# InnoDB transparent encryption on redo log. # This test case will check innodb_redo_log_encrypt=ON/OFF with bootstrap # and start server by setting innodb_redo_log_encrypt=ON/OFF --source include/no_valgrind_without_big.inc --source include/have_innodb_max_16k.inc # Suppress following messages from myslqd log --disable_query_log call mtr.add_suppression("keyring_file initialization failure. Please check if the keyring_file_data points to readable keyring file or keyring file can be created in the specified location. The keyring_file will stay unusable until correct path to the keyring file gets provided"); call mtr.add_suppression("Error while loading keyring content. The keyring might be malformed"); call mtr.add_suppression("Encryption can't find master key, please check the keyring plugin is loaded."); call mtr.add_suppression("Resizing redo log from"); call mtr.add_suppression("Starting to delete and rewrite log files."); call mtr.add_suppression("New log files created, LSN="); call mtr.add_suppression("Can't set redo log tablespace to be encrypted."); --enable_query_log let $old_innodb_file_per_table = `SELECT @@innodb_file_per_table`; let $old_innodb_redo_log_encrypt = `SELECT @@innodb_redo_log_encrypt`; let $START_PAGE_SIZE= `select @@innodb_page_size`; let $LOG_FILE_SIZE= `select @@innodb_log_file_size`; let $MYSQLD_BASEDIR= `select @@basedir`; --mkdir $MYSQL_TMP_DIR/log_encrypt_dir1 --mkdir $MYSQL_TMP_DIR/log_encrypt_dir2 --mkdir $MYSQL_TMP_DIR/log_encrypt_dir3 let $MYSQLD_DATADIR1 = $MYSQL_TMP_DIR/log_encrypt_dir1; let $MYSQLD_DATADIR2 = $MYSQL_TMP_DIR/log_encrypt_dir2; let $MYSQLD_DATADIR3 = $MYSQL_TMP_DIR/log_encrypt_dir3; let BOOTSTRAP_SQL=$MYSQL_TMP_DIR/boot.sql; --echo # create bootstrap file write_file $BOOTSTRAP_SQL; CREATE DATABASE test; EOF --echo # Stop the MTR default DB server --source include/shutdown_mysqld.inc let NEW_CMD = $MYSQLD --no-defaults --innodb_dedicated_server=OFF --initialize-insecure --innodb_log_file_size=$LOG_FILE_SIZE --innodb_page_size=$START_PAGE_SIZE --basedir=$MYSQLD_BASEDIR --datadir=$MYSQLD_DATADIR1 --init-file=$BOOTSTRAP_SQL --secure-file-priv="" --innodb_redo_log_encrypt=ON --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --keyring_file_data=$MYSQL_TMP_DIR/my_key_redo4 $KEYRING_PLUGIN_OPT --cluster-id=1 --cluster-start-index=1 --cluster-info='127.0.0.1:29230@1' >$MYSQLTEST_VARDIR/tmp/bootstrap1.log 2>&1; --echo # Run the bootstrap command of datadir1 --exec $NEW_CMD --echo # Start the DB server with datadir1 --replace_result $MYSQL_TMP_DIR TMP_DIR $KEYRING_PLUGIN_OPT --plugin-dir=KEYRING_PLUGIN_PATH $MYSQLD_DATADIR1 DATADIR1 $START_PAGE_SIZE PAGE_SIZE $LOG_FILE_SIZE LOG_FILE_SIZE --let $restart_parameters="restart: --early-plugin-load="keyring_file=$KEYRING_PLUGIN" $KEYRING_PLUGIN_OPT --keyring_file_data=$MYSQL_TMP_DIR/my_key_redo4 --innodb_redo_log_encrypt=ON --datadir=$MYSQLD_DATADIR1 --innodb_page_size=$START_PAGE_SIZE --innodb_log_file_size=$LOG_FILE_SIZE" --replace_regex /\.dll/.so/ --source include/start_mysqld_no_echo.inc SELECT @@global.innodb_redo_log_encrypt ; USE test; CREATE TABLE tab1(c1 INT, c2 VARCHAR(30)); INSERT INTO tab1 VALUES(1, 'Test consistency undo*'); SELECT * FROM tab1; CREATE TABLE tab2(c1 INT, c2 VARCHAR(30)) ENCRYPTION="Y"; INSERT INTO tab2 VALUES(1, 'Test consistency undo*'); SELECT * FROM tab2; DROP TABLE tab1,tab2; --let $restart_parameters= restart: --source include/restart_mysqld.inc --force-rmdir $MYSQL_TMP_DIR/log_encrypt_dir1 --remove_file $MYSQLTEST_VARDIR/tmp/bootstrap1.log --remove_file $MYSQL_TMP_DIR/my_key_redo4 #------------------------------------------------------------------------------ --echo # Stop the MTR default DB server --source include/shutdown_mysqld.inc #bootstrap should fail if keyring plugin is not loaded along with #innodb_redo_log_encrypt=ON let NEW_CMD = $MYSQLD --no-defaults --innodb_dedicated_server=OFF --initialize-insecure --basedir=$MYSQLD_BASEDIR --datadir=$MYSQLD_DATADIR2 --init-file=$BOOTSTRAP_SQL --secure-file-priv="" --innodb_redo_log_encrypt=ON --cluster-id=1 --cluster-start-index=1 --cluster-info='127.0.0.1:29270@1' >$MYSQLTEST_VARDIR/tmp/bootstrap2.log 2>&1; --echo # Run the bootstrap command of datadir2, it should fail since the keyring is not loaded. --error 1,42 --exec $NEW_CMD --force-rmdir $MYSQL_TMP_DIR/log_encrypt_dir2 --remove_file $MYSQLTEST_VARDIR/tmp/bootstrap2.log let NEW_CMD = $MYSQLD --no-defaults --innodb_dedicated_server=OFF --initialize-insecure --innodb_log_file_size=$LOG_FILE_SIZE --innodb_page_size=$START_PAGE_SIZE --basedir=$MYSQLD_BASEDIR --datadir=$MYSQLD_DATADIR2 --init-file=$BOOTSTRAP_SQL --secure-file-priv="" --innodb_log_files_in_group=3 --innodb_redo_log_encrypt=ON --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --keyring_file_data=$MYSQL_TMP_DIR/my_key_redo4 $KEYRING_PLUGIN_OPT --cluster-id=1 --cluster-start-index=1 --cluster-info='127.0.0.1:29213@1' >$MYSQLTEST_VARDIR/tmp/bootstrap2.log 2>&1; --echo # Run the bootstrap command of datadir2 --exec $NEW_CMD --echo # Start the DB server with datadir2 --replace_result $MYSQL_TMP_DIR TMP_DIR $KEYRING_PLUGIN_OPT --plugin-dir=KEYRING_PLUGIN_PATH $MYSQLD_DATADIR2 DATADIR2 $START_PAGE_SIZE PAGE_SIZE $LOG_FILE_SIZE LOG_FILE_SIZE --let $restart_parameters="restart: --early-plugin-load="keyring_file=$KEYRING_PLUGIN" $KEYRING_PLUGIN_OPT --keyring_file_data=$MYSQL_TMP_DIR/my_key_redo4 --innodb_redo_log_encrypt=ON --datadir=$MYSQLD_DATADIR2 --innodb_page_size=$START_PAGE_SIZE --innodb_log_file_size=$LOG_FILE_SIZE --innodb_log_files_in_group=3" --replace_regex /\.dll/.so/ --source include/start_mysqld_no_echo.inc SELECT @@global.innodb_redo_log_encrypt ; USE test; CREATE TABLE tab1(c1 INT, c2 VARCHAR(30)); INSERT INTO tab1 VALUES(1, 'Test consistency undo*'); SELECT * FROM tab1; CREATE TABLE tab2(c1 INT, c2 VARCHAR(30)) ENCRYPTION="Y"; INSERT INTO tab2 VALUES(1, 'Test consistency undo*'); SELECT * FROM tab2; DROP TABLE tab1,tab2; --let $restart_parameters= restart: --source include/restart_mysqld.inc --force-rmdir $MYSQL_TMP_DIR/log_encrypt_dir2 --remove_file $MYSQLTEST_VARDIR/tmp/bootstrap2.log --remove_file $MYSQL_TMP_DIR/my_key_redo4 #------------------------------------------------------------------------------ --echo # Stop the MTR default DB server --source include/shutdown_mysqld.inc let NEW_CMD = $MYSQLD --no-defaults --innodb_dedicated_server=OFF --initialize-insecure --innodb_log_file_size=$LOG_FILE_SIZE --innodb_page_size=$START_PAGE_SIZE --basedir=$MYSQLD_BASEDIR --datadir=$MYSQLD_DATADIR3 --init-file=$BOOTSTRAP_SQL --secure-file-priv="" --innodb_redo_log_encrypt=ON --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --keyring_file_data=$MYSQL_TMP_DIR/my_key_redo4 $KEYRING_PLUGIN_OPT --cluster-id=1 --cluster-start-index=1 --cluster-info='127.0.0.1:29214@1' >$MYSQLTEST_VARDIR/tmp/bootstrap3.log 2>&1; --echo # Run the bootstrap command of datadir3 --exec $NEW_CMD --echo # Start the DB server with datadir3 and keyring loaded. --replace_result $MYSQL_TMP_DIR TMP_DIR $KEYRING_PLUGIN_OPT --plugin-dir=KEYRING_PLUGIN_PATH $MYSQLD_DATADIR3 DATADIR3 $START_PAGE_SIZE PAGE_SIZE $LOG_FILE_SIZE LOG_FILE_SIZE --let $restart_parameters="restart: --early-plugin-load="keyring_file=$KEYRING_PLUGIN" $KEYRING_PLUGIN_OPT --keyring_file_data=$MYSQL_TMP_DIR/my_key_redo4 --datadir=$MYSQLD_DATADIR3 --innodb_page_size=$START_PAGE_SIZE --innodb_log_file_size=$LOG_FILE_SIZE" --replace_regex /\.dll/.so/ --source include/start_mysqld_no_echo.inc SELECT @@global.innodb_redo_log_encrypt ; USE test; CREATE TABLE tab1(c1 INT, c2 VARCHAR(30)); INSERT INTO tab1 VALUES(1, 'Test consistency undo*'); SELECT * FROM tab1; CREATE TABLE tab2(c1 INT, c2 VARCHAR(30)) ENCRYPTION="Y"; DROP TABLE tab1; --let $restart_parameters= restart: --source include/restart_mysqld.inc --force-rmdir $MYSQL_TMP_DIR/log_encrypt_dir3 --remove_file $MYSQLTEST_VARDIR/tmp/bootstrap3.log --remove_file $MYSQL_TMP_DIR/my_key_redo4 --remove_file $BOOTSTRAP_SQL # Cleanup --disable_query_log eval SET GLOBAL innodb_file_per_table=$old_innodb_file_per_table; eval SET GLOBAL innodb_redo_log_encrypt=$old_innodb_redo_log_encrypt; --enable_query_log