Loading...

XML

Word

Printable

JSON

Details

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.6.10, 2.7.1
Affects Version/s: 2.5.4
Component/s: Security, Sharding
Labels:
- 26qa

Backwards Compatibility:
Fully Compatible
Backport Completed:

2.6.10

Description

When updating user/roles info on a mongod/mongos the in-memory role graph and user cache is updated instantly in the standard case.

In the case of multiple mongos's there is a 10 min interval in between the mongos pings to the config servers for new user and role data. This means that there is a potential 10 min delay in communicating information about for instance a revoked user across the cluster. This interval can be configured to be lower with the risk of introducing network noise and repeated cache invalidation.

This can be resolved by implementing a piggyback of the ordinary ping done by mongos to the config servers every 30 seconds.

An additional improvement would be to not invalidate the cache in its entirety but only update the parts that has been changed.

Attachments

Issue Links

is related to

SERVER-16849 On mongos we always invalidate the user cache once, even if no user definitions are changing

Closed

SERVER-17617 One config server being down can block read operations on config data for seconds

Closed

SERVER-1448 Host sharding config data on a replica set

Closed

SERVER-11997 User cache is invalidated too often and too crudely

Closed

related to

SERVER-13586 Remove user cache invalidation from user management commands

Backlog

DOCS-3453 2.8 - change to userCacheInvalidationIntervalSecs

Closed

(1 related to)

Activity

People

Assignee:: Spencer Brody (Inactive)

Reporter:: Andreas Nilsson

Participants:: Andreas Nilsson, Eric Sommer, Githook User, Spencer Brody

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: Dec 05 2013 09:14:30 PM UTC

Updated:: May 19 2015 06:17:48 PM UTC

Resolved:: Apr 27 2015 09:41:09 PM UTC