Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17272

Document how to safely disable data-at-rest encryption in Galera Cluster

    XMLWordPrintable

Details

    Description

      We should document how to safely disable InnoDB encryption in a Galera Cluster environment. It is not currently documented:

      https://mariadb.com/kb/en/library/data-at-rest-encryption/

      https://mariadb.com/kb/en/library/galera-cluster/

      I suspect that the process would go like this:

      1.) Stop all nodes in the cluster except 1.

      2.) Make sure that all Aria tables are decrypted. Requires MDEV-17268.

      3.) Make sure that all InnoDB tables are decrypted. Requires MDEV-17269.

      4.) Make sure that InnoDB redo logs are decrypted. Requires MDEV-17270.

      5.) Make sure that binary logs are decrypted. Requires MDEV-17271.

      6.) Uninstall key management plugins, if desired.

      7.) Force other nodes to SST using a physical SST method, such as mariabackup, rsync, xtrabackup-v2.

      https://mariadb.com/kb/en/library/getting-started-with-mariadb-galera-cluster/#sst-scripts

      Attachments

        Issue Links

          Activity

            People

              JoeCotellese Joe Cotellese
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.