Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17272

Document how to safely disable data-at-rest encryption in Galera Cluster

    XMLWordPrintable

    Details

      Description

      We should document how to safely disable InnoDB encryption in a Galera Cluster environment. It is not currently documented:

      https://mariadb.com/kb/en/library/data-at-rest-encryption/

      https://mariadb.com/kb/en/library/galera-cluster/

      I suspect that the process would go like this:

      1.) Stop all nodes in the cluster except 1.

      2.) Make sure that all Aria tables are decrypted. Requires MDEV-17268.

      3.) Make sure that all InnoDB tables are decrypted. Requires MDEV-17269.

      4.) Make sure that InnoDB redo logs are decrypted. Requires MDEV-17270.

      5.) Make sure that binary logs are decrypted. Requires MDEV-17271.

      6.) Uninstall key management plugins, if desired.

      7.) Force other nodes to SST using a physical SST method, such as mariabackup, rsync, xtrabackup-v2.

      https://mariadb.com/kb/en/library/getting-started-with-mariadb-galera-cluster/#sst-scripts

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              KennethDyer Kenneth Dyer
              Reporter:
              GeoffMontee Geoff Montee
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: