Breadcrumbs

keyring_okv Plugin On Linux

The configuration directory used by keyring_okv as the location for its support files should have a restrictive mode and be accessible only to the account used to run the MySQL server. For example, on Unix and Unix-like systems, to use the /var/lib/mysql/mysql-keyringokv directory, the following commands, executed as root,

  1. Create the directory and set its mode and ownership.

›_ Console

 
cd /var/lib 
# mkdir -p mysql/mysql-keyring-okv/ssl 
# chmod -R 750 mysql 
# chown -R mysql mysql 
# chgrp -R mysql mysql

  1. To be usable during the server startup process, keyring_okv must be loaded using the -early-plugin-load option. Also, set the keyring_okv_conf_dir system variable to tell keyring_okv where to find its configuration directory. Edit the /etc/my.cnf file and add the plugin into the mysqld section.

›_ Console

 
[mysqld] 
early-plugin-load=keyring_okv.so 
keyring_okv_conf_dir=/var/lib/mysql/mysql-keyring-okv

  1. Make sure you have Downloaded the CA.pem, cert.pem, and key.pem to our MySQL client under the SSL directory and give permission with mysql.

›_ Console

 
#chown mysql:mysql ssl -R 
#chmod 755 ssl -R

  1. In the configuration directory, create a file named okvclient.ora. It should have following format:

›_ Console

 
SERVER=xxx.xxx.xxx.xxx:5696 
STANDBY_SERVER=xxx.xxx.xxx.xxx:5696 
STANDBY_SERVER is optional. 
Example: 
SERVER=10.44.223.144:5696 
STANDBY_SERVER=10.44.223.145:5696

  1. Set the permissions on these files.

›_ Console

 
cd /var/lib/mysql/mysql-keyring-okv/okvclient.ora 
chmod -R 750 okvclient.ora 
chown -R mysql:mysql okvclient.ora

  1. After completing the preceding procedure, restart the MySQL server. It loads the keyring_okv plugin and keyring_okv uses the files in its configuration directory to communicate with ESKM.

  2. Verify that the keyring_okv plugin is working.

mysql›

 
mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'keyring%';