XLog: replicate fork file and encrypt tuples (percona#59)

1. Inserts and Updates now are encrypted in WAL. We encrypt new tuples directly in Buffer after they were insrerted there. To pass it to XLog we could memcpy Buffer data into into the tuple. But later tuple has to be unencrypted for index instertions etc. So we pass directly data from the Buffer into XLog. 2. Log into WAL and replicate *.tde forks creation. 3. Added docker-compose for the streaming replication test setup. (not perfect - needs two `up -d` in a row to start the secondary) 4. Added tests for multi inserts. Need tests for replications though.
dutow · Nov 8, 2023 · a4711f6 · a4711f6
1 parent 4ab0539
commit a4711f6
Show file tree

Hide file tree

Showing 11 changed files with 1,676 additions and 38 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -17,11 +17,14 @@ RUN make USE_PGXS=1 && \
     make USE_PGXS=1 install
 RUN cp /usr/share/postgresql/postgresql.conf.sample /etc/postgresql/postgresql.conf; \
     echo "shared_preload_libraries = 'pg_tde'" >> /etc/postgresql/postgresql.conf; \
+    #    echo "log_min_messages = debug3" >> /etc/postgresql/postgresql.conf; \
+    #    echo "log_min_error_statement = debug3" >> /etc/postgresql/postgresql.conf; \
     echo "pg_tde.keyringConfigFile = '/etc/postgresql/tde_conf.json'" >> /etc/postgresql/postgresql.conf; \
-    echo "{'provider': 'file','datafile': '/tmp/pgkeyring',}" > /etc/postgresql/tde_conf.json; \
+    echo "{'provider': 'file','datafile': '/etc/postgresql/pgkeyring',}" > /etc/postgresql/tde_conf.json; \
     chown postgres /etc/postgresql/tde_conf.json; \
     mkdir -p /docker-entrypoint-initdb.d
 COPY ./docker/pg-tde-create-ext.sh /docker-entrypoint-initdb.d/pg-tde-create-ext.sh
+COPY ./docker/pg-tde-streaming-repl.sh /docker-entrypoint-initdb.d/pg-tde-streaming-repl.sh
 
 VOLUME /etc/postgresql/
 

diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
@@ -0,0 +1,26 @@
+# TODO: needs improvements as currentlly ` docker-compose up -d --build` has to be run twice
+# as replication init on secodary doen't work 100% properly
+version: "3.4"
+services:
+  pg-primary:
+    build:
+      dockerfile: ./docker/Dockerfile
+      context: ..
+    environment:
+      - "POSTGRES_PASSWORD=testpass"
+      - "PG_PRIMARY=true"
+      - "POSTGRES_HOST_AUTH_METHOD=trust"
+      - "PG_REPLICATION=true"
+    ports:
+      - "5433:5432"
+  pg-secondary:
+    build:
+      dockerfile: ./docker/Dockerfile
+      context: ..
+    depends_on:
+      - pg-primary
+    environment:
+      - "POSTGRES_PASSWORD=testpass"
+      - "PG_REPLICATION=true"
+    ports:
+      - "5434:5432"
diff --git a/docker/pg-tde-create-ext.sh b/docker/pg-tde-create-ext.sh
@@ -1,4 +1,6 @@
 #!/bin/bash
 
