Support encryption in live restore mode

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Fixed
    • Priority: Major - P3
    • 8.2.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Storage Engines
    • Fully Compatible
    • meow meow meow - 2025-04-15, RSS Sydney - 2025-04-29, Bananini - 2025-05-13
    • 8
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      We need to add encryption support by adding the live restore configs to the wiredtiger connection open in WTDataStore. The WTDataStore is used to open the key.store, which stores the encryption keys.
      Suggested fix:

      diff --git a/src/mongo/db/modules/enterprise/src/encryptdb/keystore_data_store.cpp b/src/mongo/db/modules/enterprise/src/encryptdb/keystore_data_store.cpp
      index b231260edd0..c0c320e1858 100644
      --- a/src/mongo/db/modules/enterprise/src/encryptdb/keystore_data_store.cpp
      +++ b/src/mongo/db/modules/enterprise/src/encryptdb/keystore_data_store.cpp
      @@ -11,6 +11,7 @@
       #include "mongo/base/data_builder.h"
       #include "mongo/base/status.h"
       #include "mongo/db/storage/storage_options.h"
      +#include "mongo/db/storage/wiredtiger/wiredtiger_global_options.h"
       #include "mongo/logv2/log.h"
       #include "mongo/util/assert_util.h"
       #include "mongo/util/str.h"
      @@ -254,6 +255,13 @@ WTDataStore::WTDataStore(const boost::filesystem::path& path,
           wtConfig << "extensions=[" << kEncryptionEntrypointConfig << "],";
           wtConfig << _keystoreConfig;
       
      +    if (!wiredTigerGlobalOptions.liveRestoreSource.empty()) {
      +        wtConfig << "live_restore=(enabled=true,path=\"" << wiredTigerGlobalOptions.liveRestoreSource << "/key.store/local"
      +           << "\",threads_max=" << wiredTigerGlobalOptions.liveRestoreThreads
      +           << ",read_size=" << wiredTigerGlobalOptions.liveRestoreReadSizeMB << "MB"
      +           << "),";
      +    }
      +
           LOGV2(24207, "Opening WiredTiger keystore", "config"_attr = wtConfig.str());
       
           WT_CONNECTION* connPtr = nullptr;
      

              Assignee:
              Clarisse Cheah
              Reporter:
              Sean Watt
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: