Uploaded image for project: 'Percona Server for MongoDB'
  1. Percona Server for MongoDB
  2. PSMDB-241

WT per database encryption keys are not purged when database deleted

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.4-1, 3.6.8-2.0
    • Component/s: None
    • Labels:
      None

      Description

      This is something in between bug report and a question since it's not clear if this is by design or it's really a bug.
      So we have one major (external) key which is used to encrypt per database encryption keys, so the encryption keys are created when database is created, but it seems they are not destroyed when the database is dropped (at least from what I can see based on the file sizes since we don't have a tool to decrypt files).

      It seems you can purge those old keys by rotating the replica set instance. This way you can both rotate all the keys (external+per database) for one instance and also not have those old per database keys - but it is not clear if this is by design or not since if you have one instance and never rotate it the key database will just grow over time.

      I have created and destroyed 500000 databases and the keyfile has grown to 30M:

      tomislav.plavcic@qaserver-03:/ssd/tomislav/percona-server-mongodb-3.6.8-2.0/nodes/db/keydb$ ls -alh
      total 45M
      -rw------- 1 tomislav.plavcic percona   46 Oct 10 11:37 WiredTiger
      -rw------- 1 tomislav.plavcic percona   21 Oct 10 11:37 WiredTiger.lock
      -rw------- 1 tomislav.plavcic percona 1.1K Oct 11 02:50 WiredTiger.turtle
      -rw------- 1 tomislav.plavcic percona  32K Oct 11 02:50 WiredTiger.wt
      -rw------- 1 tomislav.plavcic percona 4.0K Oct 11 02:50 WiredTigerLAS.wt
      -rw------- 1 tomislav.plavcic percona 5.0M Oct 11 02:50 WiredTigerLog.0000000014
      -rw------- 1 tomislav.plavcic percona 5.0M Oct 11 02:50 WiredTigerPreplog.0000000001
      -rw------- 1 tomislav.plavcic percona 5.0M Oct 11 02:50 WiredTigerPreplog.0000000002
      -rw------- 1 tomislav.plavcic percona  30M Oct 11 02:50 key.wt
      -rw------- 1 tomislav.plavcic percona  16K Oct 11 02:50 parameters.wt
      

      This may or may not be the problem, but it needs to be clear how it's supposed to work.

        Smart Checklist

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  igor.solodovnikov Igor Solodovnikov
                  Reporter:
                  tomislav.plavcic@percona.com Tomislav Plavcic
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 1 day, 6 hours
                    1d 6h