mirror of
https://github.com/MariaDB/server.git
synced 2025-08-30 11:22:14 +03:00
2bedc3978b
Analysis: By design InnoDB was reading first page of every .ibd file at startup to find out is tablespace encrypted or not. This is because tablespace could have been encrypted always, not encrypted newer or encrypted based on configuration and this information can be find realible only from first page of .ibd file. Fix: Do not read first page of every .ibd file at startup. Instead whenever tablespace is first time accedded we will read the first page to find necessary information about tablespace encryption status. TODO: Add support for SYS_TABLEOPTIONS where all table options encryption information included will be stored.
275 lines
7.5 KiB
Plaintext
275 lines
7.5 KiB
Plaintext
-- source include/have_innodb.inc
|
|
-- source include/have_example_key_management_plugin.inc
|
|
-- source include/big_test.inc
|
|
|
|
# embedded does not support restart
|
|
-- source include/not_embedded.inc
|
|
|
|
--disable_query_log
|
|
let $innodb_file_format_orig = `SELECT @@innodb_file_format`;
|
|
let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`;
|
|
let $innodb_encryption_threads_orig = `SELECT @@global.innodb_encryption_threads`;
|
|
--enable_query_log
|
|
|
|
SET GLOBAL innodb_file_format = `Barracuda`;
|
|
SET GLOBAL innodb_file_per_table = ON;
|
|
|
|
SHOW VARIABLES LIKE 'innodb_encrypt%';
|
|
|
|
#
|
|
# This will create 100 tables where that could be
|
|
# encrypted an unencrypt
|
|
#
|
|
create database innodb_encrypted_1;
|
|
use innodb_encrypted_1;
|
|
show status like 'innodb_pages0_read%';
|
|
set autocommit=0;
|
|
let $tables = 100;
|
|
|
|
--disable_query_log
|
|
while ($tables)
|
|
{
|
|
eval create table t_$tables (a int not null primary key, b varchar(200)) engine=innodb;
|
|
commit;
|
|
let $rows = 100;
|
|
while($rows)
|
|
{
|
|
eval insert into t_$tables values ($rows, substring(MD5(RAND()), -64));
|
|
dec $rows;
|
|
}
|
|
commit;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
|
|
set autocommit=1;
|
|
commit work;
|
|
show status like 'innodb_pages0_read%';
|
|
#
|
|
# Verify
|
|
#
|
|
--echo # should be 100
|
|
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'innodb_encrypted%';
|
|
|
|
#
|
|
# This will create 100 tables that are encrypted always
|
|
#
|
|
create database innodb_encrypted_2;
|
|
use innodb_encrypted_2;
|
|
show status like 'innodb_pages0_read%';
|
|
set autocommit=0;
|
|
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval create table t_$tables (a int not null primary key, b varchar(200)) engine=innodb encrypted=yes;
|
|
commit;
|
|
let $rows = 100;
|
|
while($rows)
|
|
{
|
|
eval insert into t_$tables values ($rows, substring(MD5(RAND()), -64));
|
|
dec $rows;
|
|
}
|
|
commit;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
|
|
commit work;
|
|
set autocommit=1;
|
|
show status like 'innodb_pages0_read%';
|
|
#
|
|
# Verify
|
|
#
|
|
--echo # should be 100
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
|
|
--echo # should be 100
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
|
|
|
|
#
|
|
# This will create 100 tables that are not encrypted
|
|
#
|
|
create database innodb_encrypted_3;
|
|
use innodb_encrypted_3;
|
|
show status like 'innodb_pages0_read%';
|
|
set autocommit=0;
|
|
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval create table t_$tables (a int not null primary key, b varchar(200)) engine=innodb encrypted=no;
|
|
commit;
|
|
let $rows = 100;
|
|
while($rows)
|
|
{
|
|
eval insert into t_$tables values ($rows, substring(MD5(RAND()), -64));
|
|
dec $rows;
|
|
}
|
|
commit;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
|
|
commit work;
|
|
set autocommit=1;
|
|
show status like 'innodb_pages0_read%';
|
|
#
|
|
# Verify
|
|
#
|
|
--echo # should be 100
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
|
|
--echo # should be 200
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
|
|
|
|
use test;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
|
|
|
|
SET GLOBAL innodb_encrypt_tables = on;
|
|
SET GLOBAL innodb_encryption_threads=4;
|
|
|
|
--echo # Wait until all encrypted tables have been encrypted
|
|
let $cnt=600;
|
|
while ($cnt)
|
|
{
|
|
let $success=`SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`;
|
|
if ($success)
|
|
{
|
|
let $cnt=0;
|
|
}
|
|
if (!$success)
|
|
{
|
|
real_sleep 1;
|
|
dec $cnt;
|
|
}
|
|
}
|
|
if (!$success)
|
|
{
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
|
|
SHOW STATUS LIKE 'innodb_encryption%';
|
|
-- die Timeout waiting for encryption threads
|
|
}
|
|
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
--echo # Success!
|
|
--echo # Restart mysqld --innodb_encrypt_tables=0 --innodb_encryption_threads=0
|
|
-- let $restart_parameters=--innodb_encrypt_tables=0 --innodb_encryption_threads=0
|
|
-- source include/restart_mysqld.inc
|
|
|
|
--echo # Restart Success!
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
use test;
|
|
show status like 'innodb_pages0_read%';
|
|
use innodb_encrypted_1;
|
|
show status like 'innodb_pages0_read%';
|
|
use innodb_encrypted_2;
|
|
show status like 'innodb_pages0_read%';
|
|
use innodb_encrypted_3;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
use innodb_encrypted_1;
|
|
show status like 'innodb_pages0_read%';
|
|
--disable_result_log
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval select * from t_$tables;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
--enable_result_log
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
use innodb_encrypted_2;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
--disable_result_log
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval select * from t_$tables;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
--enable_result_log
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
use innodb_encrypted_3;
|
|
show status like 'innodb_pages0_read%';
|
|
--disable_result_log
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval select * from t_$tables;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
--enable_result_log
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
|
|
|
|
SET GLOBAL innodb_encrypt_tables = off;
|
|
SET GLOBAL innodb_encryption_threads=4;
|
|
|
|
--echo # Wait until all default encrypted tables have been decrypted
|
|
let $cnt=600;
|
|
while ($cnt)
|
|
{
|
|
let $success=`SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`;
|
|
if ($success)
|
|
{
|
|
let $cnt=0;
|
|
}
|
|
if (!$success)
|
|
{
|
|
real_sleep 1;
|
|
dec $cnt;
|
|
}
|
|
}
|
|
if (!$success)
|
|
{
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
|
|
SHOW STATUS LIKE 'innodb_encryption%';
|
|
-- die Timeout waiting for encryption threads
|
|
}
|
|
|
|
--echo # should be 100
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
|
|
--echo # should be 200
|
|
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
#
|
|
# Cleanup
|
|
#
|
|
use test;
|
|
drop database innodb_encrypted_1;
|
|
drop database innodb_encrypted_2;
|
|
drop database innodb_encrypted_3;
|
|
|
|
--disable_query_log
|
|
EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig;
|
|
EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig;
|
|
EVAL SET GLOBAL innodb_encryption_threads = $innodb_encryption_threads_orig;
|
|
--enable_query_log
|