[DOCS-14910] [Server] document that security.clusterIpSourceAllowlist can be modified dynamically using setParameter Created: 01/Nov/21  Updated: 22/Jan/24

Status: Backlog
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 5.2.0

Type: Task Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Joseph Dougherty
Resolution: Unresolved Votes: 0
Labels: backlog, feature, replication, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-45717 Allow changes to security.clusterIpSo... Closed
Participants:
Days since reply: 2 years, 14 weeks, 2 days ago

 Description   
Downstream Change Summary

Docs: document that security.clusterIpSourceAllowlist can be modified dynamically using setParameter, for example:

conn.adminCommand({setParameter: 1, "clusterIpSourceAllowlist": ["1.1.1.1/24", "2.2.2.2/16", "3.3.3.3"] }));
# reset to nothing:
conn.adminCommand({setParameter: 1, "clusterIpSourceAllowlist": null }));

Description of Linked Ticket

Suppose you have an environment in which the members of your MongoDB replica set have IP addresses that do not fit in a tight CIDR range. In this case, you will need to list each IP address individually in the security.clusterIpSourceWhitelist configuration.

This also means that when you add a new node, you must first restart every other node so that the other nodes pick up the new value for security.clusterIpSourceWhitelist and allow connections from the new node. This in turn implies that adding a new node will also trigger an election. Some customers wish to minimize elections.

https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterIpSourceWhitelist



 Comments   
Comment by PM Bot [ 01/Nov/21 ]

Downstream changes updated for upstream SERVER-45717:
Docs: document that security.clusterIpSourceAllowlist can be modified dynamically using setParameter, for example:

conn.adminCommand({setParameter: 1, "clusterIpSourceAllowlist": ["1.1.1.1/24", "2.2.2.2/16", "3.3.3.3"] }));
# reset to nothing:
conn.adminCommand({setParameter: 1, "clusterIpSourceAllowlist": null }));

Generated at Thu Feb 08 08:11:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.