Loading...

XML

Word

Printable

JSON

Details

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 5.2.0
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2020-02-10, Security 2021-10-04, Security 2021-10-18, Security 2021-11-01, Security 2021-11-15

Description

Suppose you have an environment in which the members of your MongoDB replica set have IP addresses that do not fit in a tight CIDR range. In this case, you will need to list each IP address individually in the security.clusterIpSourceWhitelist configuration.

This also means that when you add a new node, you must first restart every other node so that the other nodes pick up the new value for security.clusterIpSourceWhitelist and allow connections from the new node. This in turn implies that adding a new node will also trigger an election. Some customers wish to minimize elections.

https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterIpSourceWhitelist

Attachments

Issue Links

has to be done before

SERVER-61038 Invalidate __system sessions after runtime changes to clusterIpSourceAllowlist

Closed

is documented by

DOCS-14910 [Server] document that security.clusterIpSourceAllowlist can be modified dynamically using setParameter

Backlog

Activity

People

Assignee:: Sergey Galtsev (Inactive)

Reporter:: Cailin Nelson

Participants:: Cailin Nelson, Githook User, Sergey Galtsev

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: Jan 23 2020 02:01:19 AM UTC

Updated:: Oct 29 2023 10:13:00 PM UTC

Resolved:: Nov 01 2021 10:06:06 PM UTC