Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: 5.2.0
Affects Version/s: None
Component/s: manual, Server
Labels:
- actionable
- backlog
- feature
- replication
- security

Downstream Change Summary

Docs: document that security.clusterIpSourceAllowlist can be modified dynamically using setParameter, for example:

conn.adminCommand({setParameter: 1, "clusterIpSourceAllowlist": ["1.1.1.1/24", "2.2.2.2/16", "3.3.3.3"] }));
# reset to nothing:
conn.adminCommand({setParameter: 1, "clusterIpSourceAllowlist": null }));

Description of Linked Ticket

Suppose you have an environment in which the members of your MongoDB replica set have IP addresses that do not fit in a tight CIDR range. In this case, you will need to list each IP address individually in the security.clusterIpSourceWhitelist configuration.

This also means that when you add a new node, you must first restart every other node so that the other nodes pick up the new value for security.clusterIpSourceWhitelist and allow connections from the new node. This in turn implies that adding a new node will also trigger an election. Some customers wish to minimize elections.

https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterIpSourceWhitelist

documents

SERVER-45717 Allow changes to security.clusterIpSourceWhitelist without a rolling restart

Closed

Assignee:: Joseph Dougherty

Reporter:: Backlog - Core Eng Program Management Team

Participants:: Backlog - Core Eng Program Management Team, Joseph Dougherty, PM Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Nov 01 2021 10:06:08 PM UTC

Updated:: Apr 18 2024 04:01:20 PM UTC

Days since reply:: 2 years, 25 weeks, 3 days ago

Details

Description

Description of Linked Ticket

Attachments

Issue Links

Activity

People

Dates