Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-54260

Ensure that DDL operations are only audited on Primaries

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.9.0
    • Affects Version/s: None
    • Component/s: Admin, Security, Storage
    • Labels:
      None
    • Fully Compatible
    • Security 2021-02-22, Security 2021-03-08

      DDL operations are currently audited on primaries and secondaries. Unfortunately, the audit hooks for these operations are buried in the execution machinery which is invoked during parallel batch application. This means that synchronous file writes, to the log file, are performed in the critical path of oplog application, potentially impairing the node's ability to keep up with its primary.

      We should prevent secondaries from emitting DDL audit events for replicated changes.

       

      Note that we must still record DDL events for local, non-replicated changes. These are DDL operations on the local database, and any collection named system.profile.

            Assignee:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: