Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Incomplete
-
None
-
None
Description
Incremental backup using mariabackup fails when the --incremental-basedir points to a directory that contains only an encrypted full backup file (e.g., backup.xb.enc) created using streaming and OpenSSL encryption.
The backup was initially created using the following command:
|
|
mariabackup --backup --stream=xbstream | openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -k <passphrase> > /path/to/backup_full.xb.enc
|
|
However, this encrypted file was not decrypted or extracted before attempting the next incremental backup. As a result, required metadata files (such as xtrabackup_checkpoints or mariadb_backup_checkpoints) are not present in the --incremental-basedir.
When attempting the incremental backup:
|
|
mariabackup --backup --stream=xbstream \
|
--incremental-basedir=/path/to/SUNDAY/ \
|
--user=... --password=... \
|
| openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -k <passphrase> > /path/to/MONDAY/backup_incremental.xb.enc
|
|
It fails with the following error:
|
|
[00] 2025-06-02 09:26:01 Error: cannot open /path/to/SUNDAY/xtrabackup_checkpoints
|
[00] 2025-06-02 09:26:01 mariabackup: error: failed to read metadata from /path/to/SUNDAY/xtrabackup_checkpoints
|
|
For incremental backups, it is necessary that the xtrabackup_checkpoints file, containing important metadata about the backup, has appropriate read access by mariabackup for inc backup.
For example:
backup_type = full-backuped
|
from_lsn = 0
|
to_lsn = XXXXXXXX
|
last_lsn = XXXXXXXX
|
recover_binlog_info = 0
|
At present , the workaround could be
1. Decrypt and extract the last full backup first
2. Now verify this directory contains
3. Then run the incremental using that extracted path
At present KB only talks about full backup https://mariadb.com/kb/en/using-encryption-and-compression-tools-with-mariabackup/
Nothing about the enc incremental backup based on the last full backup.