MySQL 8.0-13.1.5 ALTER INSTANCE Statement-CSDN博客

本文介绍了MySQL中的ALTERINSTANCE命令，详细解释了如何通过该命令执行多种维护操作，包括启用或禁用InnoDB重做日志记录、旋转InnoDB和二进制日志的主密钥、重新加载TLS上下文及密钥环组件。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

ALTER INSTANCE instance_action

instance_action: {
  | {ENABLE|DISABLE} INNODB REDO_LOG
  | ROTATE INNODB MASTER KEY
  | ROTATE BINLOG MASTER KEY
  | RELOAD TLS
      [FOR CHANNEL {mysql_main | mysql_admin}]
      [NO ROLLBACK ON ERROR]
  | RELOAD KEYRING
}

ALTER INSTANCE defines actions applicable to a MySQL server instance. The statement supports these actions:

ALTER INSTANCE定义适用于MySQL服务器实例的操作。声明支持以下行动:

ALTER INSTANCE {ENABLE | DISABLE} INNODB REDO_LOG

This action enables or disables InnoDB redo logging. Redo logging is enabled by default. This feature is intended only for loading data into a new MySQL instance. The statement is not written to the binary log. This action was introduced in MySQL 8.0.21. 这个动作启用或禁用InnoDB重做日志记录。默认情况下，重做日志记录是启用的。此特性仅用于将数据加载到新的MySQL实例中。该语句不会被写入二进制日志。这个操作是在MySQL 8.0.21中引入的。

Warning

Do not disable redo logging on a production system. While it is permitted to shutdown and restart the server while redo logging is disabled, an unexpected server stoppage while redo logging is disabled can cause data loss and instance corruption. 不要在生产系统上禁用重做日志记录。虽然允许在禁用重做日志时关闭和重新启动服务器，但在禁用重做日志时意外的服务器停止可能会导致数据丢失和实例损坏。

An ALTER INSTANCE [ENABLE|DISABLE] INNODB REDO_LOG operation requires an exclusive backup lock, which prevents other ALTER INSTANCE operations from executing concurrently. Other ALTER INSTANCE operations must wait for the lock to be released before executing. ALTER INSTANCE [ENABLE|DISABLE] INNODB REDO_LOG操作需要一个排他的备份锁，防止其他ALTER INSTANCE操作并发执行。其他ALTER INSTANCE操作必须等待锁被释放后才能执行。

For more information, see Disabling Redo Logging.
ALTER INSTANCE ROTATE INNODB MASTER KEY

This action rotates the master encryption key used for InnoDB tablespace encryption. Key rotation requires the ENCRYPTION_KEY_ADMIN or SUPER privilege. To perform this action, a keyring plugin must be installed and configured. For instructions, see Section 6.4.4, “The MySQL Keyring”. 这个操作会旋转用于InnoDB表空间加密的主加密密钥。密钥轮换需要ENCRYPTION_KEY_ADMIN或SUPER特权。要执行此操作，必须安装和配置一个keyring插件。有关说明，请参见6.4.4节“MySQL Keyring”。

ALTER INSTANCE ROTATE INNODB MASTER KEY supports concurrent DML. However, it cannot be run concurrently with CREATE TABLE ... ENCRYPTION or ALTER TABLE ... ENCRYPTION operations, and locks are taken to prevent conflicts that could arise from concurrent execution of these statements. If one of the conflicting statements is running, it must complete before another can proceed. ALTER INSTANCE ROTATE INNODB MASTER KEY支持并发DML。但是，它不能与CREATE TABLE…并发运行。加密或ALTER TABLE…采用加密操作和锁是为了防止并发执行这些语句可能产生的冲突。如果一个冲突语句正在运行，它必须在另一个语句继续之前完成。

ALTER INSTANCE ROTATE INNODB MASTER KEY statements are written to the binary log so that they can be executed on replicated servers. ALTER INSTANCE ROTATE INNODB MASTER KEY语句被写入二进制日志，以便在复制服务器上执行。

For additional ALTER INSTANCE ROTATE INNODB MASTER KEY usage information, see Section 15.13, “InnoDB Data-at-Rest Encryption”.
ALTER INSTANCE ROTATE BINLOG MASTER KEY

This action rotates the binary log master key used for binary log encryption. Key rotation for the binary log master key requires the BINLOG_ENCRYPTION_ADMIN or SUPER privilege. The statement cannot be used if the binlog_encryption system variable is set to OFF. To perform this action, a keyring plugin must be installed and configured. For instructions, see Section 6.4.4, “The MySQL Keyring”. 此操作旋转用于二进制日志加密的二进制日志主密钥。二进制日志主密钥的密钥轮换需要BINLOG_ENCRYPTION_ADMIN或SUPER特权。如果binlog_encryption系统变量设置为OFF，则该语句不能使用。要执行此操作，必须安装和配置一个keyring插件。有关说明，请参见6.4.4节“MySQL Keyring”。

