[MDEV-17272] Document how to safely disable data-at-rest encryption in Galera Cluster - Jira

XML

Word

Printable

Type: Task
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Fix Version/s: N/A
Component/s: Documentation - Support, Encryption, Galera, Storage Engine - InnoDB, wsrep
Labels:
None

We should document how to safely disable InnoDB encryption in a Galera Cluster environment. It is not currently documented:

I suspect that the process would go like this:

1.) Stop all nodes in the cluster except 1.

2.) Make sure that all Aria tables are decrypted. Requires ~~MDEV-17268~~.

3.) Make sure that all InnoDB tables are decrypted. Requires ~~MDEV-17269~~.

4.) Make sure that InnoDB redo logs are decrypted. Requires ~~MDEV-17270~~.

5.) Make sure that binary logs are decrypted. Requires ~~MDEV-17271~~.

6.) Uninstall key management plugins, if desired.

7.) Force other nodes to SST using a physical SST method, such as mariabackup, rsync, xtrabackup-v2.

is blocked by

MDEV-17268 Document how to safely decrypt Aria tables

MDEV-17269 Document how to safely decrypt InnoDB tables

MDEV-17270 Document how to safely disable innodb_encrypt_log

MDEV-17271 Document how to safely disable encrypt_binlog

relates to

MDEV-14157 Improve documentation of data at rest encryption

(1 blocks)

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.