search

edgelesssys / edgelessdb

EdgelessDB is a MySQL-compatible database for confidential computing. It runs entirely inside a secure enclave and comes with advanced features for collaboration, recovery, and access control.
https://edgeless.systems/products/edgelessdb
GNU General Public License v2.0
170 stars 17 forks source link

data persistance expecations are not documented #90

Closed aep closed 2 years ago

aep commented 2 years ago

I could not find how continuity works in edb.

after simulated power failure all sql data is gone:

[erthost] loading enclave ...
[erthost] entering enclave ...
[EDB] 2022/04/11 08:15:14 EdgelessDB v0.2.1 (22c6a1b78674802ce315bc3620b3a869c306894e)
[EDB] 2022/04/11 08:15:14 starting up ...
2022-04-11  8:15:15 0 [Note] edb (mysqld 10.5.11-MariaDB) starting as process 33 ...
mysql -h127.0.0.1 -uroot --ssl-ca edb.pem --ssl-cert cert.pem --ssl-key key.pem
mysql> use foo;
ERROR 1049 (42000): Unknown database

the documentation mentions "recovery" but this appears to be for moving to a different cpu, not loss of data.

{"status":"success","data":"Recovery failed: edb is not in expected state"}

i tried opening the rocksdb thats stored on the host, but it appears incompatible with facebook/rocksdb


Failed: Corruption: no meta-nextfile entry in descriptor
``
thomasten commented 2 years ago

Hi, Persistence expectations are the same as MariaDB. So you seem to have encountered a bug. Can you reproduce this? If so, can you give exact steps?

Yes, recovery should only be needed when moving to a different cpu. Yes, https://github.com/edgelesssys/edgeless-rocksdb isn't compatible with original rocksdb.

aep commented 2 years ago

its just

  1. start a new container with -v /data:/data
  2. create database bla; create table bla;
  3. pull power plug (virtually, anyway)
  4. restart container with same -v
  5. observe database is missing

i never worked with mariadb, so i guess it just doesn't survice power failure in general?

thomasten commented 2 years ago

Does docker rm -f my-edb count as virtually pulling the plug? I can reproduce that an empty database will be lost in this case. However, a database containing a table is preserved on my attempts. Do you also lose tables that contain actual data?

aep commented 2 years ago

interesting. can confirm it doesn't loose data when there's actual rows in the data. weird but i guess that's just how it works, so i'm closing this. thanks!

thomasten commented 2 years ago

This was actually a bug. Seems to have affected only empty databases, but nevertheless fixed now in v0.3.0