Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
10.2.43, 10.3.34, 10.4.24, 10.5.15, 10.6.7, 10.7.3, 10.8.2
Description
As noted by https://github.com/MariaDB/mariadb-docker/issues/417, the disabling of the file-key-management plugin in mysql_install_db prevents upgrades or the initialization of containers with encryption.
This was caused by commit:
https://github.com/MariaDB/server/commit/e99d3da6381023395c86f679bb76b00b4385dc2d
This is excessively brutal as the file-key-management-filename may actually be set using scripts and automation (like Ansible) that will deploy a configuration before starting a service.
As mysql_install_db creates InnoDB tables, a user specified innodb_encrypt_tables = ON will cause the installation to fail. With file-key-management plugin explicitly disabled, the only innodb system table space encryption is available with another encryption plugin, or using mysqld --bootstrap directly.
Attachments
Issue Links
- links to