use innodb_encrypted_2;
|
|
show status like 'innodb_pages0_read%';
|
|
use innodb_encrypted_3;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
use innodb_encrypted_1;
|
|
show status like 'innodb_pages0_read%';
|
|
--disable_result_log
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval select * from t_$tables;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
--enable_result_log
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
use innodb_encrypted_2;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
--disable_result_log
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval select * from t_$tables;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
--enable_result_log
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
use innodb_encrypted_3;
|
|
show status like 'innodb_pages0_read%';
|
|
--disable_result_log
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval select * from t_$tables;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
--enable_result_log
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
SET GLOBAL innodb_encrypt_tables = off;
|
|
SET GLOBAL innodb_encryption_threads=4;
|
|
|
|
--let $wait_timeout= 600
|
|
--let $wait_condition=SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
|
|
--source include/wait_condition.inc
|
|
|
|
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
#
|
|
# Cleanup
|
|
#
|
|
use test;
|
|
drop database innodb_encrypted_1;
|
|
drop database innodb_encrypted_2;
|
|
drop database innodb_encrypted_3;
|
|
|
|
--disable_query_log
|
|
EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig;
|
|
EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig;
|
|
EVAL SET GLOBAL innodb_encryption_threads = $innodb_encryption_threads_orig;
|
|
--enable_query_log
|