warning/error about ignored --encrypt-key or --encrypt-key-file if the --encrypt option is missing

Bug #1739773 reported by Shahriyar Rzayev on 2017-12-22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona XtraBackup moved to https://jira.percona.com/projects/PXB
Status tracked in 2.4

Bug Description


If you specify --encrypt=AES256 but not --encrypt-key or --encrypt-key-file the result will be:

* xtrabackup --defaults-file= --user=root --password='' --backup --socket=/home/shahriyar.rzaev/XB_TEST/server_dir/PS061217-percona-server-5.7.20-18-linux-x86_64-debug/socket.sock --no-version-check --encrypt=AES256 --keyring-file-data=/home/shahriyar.rzaev/XB_TEST/server_dir/PS061217-percona-server-5.7.20-18-linux-x86_64-debug/mysql-keyring/keyring --stream="xbstream" --target-dir=/home/shahriyar.rzaev/XB_TEST/backup_dir/ps_5_7_x_2_4/cycle1/full/2017-12-20_14-16-24

InnoDB: Number of pools: 1
encryption: no encryption key or key file specified.
encryption: unable to set libgcrypt cipher key - User defined source 1 : Invalid key length
encrypt: failed to create worker threads.
Error: failed to initialize datasink.

If you did not specify --encrypt but --encrypt-key or --encrypt-key-file, they will be ignored silently.

* xtrabackup --defaults-file= --user=root --password='' --backup --socket=/home/shahriyar.rzaev/XB_TEST/server_dir/PS061217-percona-server-5.7.20-18-linux-x86_64-debug/socket.sock --no-version-check --encrypt-key='ASASDASDASDASDASDASDASDASDASDA' --encrypt-key-file=/home/shahriyar.rzaev/XB_TEST/server_dir/PS061217-percona-server-5.7.20-18-linux-x86_64-debug/mysql-keyring/keyring --keyring-file-data=/home/shahriyar.rzaev/XB_TEST/server_dir/PS061217-percona-server-5.7.20-18-linux-x86_64-debug/mysql-keyring/keyring --stream="xbstream" --target-dir=/home/shahriyar.rzaev/XB_TEST/backup_dir/ps_5_7_x_2_4/cycle1/full/2017-12-20_14-16-24

InnoDB: Number of pools: 1
171222 12:27:40 >> log scanned up to (696446812)
xtrabackup: Generating a list of tablespaces
InnoDB: Allocated tablespace ID 21 for sys/sys_config, old maximum was 0
171222 12:27:41 >> log scanned up to (696446812)
171222 12:27:42 >> log scanned up to (696451913)
171222 12:27:43 >> log scanned up to (696451913)
171222 12:27:44 >> log scanned up to (696451913)

The best is to force to use --encrypt if (--encrypt-key or --encrypt-key-file) specified or print warning/error on this.

Tags: qa Edit Tag help

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-798

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers