[DOCS-14914] Keyfile fails to rotate when following steps in Documentation Created: 03/Nov/21 Updated: 13/Nov/23 Resolved: 11/Nov/21 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual, Server |
| Affects Version/s: | None |
| Fix Version/s: | 4.2.0, 4.4.0, 5.0.0, 5.1.0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Ronan Merrick | Assignee: | Jason Price |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: | |
| Days since reply: | 1 year, 41 weeks ago |
| Epic Link: | DOCSP-11701 |
| Story Points: | 3 |
| Description |
|
In our Documentation for rotating keyfiles in a replica set, we provide two methods for specifying the old and new keys in the keyfile, one using "Multiple Key Strings" and the other using "Multiple Key Sequences". A customer opened a case with us because they were using the "Multiple Key Strings" approach but when they reached step 4, the first secondary they tried to restart when the keyfile only contained the new key, failed to rejoin the replica set. I've also tested this and it works when using the "Multiple Key Sequences" approach, but I get the same result as the customer when using the "Multiple Key Strings" approach. Customer is running version 4.4.6. Please let me know if you need any more information. |
| Comments |
| Comment by Ronan Merrick [ 27/Apr/22 ] |
|
Hi jordan.hatcher@mindbridge.ai, Thank you for your comment. We investigated and found that "Multiple Key Strings" was never a supported format to begin with and there are no plans to support this in the future. This was why it was removed from the tutorial. Thank you for bringing this to our attention. Please use the "Multiple Key Sequence" approach if you are following the steps outlined in the tutorial.
|
| Comment by Jordan Hatcher [ 27/Apr/22 ] |
|
Hello! I encountered a similar issue when adding an additional key to the keyfile using "Multiple Key Strings", where the node with the additional key failed to join to the replica set. I am following the keyfile format described here: https://www.mongodb.com/docs/manual/core/security-internal-authentication/#keyfile-format I see that the "Multiple Key Strings" format was removed from the tutorial in the linked pull requests, is this no longer a supported keyfile format? |
| Comment by Githook User [ 11/Nov/21 ] |
|
Author: {'name': 'jason-price-mongodb', 'email': '69260375+jason-price-mongodb@users.noreply.github.com', 'username': 'jason-price-mongodb'}Message: Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com> Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com> |
| Comment by Githook User [ 11/Nov/21 ] |
|
Author: {'name': 'jason-price-mongodb', 'email': '69260375+jason-price-mongodb@users.noreply.github.com', 'username': 'jason-price-mongodb'}Message: Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com> Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com> |
| Comment by Githook User [ 11/Nov/21 ] |
|
Author: {'name': 'jason-price-mongodb', 'email': '69260375+jason-price-mongodb@users.noreply.github.com', 'username': 'jason-price-mongodb'}Message: Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com> Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com> |
| Comment by Githook User [ 11/Nov/21 ] |
|
Author: {'name': 'jason-price-mongodb', 'email': '69260375+jason-price-mongodb@users.noreply.github.com', 'username': 'jason-price-mongodb'}Message: Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com> |