<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:12:47 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-6823] Enable Access control without downtime</title>
                <link>https://jira.mongodb.org/browse/SERVER-6823</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;In response to &lt;a href=&quot;https://groups.google.com/forum/?fromgroups=#!topic/mongodb-user/pw2i1v8WiXc&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://groups.google.com/forum/?fromgroups=#!topic/mongodb-user/pw2i1v8WiXc&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It&apos;s not acceptable for me as well to have downtime when switching auth on.&lt;/p&gt;

&lt;p&gt;You could solve it this way:&lt;br/&gt;
1) Add some auth token to your mongo database(s) using db.addUser(&quot;user&quot;, &quot;pw&quot;). Since mongo runs still without --keyFile option, mongo should ignore the auth tokens and behave normally.&lt;br/&gt;
2) Modify your application so it passes user/pw to mongoDB. Since mongo runs still without --keyFile option AND does not have any ADMIN user, mongo should ignore the auth tokens and behave normally.&lt;br/&gt;
3) Restart successively all servers with --keyFile option. Begin with slaves and then stepDown the master, so there is no downtime. ConfigServer and router are redundant so there is no downtime. However, this would require that mongoDB does not yet requires authentication as long as no ADMIN user has been registered.&lt;br/&gt;
4) Connect to the router and add an user to the admin database. Now, BOTH conditions (running with --keyFile option AND having at least one admin user) are true, hence mongo should now require authentication.&lt;/p&gt;

&lt;p&gt;The advantage of this procedure is also that you could undo very fast mongo&apos;s authentication (just by removing the admin user) in case that some mongo clients had not been prepared for authentication or someting else went wrong with authentication.&lt;/p&gt;

</description>
                <environment>linux 64 bit</environment>
        <key id="47856">SERVER-6823</key>
            <summary>Enable Access control without downtime</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="shane.harvey@mongodb.com">Shane Harvey</assignee>
                                    <reporter username="kay.agahd@idealo.de">Kay Agahd</reporter>
                        <labels>
                    </labels>
                <created>Wed, 22 Aug 2012 15:33:43 +0000</created>
                <updated>Thu, 5 Apr 2018 21:07:53 +0000</updated>
                            <resolved>Wed, 13 Apr 2016 18:28:15 +0000</resolved>
                                    <version>2.2.0-rc1</version>
                                    <fixVersion>3.3.5</fixVersion>
                                    <component>Security</component>
                    <component>Sharding</component>
                                        <votes>0</votes>
                                    <watches>14</watches>
                                                                                                                <comments>
                            <comment id="1269293" author="xgen-internal-githook" created="Thu, 19 May 2016 19:21:25 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;ShaneHarvey&apos;, u&apos;name&apos;: u&apos;Shane Harvey&apos;, u&apos;email&apos;: u&apos;shane.harvey@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6823&quot; title=&quot;Enable Access control without downtime&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6823&quot;&gt;&lt;del&gt;SERVER-6823&lt;/del&gt;&lt;/a&gt; Enable simultaneous ssl/x509 auth upgrade with only two restarts&lt;/p&gt;

&lt;p&gt;Reduce the required number of restarts from three to two by allowing sslMode&lt;br/&gt;
allowSSL to be used in combination with transitionToAuth and clusterAuthMode&lt;br/&gt;
x509.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/aa9fc690ceef10bdbadb433f28fe57aded7e80ba&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/aa9fc690ceef10bdbadb433f28fe57aded7e80ba&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1239061" author="xgen-internal-githook" created="Mon, 18 Apr 2016 18:15:17 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;ShaneHarvey&apos;, u&apos;name&apos;: u&apos;Shane Harvey&apos;, u&apos;email&apos;: u&apos;shane.harvey@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6823&quot; title=&quot;Enable Access control without downtime&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6823&quot;&gt;&lt;del&gt;SERVER-6823&lt;/del&gt;&lt;/a&gt; Rename --tryClusterAuth to --transitionToAuth&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/8432d0bb4809e6547338771a365f3b5340b79024&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/8432d0bb4809e6547338771a365f3b5340b79024&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1236468" author="xgen-internal-githook" created="Thu, 14 Apr 2016 21:49:21 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;ShaneHarvey&apos;, u&apos;name&apos;: u&apos;Shane Harvey&apos;, u&apos;email&apos;: u&apos;shane.harvey@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6823&quot; title=&quot;Enable Access control without downtime&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6823&quot;&gt;&lt;del&gt;SERVER-6823&lt;/del&gt;&lt;/a&gt; Rolling access control upgrade tests require persistence&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/6e18b2fb457b93d6d6d37ea3b8c470aa8dcc8817&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/6e18b2fb457b93d6d6d37ea3b8c470aa8dcc8817&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1234989" author="xgen-internal-githook" created="Wed, 13 Apr 2016 18:26:20 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;name&apos;: u&apos;Shane Harvey&apos;, u&apos;email&apos;: u&apos;shane.harvey@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6823&quot; title=&quot;Enable Access control without downtime&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6823&quot;&gt;&lt;del&gt;SERVER-6823&lt;/del&gt;&lt;/a&gt; Enable Access control without downtime.&lt;/p&gt;

&lt;p&gt;Add --tryClusterAuth flag that enables communicatation between nodes running&lt;br/&gt;
with and without auth.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/26b55942cc467bca2cc2b935e517b443cf16c550&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/26b55942cc467bca2cc2b935e517b443cf16c550&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="183582" author="spencer" created="Wed, 7 Nov 2012 16:00:37 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6897&quot; title=&quot;2.2.0 upgrade of secondary of replica set with --keyfile authentication produces authentication errors - cannot upgrade without downtime &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6897&quot;&gt;&lt;del&gt;SERVER-6897&lt;/del&gt;&lt;/a&gt; is addressing the inability to upgrade a 2.0 replica set using auth to a 2.2 replica set using auth without downtime.  It has been fixed in 2.2.1.&lt;/p&gt;

&lt;p&gt;This ticket is for taking a cluster from running without auth to running with auth.  The fix for this has not been scheduled and will probably not make it into 2.4.&lt;/p&gt;</comment>
                            <comment id="183358" author="jkrauska" created="Tue, 6 Nov 2012 23:13:54 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6897&quot; title=&quot;2.2.0 upgrade of secondary of replica set with --keyfile authentication produces authentication errors - cannot upgrade without downtime &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6897&quot;&gt;&lt;del&gt;SERVER-6897&lt;/del&gt;&lt;/a&gt; seems to be a duplicate of this bug. (or perhaps related &amp;#8211; it&apos;s implied that this bug might be fixed in 2.4??)&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="275088">DOCS-7506</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="24844">SERVER-4268</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="78502">SERVER-9895</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="49594">SERVER-6953</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="288854">SERVER-24265</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[500A000000aRmVWIA0]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 6 Nov 2012 23:13:54 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        7 years, 38 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-302</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            7 years, 38 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_16465" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Linked BF Score</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>jkrauska</customfieldvalue>
            <customfieldvalue>kay.agahd@idealo.de</customfieldvalue>
            <customfieldvalue>shane.harvey@mongodb.com</customfieldvalue>
            <customfieldvalue>spencer@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrnr7r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrd8hb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3854</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="877">Security 12 (04/01/16)</customfieldvalue>
    <customfieldvalue id="950">Security 13 (04/22/16)</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsmecn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>