diff options
| author | Thirunarayanan Balathandayuthapani <thiru@mariadb.com> | 2018-06-12 16:21:41 +0530 |
|---|---|---|
| committer | Thirunarayanan Balathandayuthapani <thiru@mariadb.com> | 2018-06-12 16:21:41 +0530 |
| commit | 507c18dd59d66d18c47ecd646b66805aa4738b8b (patch) | |
| tree | d56f68df557c26d7a997136597e8c2a06c1e51a0 /mysql-test/suite/encryption/t/innodb-key-rotation-disable.test | |
| parent | 3627dd7f6a1cf5bd7151ff23290d64cb6dffea90 (diff) | |
| download | mariadb-git-bb-10.1-mdev-14398.tar.gz | |
MDEV-14398 When innodb_encryption_rotate_key_age=0 is set,bb-10.1-mdev-14398
server won't encrypt tablespaces.
The following commit makes the dependency between
innodb-encryption-rotate-key-age and encryption/decryption.
commit 50eb40a2a8aa3af6cc271f6028f4d6d74301d030
Author: Jan Lindström <jan.lindstrom@mariadb.com>
Date: Tue Mar 14 12:56:01 2017 +0200
MDEV-11738: Mariadb uses 100% of several of my 8 cpus doing nothing
MDEV-11581: Mariadb starts InnoDB encryption threads
when key has not changed or data scrubbing turned off
Background: Key rotation is based on background threads
(innodb-encryption-threads) periodically going through
all tablespaces on fil_system. For each tablespace
current used key version is compared to max key age
(innodb-encryption-rotate-key-age). This process
naturally takes CPU. Similarly, in same time need for
scrubbing is investigated. Currently, key rotation
is fully supported on Amazon AWS key management plugin
only but InnoDB does not have knowledge what key
management plugin is used.
The above commit basically make use of innodb-encryption-rotate-key-age=0
to disable key rotation and background data scrubbing.
It only encrypts/decrypts for the newly created table.
One more issue is with above commit is that, even though the
innodb_encrypt_table value is changed at run time. It doesn't affect
the state of the old tablespace.
Different Solution:
===================
(1) Key rotation thread can iterate through tablespace list and check whether
it matches with innodb_encrypt_tables parameter. If it doesn't match then do
the operation based on the innodb_encrypt_tables parameter. InnoDB shouldn't
iterate the fil_system->space_list again and again. It increases the CPU usage.
(2) Key rotation thread should store lastly used tablespace id. If the value of
innodb-encryption-rotate-key-age is set to 0 then InnoDB should
start the traversion from lastly used space id. So that key rotation thread
only does the encryption/decryption for newly added tablespace.
(i) If lastly used tablespace id is not found or dropped then InnoDB
should traverse it from system tablespace again.
(3) If innodb_encrypt_tables value changed at runtime then InnoDB should
traverse the tablespace from system tablespace again.
Diffstat (limited to 'mysql-test/suite/encryption/t/innodb-key-rotation-disable.test')
| -rw-r--r-- | mysql-test/suite/encryption/t/innodb-key-rotation-disable.test | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test index 574e0c3becc..8a22043f660 100644 --- a/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test +++ b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test @@ -4,7 +4,6 @@ -- source include/not_embedded.inc SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; -SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; --disable_query_log --disable_warnings |