[SERVER-28178] Implement cluster time key access and management Created: 02/Mar/17  Updated: 29/Jan/18  Resolved: 05/May/17

Status: Closed
Project: Core Server
Component/s: Sharding
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Jack Mulrow Assignee: Jack Mulrow
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-28127 Integrate KeyManager to LogicalClock Closed
Backwards Compatibility: Fully Compatible
Sprint: Sharding 2017-03-27, Sharding 2017-04-17, Sharding 2017-05-08, Sharding 2017-05-29
Participants:

 Description   

This ticket was spun off from SERVER-27768.

As described in that ticket, the key the mongos and mongod will use to verify the clusterTime will be generated by the config server primary during transition to primary. It will be stored in the admin.system.keys with the following format:

{
    _id: 'clusterTimeKey',
    key: <secure pseudorandom 20 byte key generated by TimeProofService::generateRandomKey()>
}

mongod & mongos behavior:

  1. After startup, read the key document from config
  2. Initialize TimeProofService with the key
  3. Attach TimeProofService to LogicalClock

special for config server:

  1. After becoming primary, upsert the key document as described above

The key will be fetched from the config server through a new method on the ShardingCatalogClient, and the key will be stored on the config server through a new method on the ShardingCatalogManager.


Generated at Thu Feb 08 04:17:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.