[MDEV-9035] Plugin plugin-load-add=file_key_management_plugin.so not loading variable values Created: 2015-10-28  Updated: 2015-10-28  Resolved: 2015-10-28

Status: Closed
Project: MariaDB Server
Component/s: Encryption
Affects Version/s: 10.1.8
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Jo-Ann M Rodriguez Assignee: Unassigned
Resolution: Not a Bug Votes: 0
Labels: plugins
Environment:

VMWARE 12 - Centos 7 - MariaDB 10.1.8


 Description   

Sample of my.cnf file:

[mysqld]
 
plugin-load-add=file_key_management.so
 
file_key_management
 
file_key_management_filename = /home/mdb/mariadb_keys.enc
 
file_key_management_filekey = FILE:/home/mdb/mariadb_keys.txt
 
file_key_management_encryption_algorithm=AES_CBC
 
#innodb-encrypt-tables
 
#innodb-encrypt-log
 
#innodb-encryption-threads=4

MariaDB starts successfully. If I un-comment any of the #innodb-encrypt variables, I get errors starting MariaDB.

I kept the #innodb-encrypt variables commented and started MariaDB. I then looked up the variables to see if the plugin loaded the values.

MariaDB [TEST_ENC_DB]> SHOW VARIABLES LIKE '%_key%';
 
+----------------------------------+------------+
 
| Variable_name                    | Value      |
 
+----------------------------------+------------+
 
| delay_key_write                  | ON         |
 
| foreign_key_checks               | ON         |
 
| have_rtree_keys                  | YES        |
 
| innodb_default_encryption_key_id | 1          |
 
| innodb_encryption_rotate_key_age | 1          |
 
| innodb_force_primary_key         | OFF        |
 
| max_seeks_for_key                | 4294967295 |
 
| ssl_key                          |            |
 
+----------------------------------+------------+
 
8 rows in set (0.00 sec)

I can't see the "file_key_management" variables. I even went ahead and tried to encrypt a table as a test:

MariaDB [TEST_ENC_DB]> USE TEST_ENC_DB;
 
Database changed
 
 
 
MariaDB [TEST_ENC_DB]> SHOW TABLES;
 
+-----------------------+
 
| Tables_in_TEST_ENC_DB |
 
+-----------------------+
 
| TBL_BOOKS             |
 
+-----------------------+
 
1 row in set (0.00 sec)
 
 
 
MariaDB [TEST_ENC_DB]> ALTER TABLE TBL_BOOKS ENCRYPTED=YES ENCRYPTION_KEY_ID=1;
 
ERROR 1005 (HY000): Can't create table `TEST_ENC_DB`.`#sql-15a7_3` (errno: 140 "Wrong create options")



 Comments   
Comment by Jo-Ann M Rodriguez [ 2015-10-28 ]

— Issue has been resolved —

I had to activate the plugin by running:
 
MariaDB [(none)]> install soname 'file_key_management';
 
Query OK, 0 rows affected (0.00 sec)
 
 
 
MariaDB [(none)]> show all_plugins like '%key%';
 
+---------------------+--------+------------+------------------------+---------+
 
| Name                | Status | Type       | Library                | License |
 
+---------------------+--------+------------+------------------------+---------+
 
| file_key_management | ACTIVE | ENCRYPTION | file_key_management.so | GPL     |
 
+---------------------+--------+------------+------------------------+---------+
 
1 row in set (0.04 sec)

Encryption is working as intended

Comment by Elena Stepanova [ 2015-10-28 ]

Actually, your config should have worked just fine, the plugin can very well be loaded upon server startup. Possibly there was some other misconfiguration. Anyway, since it now works for you, I suppose it's not a problem. Good luck!

Generated at Thu Feb 08 07:31:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.