ALTER INSTANCEinstance_actioninstance_action: { | {ENABLE|DISABLE} INNODB REDO_LOG | ROTATE INNODB MASTER KEY | ROTATE BINLOG MASTER KEY | RELOAD TLS [FOR CHANNEL {mysql_main | mysql_admin}] [NO ROLLBACK ON ERROR] | RELOAD KEYRING }
ALTER INSTANCE defines actions applicable to a MySQL server instance. ALTER INSTANCE定义适用于MySQL服务器实例的操作。The statement supports these actions:该语句支持以下操作:
ALTER INSTANCE {ENABLE | DISABLE} INNODB REDO_LOG
This action enables or disables 此操作启用或禁用InnoDB redo logging. InnoDB重做日志记录。Redo logging is enabled by default. 默认情况下启用重做日志记录。This feature is intended only for loading data into a new MySQL instance. 此功能仅用于将数据加载到新的MySQL实例中。The statement is not written to the binary log. 该语句未写入二进制日志。This action was introduced in MySQL 8.0.21.此操作是在MySQL 8.0.21中引入的。
Do not disable redo logging on a production system.不要在生产系统上禁用重做日志记录。 While it is permitted to shutdown and restart the server while redo logging is disabled, an unexpected server stoppage while redo logging is disabled can cause data loss and instance corruption.虽然允许在禁用重做日志记录时关闭并重新启动服务器,但在禁用重做日志记录时意外的服务器停止可能会导致数据丢失和实例损坏。
An ALTER INSTANCE [ENABLE|DISABLE] INNODB REDO_LOG operation requires an exclusive backup lock, which prevents other ALTER INSTANCE operations from executing concurrently. ALTER INSTANCE [ENABLE|DISABLE] INNODB REDO_LOG操作需要独占备份锁,这会阻止其他ALTER INSTANCE操作同时执行。Other 其他ALTER INSTANCE operations must wait for the lock to be released before executing.ALTER INSTANCE操作必须等待锁释放后才能执行。
For more information, see Disabling Redo Logging.有关更多信息,请参阅禁用重做日志记录。
ALTER INSTANCE ROTATE INNODB MASTER KEY
This action rotates the master encryption key used for 此操作将旋转用于InnoDB tablespace encryption. InnoDB表空间加密的主加密密钥。Key rotation requires the 密钥轮换需要ENCRYPTION_KEY_ADMIN or SUPER privilege. ENCRYPTION_KEY_ADMIN或SUPER权限。To perform this action, a keyring plugin must be installed and configured. 要执行此操作,必须安装并配置keyring插件。For instructions, see Section 6.4.4, “The MySQL Keyring”.有关说明,请参阅第6.4.4节,“MySQL密钥环”。
ALTER INSTANCE ROTATE INNODB MASTER KEY supports concurrent DML. ALTER INSTANCE ROTATE INNODB MASTER KEY主密钥支持并发DML。However, it cannot be run concurrently with 但是,它不能CREATE TABLE ... ENCRYPTION or ALTER TABLE ... ENCRYPTION operations, and locks are taken to prevent conflicts that could arise from concurrent execution of these statements. CREATE TABLE ... ENCRYPTION或ALTER TABLE ... ENCRYPTION操作同时运行,并且锁用于防止并发执行这些语句时可能出现的冲突。If one of the conflicting statements is running, it must complete before another can proceed.如果其中一个冲突语句正在运行,则必须先完成该语句,然后才能继续另一个语句。
ALTER INSTANCE ROTATE INNODB MASTER KEY statements are written to the binary log so that they can be executed on replicated servers.ALTER INSTANCE ROTATE INNODB MASTER KEY语句写入二进制日志,以便可以在复一致性务器上执行。
For additional 有关ALTER INSTANCE ROTATE INNODB MASTER KEY usage information, see Section 15.13, “InnoDB Data-at-Rest Encryption”.ALTER INSTANCE ROTATE INNODB MASTER KEY使用的其他信息,请参阅第15.13节,“InnoDB数据静态加密”。
ALTER INSTANCE ROTATE BINLOG MASTER KEY
This action rotates the binary log master key used for binary log encryption. 此操作将旋转用于二进制日志加密的二进制日志主密钥。Key rotation for the binary log master key requires the 二进制日志主密钥的密钥轮换需要BINLOG_ENCRYPTION_ADMIN or SUPER privilege. BINLOG_ENCRYPTION_ADMIN或SUPER权限。The statement cannot be used if the 如果系统变量binlog_encryption system variable is set to OFF. binlog_encryption设置为OFF,则无法使用该语句。To perform this action, a keyring plugin must be installed and configured. 要执行此操作,必须安装并配置keyring插件。For instructions, see Section 6.4.4, “The MySQL Keyring”.有关说明,请参阅第6.4.4节,“MySQL密钥环”。
ALTER INSTANCE ROTATE BINLOG MASTER KEY actions are not written to the binary log and are not executed on replicas. ALTER INSTANCE ROTATE BINLOG MASTER KEY操作不会写入二进制日志,也不会在副本上执行。Binary log master key rotation can therefore be carried out in replication environments including a mix of MySQL versions. 因此,可以在复制环境中执行二进制日志主密钥轮换,包括MySQL版本的混合。To schedule regular rotation of the binary log master key on all applicable source and replica servers, you can enable the MySQL Event Scheduler on each server and issue the 要计划在所有适用的源服务器和副本服务器上定期旋转二进制日志主密钥,可以在每个服务器上启用MySQL事件调度器,并使用ALTER INSTANCE ROTATE BINLOG MASTER KEY statement using a CREATE EVENT statement. CREATE EVENT语句发出ALTER INSTANCE ROTATE BINLOG MASTER KEY语句。If you rotate the binary log master key because you suspect that the current or any of the previous binary log master keys might have been compromised, issue the statement on every applicable source and replica server, which enables you to verify immediate compliance.如果由于怀疑当前或以前的任何二进制日志主密钥可能已被泄露而旋转二进制日志主密钥,请在每个适用的源服务器和副本服务器上发出该语句,从而使您能够立即验证符合性。
