Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-40136

The background key generator can remain disabled on FCV upgrade after a downgrade

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 3.6.11
    • 3.6.13
    • Sharding
    • Fully Compatible
    • ALL
    • v3.6
    • Sharding 2019-04-08, Sharding 2019-04-22

    Description

      The background key generator thread is what generates signature keys for cluster time validation. The lifetime of the key generator is like this:

      1. Unconditionally enabled when a node initializes as a shard
      2. Disabled on step-down
      3. Enabled on step-up
      4. Disabled on FCV downgrade from 3.6 to 3.4

      The following problems exist with these transitions:

      • Because of (4) above, an FCV change sequence from 3.6 -> 3.4 -> 3.6 will not re-enable the key generator, so it will not generate new keys and will cause the router to fail starting-up
        • This is not a major problem, because keys typically last for months and if a stall happens on router start-up, this can be worked around by stepping down the config server primary
      • Because of (1) above, a secondary replica set node will end up with the key generator running
        • This is mitigated because when that key generator tries to insert a new key, it will fail with a NotMaster error

      Attachments

        Activity

          People

            misha.tyulenev@mongodb.com Misha Tyulenev
            kaloian.manassiev@mongodb.com Kaloian Manassiev
            Votes:
            2 Vote for this issue
            Watchers:
            15 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: