[MDEV-27980] file-key-management plugin disabled in mysql_install_db breaks automated deployments (and container initialization) Created: 2022-03-02 Updated: 2022-04-13 Resolved: 2022-03-21 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Scripts & Clients |
| Affects Version/s: | 10.2.43, 10.3.34, 10.4.24, 10.5.15, 10.6.7, 10.7.3, 10.8.2 |
| Fix Version/s: | 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 |
| Type: | Bug | Priority: | Blocker |
| Reporter: | Daniel Black | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | regression | ||
| Description |
|
As noted by https://github.com/MariaDB/mariadb-docker/issues/417, the disabling of the file-key-management plugin in mysql_install_db prevents upgrades or the initialization of containers with encryption. This was caused by commit: https://github.com/MariaDB/server/commit/e99d3da6381023395c86f679bb76b00b4385dc2d This is excessively brutal as the file-key-management-filename may actually be set using scripts and automation (like Ansible) that will deploy a configuration before starting a service. As mysql_install_db creates InnoDB tables, a user specified innodb_encrypt_tables = ON will cause the installation to fail. With file-key-management plugin explicitly disabled, the only innodb system table space encryption is available with another encryption plugin, or using mysqld --bootstrap directly. |
| Comments |
| Comment by Daniel Black [ 2022-03-02 ] |
|
Docker Library release update submitted |
| Comment by Otto Kekäläinen [ 2022-03-08 ] |
|
This was applied in the Debian packaging repo in https://salsa.debian.org/mariadb-team/mariadb-server/-/commit/4781120e8cb33fe03261d9f8b2adad4ea82ebc1d for 10.6.7 |
| Comment by Daniel Black [ 2022-03-20 ] |
|
Thanks for the revert serg |