<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:26:20 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-31211] Use config_base=false for encryption at rest WT instance.</title>
                <link>https://jira.mongodb.org/browse/SERVER-31211</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-30242&quot; title=&quot;Add a method to determine if fCV has been set.&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-30242&quot;&gt;&lt;del&gt;SERVER-30242&lt;/del&gt;&lt;/a&gt; addresses a bug in encryption at rest that triggers an unintentional downgrade. We need to assert that the fix for &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-30242&quot; title=&quot;Add a method to determine if fCV has been set.&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-30242&quot;&gt;&lt;del&gt;SERVER-30242&lt;/del&gt;&lt;/a&gt; correctly addresses this problem. &lt;/p&gt;</description>
                <environment></environment>
        <key id="430623">SERVER-31211</key>
            <summary>Use config_base=false for encryption at rest WT instance.</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="daniel.gottlieb@mongodb.com">Daniel Gottlieb</assignee>
                                    <reporter username="maria.vankeulen@mongodb.com">Maria van Keulen</reporter>
                        <labels>
                    </labels>
                <created>Thu, 21 Sep 2017 20:12:18 +0000</created>
                <updated>Mon, 30 Oct 2023 23:13:25 +0000</updated>
                            <resolved>Wed, 18 Oct 2017 14:45:06 +0000</resolved>
                                                    <fixVersion>3.6.0-rc1</fixVersion>
                                    <component>Storage</component>
                                        <votes>0</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="1702587" author="daniel.gottlieb@10gen.com" created="Wed, 18 Oct 2017 14:45:06 +0000"  >&lt;p&gt;The FCV work to downgrade correctly was added in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-31513&quot; title=&quot;Enumerate the possible featureCompatibilityVersion states in one atomic variable&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-31513&quot;&gt;&lt;del&gt;SERVER-31513&lt;/del&gt;&lt;/a&gt;. This ticket was re-purposed for a discovered problem that prevented downgrading from 3.6 to 3.4 in the encryption at rest keystore instance.&lt;/p&gt;</comment>
                            <comment id="1702579" author="xgen-internal-githook" created="Wed, 18 Oct 2017 14:39:00 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;email&apos;: &apos;daniel.gottlieb@mongodb.com&apos;, &apos;name&apos;: &apos;Daniel Gottlieb&apos;, &apos;username&apos;: &apos;dgottlieb&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-31211&quot; title=&quot;Use config_base=false for encryption at rest WT instance.&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-31211&quot;&gt;&lt;del&gt;SERVER-31211&lt;/del&gt;&lt;/a&gt;: Use config_base=false on the encryption at rest WT instance.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/10gen/mongo-enterprise-modules/commit/49e815bc0fe2a44980020f58f0ecaca1b38e16e7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-enterprise-modules/commit/49e815bc0fe2a44980020f58f0ecaca1b38e16e7&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1681999" author="sue.loverso" created="Tue, 26 Sep 2017 15:13:14 +0000"  >&lt;p&gt;I think it makes most sense to change the keystore database to include the &lt;tt&gt;config_base=false&lt;/tt&gt; option in the same manner the normal MongoDB database does.  I&apos;d consider that a fix, not a workaround.  In addition, &lt;a href=&quot;https://jira.mongodb.org/browse/WT-3602&quot; title=&quot;compatible=(release=2.9) is insufficient for downgrading to 2.9&quot; class=&quot;issue-link&quot; data-issue-key=&quot;WT-3602&quot;&gt;&lt;del&gt;WT-3602&lt;/del&gt;&lt;/a&gt; is fixed and merged and will be in the next drop.&lt;/p&gt;</comment>
                            <comment id="1681176" author="daniel.gottlieb@10gen.com" created="Mon, 25 Sep 2017 18:43:59 +0000"  >&lt;p&gt;The values being validated are from the &lt;tt&gt;WiredTiger.basecfg&lt;/tt&gt; file generated for the &lt;tt&gt;keystore&lt;/tt&gt; database. The encryption at rest code does not pass in &lt;tt&gt;config_base=false&lt;/tt&gt;. The omission was benign. &lt;/p&gt;

&lt;p&gt;There are a few ways forward that we&apos;re working on. In the meantime it should be possible to get test working with a workaround.&lt;/p&gt;</comment>
                            <comment id="1680288" author="daniel.gottlieb@10gen.com" created="Sun, 24 Sep 2017 00:13:05 +0000"  >&lt;p&gt;The problem Maria ran into is specifically when running an encryption at rest key rotation with a 3.6 mongod, followed by trying to downgrade to 3.4. I believe I&apos;ve identified the cause, waiting on confirmation of &lt;a href=&quot;https://jira.mongodb.org/browse/WT-3602&quot; title=&quot;compatible=(release=2.9) is insufficient for downgrading to 2.9&quot; class=&quot;issue-link&quot; data-issue-key=&quot;WT-3602&quot;&gt;&lt;del&gt;WT-3602&lt;/del&gt;&lt;/a&gt;. As a reminder, encryption at rest creates a second WiredTiger database, known as the &lt;tt&gt;keystore&lt;/tt&gt; database, to store the encryption keys (which itself is encrypted via a master key, typically managed by a kmip server).&lt;/p&gt;

&lt;p&gt;Key rotation is a means of re-encrypting the &lt;tt&gt;keystore&lt;/tt&gt; database. A refresher on how that works:&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;Connect to KMIP to retrieve the master key and open the original &lt;tt&gt;keystore&lt;/tt&gt; database&lt;/li&gt;
	&lt;li&gt;Request a new encryption key from KMIP.&lt;/li&gt;
	&lt;li&gt;Create a new WiredTiger &lt;tt&gt;keystore&lt;/tt&gt; database in a temporary directory, writing data out with the new encryption key.&lt;/li&gt;
	&lt;li&gt;Read all the data from the original &lt;tt&gt;keystore&lt;/tt&gt; and copy it to the new &lt;tt&gt;keystore&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Close both WiredTiger &lt;tt&gt;keystores&lt;/tt&gt; and moving the new &lt;tt&gt;keystore&lt;/tt&gt; in place and invalidating the old &lt;tt&gt;keystore&lt;/tt&gt;.&lt;/li&gt;
&lt;/ol&gt;


&lt;p&gt;To ease downgrading scenarios, MongoDB 3.6 always uses &lt;tt&gt;compatibility=(release=2.9)&lt;/tt&gt; for the &lt;tt&gt;keystore&lt;/tt&gt; database, which is deemed acceptable because the data format changes are mostly for performance optimizations, and the keystore database is modified on only a fraction of the metadata changes to the &quot;outer&quot; database.&lt;/p&gt;

&lt;p&gt;However it seems, creating a new database with WiredTiger 3.0 (step 3) still adds a version of 3.0 to some metadata, regardless of the release compatibility that prevents access from WiredTiger 2.9, ergo, MongoDB 3.4.&lt;/p&gt;

&lt;p&gt;I don&apos;t believe databases created with WiredTiger 2.9 that are upgraded to 3.0 and downgraded back to 2.9 are affected in this way.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                        <issuelink>
            <issuekey id="431798">WT-3602</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="406500">SERVER-30242</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Sun, 24 Sep 2017 00:13:05 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        6 years, 17 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<s><a href='https://jira.mongodb.org/browse/SERVER-30242'>SERVER-30242</a></s>, <s><a href='https://jira.mongodb.org/browse/WT-3602'>WT-3602</a></s>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_14262" key="com.atlassian.jira.plugin.system.customfieldtypes:datepicker">
                        <customfieldname>End date</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 26 Sep 2017 00:00:00 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            6 years, 17 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>daniel.gottlieb@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>maria.vankeulen@mongodb.com</customfieldvalue>
            <customfieldvalue>sue.loverso@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htfc2n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|ht75fb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1925">Storage 2017-10-23</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_14261" key="com.atlassian.jira.plugin.system.customfieldtypes:datepicker">
                        <customfieldname>Start date</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 21 Sep 2017 00:00:00 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htey5z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>