Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-14910

Investigate changes in SERVER-45717: Allow changes to security.clusterIpSourceWhitelist without a rolling restart

    XMLWordPrintable

Details

    • Task
    • Status: Open
    • Major - P3
    • Resolution: Unresolved
    • None
    • 5.2.0
    • manual, Server
    • None

    Description

      Downstream Change Summary

      Docs: document that security.clusterIpSourceAllowlist can be modified dynamically using setParameter, for example:

      conn.adminCommand({setParameter: 1, "clusterIpSourceAllowlist": ["1.1.1.1/24", "2.2.2.2/16", "3.3.3.3"] }));
      # reset to nothing:
      conn.adminCommand({setParameter: 1, "clusterIpSourceAllowlist": null }));
      

      Description of Linked Ticket

      Suppose you have an environment in which the members of your MongoDB replica set have IP addresses that do not fit in a tight CIDR range. In this case, you will need to list each IP address individually in the security.clusterIpSourceWhitelist configuration.

      This also means that when you add a new node, you must first restart every other node so that the other nodes pick up the new value for security.clusterIpSourceWhitelist and allow connections from the new node. This in turn implies that adding a new node will also trigger an election. Some customers wish to minimize elections.

      https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterIpSourceWhitelist

      Attachments

        Issue Links

          Activity

            People

              joseph.dougherty@mongodb.com Joseph Dougherty
              backlog-server-pm Backlog - Core Eng Program Management Team
              Joseph Dougherty Joseph Dougherty
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                39 weeks, 6 days ago