+set -e
+
 psql -c 'CREATE EXTENSION pg_tde;'
 psql -d template1 -c 'CREATE EXTENSION pg_tde;'
diff --git a/docker/pg-tde-streaming-repl.sh b/docker/pg-tde-streaming-repl.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+PG_PRIMARY=${PG_PRIMARY:-"false"}
+PG_REPLICATION=${PG_REPLICATION:-"false"}
+REPL_PASS=${REPL_PASS:-"replpass"}
+
+if [ !PG_REPLICATION = "true "] ; then
+    exit 0
+fi
+
+if [ $PG_PRIMARY == "true" ] ; then
+    psql -c "CREATE ROLE repl WITH REPLICATION PASSWORD '${REPL_PASS}' LOGIN;"
+    echo "host replication repl 0.0.0.0/0 trust" >> ${PGDATA}/pg_hba.conf
+else
+    rm -rf  ${PGDATA}/*
+    pg_basebackup -h pg-primary -p 5432 -U repl -D ${PGDATA} -Fp -Xs -R
+fi
diff --git a/expected/multi_insert.out b/expected/multi_insert.out
@@ -0,0 +1,91 @@
+-- trigger multi_insert path
+-- 
+CREATE EXTENSION pg_tde;
+CREATE TABLE albums (
+    album_id INTEGER GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
+    artist_id INTEGER,
+    title TEXT NOT NULL,
+    released DATE NOT NULL
+) USING pg_tde;
+COPY albums FROM stdin CSV HEADER;
+SELECT * FROM albums;
+ album_id | artist_id |       title        |  released  
+----------+-----------+--------------------+------------
+        1 |         1 | Mirror             | 06-24-2009
+        2 |         2 | Pretzel Logic      | 02-20-1974
+        3 |         3 | Under Construction | 11-12-2002
+        4 |         4 | Return to Wherever | 07-11-2019
+        5 |         5 | The Nightfly       | 10-01-1982
+        6 |         6 | It's Alive         | 10-15-2013
+        7 |         7 | Pure Ella          | 02-15-1994
+(7 rows)
+
+SELECT * FROM albums where album_id > 5;
+ album_id | artist_id |   title    |  released  
+----------+-----------+------------+------------
+        6 |         6 | It's Alive | 10-15-2013
+        7 |         7 | Pure Ella  | 02-15-1994
+(2 rows)
+
+-- On replica:
+-- SELECT * FROM albums;
+--  album_id | artist_id |       title        |  released
+-- ----------+-----------+--------------------+------------
+--         1 |         1 | Mirror             | 2009-06-24
+--         2 |         2 | Pretzel Logic      | 1974-02-20
+--         3 |         3 | Under Construction | 2002-11-12
+--         4 |         4 | Return to Wherever | 2019-07-11
+--         5 |         5 | The Nightfly       | 1982-10-01
+--         6 |         6 | It's Alive         | 2013-10-15
+--         7 |         7 | Pure Ella          | 1994-02-15
+-- (7 rows)
+-- 
+--  SELECT * FROM albums where album_id > 5;
+--  album_id | artist_id |   title    |  released
+-- ----------+-----------+------------+------------
+--         6 |         6 | It's Alive | 2013-10-15
+--         7 |         7 | Pure Ella  | 1994-02-15
+-- (2 rows)
+-- 
+DROP TABLE albums;
+-- multi_insert2
+-- more data to take multiple pages
+CREATE TABLE Towns (
+   id SERIAL UNIQUE NOT NULL,
+   code VARCHAR(10) NOT NULL,
+   article TEXT,
+   name TEXT NOT NULL,
+   department VARCHAR(4) NOT NULL,
+   UNIQUE (code, department)
+)  USING pg_tde;
+COPY towns (id, code, article, name, department) FROM stdin;
+SELECT count(*) FROM towns;
+ count 
+-------
+  1313
+(1 row)
+
+SELECT * FROM towns where id in (13, 666);
+ id  | code |  article  |      name      | department 
+-----+------+-----------+----------------+------------
+  13 | 014  | some_text | Arbent         | 01
+ 666 | 252  | some_text | Cuissy-et-Geny | 02
+(2 rows)
+
+-- ON REPLICA
+-- 
+-- select count(*) from towns;
+--  count
+-- -------
+--   1313
+-- (1 row)
+-- 
+-- select * from towns where id in (13, 666);
+--  id  | code |  article  |      name      | department
+-- -----+------+-----------+----------------+------------
+--   13 | 014  | some_text | Arbent         | 01
+--  666 | 252  | some_text | Cuissy-et-Geny | 02
+-- (2 rows)
+-- 
+DROP TABLE towns;
+DROP EXTENSION pg_tde;
diff --git a/meson.build b/meson.build
@@ -70,6 +70,7 @@ tests += {
       'non_sorted_off_compact',
       'update_compare_indexes',
       'pgtde_is_encrypted',
+      'multi_insert',
     ],
     'regress_args': ['--temp-config', files('postgres-tde-ext.conf')],
     'runningcheck': false,