[SERVER-45717] Allow changes to security.clusterIpSourceWhitelist without a rolling restart Created: 23/Jan/20  Updated: 29/Oct/23  Resolved: 01/Nov/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.2.0

Type: Improvement Priority: Major - P3
Reporter: Cailin Nelson Assignee: Sergey Galtsev (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Documented
is documented by DOCS-14910 [Server] document that security.clust... Backlog
Gantt Dependency
has to be done before SERVER-61038 Invalidate __system sessions after ru... Closed
Related
Backwards Compatibility: Fully Compatible
Sprint: Security 2020-02-10, Security 2021-10-04, Security 2021-10-18, Security 2021-11-01, Security 2021-11-15
Participants:

 Description   

Suppose you have an environment in which the members of your MongoDB replica set have IP addresses that do not fit in a tight CIDR range. In this case, you will need to list each IP address individually in the security.clusterIpSourceWhitelist configuration.

This also means that when you add a new node, you must first restart every other node so that the other nodes pick up the new value for security.clusterIpSourceWhitelist and allow connections from the new node. This in turn implies that adding a new node will also trigger an election. Some customers wish to minimize elections.

https://docs.mongodb.com/manual/reference/configuration-options/#security.clusterIpSourceWhitelist



 Comments   
Comment by Githook User [ 01/Nov/21 ]

Author:

{'name': 'sergey.galtsev', 'email': 'sergey.galtsev@mongodb.com', 'username': 'brushless-glitch'}

Message: SERVER-45717 Allow changes to clusterIpSourceAllowlist without restart
Branch: master
https://github.com/mongodb/mongo/commit/8ac4553c3d5c7509ea708c31a7f0232b2b3d4f4f

Generated at Thu Feb 08 05:09:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.