本文为墨天轮数据库管理服务团队原创内容,如需转载请联系小墨(VX:modb666)并注明来源。
作者:陈刚
墨天轮数据库管理服务团队技术顾问
MySQL 8.0 OCP,PostgreSQL PGCM,曾就职于金融行业,目前主要从事MySQL和PostgreSQL等开源数据库技术支持等相关工作。在ORACLE、MySQL、PostgreSQL、MongoDB以及PG系的国产数据库上有一定的经验。
适用范围
MySQL 8.0.14 and later
问题概述
ERROR: Reading encrypted log files directly is not supported.
客户在使用mysqlbinlog命令读取binlog日志时,出现了如上的错误。
问题原因
MySQL 8.0.14开始,支持了binlog的加密,通过:binlog_encryption参数进行配置,客户启用了binlog加密,所以不能跟之前的版本一样使用mysqlbinlog命令直接读取。
问题模拟与解决方案
解决方案
问题模拟
1. 开启binlog加密
[mysqld]
early-plugin-load=keyring_file.so
控制是否对 Binlog 文件加密的开关是:binlog_encryption ,此开关可以动态打开或者关闭,修改会引起一次 Binlog rotate。需要用户具有 BINLOG_ENCRYPTION_ADMIN 权限。
mysql> set global binlog_encryption = ON;
由于我测试环境创建数据库之初就已经配置好binlog加密,所以我看到的效果如下:
可以看到测试环境当前有两个binlog且都是加密状态
2. 创建第一批测试数据
h:localhost u:root :db(none) [09:03:47]>create database db
-> ;
Query OK, 1 row affected (0.02 sec)
h:localhost u:root :db(none) [09:03:57]>use db
Database changed
h:localhost u:root :dbdb [09:04:00]>create table t1(id int);
Query OK, 0 rows affected (0.16 sec)
h:localhost u:root :dbdb [09:04:11]>insert into t1 values (1);
Query OK, 1 row affected (0.03 sec)
h:localhost u:root :dbdb [09:04:21]>insert into t1 values (2);
Query OK, 1 row affected (0.01 sec)
h:localhost u:root :dbdb [09:04:23]>insert into t1 values (3);
Query OK, 1 row affected (0.04 sec)
h:localhost u:root :dbdb [09:04:25]>flush logs;
Query OK, 0 rows affected (0.06 sec)
h:localhost u:root :dbdb [09:04:45]>create table t2(id int);
Query OK, 0 rows affected (0.11 sec)
h:localhost u:root :dbdb [09:05:20]>insert into t1 values (4);
Query OK, 1 row affected (0.02 sec)
h:localhost u:root :dbdb [09:05:24]>insert into t1 values (5);
Query OK, 1 row affected (0.28 sec)
h:localhost u:root :dbdb [09:05:26]>insert into t1 values (6);
3. 全备
/usr/local/mysql/bin/mysqlbackup --defaults-file=/etc/my.cnf --user=root --password=root123 --socket=/data/mysql/mysql.sock --backup-image=/data/mysql/backup/mysql_server.mbi --backup-dir=/data/mysql/backup/temp --encrypt-password backup-to-image
4. 创建第二批测试数据
h:localhost u:root :db(none) [09:25:21]>use db
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
h:localhost u:root :dbdb [09:25:39]>insert into t2 values(3);
Query OK, 1 row affected (0.02 sec)
h:localhost u:root :dbdb [09:26:00]>insert into t2 values(2);
Query OK, 1 row affected (0.01 sec)
h:localhost u:root :dbdb [09:26:03]>insert into t2 values(1);
Query OK, 1 row affected (0.00 sec)
h:localhost u:root :dbdb [09:26:05]>insert into t1 values(7);
Query OK, 1 row affected (0.01 sec)
h:localhost u:root :dbdb [09:26:18]>insert into t1 values(8);
^[[AQuery OK, 1 row affected (0.79 sec)
h:localhost u:root :dbdb [09:26:22]>insert into t1 values(9);
Query OK, 1 row affected (0.01 sec)
h:localhost u:root :dbdb [09:26:38]>insert into t1 values(10);
Query OK, 1 row affected (0.03 sec)
h:localhost u:root :dbdb [09:26:43]>insert into t1 values(20);
Query OK, 1 row affected (0.01 sec)
h:localhost u:root :dbdb [09:26:46]>insert into t1 values(30);
Query OK, 1 row affected (0.04 sec)
h:localhost u:root :dbdb [09:27:02]>flush logs;
Query OK, 0 rows affected (0.06 sec)
h:localhost u:root :dbdb [09:27:02]>create table t3 (id int);
Query OK, 0 rows affected (0.10 sec)
h:localhost u:root :dbdb [09:27:32]>insert into t3 values (100);
Query OK, 1 row affected (0.03 sec)
h:localhost u:root :dbdb [09:27:40]>insert into t3 values (200);
Query OK, 1 row affected (0.11 sec)
h:localhost u:root :dbdb [09:27:43]>insert into t3 values (300);
Query OK, 1 row affected (0.27 sec)
h:localhost u:root :dbdb [09:28:48]>flush logs;
Query OK, 0 rows affected (0.07 sec)
5. 模拟故障
1)拷贝走binlog
6. 全备恢复
/usr/local/mysql/bin/mysqlbackup --defaults-file=/etc/my.cnf --datadir=/data/mysql/data --backup-image=/data/mysql_bak/backup/mysql_server.mbi --backup-dir=/data/mysql/backup/temp1 --encrypt-password copy-back-and-apply-log
7. binlog恢复
然后,我们通过手动编写binlog.index的方式把binlog.000004和binlog.000005也加入进去,然后启动数据库,效果如下:
注:6号的binlog为数据库启动后自动生成的,不用管它。
恢复binlog数据
/usr/local/mysql/bin/mysqlbinlog -uroot -proot123 --start-position=1252 --socket=/data/mysql/mysql.sock --read-from-remote-server binlog.000003 --database=db --skip-gtids|/usr/local/mysql/bin/mysql -uroot -S /data/mysql/mysql.sock -proot123 -v db
/usr/local/mysql/bin/mysqlbinlog -uroot -proot123 --socket=/data/mysql/mysql.sock --read-from-remote-server binlog.000004 --database=db --skip-gtids|/usr/local/mysql/bin/mysql -uroot -S /data/mysql/mysql.sock -proot123 -v db
/usr/local/mysql/bin/mysqlbinlog -uroot -proot123 --socket=/data/mysql/mysql.sock --read-from-remote-server binlog.000005 --database=db --skip-gtids|/usr/local/mysql/bin/mysql -uroot -S /data/mysql/mysql.sock -proot123 -v db
b. 本案例没有模拟最新binlog需排除不需要的操作的情况,如果有此类情况,可以使用stop-position指定恢复停止的位置
8. 检查恢复情况
可以看到恢复成功。
参考文档:
-
http://mysql.taobao.org/monthly/2019/12/02/ -
https://support.oracle.com/epmos/faces/DocumentDisplay?parent=SrDetailText&sourceId=3-38873649051&id=2494958.1 -
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=268727092684674&parent=SrDetailText&sourceId=3-38873649051&id=2558866.1&_afrWindowMode=0&_adf.ctrl-state=47mix4zgc_217 https://dev.mysql.com/blog-archive/how-to-manually-decrypt-an-encrypted-binary-log-file/
THE END
墨天轮从乐知乐享的数据库技术社区蓄势出发,全面升级,提供多类型数据库管理服务。墨天轮数据库管理服务旨在为用户构建信赖可托付的数据库环境,并为数据库厂商提供中立的生态支持。
服务官网:https://www.modb.pro/service
点击进入服务团队专家主页
本文分享自微信公众号 - 墨天轮(enmocs)。
如有侵权,请联系 support@oschina.cn 删除。
本文参与“OSC源创计划”,欢迎正在阅读的你也加入,一起分享。
