Bug #80488 keyring_file_data server variable not working
Submitted: 24 Feb 2016 7:10 Modified: 26 Feb 2016 3:32
Reporter: Fred Battle Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Installing Severity:S2 (Serious)
Version:5.7.11 OS:Any
Assigned to: CPU Architecture:Any

[24 Feb 2016 7:10] Fred Battle 
Description:
Hi,
I built the product from the mysqlcom-pro-5.7.11 source tar.gz.  I'm trying to use the new server system variable, keyring_file_data.  I've tried passing it on the command line to mysqld as --keyring_file_data=<full pathname to keyring>, and also tried setting it in mysql.conf under the [mysqld] subsection as keyring_file_data=<full pathname>, and in both cases I get a rejection of the variable as unknown.

This is the error I'm getting:
2016-02-23T23:43:06.823810Z 0 [ERROR] unknown variable 'keyring_file_data=/opt/fbattle/comcol/Tcm7/runf0/mysql/keyring'

I can't use the default build version because it's not a path unique to each user.  Since the keyring file is owned by the creator, a second user is not able to run mysql.  This creates an error message like this:

2016-02-24T06:57:03.095163Z 0 [Note] Imysqld (mysqld 5.7.11) starting as process 4769 ...
2016-02-24T06:57:03.100044Z 0 [ERROR] Plugin keyring_file reported: 'keyring_file initialization failure. Please check if the keyring_file_data points to readable keyring file or keyring file can be created in the specified location. The keyring_file will stay unusable until correct path to the keyring file gets provided'

How to repeat:
Build the source from mysqlcom-pro-5.7.11.
Run mysqld --initialize-insecure for one user.
Create databases, tables, and users, and grant privileges.
Stop activity for user one.
Have a another unix user try to start mysql.
Discover that the keyring file created by the first user blocks the second user.

Add mysqld --keyring_file_data=<pathname to keyring>, or add to mysql.conf, and note the MySQL log file prints an error that 'keyring_file_data=<pathname>' is an unknown variable.

I do note that the SET GLOBAL command does set keyring_file_data to my desired user unique location.

Suggested fix:
It is interesting to note that the unknown variable is logged as:
'keyring_file_data=/opt/fbattle/comcol/Tcm7/runf0/mysql/keyring'
so it seems to be treating it as a single variable, not a name-value pair.

I've tried listing the value as x=y and as x = y (with spaces), but it always prints the unknown variable as a single quoted variable with no spaces.
[24 Feb 2016 7:25] MySQL Verification Team 
Hello Fred,

Thank you for the report.
This is most likely duplicate of Jesper's Bug #80451, please see Bug #80451

Thanks,
Umesh
[24 Feb 2016 16:07] Fred Battle 
I can't access bug 80451.  Can you make it viewable? Or perhaps share some of the contents?  Is there any mention of a workaround in that bug?
[25 Feb 2016 4:41] Fred Battle 
Since I can't see the original bug, can you tell me when it will be fixed?  By what version?
[26 Feb 2016 0:01] Fred Battle 
I'm only setting this to open in an attempt to get some questions answered (listed in the commments). No new issues here.

Sorry if setting to Open is the wrong thing to do.

Thanks,
-Fred
[26 Feb 2016 3:32] MySQL Verification Team 
I've requested my colleague to publish the bug, the workaround posted in Bug #80451(internal BUG 22777039) by developer:
 
The workaround is to initialise MySQL without the keyring_file_data option, then add it before starting MySQL (or restart MySQL is it's already started).
[27 Apr 2016 13:45] Paul DuBois 
Noted in 5.7.13 changelog.

Starting the server with --initialize failed if the keyring_file_data
system variable was also set at startup. To handle this, with
--initialize the server no longer skips registration of plugins
loaded with the --early-plugin-load option.