For additional 有关ALTER INSTANCE ROTATE BINLOG MASTER KEY usage information, including what to do if the process does not complete correctly or is interrupted by an unexpected server halt, see Section 17.3.2, “Encrypting Binary Log Files and Relay Log Files”.ALTER INSTANCE ROTATE BINLOG MASTER KEY使用的其他信息,包括如果进程未正确完成或被意外的服务器停止中断,该怎么办,请参阅第17.3.2节,“加密二进制日志文件和中继日志文件”。
This action reconfigures a TLS context from the current values of the system variables that define the context. 此操作根据定义上下文的系统变量的当前值重新配置TLS上下文。It also updates the status variables that reflect the active context values. 它还更新反映活动上下文值的状态变量。This action requires the 此操作需要CONNECTION_ADMIN privilege. CONNECTION_ADMIN权限。For additional information about reconfiguring the TLS context, including which system and status variables are context-related, see Server-Side Runtime Configuration and Monitoring for Encrypted Connections.有关重新配置TLS上下文的更多信息,包括哪些系统和状态变量与上下文相关,请参阅服务器端运行时配置和加密连接监控。
By default, the statement reloads the TLS context for the main connection interface. 默认情况下,该语句重新加载主连接接口的TLS上下文。If the 如果给出了FOR CHANNEL clause (available as of MySQL 8.0.21) is given, the statement reloads the TLS context for the named channel: mysql_main for the main connection interface, mysql_admin for the administrative connection interface. FOR CHANNEL子句(从MySQL 8.0.21开始提供),则该语句将重新加载命名通道的TLS上下文:对于主连接接口为mysql_main,对于管理连接接口为mysql_admin。For information about the different interfaces, see Section 5.1.12.1, “Connection Interfaces”. 有关不同接口的信息,请参阅第5.1.12.1节,“连接接口”。The updated TLS context properties are exposed in the Performance Schema 更新的TLS上下文属性在性能模式tls_channel_status table. tls_channel_status表中公开。See Section 27.12.21.7, “The tls_channel_status Table”.请参阅第27.12.21.7节,“tls_channel_status表”。
Updating the TLS context for the main interface may also affect the administrative interface because unless some nondefault TLS value is configured for that interface, it uses the same TLS context as the main interface.更新主接口的TLS上下文也可能会影响管理接口,因为除非为该接口配置了一些非默认TLS值,否则它将使用与主接口相同的TLS上下文。
By default, the 默认情况下,如果配置值不允许创建新的TLS上下文,则RELOAD TLS action rolls back with an error and has no effect if the configuration values do not permit creation of the new TLS context. RELOAD TLS操作将回滚并显示错误,并且无效。The previous context values continue to be used for new connections. 以前的上下文值将继续用于新连接。If the optional 如果给出了可选的NO ROLLBACK ON ERROR clause is given and the new context cannot be created, rollback does not occur. NO ROLLBACK ON ERROR子句,并且无法创建新上下文,则不会发生回滚。Instead, a warning is generated and encryption is disabled for new connections on the interface to which the statement applies.相反,将生成一条警告,并在应用该语句的接口上对新连接禁用加密。
ALTER INSTANCE RELOAD TLS statements are not written to the binary log (and thus are not replicated). ALTER INSTANCE RELOAD TLS语句不会写入二进制日志(因此不会被复制)。TLS configuration is local and depends on local files not necessarily present on all servers involved.TLS配置是本地的,并且取决于本地文件,这些文件不一定存在于所有涉及的服务器上。
If a keyring component is installed, this action tells the component to re-read its configuration file and reinitialize any keyring in-memory data. 如果安装了keyring组件,此操作将告知该组件重新读取其配置文件并重新初始化内存中的任何keyring数据。If you modify the component configuration at runtime, the new configuration does not take effect until you perform this action. 如果在运行时修改组件配置,则在执行此操作之前,新配置不会生效。Keyring reloading requires the 密钥环重新加载需要ENCRYPTION_KEY_ADMIN privilege. ENCRYPTION_KEY_ADMIN权限。This action was added in MySQL 8.0.24.此操作是在MySQL 8.0.24中添加的。
This action enables reconfiguring only the currently installed keyring component. 此操作仅允许重新配置当前安装的keyring组件。It does not enable changing which component is installed. 它不允许更改已安装的组件。For example, if you change the configuration for the installed keyring component, 例如,如果更改已安装的keyring组件的配置,则ALTER INSTANCE RELOAD KEYRING causes the new configuration to take effect. ALTER INSTANCE RELOAD KEYRING会使新配置生效。On the other hand, if you change the keyring component named in the server manifest file, 另一方面,如果更改服务器清单文件中命名的keyring组件,则ALTER INSTANCE RELOAD KEYRING has no effect and the current component remains installed.ALTER INSTANCE RELOAD KEYRING无效,并且当前组件仍保持安装状态。
ALTER INSTANCE RELOAD KEYRING statements are not written to the binary log (and thus are not replicated).ALTER INSTANCE RELOAD KEYRING语句不会写入二进制日志(因此不会被复制)。