[#MDEV-19323] Unable to install file_key_management under [mariadb] section

[MDEV-19323] Unable to install file_key_management under [mariadb] section Created: 2019-04-24 Updated: 2019-04-24 Resolved: 2019-04-24
Status:	Closed
Project:	MariaDB Server
Component/s:	Encryption, Plugins
Affects Version/s:	10.3.13
Fix Version/s:	N/A

Type:

Bug

Priority:

Major

Reporter:

Manjot Singh (Inactive)

Assignee:

Geoff Montee (Inactive)

Resolution:

Not a Bug

Votes:

Labels:

need_feedback

Environment:

Tested on: RHEL 7, MariaDB 10.3.13

Description

File Key management plugin was not loading when under [mariadb] but worked under [mysqld]

Does not work:

[mariadb]

plugin_dir=/usr/lib64/mysql/plugin

plugin_load_add=file_key_management.so

Works:

[mysqld]

plugin_dir=/usr/lib64/mysql/plugin

plugin_load_add=file_key_management.so

Error Log:

2019-04-24 11:34:31 0 [ERROR] InnoDB: cannot enable encryption, encryption plugin is not available

2019-04-24 11:34:31 0 [ERROR] Plugin 'InnoDB' init function returned error.

2019-04-24 11:34:31 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.

190424 11:34:31 server_audit: MariaDB Audit Plugin version 1.4.4 STARTED.

190424 11:34:31 server_audit: logging started to the syslog.

2019-04-24 11:34:31 0 [ERROR] /usr/sbin/mysqld: unknown variable 'file_key_management_filename=/etc/mysql/keyfile.txt'

2019-04-24 11:34:31 0 [ERROR] Aborting

Comments

Comment by Geoff Montee (Inactive) [ 2019-04-24 ]

Works fine for me.

Configuration file:

$ sudo cat /etc/my.cnf.d/encryption.cnf

[mariadb]

# encryption plugin

plugin_load_add = file_key_management

file_key_management_filename = /etc/my.cnf.d/keyfile.enc

file_key_management_filekey = FILE:/etc/my.cnf.d/keyfile.key

file_key_management_encryption_algorithm = AES_CTR

# InnoDB encryption

innodb_encrypt_tables = ON

innodb_encrypt_log

innodb_encryption_threads = 2

# other stuff

encrypt_tmp_disk_tables

encrypt_tmp_files

encrypt_binlog

The options are definitely picked up:

$ my_print_defaults --mysqld | grep "file_key"

--plugin_load_add=file_key_management

--file_key_management_filename=/etc/my.cnf.d/keyfile.enc

--file_key_management_filekey=FILE:/etc/my.cnf.d/keyfile.key

--file_key_management_encryption_algorithm=AES_CTR

Restarting works fine:

$ sudo systemctl restart mariadb

And the plugin is loaded properly:

$ sudo mysql -u root --execute="SHOW GLOBAL VARIABLES LIKE 'file_key%'"

+------------------------------------------+--------------------------------+

| Variable_name                            | Value                          |

+------------------------------------------+--------------------------------+

| file_key_management_encryption_algorithm | aes_ctr                        |

| file_key_management_filekey              | FILE:/etc/my.cnf.d/keyfile.key |

| file_key_management_filename             | /etc/my.cnf.d/keyfile.enc      |

+------------------------------------------+--------------------------------+

$ sudo mysql -u root --execute="SELECT VERSION()"

+---------------------+

| VERSION()           |

+---------------------+

| 10.3.14-MariaDB-log |

+---------------------+

Generated at Thu Feb 08 08:50:47 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.