[MDEV-17272] Document how to safely disable data-at-rest encryption in Galera Cluster Created: 2018-09-21 Updated: 2023-12-15 |
|
| Status: | Open |
| Project: | MariaDB Server |
| Component/s: | Documentation - Support, Encryption, Galera, Storage Engine - InnoDB, wsrep |
| Fix Version/s: | N/A |
| Type: | Task | Priority: | Major |
| Reporter: | Geoff Montee (Inactive) | Assignee: | Joe Cotellese |
| Resolution: | Unresolved | Votes: | 1 |
| Labels: | None | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||
| Description |
|
We should document how to safely disable InnoDB encryption in a Galera Cluster environment. It is not currently documented: https://mariadb.com/kb/en/library/data-at-rest-encryption/ https://mariadb.com/kb/en/library/galera-cluster/ I suspect that the process would go like this: 1.) Stop all nodes in the cluster except 1. 2.) Make sure that all Aria tables are decrypted. Requires 3.) Make sure that all InnoDB tables are decrypted. Requires 4.) Make sure that InnoDB redo logs are decrypted. Requires 5.) Make sure that binary logs are decrypted. Requires 6.) Uninstall key management plugins, if desired. 7.) Force other nodes to SST using a physical SST method, such as mariabackup, rsync, xtrabackup-v2. https://mariadb.com/kb/en/library/getting-started-with-mariadb-galera-cluster/#sst-scripts |