diff --git a/Changelog b/Changelog index 24c49a58..2f27d855 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,7 @@ Changelog for Percona Toolkit v3.0.9 + * Feature PT-1530 : Add support for encryption status to mysql-summary * Fixed bug PT-1527 : pt-table-checksum ignores --nocheck-binlog-format * Feature PT-1526 : Add ndb status to pt-mysql-summary (Thanks Fernando Ipar) * Feature PT-1525 : Added support for MySQL 8 roles into pt-mysql-summary diff --git a/bin/pt-mysql-summary b/bin/pt-mysql-summary index 586a9a2b..172717e1 100755 --- a/bin/pt-mysql-summary +++ b/bin/pt-mysql-summary @@ -1177,6 +1177,15 @@ get_plugin_status () { echo ${status:-"Not found"} } +collect_keyring_plugins() { + $CMD_MYSQL $EXT_ARGV --table -ss -e 'SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE "keyring%";' +} + +collect_encrypted_tables() { + $CMD_MYSQL $EXT_ARGV --table -ss -e "SELECT TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS FROM INFORMATION_SCHEMA.TABLES WHERE CREATE_OPTIONS LIKE '%ENCRYPTION=\"Y\"%';" +} + + _NO_FALSE_NEGATIVES="" parse_mysqld_instances () { @@ -1598,6 +1607,29 @@ format_ndb_status() { egrep '^[ \t]*Name:|[ \t]*Status:' $file|sed 's/^[ \t]*//g'|while read line; do echo $line; echo $line | grep '^Status:'>/dev/null && echo ; done } +format_keyring_plugins() { + local keyring_plugins="$1" + local encrypted_tables="$2" + + if [ -z "$keyring_plugins" ]; then + echo "No keyring plugins found" + if [ ! -z "$encrypted_tables" ]; then + echo "Warning! There are encrypted tables but keyring plugins are not loaded" + fi + else + echo "Keyring plugins:" + echo "'$keyring_plugins'" + fi +} + +format_encrypted_tables() { + local encrypted_tables="$1" + if [ ! -z "$encrypted_tables" ]; then + echo "Encrypted tables:" + echo "$encrypted_tables" + fi +} + format_mysql_roles() { local file=$1 [ -e "$file" ] || return @@ -2475,6 +2507,13 @@ report_mysql_summary () { format_mysql_roles "$dir/mysql-roles" fi + section "Encryption" + local keyring_plugins="$(collect_keyring_plugins)" + local encrypted_tables="$(collect_encrypted_tables)" + + format_keyring_plugins "$keyring_plugins" "$encrypted_tables" + format_encrypted_tables "$encrypted_tables" + section "Binary Logging" if [ -s "$dir/mysql-master-logs" ] \ diff --git a/lib/bash/report_mysql_info.sh b/lib/bash/report_mysql_info.sh index 23670108..62ae1586 100644 --- a/lib/bash/report_mysql_info.sh +++ b/lib/bash/report_mysql_info.sh @@ -107,6 +107,15 @@ get_plugin_status () { echo ${status:-"Not found"} } +collect_keyring_plugins() { + $CMD_MYSQL $EXT_ARGV --table -ss -e 'SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE "keyring%";' +} + +collect_encrypted_tables() { + $CMD_MYSQL $EXT_ARGV --table -ss -e "SELECT TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS FROM INFORMATION_SCHEMA.TABLES WHERE CREATE_OPTIONS LIKE '%ENCRYPTION=\"Y\"%';" +} + + # ############################################################################## # Functions for parsing specific files and getting desired info from them. # These are called from within main() and are separated so they can be tested @@ -565,6 +574,29 @@ format_ndb_status() { egrep '^[ \t]*Name:|[ \t]*Status:' $file|sed 's/^[ \t]*//g'|while read line; do echo $line; echo $line | grep '^Status:'>/dev/null && echo ; done } +format_keyring_plugins() { + local keyring_plugins="$1" + local encrypted_tables="$2" + + if [ -z "$keyring_plugins" ]; then + echo "No keyring plugins found" + if [ ! -z "$encrypted_tables" ]; then + echo "Warning! There are encrypted tables but keyring plugins are not loaded" + fi + else + echo "Keyring plugins:" + echo "'$keyring_plugins'" + fi +} + +format_encrypted_tables() { + local encrypted_tables="$1" + if [ ! -z "$encrypted_tables" ]; then + echo "Encrypted tables:" + echo "$encrypted_tables" + fi +} + format_mysql_roles() { local file=$1 [ -e "$file" ] || return @@ -1533,6 +1565,13 @@ report_mysql_summary () { format_mysql_roles "$dir/mysql-roles" fi + section "Encryption" + local keyring_plugins="$(collect_keyring_plugins)" + local encrypted_tables="$(collect_encrypted_tables)" + + format_keyring_plugins "$keyring_plugins" "$encrypted_tables" + format_encrypted_tables "$encrypted_tables" + # ######################################################################## # Binary Logging # ######################################################################## diff --git a/sandbox/servers/start b/sandbox/servers/start index d30b1e32..15f9afe9 100755 --- a/sandbox/servers/start +++ b/sandbox/servers/start @@ -51,11 +51,27 @@ echo -n "Starting MySQL test server on port PORT... " cwd=$PWD cd $BASEDIR -init_file="TMP_DIR/PORT/mysql-init" -if [ -e $init_file ]; then - $BASEDIR/MYSQLD --defaults-file=TMP_DIR/PORT/my.sandbox.cnf -u root --init-file $init_file & -else - $BASEDIR/MYSQLD --defaults-file=TMP_DIR/PORT/my.sandbox.cnf > /dev/null 2>&1 & +encryption_plugins="" +plugins_dir_cmd="" + +plugins_cmd="" +keyring_cmd="" + +if [ -e "${BASEDIR}/lib/mysql/plugin/keyring_file.so" ]; then + encryption_plugins="${BASEDIR}/lib/mysql/plugin/keyring_file.so" +fi + +if [ ! -z "$encryption_plugins" ]; then + plugins_cmd="--early-plugin-load=${encryption_plugins}" + keyring_cmd="--keyring_file_data=/tmp/PORT/data/keyring" + plugins_dir_cmd="--plugin-dir=${BASEDIR}/lib/mysql/plugin/" +fi + +init_file="/tmp/PORT/mysql-init" +if [ -e $init_file ]; then + $BASEDIR/bin/mysqld --defaults-file=/tmp/PORT/my.sandbox.cnf -u root --init-file $init_file $plugins_cmd $plugins_dir_cmd $keyring_cmd & +else + $BASEDIR/bin/mysqld --defaults-file=/tmp/PORT/my.sandbox.cnf $plugins_cmd $plugins_dir_cmd $keyring_cmd > /dev/null 2>&1 & fi cd $PWD