Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-33438

mariadb-backup fails to preserve innodb_encrypt_tables=1




      While testing MDEV-33383, mleich produced rr replay traces of a 10.5 server that was being backed up, as well as the mariadb-backup processes that made and prepared the backup, and another server process that crashed due to a corrupted page when starting on the prepared backup.

      Some painstaking analysis revealed the reason for the corruption: The parameter innodb_encrypt_tables=1 is not being copied to the backup-my.cnf file, neither in encryption_plugin_backup_init(), nor in write_backup_config_file(). The configuration parameter innodb_encrypt_log is being copied, ever since MDEV-9566 was implemented.

      It looks like neither the settings innodb_encrypt_log=1 nor innodb_encrypt_tables=1 will be restored from the backup-my.cnf} file during {{mariadb-backup --prepare. The setting innodb_encrypt_log will be persisted via the log file format, but innodb_encrypt_tables would only be recoverable from the configuration file.

      Because of the incorrect default setting innodb_encrypt_tables=0 that is in effect during mariadb-backup --prepare, the backup will be corrupted: Those data pages on which some log was applied could be stored unencrypted, while others would be stored encrypted from the server.

      As far as I understand, there may be an additional design problem that when SET GLOBAL innodb_encrypt_tables=... is executed during or between backup runs, no consistent backups can be created.


        Issue Links



              bar Alexander Barkov
              marko Marko Mäkelä
              0 Vote for this issue
              1 Start watching this issue



                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.