Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8155

Revise the variable/option innodb_encryption_threads

    Details

    • Type: Task
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Fix Version/s: 10.1
    • Component/s: Encryption
    • Labels:
      None

      Description

      From the documentation (https://mariadb.com/kb/en/mariadb/xtradbinnodb-server-system-variables/#innodb_encryption_threads) it appears that the corresponding threads do key rotation and scrubbing, but not the encryption as such.

      Maybe it should be renamed then?

      Of course, it's not easy to find a good name because (again, from the description) the same set of threads perform seemingly unrelated operations. Shouldn't it be split into two, one for scrubbing and another one for key rotation?

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            serg Sergei Golubchik added a comment -

            "key rotation" means that the thread reads tablespace page by page, decrypts pages that were encrypted with the old key and encrypts them with the new key. So it does encryption, yes. Also if there was no old key, this thread will encrypt the (previously not encrypted) tablespace. And if there is no new key, the thread will decrypt the (previously encrypted) tablespace.

            And it can also do scrubbing.

            What can it be renamed to? "Background page rewriting thread"?

            Show
            serg Sergei Golubchik added a comment - "key rotation" means that the thread reads tablespace page by page, decrypts pages that were encrypted with the old key and encrypts them with the new key. So it does encryption, yes. Also if there was no old key, this thread will encrypt the (previously not encrypted) tablespace. And if there is no new key, the thread will decrypt the (previously encrypted) tablespace. And it can also do scrubbing. What can it be renamed to? "Background page rewriting thread"?
            Hide
            elenst Elena Stepanova added a comment -

            But if there is no key rotation, and the value innodb_encryption_threads = 0, encryption itself will still be happening when requested (via a table option or innodb_encrypt_tables variable), right?
            That's when the name becomes confusing.
            Same way, scrubbing will not be happening if innodb_encryption_threads = 0, even though scrubbing seems to have its own group of options.
            It's a bit less confusing than the first part, but still.

            I'm terrible with names, variable names included, so I can't come up with a good one. Maybe we should ask somebody for a second/third/fourth etc. opinion?

            Show
            elenst Elena Stepanova added a comment - But if there is no key rotation, and the value innodb_encryption_threads = 0, encryption itself will still be happening when requested (via a table option or innodb_encrypt_tables variable), right? That's when the name becomes confusing. Same way, scrubbing will not be happening if innodb_encryption_threads = 0, even though scrubbing seems to have its own group of options. It's a bit less confusing than the first part, but still. I'm terrible with names, variable names included, so I can't come up with a good one. Maybe we should ask somebody for a second/third/fourth etc. opinion?
            Hide
            serg Sergei Golubchik added a comment -

            If innodb_encryption_threads = 0 then encryption will still be happening for page writes — that is for new pages or when an existing page is updated. But existing tables with ENCRYPTED=DEFAULT won't automatically become encrypted when innodb_encrypt_tables enabled.

            Sure, let's ask. Ian Gilfillan, Daniel Bartholomew — what do you think of that?

            Show
            serg Sergei Golubchik added a comment - If innodb_encryption_threads = 0 then encryption will still be happening for page writes — that is for new pages or when an existing page is updated. But existing tables with ENCRYPTED=DEFAULT won't automatically become encrypted when innodb_encrypt_tables enabled. Sure, let's ask. Ian Gilfillan , Daniel Bartholomew — what do you think of that?
            Hide
            dbart Daniel Bartholomew added a comment -

            Key rotation and scrubbing seem to both be encryption-related operations that need to be managed, so my first thought is to rename it to innodb_encryption_management_threads but I'm not sure if that successfully encapsulates what this option does.

            Show
            dbart Daniel Bartholomew added a comment - Key rotation and scrubbing seem to both be encryption-related operations that need to be managed, so my first thought is to rename it to innodb_encryption_management_threads but I'm not sure if that successfully encapsulates what this option does.
            Hide
            serg Sergei Golubchik added a comment -

            The way I see it, scrubbing is not really related to encryption. See https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/

            Show
            serg Sergei Golubchik added a comment - The way I see it, scrubbing is not really related to encryption. See https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: