I’ve spent the whole night struggling to have our production server restart…
After we had to reboot the linux server, the mysql server didn’t restart. It quickly turned out that the vault token had expired - so I commented out the old token in keyring_vault.conf, added the new token… and the server still didn’t restart.
After trying hundreds of combinations (was the Vault broken? did some parameter change??), it turned out that you CANNOT ADD #COMMENTS in the keyring_vault.conf file.
my.cnf is much more relaxed:
- You can write
and you can comment out every line you tried unsuccessfully.
You can write
You can write
BUT you can’t write
which is a shame, because the error message in the log says precisely:
Plugin keyring_vault reported: 'keyring_vault initialization failure. Please check that the keyring_vault_config_file points to readable keyring_vault configuration file
BUT DO NOT WRITE in keyring_vault.conf
[INDENT]vault_url = https://vault01.internal.xxxxxxx:8200
secret_mount_point = secret/db01/master
This is a nice comment
token = 5UrSFT7xXi69RPAZE123AZE1
vault_ca = /var/lib/mysql-keyring/u06.pem[/INDENT]
So I’d suggest that either #comments are accepted, or the file has an other extension, such a keyring_vault.4lines… And the documentation should be much, much enhanced.
Version : /usr/sbin/mysqld Ver 5.7.23-25 for debian-linux-gnu on x86_64 (Percona Server (GPL), Release ‘25’, Revision ‘7e2732e’)
Another topic: I couldn’t find a damn way to search on this forum. Is it the result of my night spent battling? Otherwise this forum is quite useless… and so is this post, intended to save other people’s night.