Allow switching from unauthenticated to authenticated setup (and vice versa) without downtime.

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Duplicate
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Since it's currently not possible to run in a mixed deployment with some replica set members having auth and some not, to enable auth for a set for the first time requires taking some downtime.

      We could get around this by having a compatibility mode that authenticates all outgoing connections using the keyfile, but doesn't enforce any authentication rules on incoming requests. Then you could have a no-downtime switch by doing two rolling restarts of the set - one to provide the keyfile but start in compatibility mode, and another to remove compatibility mode and go into full authenticated mode proper.

              Assignee:
              Unassigned
              Reporter:
              Spencer Brody (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: