Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11980

Improve user cache invalidation enforcement on mongos

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.5.4
    • Fix Version/s: 2.6.10, 2.7.1
    • Component/s: Security, Sharding
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Backport Completed:
    • Epic Link:

      Description

      When updating user/roles info on a mongod/mongos the in-memory role graph and user cache is updated instantly in the standard case.

      In the case of multiple mongos's there is a 10 min interval in between the mongos pings to the config servers for new user and role data. This means that there is a potential 10 min delay in communicating information about for instance a revoked user across the cluster. This interval can be configured to be lower with the risk of introducing network noise and repeated cache invalidation.

      This can be resolved by implementing a piggyback of the ordinary ping done by mongos to the config servers every 30 seconds.

      An additional improvement would be to not invalidate the cache in its entirety but only update the parts that has been changed.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: