Register and ask your own question!
I've been putting together a proof of concept of an architecture to make sure everything works.
OS: Centos7.8 PXC: 8.0.19 - 3 node cluster setup Hashicorp Vault: 1.4.2 - 3 node cluster setup
I'm trying to get encryption at rest working using the keyring_vault plugin. I have my configuration below:
early-plugin-load = "keyring_vault=keyring_vault.so" loose-keyring_value_config = "/etc/xtradb/keyring_vault.conf"
However, the cluster fails to start up with the following error:
2020-10-19T04:22:44.478556Z 0 [ERROR] [MY-011370] [Server] Plugin keyring_vault reported: 'File '' not found (OS errno 2 - No such file or directory)' 2020-10-19T04:22:44.479119Z 0 [System] [MY-011197] [Server] Plugin keyring_vault reported: 'Could not open file with credentials.' 2020-10-19T04:22:44.479628Z 0 [System] [MY-011197] [Server] Plugin keyring_vault reported: 'keyring_vault initialization failure. Please check that the keyring_vault_config_file points to readable keyring_vault configuration file. Please also make sure Vault is running and accessible. The keyring_vault will stay unusable until correct configuration file gets provided.' 2020-10-19T04:22:44.480595Z 0 [ERROR] [MY-010202] [Server] Plugin 'keyring_vault' init function returned error. 2020-10-19T04:22:44.482688Z 0 [ERROR] [MY-010167] [Server] Failed to initialize early plugins. 2020-10-19T04:22:44.485491Z 0 [ERROR] [MY-010119] [Server] Aborting
I'm not sure what file is missing that the plugin can't locate.
my keyring_vault.conf file looks like this:
vault_url = https://vault.uri:8200 secret_mount_point = secrets/pxc token = s.sdl;fjslfjsdfods vault_ca = /etc/pki/tls/certs/keyring_vault.crt
Getting rid of the plugin declaration and PXC loads back up just fine