abhilashthale.tech
  • Home
  • BlogCategories
    • coding
    • other
    • n
  • Images to Pdf
  • My Files
  • Shares Average
  • About Me
  • Server Stats
  • Day
  • Night
  • Birds
  • Waves
  • Net
  • Dots
  • Halo
  • Rings
  • Fog
  • Clouds

    Mysql 8.0.X To 8.4.X Upgrade Runbook (Clean Install + Keyring Migration + Encryption Testing)

    by abhilashthale - May 19, 2026

    ###############################
    # MYSQL 8.0.x → 8.4.x UPGRADE
    # CLEAN INSTALL + RESTORE METHOD
    ###############################

    ENVIRONMENT:
    - RHEL8 / Rocky Linux
    - Custom datadir: /data/mysql_server
    - No GTID
    - Old MySQL 8.0.x
    - New MySQL 8.4.x
    - Using encryption/keyring
    - Fresh initialize method

    ====================================================
    STEP 1 — CHECK OLD MYSQL ENVIRONMENT
    ====================================================

    mysql -uroot -p

    SHOW PLUGINS;

    SELECT TABLE_SCHEMA,TABLE_NAME,CREATE_OPTIONS
    FROM information_schema.tables
    WHERE CREATE_OPTIONS LIKE '%ENCRYPTION%';

    grep -Ri keyring /etc/my.cnf*

    ====================================================
    STEP 2 — TAKE FULL BACKUP
    ====================================================

    mysqldump \
    --all-databases \
    --routines \
    --events \
    --triggers \
    --single-transaction \
    --hex-blob \
    -u root -p > /backup/full.sql

    ====================================================
    STEP 3 — BACKUP KEYRING (VERY IMPORTANT)
    ====================================================

    tar -cvzf /backup/mysql-keyring.tar.gz \
    /data/mysql-keyring

    ====================================================
    STEP 4 — BACKUP CONFIG
    ====================================================

    cp -p /etc/my.cnf /backup/

    ====================================================
    STEP 5 — REMOVE ENCRYPTION FROM DUMP
    (RECOMMENDED SAFEST METHOD)
    ====================================================

    cp /backup/full.sql /backup/full_no_encrypt.sql

    sed -i "s/ENCRYPTION='Y'/ENCRYPTION='N'/g" \
    /backup/full_no_encrypt.sql

    ====================================================
    STEP 6 — STOP MYSQL
    ====================================================

    systemctl stop mysqld

    ps -ef | grep mysqld

    IF STILL RUNNING:

    pkill -9 mysqld

    ====================================================
    STEP 7 — REMOVE OLD MYSQL RPMs
    ====================================================

    rpm -qa | grep -i mysql

    dnf remove mysql*

    OR

    rpm -e mysql-community-server \
    mysql-community-client \
    mysql-community-common \
    mysql-community-libs

    ====================================================
    STEP 8 — INSTALL MYSQL 8.4 RPMs
    ====================================================

    cd /data/pkg/mysql84/

    yum install mysql-community-*.rpm

    OR

    rpm -ivh mysql-community-common-8.4*.rpm
    rpm -ivh mysql-community-client-plugins-8.4*.rpm
    rpm -ivh mysql-community-libs-8.4*.rpm
    rpm -ivh mysql-community-client-8.4*.rpm
    rpm -ivh mysql-community-server-8.4*.rpm

    ====================================================
    STEP 9 — RENAME OLD DATADIR
    ====================================================

    mv /data/mysql_server \
    /data/mysql_server_80_backup

    ====================================================
    STEP 10 — CREATE NEW DATADIR
    ====================================================

    mkdir -p /data/mysql_server

    chown -R mysql:mysql /data/mysql_server

    chmod 750 /data/mysql_server

    ====================================================
    STEP 11 — EDIT /etc/my.cnf
    ====================================================

    REMOVE OLD KEYRING CONFIG:

