nec-postgres / tdeforpg

PostgreSQL Transparent Data Encryption tool development
Other
88 stars 17 forks source link

Upgrade TDE with pg_upgrade #9

Open hasefumi23 opened 5 years ago

hasefumi23 commented 5 years ago

Is upgrading TDE with pg_upgrade possible? I couldn't find the way of upgrading with pg_upgrade in Wiki page. Only the way of upgrading with pg_dump and pg_restore is written. But I would like to upgrade TDE with pg_upgrade since pg_upgrade needs less time than the way with pg_dump and pg_restore. I tried to use pg_upgrade, but some errors are happened caused by /usr/lib64/data_encryption.so(error message is below).

ライブラリ"/usr/lib64/data_encryption.so"をロードできませんでした: ERROR:  incompatible library "/usr/lib64/data_encryption.so": version mismatch
DETAIL:  Server is version 10, library is version 9.4.

I know this is caused by version mismatch as written in error message. But I would like to use pg_upgrade if possible 😀

Thanks.

taiki-k commented 5 years ago

Sorry for late response.

I haven't tried to upgrade by pg_upgrade, so this is just my personal opinion.

ライブラリ"/usr/lib64/data_encryption.so"をロードできませんでした: ERROR: incompatible library "/usr/lib64/data_encryption.so": version mismatch DETAIL: Server is version 10, library is version 9.4.

Above message implies that PostgreSQL is upgraded from 9.4 to 10. Is it right?

First, TDEforPG is implemented as an extension module of PostgreSQL. Extension module is compiled only for 1 major version of PostgreSQL, and it is not compatible for any other major version. (This is specification of PostgreSQL) So you have to replace module from for PG 9.4 to for PG 10.

Second, PG 9.4 is only supported by TDEforPG v1.1, but PG 10 is only supported by v1.2.

Schema of Management Table is changed between v1.1 and v1.2, so it can NOT upgrade from v1.1 to v1.2 directly. You have to upgrade by using pg_dump and pg_restore in this case.

If you want to upgrade by pg_upgrade, I think it may work if PG is upgraded between versions supported by TDEforPG v1.2. (like from PG 9.5 to PG 10) Even if, you also have to replace TDE module as mentioned above.

Thanks.

hasefumi23 commented 5 years ago

@taiki-k Thank you for detailed explanation. I could realize that I should use pg_dump and pg_restore for upgrading.

Above message implies that PostgreSQL is upgraded from 9.4 to 10. Is it right?

That's right! I'm upgrading pg from 9.4 to 10.

BTW I found the mistake in the below guide. https://github.com/nec-postgres/tdeforpg/wiki/Manual(JA)#%E3%82%A2%E3%83%83%E3%83%97%E3%82%B0%E3%83%AC%E3%83%BC%E3%83%89%E5%89%8D%E3%81%AE%E6%9A%97%E5%8F%B7%E9%8D%B5%E3%82%92%E7%99%BB%E9%8C%B2 For registering cipher key, the guide says that execute the command as follows. $ sh ${TDEHOME}/SOURCES/bin/cipher_setup.sh ${PGHOME} But I think using cipher_key_regist.sh is correct. $ sh ${TDEHOME}/SOURCES/bin/cipher_key_regist.sh ${PGHOME}

My question is already resolved, so please close this issue whenever you want.

Thanks!