ALTER INSTANCE ROTATE BINLOG MASTER KEY actions are not written to the binary log and are not executed on replicas. Binary log master key rotation can therefore be carried out in replication environments including a mix of MySQL versions. To schedule regular rotation of the binary log master key on all applicable source and replica servers, you can enable the MySQL Event Scheduler on each server and issue the ALTER INSTANCE ROTATE BINLOG MASTER KEY statement using a CREATE EVENT statement. If you rotate the binary log master key because you suspect that the current or any of the previous binary log master keys might have been compromised, issue the statement on every applicable source and replica server, which enables you to verify immediate compliance. ALTER INSTANCE ROTATE BINLOG MASTER KEY操作不会写入二进制日志，也不会在副本上执行。因此，二进制日志主键旋转可以在复制环境中执行，包括混合的MySQL版本。要在所有适用的源服务器和副本服务器上安排二进制日志主密钥的定期轮换，可以在每个服务器上启用MySQL事件调度程序，并使用CREATE Event语句发出ALTER INSTANCE ROTATE BINLOG master key语句。如果由于怀疑当前或以前的任何二进制日志主密钥可能已被破坏而旋转二进制日志主密钥，则在每个适用的源和副本服务器上发出语句，这使您能够验证立即遵从性。

For additional ALTER INSTANCE ROTATE BINLOG MASTER KEY usage information, including what to do if the process does not complete correctly or is interrupted by an unexpected server halt, see Section 17.3.2, “Encrypting Binary Log Files and Relay Log Files”. 关于其他ALTER INSTANCE ROTATE BINLOG主密钥使用信息，包括如果进程没有正确完成或由于服务器意外停止而中断时该怎么办，请参见17.3.2节“加密二进制日志文件和中继日志文件”。
ALTER INSTANCE RELOAD TLS

This action reconfigures a TLS context from the current values of the system variables that define the context. It also updates the status variables that reflect the active context values. This action requires the CONNECTION_ADMIN privilege. For additional information about reconfiguring the TLS context, including which system and status variables are context-related, see Server-Side Runtime Configuration and Monitoring for Encrypted Connections. 此操作从定义上下文的系统变量的当前值重新配置TLS上下文。它还更新反映活动上下文值的状态变量。此操作需要CONNECTION_ADMIN权限。有关重新配置TLS上下文的其他信息，包括哪些系统和状态变量与上下文相关，请参阅服务器端运行时配置和加密连接监控。

By default, the statement reloads the TLS context for the main connection interface. If the FOR CHANNEL clause (available as of MySQL 8.0.21) is given, the statement reloads the TLS context for the named channel: mysql_main for the main connection interface, mysql_admin for the administrative connection interface. For information about the different interfaces, see Section 5.1.12.1, “Connection Interfaces”. The updated TLS context properties are exposed in the Performance Schema tls_channel_status table. See Section 27.12.21.7, “The tls_channel_status Table”. 默认情况下，该语句重新加载主连接接口的TLS上下文。如果给出了FOR CHANNEL子句(从MySQL 8.0.21开始可用)，该语句将为指定的通道重新加载TLS上下文:mysql_main用于主连接接口，mysql_admin用于管理连接接口。

Updating the TLS context for the main interface may also affect the administrative interface because unless some nondefault TLS value is configured for that interface, it uses the same TLS context as the main interface. 更新主接口的TLS上下文也可能影响管理接口，因为除非为该接口配置了一些非默认的TLS值，否则它将使用与主接口相同的TLS上下文。

By default, the RELOAD TLS action rolls back with an error and has no effect if the configuration values do not permit creation of the new TLS context. The previous context values continue to be used for new connections. If the optional NO ROLLBACK ON ERROR clause is given and the new context cannot be created, rollback does not occur. Instead, a warning is generated and encryption is disabled for new connections on the interface to which the statement applies. 默认情况下，RELOAD TLS操作回滚时出现错误，如果配置值不允许创建新的TLS上下文，则该操作不起作用。前面的上下文值继续用于新连接。如果给出了可选的NO ROLLBACK ON ERROR子句，并且不能创建新的上下文，则不会发生回滚。相反，会生成一个警告，并且对该语句应用到的接口上的新连接禁用加密。

ALTER INSTANCE RELOAD TLS statements are not written to the binary log (and thus are not replicated). TLS configuration is local and depends on local files not necessarily present on all servers involved. ALTER INSTANCE RELOAD TLS语句不会被写入二进制日志(因此不会被复制)。TLS配置是本地的，依赖于不一定存在于所有服务器上的本地文件。
ALTER INSTANCE RELOAD KEYRING

If a keyring component is installed, this action tells the component to re-read its configuration file and reinitialize any keyring in-memory data. If you modify the component configuration at runtime, the new configuration does not take effect until you perform this action. Keyring reloading requires the ENCRYPTION_KEY_ADMIN privilege. This action was added in MySQL 8.0.24. 如果安装了密匙环组件，此操作将告诉组件重新读取其配置文件并重新初始化内存中的任何密匙环数据。如果在运行时修改组件配置，则新配置在执行此操作之前不会生效。密钥环重载需要ENCRYPTION_KEY_ADMIN权限。这个操作是在MySQL 8.0.24中添加的。

This action enables reconfiguring only the currently installed keyring component. It does not enable changing which component is installed. For example, if you change the configuration for the installed keyring component, ALTER INSTANCE RELOAD KEYRING causes the new configuration to take effect. On the other hand, if you change the keyring component named in the server manifest file, ALTER INSTANCE RELOAD KEYRING has no effect and the current component remains installed. 此操作只允许重新配置当前安装的密钥环组件。它不能更改安装的组件。例如，如果您更改了已安装的keyring组件的配置，那么ALTER INSTANCE RELOAD keyring将使新的配置生效。另一方面，如果您更改了服务器清单文件中命名的密匙环组件，那么ALTER INSTANCE RELOAD keyring将不起作用，当前组件仍将安装。

ALTER INSTANCE RELOAD KEYRING statements are not written to the binary log (and thus are not replicated). ALTER INSTANCE RELOAD KEYRING语句不会被写入二进制日志(因此不会被复制)。