TDE and Database replication between servers
I am attempting to test replication between two MariaDB servers, one production with TDE enabled and the other a scratch environment (no TDE), connected via an SSH tunnel (connectivity and db access confirmed).
Are databases with data at rest able to replicate to either unencrypted partners, or those using different encryption keys?
show slave status\G gives me
Last_IO_Errno: 1595 Last_SQL_Errno: 1594
Relay log read failure: Could not parse relay log event entry. The possible reasons are: the master's binary log is corrupted (you can check this by running 'mysqlbinlog' on the binary log), the slave's relay log is corrupted (you can check this by running 'mysqlbinlog' on the relay log), a network problem, or a bug in the master's or slave's MySQL code. If you want to check the master's binary log or slave's relay log, you will be able to know their names by issuing 'SHOW SLAVE STATUS' on this slave.
And it has never successfully replicated:
When I look at the logs: mysqlbinlog /var/log/mysql/mysql-bin.000001 , I get:
/*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/; /*!40019 SET @@session.max_insert_delayed_threads=0*/; /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/; DELIMITER /*!*/;
- at 4
- 220326 21:14:23 server id 1 end_log_pos 256 CRC32 0x34d48030 Start: binlog v 4, server v 10.3.34-MariaDB- 0ubuntu0.20.04.1-log created 220326 21:14:23 at startup ROLLBACK/*!*/; ---- etc
- The rest of the binlog is encrypted! ERROR: Error in Log_event::read_log_event(): 'Event decryption failure', data_len: 2833835038, event_type: 53 ERROR: Could not read entry at offset 296: Error in log format or read error.
Warm regards, Stewart
Answer Answered by Daniel Black in this comment.
The binary logs are encrypted with key id 1. It seems so are Aria tables. If most of your important data is on InnoDB those can be configured to use a different key.
Given this shared key id 1 with Aria is a rather invasive, please state the use case on MDEV-18049.