I was trying to install keyring plugin on MySQL 5.7.18.
I edited my.ini file. It was blank so I added the following text and restarted MySQL.
[mysqld]
early-plugin-load=keyring_file.dll
I ran the following command to install the plugin.
mysql> install plugin keyring_file soname 'keyring_file.dll';
I then ran the following sql to check:
mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS
-> FROM INFORMATION_SCHEMA.PLUGINS
-> WHERE PLUGIN_NAME LIKE 'keyring%';
+--------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+--------------+---------------+
| keyring_file | ACTIVE |
+--------------+---------------+
1 row in set (0.00 sec)
But when I tried to alter a table to use encryption, I got errors.
mysql> ALTER TABLE t1 ENCRYPTION='Y';
ERROR 3185 (HY000): Can't find master key from keyring, please check keyring
plugin is loaded.
Did I miss a step somewhere?
Harriett, do the following:
Check the user that the MySQL service runs as (e.g., NETWORK SERVICE)
Create a keyring folder in C:/Program Files/MySQL/MySQL Server 5.7
Explicitly grant the MySQL service user permissions on the keyring folder
By default on Windows when using keyring_file, the keyring file is stored in C:/Program Files/MySQL/MySQL Server 5.7/keyring/keyring (I determined this by running SHOW VARIABLES LIKE 'keyring%' after installing the plugin and confirming its loading as you described).
After creating the keyring folder in C:/Program Files/MySQL/MySQL Server 5.7 right-click, then Properties -> Security, then Edit -> Add etc. Once the user is added check "Modify" in addition to Read & execute, List folder contents, Read and Write.
Then restart the MySQL service and you should be able to create an encrypted table without error.
NOTE: For security reasons you should go back and remove all users/groups you don't think will absolutely need to have access to the keyring folder (e.g., local machine users). On Unix the docs recommend that the mysql user and group alone have access to the folder.
On windows you don't need this line:
mysql> install plugin keyring_file soname 'keyring_file.dll';
that's the install operation for Linux (maybe you might if running under Node?)
BUT make sure you have a FULL install of MySql - I didn't realise there are cut down versions that don't have the plugin dlls (and other stuff).
And make sure you have the keyring_udf.dll installed and you've also created the UDF functions.
The documentation on mySql's pages for all this is badly organised and hard to follow.
This is one of those tasks that goes on for ever.. got key set up, got everything running - keyfile gets encrypted.
Then I use ALTER TABLE mytable ENCRYPTION='Y' but nothing happens.
I export the table and the export states "ENCRYPTION='Y'" but nope it's not encrypted. No error messages in mysql log, nothing.
I was facing the exact same issue on m local MySQL instance and following steps helped me resolve the ‘Encryption can't find master key, please check the keyring plugin is loaded.' issue.
Add following line in my.ini file
early-plugin-load=keyring_file.dll
Create a folder named keyring at C:\Program Files\MySQL\MySQL Server 8.0 location.
Grant modify access to this folder as MySQL needs to read the folder and insert keyring in the folder.
Also Grant modify access to MySQL folder inside Program Files.
Uninstall existing installed keyring plugin using following command -
UNINSTALL PLUGIN keyring_file;
Restart the MySQL server after making above changes.
Check if the keyring plugin is loaded or not using the following command :-
show variables like '%keyring%';
It should show an output like this :-
+--------------------+---------------------------------------------------------+
| Variable_name | Value |
+--------------------+---------------------------------------------------------+
| keyring_file_data | C:/Program Files/MySQL/MySQL Server 8.0/keyring\keyring |
| keyring_operations | ON |
+--------------------+---------------------------------------------------------+
2 rows in set (0.0024 sec)
Now you should be able to enable encryption on your table using this command :-
ALTER TABLE city ENCRYPTION='Y';
I hope the answer helps.
Check for my.ini file in "C:\Program Files\MySQL\MySQL Server 8.0"
if not available create my.ini file and add the below lines
[mysqld]
early-plugin-load=keyring_file.dll
grant read,write,execute,modify permissions to MYSQL folder and its internal folders in "C:\Program Files\MYSQL"
Restart your MYSQL80 service.
once you have restarted the service you should be able to see the "keyring" file in the default location
C:\Program Files\MySQL\MySQL Server 8.0\keyring
Note: keyring file will be in keyring folder i.e.,
C:\Program Files\MySQL\MySQL Server 8.0\keyring\keyring
if you don't find the file try to restart your system. In my case after restarting my system, i am able to see the files.
Now open mysql command line and execute below command
install plugin keyring_file soname 'keyring_file.dll';
Result :
Query OK, 0 rows affected (0.03 sec)
Now you can run the below command to see the keyring details.
SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'keyring%';
Result:
keyring_file_data C:/Program Files/MySQL/MySQL Server 8.0/keyring\keyring
keyring_operations ON
Now create your table with Encryption
ex:
CREATE TABLE dept ( deptno int NOT NULL
> AUTO_INCREMENT, dname varchar(20) , loc
> varchar(20) , CONSTRAINT pk_dept PRIMARY KEY ( deptno ) )
> engine=InnoDB ENCRYPTION = 'Y';
i think everything is wonderful as mentioned above, but a small change can run your tables.
use this.
ALTER TABLE t1 ENCRYPTION='N';
i will see you around.
Related
Using MySQL 8.0 and MySQL Workbench on Windows 10. Also using Command Prompt to interface with mysql after cd'ing into C:\Program Files\MySQL\MySQL Server 8.0\bin.
I'm trying to implement encryption data-at-rest on several tables on a database. However, after trying to install keyring_file.dll via
install plugin keyring_file soname 'keyring_file.dll';
I get the following error:
ERROR 1123 (HY000): Can't initialize function 'keyring_file'; Plugin initialization function failed.
I have added the following to my.cnf under mysqld:
[mysqld]
early-plugin-load=keyring_file.dll
keyring_file_data=C:/Program Files/MySQL/MySQL Server 8.0/lib/plugin/keyring_file
After restarting MySQL server via services.msc, I ran 'show variables like '%keyring%';' which returned the following:
Running the following:
SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'keyring%';
Also returned:
Not sure what I have done wrong or missed out. Looking at similar questions and solutions for this issue don't seem to work for some reason.
I have got the same problem, following steps resolve my issue
check error log and found the permission issue cause the problem.
create a folder "Plugin" on "C:\ProgramData\MySQL\MySQL Server 8.0" (data directory path).
copy keyring_file.dll from "C:\Program Files\MySQL\MySQL Server 8.0\lib\plugin" to "C:\ProgramData\MySQL\MySQL Server 8.0\Plugin".
set keyring_file_data=C:\ProgramData\MySQL\MySQL Server 8.0\Plugin\keyring in my.ini file.
restart the mysql service
execute mysql> install plugin keyring_file soname 'keyring_file.dll';
I am trying to enable slow_query_log on mysql, but I could not find it on my mac.
I read in MySQL 5.7 Documentation that"
By default, the server writes files for all enabled logs in the data directory.
When I write show variables like '%slow_query%'; in mysql shell, I see the following:
but I can't see McBook-Pro-6-slow.log in the data directory. Here is all I can see in the data directory:
Could someone let me know why I can't see the slow log file?
In order to enable the slow_query_log, I've read here that I should add slow-query-log=1 to my.cnf. Here, my problem is that I am not sure where is mysql config file on my Mac. I've found a my-default.cnf in usr/local/mysql/support-files/ and another my.cnf file in /etc. Which one should I modify??
Thanks,
Refer to this Stackoverflow question MySQL 'my.cnf' location? which pertains to Mac OS. As you can see the permutations of locations are numerous usually compounded by different distros and MAMP XAMP WAMP bundles and Home Brew. It is not uncommon to have 2 mysql daemons on a box and not even know it.
Which is why in comments I suggested looking at the output of select ##basedir for the location of the my.ini (Windows) or my.cnf (Linux/Mac). That is not to suggest a configuration file is going to be there, but that is where it should be if one were to exist. Without it, baked-in default values are used. Often there is a stub, a suggested file, named differently (like my-default), awaiting your tweaks and a rename or copy to the appropriate file name of my.ini or my.cnf.
There is also a system variable named slow_query_log_file and its value visible if set thru SELECT ##slow_query_log_file;. For me right now it has a value of GUYSMILEY-slow.log because I did not set it in my ini (Windows) and it defaults to computername+"-slow.log".
That is the filename without the path. Where the file actually is written to is in the datadir seen with the output of select ##datadir;.
On my system this means (via ##basedir)
C:\Program Files\MySQL\MySQL Server 5.6\my.ini
would have a setting that ends up in a slowlog file written to in this absolute path (helped by ##datadir):
C:\ProgramData\MySQL\MySQL Server 5.6\data\GUYSMILEY-slow.log
and a fragment inside that log file might show something like this:
Ini and cnf changes require a MySQL daemon restart. In that configuration file a section similar to (my 5.6)
[mysqld]
basedir=C:\\Program Files\\MySQL\\MySQL Server 5.6\\
datadir=C:\\ProgramData\\MySQL\\MySQL Server 5.6\\Data\\
port=3306
log_warnings = 2
and (my 5.7)
[mysqld]
basedir=C:\\Program Files\\MySQL\\MySQL Server 5.7\\
datadir=C:\\ProgramData\\MySQL\\MySQL Server 5.7\\Data\\
port=3307
log_error_verbosity=2
the above is used within the [mysqld] section to play with settings. What I suggest is playing with this section with an innocuous setting like log_error_verbosity (5.7.2 and up) or similar, save it. Restart the deamon and determine if the variable (as Rick James would call settings because most really aren't dynamically settable). So a sanity check of select ##log_error_verbosity (5.7.2 and up) can confirm it the change is picked up. If it is, bingo, you are doing it right.
The Manual Page Server System Variables depicts the variables (settings) and whether or not they can be dynamically set/changed after the config file load via commands. Dynamic changes are reverted upon daemon restart.
How one would dynamically change a variable might look like:
SET GLOBAL log_error_verbosity=2;
Again, only certain variables are available in certain MySQL versions, such as the above, not available in older versions.
Also note multiple versions of MySQL running concurrently on a server. On mine i have 5.6.31 and 5.7.14. To access a different one via command line tools, use something like the -P 3307 switch to point at the one running on port 3307. Note the uppercase P as opposed to lowercase (which would mean prompt for password).
Determine if multiple instances are running. I use port checks such as
sudo netstat -tulpn (Linux)
netstat -aon | more (Windows, the top part, State=LISTENING)
Unfortunately these types of changes and trial and error take time and are very frustrating. Sorry I do not have a quick and easy answer for all cases.
Addendum
Notes here related to comments. In the below, w-x-y-z is a redacted IP Address.
On a Linux box (amazon ec2 redhat btw):
select ##slow_query_log;
-- 0 (so it is turned off)
SELECT ##slow_query_log_file;
-- /var/lib/mysql/ip-w-x-y-z-slow.log
select ##version;
-- 5.7.14
set global slow_query_log=1;
Error Code: 1227. Access denied; you need (at least one of) the SUPER privilege(s) for this operation 0.094 sec
(ok I was in MySQL Workbench as a dummied down user, off to do it as root via MySQL cmd line ...
mysql> set global slow_query_log=1;
Query OK, 0 rows affected (0.01 sec)
mysql> select ##slow_query_log;
+------------------+
| ##slow_query_log |
+------------------+
| 1 |
+------------------+
1 row in set (0.00 sec)
btw Workbench user can confirm the above `1`
at shell as linux user:
[ec2-user#ip-w-x-y-z ~]$ cd /var/lib/mysql
[ec2-user#ip-w-x-y-z mysql]$ sudo ls -la
(there were many files, only one needed to show you below)
-rw-r-----. 1 mysql mysql 179 Sep 19 01:47 ip-w-x-y-z-slow.log
[ec2-user#ip-w-x-y-z mysql]$ sudo vi ip-w-x-y-z-slow.log
(Header stub, the entire contents, no slow queries yet, log seen below):
/usr/sbin/mysqld, Version: 5.7.14 (MySQL Community Server (GPL)). started with:
Tcp port: 3306 Unix socket: /var/lib/mysql/mysql.sock
Time Id Command Argument
SHOW VARIABLES LIKE 'log_output'; to verify that it is set to FILE or FILE,TABLE.
I was trying to edit the MySQL server variable ft_min_word_len, but unfortunately i could not find the file location on my hard disk containing these settings
I looked for the files my.ini and my.cnf in MySQL installation directory, in c:\windows directory and in 'C:\ProgramData\MySQL\MySQL Server 5.5\' server 5.5 and any other possible location.
I found only one file my.ini in MySQL installation directory (c:\MySQL), but this file contains no such settings.
I look through phpmyadmin and i found that variable in 'Server variables and settings' section, i also find this variable in information_schema under GLOBAL_VARIABLES table.
But i couldn't find it in any file on my windows 7 system which is 64bit and i have installed 64bit specific MySQL
one thing i also noticed that there was no file for information_schema in 'C:\ProgramData\MySQL\MySQL Server 5.5\data' but for other database there is corresponding file in it.
Hope for some helpful answer
MySQL config file would usually be found on Windows under C:\Windows\my.ini and on Linux under
/etc/my.cnf
If you doesn't get any below line into file and then you can add it, then restart your mysql server.
[mysqld]
ft_min_word_len = 3
It isn't mandatory to specify every single variable in the settings file. MySQL will use the hard-coded default values when you don't set a value. Just add a new line to the file.
As about file location, it should be in the base dir:
mysql> SELECT ##basedir;
+------------------------------------------+
| ##basedir |
+------------------------------------------+
| C:\Program Files\MySQL\MySQL Server 5.0\ |
+------------------------------------------+
1 row in set (0.00 sec)
Following error occurs when I am trying to restore a DB in MYSQL via putty.
Command: mysql -u root -p db1<dbname.sql ;
ERROR 1 (HY000) at line 7904: Can't create/write to file
'./dbname/db.opt' (Errcode: 2)
What is the reason?
This often means that your dump file includes a command that should run against a database that either doesn't exist in your local context, or to which the current user does not have access. Open up the dumpfile and look at the line mentioned in the error to find out what's going on.
I ran into this error at work when the source database name was different than the target database name. I dumped a database on one server with mysqldump db1 > dumpfile and attempted to import it on a different server with mysql db2 < dumpfile.
Turns out the dumpfile had ALTER TABLE db1 ... statements which were meaningless on the target server where I named the database db2.
There is probably a more elegant solution than this, but I just edited the dumpfile on the target server and replaced db1 with db2.
Find out what Errcode: 2 means
You can use the perror utility to find what error 2 means:
$ perror 2
OS error code 2: No such file or directory
More info is at the link #Jocelyn mentioned in their comment: http://dev.mysql.com/doc/refman/5.5/en/cannot-create.html
Find out what path ./ points to
We now know a file doesn't exist (or maybe it can't be written to.) The error message gives us a relative path ./ which makes it tricky... Wouldn't it be helpful if it output a fully-qualified path? Yeah.
So when MySQL imports an SQL file it creates some temp files on the filesystem. The path is usually specified by the "tmpfile" configuration option in the MySQL my.cnf file. You can quickly find the value by executing an SQL query:
$ mysql -h127.0.0.1 -uroot -p
# I assume you're now logged into MySQL
mysql> SHOW VARIABLES LIKE '%tmpdir%';
+-------------------+-------+
| Variable_name | Value |
+-------------------+-------+
| slave_load_tmpdir | /tmp |
| tmpdir | /tmp |
+-------------------+-------+
2 rows in set (0.00 sec)
Ensure the directory is writeable by mysql user
According to tmpdir this means MySQL was trying to create /tmp/dbnamehere/db.opt. Ensure this directory exists and that it's owned by mysql:mysql. You might have to use sudo to elevate privileges high enough to create some directories.
$ chown -R mysql:mysql /tmp/dbnamehere
Still not working? Try other default tmpdir paths
I hit issues on my system (Ubuntu 12.04 + Vagrant 1.7.2 + Chef 11.something + opscode mysql cookbook 6.0.6) where the value in tmpdir wasn't being considered or wasn't being pulled from where I expected.
MySQL was actually trying to create the temp file at one of the following locations:
/var/lib/mysql/dbnamehere
/var/lib/mysql-default/dbnamehere
I had to create those directories and change ownership to mysql:mysql.
I had backup from "db1" and restoring to "db2"
so in the dump file had to change "db1" to "db2" with sed.
And all worked fine.
You'll find help about this error in the MySQL manual: http://dev.mysql.com/doc/refman/5.5/en/cannot-create.html
All,
This is the first time I am using MySQL and hence listing all the steps. This is actually a reinstall of MySQL since my 1st attempt had failed.
I have installed the latest version of MySQL Community Server on my machine. The installation folder is C:\Program Files\MySQL\MySQL Server 5.5 . The data folder resides in this folder path itself. I have created few tables in the MySQL command prompt by:
1 > Going into MS DOS Prompt.
2 > Making C:\Program Files\MySQL\MySQL Server 5.5 as my current directory
3 > Entered command: mysql -u root -p
4 > Entered password
5 > Placed my script file(.sql) which creates new tables in the folder C:\Program Files\MySQL\MySQL Server 5.5\bin
6 > In the command prompt, typed source <scriptfile>.sql
7 > Now, I get warnings for few tables. But when I enter command SHOW TABLES, all the tables in the script file are shown.
However, I am not able to locate the tables created in form of directories/files on the drive. The data folder does not contain my tables as well.Can anyone please tell me where are the tables located?
On Windows 7, the data directory is, by default, "C:/ProgramData/MySQL/MySQL Server 5.5/Data/". Note that "C:/ProgramData" is a hidden directory.
In windows 8(dont check in other OS)
Enter mysql in command prompt by
mysql -uusername -ppassword
Then type
select ##datadir;
mysql> select ##datadir;
+---------------------------------------------+
| ##datadir |
+---------------------------------------------+
| C:\ProgramData\MySQL\MySQL Server 5.6\data\ |
+---------------------------------------------+
1 row in set (0.00 sec)
Another way!!!
Go to C:\ProgramData\MySQL\MySQL Server 5.6\my.ini and there you can find datadir.
Be sure it is in ProgramData, not in ProgramFiles.
Go into your C:\Program Files\MySQL\MySQL Server 5.5\my.ini and find the variable "datadir".
This is your Data dir ;)
the table files are located in the \data folder. if you have not overriden this path when you were installing or if you have not modified the path in the my.ini config file after the installation. there are gui tools available for mysql that can help you do things easily.
C:/Documents and Settings/All Users/Application Data/MySQL/MySQL Server 5.1/Data/
Is the default DATA directory in XP.