Bug #103795 keyring_okv plugin setup fails
Submitted: 24 May 2021 19:54 Modified: 28 Jun 2021 13:08
Reporter: Cleandro Viana Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:8.0.25-commercial MySQL Enterprise Serve OS:CentOS (7)
Assigned to: CPU Architecture:x86
Tags: keyring plugin, KMIP 1.1

[24 May 2021 19:54] Cleandro Viana
Description:
I am trying to setup the keyring_okv plugin to use with a KMIP server.
I have installed the Oracle MySQL Enterprise edition on a CentOS 7 machine.
I configured the plugin according to this page:

https://docs.equinix.com/en-us/Content/Edge-Services/SmartKey/kb/SK-mysql-encryption.htm#:....

Which is very similar to what is documented by Oracle:
https://dev.mysql.com/doc/mysql-security-excerpt/5.7/en/keyring-okv-plugin.html

When I restart the mysqld service I see the following on the log:
2021-05-24T16:44:45.524984Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.25-commercial) starting as process 2399
2021-05-24T16:44:45.544113Z 0 [ERROR] [MY-011400] [Server] Plugin keyring_okv reported: 'Error setting the key file.'
2021-05-24T16:44:45.544307Z 0 [ERROR] [MY-011386] [Server] Plugin keyring_okv reported: 'Could not initialize ssl layer'
2021-05-24T16:44:45.544351Z 0 [ERROR] [MY-011377] [Server] Plugin keyring_okv reported: 'keyring_okv initialization failure. Please check that the keyring_okv_conf_dir points to a readable directory and that the directory contains Oracle Key Vault configuration file and ssl materials. Please also check that Oracle Key Vault is up and running.'

I have checked my okvclient.ora file and it is completely open for reading.
Also the ssl folder has the keys and certificates as needed.

The my.cnf file has the entries according to the documentation.

Please help!

Cleandro Viana

How to repeat:
Follow steps here:

https://docs.equinix.com/en-us/Content/Edge-Services/SmartKey/kb/SK-mysql-encryption.htm#:....
[24 May 2021 19:58] Cleandro Viana
Change OS version
[27 May 2021 13:13] MySQL Verification Team
Hi Mr. Viana,

Thank you for your bug report.

First of all, we do not follow links other than our own. Hence, we hope that you have followed our Manual on how to set that plugin, to the last letter.

It is evident that you have not set a directory correctly or that directory or file privileges are not right for the user ID under which your MySQL Server is running. Entire branch, from the root directory to OKV directory must be readable and writeable for that user.
[28 Jun 2021 1:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".