Uploaded image for project: 'Percona XtraBackup'
  1. Percona XtraBackup
  2. PXB-1867

Encrypted and compressed tables do not work on joiner after SST

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 2.4.13
    • Fix Version/s: 2.4.15, 8.0.7
    • Component/s: None
    • Labels:
      None

      Description

      When encrypted table spaces feature is enabled, there is a problem with encrypted+compressed tables on joiner nodes after they joined via SST with xtrabackup-v2 method.

      Surprisingly, this does not affect encrypted by not compressed tables.

      How to reproduce.

      Use configuration for encryption, like:

       

      [mysqld]
      early-plugin-load=keyring_file.so
      keyring_file_data=/var/lib/mysql-keyring/keyring
      [sst]
      encrypt=4
      streamfmt = xbstream
      ssl-ca = /var/lib/mysql-files/sst-cert/ca.pem
      ssl-cert = /var/lib/mysql-files/sst-cert/server-cert.pem
      ssl-key = /var/lib/mysql-files/sst-cert/server-key.pem
      [xtrabackup]
      keyring-file-data=/var/lib/mysql-keyring/keyring
      

       

      Use the same .pem files on all nodes. 

      Create example tables, like:

       

      node1 > show create table test.t1\G
      *************************** 1. row ***************************
       Table: t1
      Create Table: CREATE TABLE `t1` (
       `id` int(11) NOT NULL,
       PRIMARY KEY (`id`)
      ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED ENCRYPTION='Y'
      1 row in set (0.00 sec)
      node1 > show create table test.t4\G
      *************************** 1. row ***************************
       Table: t4
      Create Table: CREATE TABLE `t4` (
       `id` int(11) NOT NULL,
       PRIMARY KEY (`id`)
      ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ENCRYPTION='Y'
      1 row in set (0.00 sec)
      

       

      Join second node via SST.

      After that, on the joiner the situation is as follows:

       

      node3 > SELECT TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS FROM INFORMATION_SCHEMA.TABLES WHERE CREATE_OPTIONS LIKE '%ENCRYPTION%';
      +--------------+------------+--------------------------------------+
      | TABLE_SCHEMA | TABLE_NAME | CREATE_OPTIONS |
      +--------------+------------+--------------------------------------+
      | test | s1 | ENCRYPTION="Y" |
      | test | t1 | row_format=COMPRESSED ENCRYPTION="Y" |
      | test | t2 | row_format=COMPRESSED ENCRYPTION="Y" |
      | test | t3 | row_format=COMPRESSED ENCRYPTION="Y" |
      | test | t4 | ENCRYPTION="Y" |
      +--------------+------------+--------------------------------------+
      5 rows in set (0.03 sec)
      node3 > select * from test.t1;
      ERROR 3185 (HY000): Can't find master key from keyring, please check in the server log if a keyring plugin is loaded and initialized successfully.
      node3 > select * from test.t4;
      +----+
      | id |
      +----+
      | 1 |
      +----+
      1 row in set (0.00 sec)
      

      Example logs in attachment.

      I could not reproduce the same issue with rsync SST method.

       

        Smart Checklist

          Attachments

            Activity

              People

              • Assignee:
                sergei.glushchenko Sergei Glushchenko
                Reporter:
                przemyslaw.malkowski@percona.com Przemyslaw Malkowski
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 1 day, 7 hours, 56 minutes
                  1d 7h 56m