Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11980

Improve user cache invalidation enforcement on mongos

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.6.10, 2.7.1
    • Affects Version/s: 2.5.4
    • Component/s: Security, Sharding
    • Labels:
    • Fully Compatible

      When updating user/roles info on a mongod/mongos the in-memory role graph and user cache is updated instantly in the standard case.

      In the case of multiple mongos's there is a 10 min interval in between the mongos pings to the config servers for new user and role data. This means that there is a potential 10 min delay in communicating information about for instance a revoked user across the cluster. This interval can be configured to be lower with the risk of introducing network noise and repeated cache invalidation.

      This can be resolved by implementing a piggyback of the ordinary ping done by mongos to the config servers every 30 seconds.

      An additional improvement would be to not invalidate the cache in its entirety but only update the parts that has been changed.

            spencer@mongodb.com Spencer Brody (Inactive)
            andreas.nilsson Andreas Nilsson
            1 Vote for this issue
            7 Start watching this issue