MDEV-33334 mariadb-backup fails to preserve innodb_encrypt_tables

Problem: ======== mariabackup --prepare fails to write the pages in encrypted format. This issue happens only for default encrypted table when innodb_encrypt_tables variable is enabled. Fix: ==== backup process should write the value of innodb_encrypt_tables variable in configuration file. prepare should enable the variable based on configuration file.
MariaDB · Apr 24, 2024 · 0c55d85 · 0c55d85
1 parent a2fee2d
commit 0c55d85
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 1 deletion.
diff --git a/extra/mariabackup/encryption_plugin.cc b/extra/mariabackup/encryption_plugin.cc
@@ -71,7 +71,16 @@ static std::string get_encryption_plugin_from_cnf()
       plugin_load = line + 12;
       // remote \n at the end of string
       plugin_load.resize(plugin_load.size() - 1);
-      break;
+    }
+
+    if (strncmp(line, "innodb_encrypt_tables=", 22) == 0)
+    {
+      if (!strncmp(line + 22, "ON", 2) ||
+          !strncmp(line + 22, "1", 1))
+        srv_encrypt_tables= 1;
+      else if (!strncmp(line + 22, "FORCE", 5) ||
+               !strncmp(line + 22, "2", 1))
+        srv_encrypt_tables= 2;
     }
   }
   fclose(f);
@@ -154,6 +163,17 @@ void encryption_plugin_backup_init(MYSQL *mysql)
 
   mysql_free_result(result);
 
+  result = xb_mysql_query(mysql, "select @@innodb_encrypt_tables", true, true);
+  row = mysql_fetch_row(result);
+  if (!row);
+  else if (const char *r= row[0])
+  {
+    if (!strcmp(r, "ON")) srv_encrypt_tables= 1;
+    else if (!strcmp(r, "FORCE")) srv_encrypt_tables= 2;
+    oss << "innodb_encrypt_tables=" << r << std::endl;
+  }
+
+  mysql_free_result(result);
   encryption_plugin_config = oss.str();
 
   argc = 0;

diff --git a/mysql-test/suite/mariabackup/encrypted_export.opt b/mysql-test/suite/mariabackup/encrypted_export.opt
@@ -0,0 +1,6 @@
+--innodb_encrypt_tables=1
+--plugin-load-add=$FILE_KEY_MANAGEMENT_SO
+--loose-file-key-management
+--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/filekeys-data.key
+--loose-file-key-management-filename=$MTR_SUITE_DIR/filekeys-data.enc
+--loose-file-key-management-encryption-algorithm=aes_cbc
diff --git a/mysql-test/suite/mariabackup/encrypted_export.result b/mysql-test/suite/mariabackup/encrypted_export.result
@@ -0,0 +1,14 @@
+CREATE TABLE t1(c VARCHAR(128)) ENGINE INNODB;
+insert into t1 values(repeat('a',100));
+select @@innodb_encrypt_tables;
+@@innodb_encrypt_tables
+ON
+# xtrabackup backup
+# xtrabackup prepare export
+# restart
+ALTER TABLE t1 DISCARD TABLESPACE;
+ALTER TABLE t1 IMPORT TABLESPACE;
+CHECK TABLE t1;
+Table	Op	Msg_type	Msg_text
+test.t1	check	status	OK
+DROP TABLE t1;
diff --git a/mysql-test/suite/mariabackup/encrypted_export.test b/mysql-test/suite/mariabackup/encrypted_export.test
@@ -0,0 +1,29 @@
+--source include/have_file_key_management.inc
+--source include/have_innodb.inc
+
+CREATE TABLE t1(c VARCHAR(128)) ENGINE INNODB;
+insert into t1 values(repeat('a',100));
+
+select @@innodb_encrypt_tables;
+echo # xtrabackup backup;
+let $targetdir=$MYSQLTEST_VARDIR/tmp/backup;
+
+--disable_result_log
+exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup --parallel=10 --target-dir=$targetdir;
+--enable_result_log
+--source include/shutdown_mysqld.inc
+
+echo # xtrabackup prepare export;
+--disable_result_log
+exec $XTRABACKUP --prepare --export --target-dir=$targetdir;
+--enable_result_log
+
+--source include/start_mysqld.inc
+let MYSQLD_DATADIR=`select @@datadir`;
+ALTER TABLE t1 DISCARD TABLESPACE;
+copy_file $targetdir/test/t1.ibd $MYSQLD_DATADIR/test/t1.ibd;
+copy_file $targetdir/test/t1.cfg $MYSQLD_DATADIR/test/t1.cfg;
+ALTER TABLE t1 IMPORT TABLESPACE;
+CHECK TABLE t1;
+DROP TABLE t1;
+rmdir $targetdir;