[Maria-discuss] Backing up tables with data at rest encryption
Hi We are in the process of setting up data at rest encryption encryption with MariaDB 10.1.13 so we can encrypt specific table. This works without any problem however when I try and backup with Percona Xtrabackup it fails saying table appears to be corrupted: 60601 14:53:46 [01] ...done 160601 14:53:46 [01] Streaming ./mytest/customers_big.ibd [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... 160601 14:53:46 >> log scanned up to (3146117051) [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Error: failed to read page after 10 retries. File ./mytest/customers_big.ibd seems to be corrupted. [01] xtrabackup: Error: xtrabackup_copy_datafile() failed. [01] xtrabackup: Error: failed to copy datafile. This says to me that Xtrabackup isn’t compatible with MariaDB encryption however the documents kind of give the impression it is: https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/ <https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/> Regards Lee
Hello, on the contrary, it is clearly stated: - - Percona XtraBackup cannot back up instances that use encrypted InnoDB log files. So, either don't encrypt the log files (potentially unsafe), or use filesystem backups. Regards GL On Wed, Jun 1, 2016 at 5:02 PM Lee Bennett <lee@gravity667.com> wrote:
Hi
We are in the process of setting up data at rest encryption encryption with MariaDB 10.1.13 so we can encrypt specific table. This works without any problem however when I try and backup with Percona Xtrabackup it fails saying table appears to be corrupted:
60601 14:53:46 [01] ...done 160601 14:53:46 [01] Streaming ./mytest/customers_big.ibd [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... 160601 14:53:46 >> log scanned up to (3146117051) [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Error: failed to read page after 10 retries. File ./mytest/customers_big.ibd seems to be corrupted. [01] xtrabackup: Error: xtrabackup_copy_datafile() failed. [01] xtrabackup: Error: failed to copy datafile.
This says to me that Xtrabackup isn’t compatible with MariaDB encryption however the documents kind of give the impression it is: https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/
Regards Lee _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
-- Guillaume Lefranc Remote DBA Services Manager MariaDB Corporation
This is documented at https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/ "Percona XtraBackup cannot back up instances that use encrypted InnoDB log files." - Peter On Wed, Jun 1, 2016 at 5:13 PM, Guillaume Lefranc < guillaume.lefranc@mariadb.com> wrote:
Hello,
on the contrary, it is clearly stated:
- - Percona XtraBackup cannot back up instances that use encrypted InnoDB log files.
So, either don't encrypt the log files (potentially unsafe), or use filesystem backups.
Regards GL
On Wed, Jun 1, 2016 at 5:02 PM Lee Bennett <lee@gravity667.com> wrote:
Hi
We are in the process of setting up data at rest encryption encryption with MariaDB 10.1.13 so we can encrypt specific table. This works without any problem however when I try and backup with Percona Xtrabackup it fails saying table appears to be corrupted:
60601 14:53:46 [01] ...done 160601 14:53:46 [01] Streaming ./mytest/customers_big.ibd [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... 160601 14:53:46 >> log scanned up to (3146117051) [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Error: failed to read page after 10 retries. File ./mytest/customers_big.ibd seems to be corrupted. [01] xtrabackup: Error: xtrabackup_copy_datafile() failed. [01] xtrabackup: Error: failed to copy datafile.
This says to me that Xtrabackup isn’t compatible with MariaDB encryption however the documents kind of give the impression it is: https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/
Regards Lee _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
-- Guillaume Lefranc Remote DBA Services Manager MariaDB Corporation
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
HI Sorry should have mentioned that the InnoDB logs are not encrypted show variables like '%encrypt%'; +------------------------------------------+---------+ | Variable_name | Value | +------------------------------------------+---------+ | aria_encrypt_tables | OFF | | encrypt_binlog | OFF | | encrypt_tmp_disk_tables | OFF | | encrypt_tmp_files | OFF | | file_key_management_encryption_algorithm | aes_cbc | | innodb_default_encryption_key_id | 1 | | innodb_encrypt_log | OFF | | innodb_encrypt_tables | ON | | innodb_encryption_rotate_key_age | 1 | | innodb_encryption_rotation_iops | 100 | | innodb_encryption_threads | 0 | +------------------------------------------+————+ The the table is encrypted: select * -> from information_schema.innodb_tablespaces_encryption -> where encryption_scheme=1 -> ; +-------+----------------------+-------------------+--------------------+-----------------+---------------------+--------------------------+------------------------------+----------------+ | SPACE | NAME | ENCRYPTION_SCHEME | KEYSERVER_REQUESTS | MIN_KEY_VERSION | CURRENT_KEY_VERSION | KEY_ROTATION_PAGE_NUMBER | KEY_ROTATION_MAX_PAGE_NUMBER | CURRENT_KEY_ID | +-------+----------------------+-------------------+--------------------+-----------------+---------------------+--------------------------+------------------------------+----------------+ | 35 | mytest/customers_big | 1 | 1 | 1 | 1 | NULL | NULL | 1 | +-------+----------------------+-------------------+--------------------+-----------------+---------------------+--------------------------+------------------------------+----------------+ 1 row in set (0.00 sec) Mysqldump works fine to backup data but of course it dumps it into plain text and it’s generally a rubbish backup method. Kind Regards Lee
On 1 Jun 2016, at 16:13, Guillaume Lefranc <guillaume.lefranc@mariadb.com> wrote:
Hello,
on the contrary, it is clearly stated:
Percona XtraBackup cannot back up instances that use encrypted InnoDB log files.
So, either don't encrypt the log files (potentially unsafe), or use filesystem backups.
Regards GL
On Wed, Jun 1, 2016 at 5:02 PM Lee Bennett <lee@gravity667.com <mailto:lee@gravity667.com>> wrote: Hi
We are in the process of setting up data at rest encryption encryption with MariaDB 10.1.13 so we can encrypt specific table. This works without any problem however when I try and backup with Percona Xtrabackup it fails saying table appears to be corrupted:
60601 14:53:46 [01] ...done 160601 14:53:46 [01] Streaming ./mytest/customers_big.ibd [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... 160601 14:53:46 >> log scanned up to (3146117051) [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Database page corruption detected at page 1, retrying... [01] xtrabackup: Error: failed to read page after 10 retries. File ./mytest/customers_big.ibd seems to be corrupted. [01] xtrabackup: Error: xtrabackup_copy_datafile() failed. [01] xtrabackup: Error: failed to copy datafile.
This says to me that Xtrabackup isn’t compatible with MariaDB encryption however the documents kind of give the impression it is: https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/ <https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/>
Regards Lee _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss <https://launchpad.net/~maria-discuss> Post to : maria-discuss@lists.launchpad.net <mailto:maria-discuss@lists.launchpad.net> Unsubscribe : https://launchpad.net/~maria-discuss <https://launchpad.net/~maria-discuss> More help : https://help.launchpad.net/ListHelp <https://help.launchpad.net/ListHelp> -- Guillaume Lefranc Remote DBA Services Manager MariaDB Corporation
participants (3)
-
Guillaume Lefranc
-
Lee Bennett
-
Peter Laursen