    #early-plugin-load=keyring_file.so
    #keyring_file_data=/data/mysql-keyring/keyring

    ====================================================
    STEP 12 — CREATE NEW KEYRING DIRECTORY
    ====================================================

    mkdir -p /data/mysql-keyring

    chown -R mysql:mysql /data/mysql-keyring

    chmod 750 /data/mysql-keyring

    ====================================================
    STEP 13 — CREATE COMPONENT CONFIG
    ====================================================

    mkdir -p /var/lib/mysql-files

    vi /var/lib/mysql-files/component_keyring_file.cnf

    ADD:

    {
      "path": "/data/mysql-keyring/keyring",
      "read_only": false
    }

    SAVE FILE

    ====================================================
    STEP 14 — FIX PERMISSIONS
    ====================================================

    chown mysql:mysql \
    /var/lib/mysql-files/component_keyring_file.cnf

    chmod 640 \
    /var/lib/mysql-files/component_keyring_file.cnf

    Here before create check which path of plugins MySQL takes from like 

    ====================================================
    STEP 15 — CREATE BOOTSTRAP FILE
    (VERY IMPORTANT)
    ====================================================

    vi /usr/sbin/mysqld.my

    ADD:

    {
      "components": "file://component_keyring_file"
    }

    SAVE FILE

    ====================================================
    STEP 16 — FIX BOOTSTRAP FILE PERMISSIONS
    ====================================================

    chown mysql:mysql /usr/sbin/mysqld.my

    chmod 640 /usr/sbin/mysqld.my

    ====================================================
    STEP 17 — INITIALIZE MYSQL 8.4
    ====================================================

    mysqld \
    --defaults-file=/etc/my.cnf \
    --initialize \
    --user=mysql

    ====================================================
    STEP 18 — START MYSQL
    ====================================================

    systemctl start mysqld

    ====================================================
    STEP 19 — CHECK LOGS
    ====================================================

    journalctl -xeu mysqld

    tail -f /data/mysql_server/mysqld.log

    ====================================================
    STEP 20 — LOGIN MYSQL
    ====================================================

    mysql -uroot -p

    ====================================================
    STEP 21 — VERIFY KEYRING COMPONENT
    ====================================================

    SELECT * FROM performance_schema.keyring_component_status;

    IF NOT EMPTY = SUCCESS

    ====================================================
    STEP 22 — REGISTER COMPONENT
    ====================================================

    INSTALL COMPONENT 'file://component_keyring_file';

    SELECT * FROM mysql.component;

    ====================================================
    STEP 23 — TEST ENCRYPTION
    ====================================================

    CREATE DATABASE testdb;

    USE testdb;

    CREATE TABLE t1 (
     id INT
    ) ENCRYPTION='Y';

    ====================================================
    STEP 24 — RESTORE DUMP
    ====================================================

    mysql -uroot -p < /backup/full_no_encrypt.sql

    ====================================================
    STEP 25 — VERIFY DATABASES
    ====================================================

    SHOW DATABASES;

    SELECT user,host FROM mysql.user;

    ====================================================
    STEP 26 — OPTIONAL RE-ENABLE ENCRYPTION LATER
    ====================================================

    ALTER TABLE table_name ENCRYPTION='Y';

    ====================================================
    IMPORTANT NOTES
    ====================================================

    1. NEVER DELETE:
       /data/mysql-keyring

    2. NEVER MIX:
       old plugin + new component

    3. DO NOT USE:
       early-plugin-load=keyring_file.so

    4. NEW MYSQL 8.4 USES:
       component_keyring_file

    5. MOST IMPORTANT FILE:
       /usr/sbin/mysqld.my

    WITHOUT IT:
    - component installs
    - but encryption fails

    6. IF RESTORE FAILS:
    - use ENCRYPTION='N'
    - restore first
    - re-enable later

    ###############################
    END
    ###############################

abhilashthale.tech