Uploaded image for project: 'Percona Server for MySQL'
  1. Percona Server for MySQL
  2. PS-3854

Issue with binlog encryption and keyring_vault plugin

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Won't Fix
    • Affects Version/s: 5.7.x, 8.0.x, Not 5.5.x, Not 5.6.x
    • Fix Version/s: None
    • Component/s: None

      Description

      I'm facing some problem with binlog encryption using keyring_vault plugin.

      First of all I can reproduce this on:

      • binary built today - hash e1c593
      • using keyring_vault plugin - NOT with keyring_file for some reason
      • cannot reproduce on last release 5.7.21-20 - so seems to me it's broken on trunk only

      Error log part:

      2018-02-21T10:40:40.823913Z 0 [ERROR] Failed to fetch percona_binlog key from keyring and thus failed to initialize binlog encryption. Have you enabled keyring plugin?
      2018-02-21T10:40:40.823947Z 0 [ERROR] Either disk is full or file system is read only or encryption failed while opening the binlog. Aborting the server.
      10:40:40 UTC - mysqld got signal 6 ;
      

      GDB:

      [Thread debugging using libthread_db enabled]
      Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
      Core was generated by `/home/plavi/test/mysql/bin/Percona-Server-5.7.21-20-Linux.x86_64-e1c593/bin/mys'.
      Program terminated with signal SIGABRT, Aborted.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
      62      ../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
      [Current thread is 1 (Thread 0x7f5f988fc780 (LWP 8412))]
      (gdb) bt
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
      #1  0x0000000000e7fe17 in my_write_core (sig=sig@entry=6) at /home/tomislav.plavcic/percona-server/mysys/stacktrace.c:249
      #2  0x00000000007733c5 in handle_fatal_signal (sig=6) at /home/tomislav.plavcic/percona-server/sql/signal_handler.cc:223
      #3  <signal handler called>
      #4  0x00007f5f9635c428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
      #5  0x00007f5f9635e02a in __GI_abort () at abort.c:89
      #6  0x0000000000e035d1 in exec_binlog_error_action_abort (
          err_string=0x7f5f95be1940 "Either disk is full or file system is read only or encryption failed while opening the binlog. Aborting the server.")
          at /home/tomislav.plavcic/percona-server/sql/binlog.cc:1987
      #7  0x0000000000e127cc in MYSQL_BIN_LOG::open_binlog (this=this@entry=0x1d1a8e0 <mysql_bin_log>, log_name=<optimized out>, new_name=new_name@entry=0x0,
          max_size_arg=<optimized out>, null_created_arg=null_created_arg@entry=false, need_lock_index=need_lock_index@entry=true, need_sid_lock=true,
          extra_description_event=0x0) at /home/tomislav.plavcic/percona-server/sql/binlog.cc:5325
      #8  0x000000000076b781 in init_server_components () at /home/tomislav.plavcic/percona-server/sql/mysqld.cc:4577
      #9  0x000000000076cb9e in mysqld_main (argc=25, argv=0x7f5f9583c320) at /home/tomislav.plavcic/percona-server/sql/mysqld.cc:5096
      #10 0x00007f5f96347830 in __libc_start_main (main=0x748b50 <main(int, char**)>, argc=25, argv=0x7ffc0e234dd8, init=<optimized out>, fini=<optimized out>,
          rtld_fini=<optimized out>, stack_end=0x7ffc0e234dc8) at ../csu/libc-start.c:291
      #11 0x0000000000762939 in _start ()
      

      Options used for starting server:

      --no-defaults --gtid_mode=ON --enforce_gtid_consistency=ON --log_slave_updates=ON --log_bin=binlog --binlog_format=ROW --master_info_repository=TABLE --relay_log_info_repository=TABLE --early-plugin-load=keyring_vault=keyring_vault.so --loose-keyring_vault_config=/home/plavi/test/mysql/vault_server/keyring_vault.cnf --encrypt_binlog=ON --master_verify_checksum=ON --binlog_checksum=CRC32
      

      If I just change "encrypt_binlog=ON" to "encrypt_binlog=OFF" the server starts normally and I can encrypt tables in file_per_table tablespace which means connection to keyring vault is working fine.
      Also if I change my options to use keyring_file plugin instead I have no problem, the server starts and from what I see binlog is encrypted.

        Smart Checklist

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                robert.golebiowski Robert Golebiowski (Inactive)
                Reporter:
                tomislav.plavcic@percona.com Tomislav Plavcic
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 4 hours, 56 minutes
                    4h 56m