Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-6953

Allow switching from unauthenticated to authenticated setup (and vice versa) without downtime.

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Duplicate
    • None
    • None
    • None
    • None

    Description

      Since it's currently not possible to run in a mixed deployment with some replica set members having auth and some not, to enable auth for a set for the first time requires taking some downtime.

      We could get around this by having a compatibility mode that authenticates all outgoing connections using the keyfile, but doesn't enforce any authentication rules on incoming requests. Then you could have a no-downtime switch by doing two rolling restarts of the set - one to provide the keyfile but start in compatibility mode, and another to remove compatibility mode and go into full authenticated mode proper.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              spencer@mongodb.com Spencer Brody (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: