diff options
| author | Aaron Morand <aaron.morand@10gen.com> | 2022-09-12 18:43:02 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-09-12 20:47:51 +0000 |
| commit | 835f3e043c837b9fe44db15f86bbd2b00939c512 (patch) | |
| tree | 1417e2cf8393e3ea84643faad3df4dcdfb1bbb92 | |
| parent | a14ebbf41e0ae4346e806e1ac5d7a3fdaa42d529 (diff) | |
| download | mongo-835f3e043c837b9fe44db15f86bbd2b00939c512.tar.gz | |
SERVER-64834 Updating man pages for 6.0
| -rw-r--r-- | debian/mongod.1 | 228 | ||||
| -rw-r--r-- | debian/mongodb-parameters.5 | 1926 | ||||
| -rw-r--r-- | debian/mongoldap.1 | 47 | ||||
| -rw-r--r-- | debian/mongos.1 | 107 |
4 files changed, 1476 insertions, 832 deletions
diff --git a/debian/mongod.1 b/debian/mongod.1 index 73dca598e3e..9774d30affc 100644 --- a/debian/mongod.1 +++ b/debian/mongod.1 @@ -19,6 +19,10 @@ more details, see \fBDisable TLS 1.0\f1\&. .SH OPTIONS .RS .IP \(bu 2 +MongoDB removes the \fB\-\-cpu\f1 command\-line option. +.RE +.RS +.IP \(bu 2 MongoDB removes the \fB\-\-serviceExecutor\f1 command\-line option and the corresponding \fBnet.serviceExecutor\f1 configuration option. .RE @@ -194,10 +198,15 @@ link\-local IPv6 address (https://en.wikipedia.org/wiki/Link\-local_address#IPv6 zone index (https://en.wikipedia.org/wiki/IPv6_address#Scoped_literal_IPv6_addresses_(with_zone_index)) to that address (i.e. \fBfe80::<address>%<adapter\-name>\f1). .PP -When possible, use a logical DNS hostname instead of an ip address, -particularly when configuring replica set members or sharded cluster -members. The use of logical DNS hostnames avoids configuration -changes due to ip address changes. +To avoid configuration updates due to IP address changes, use DNS +hostnames instead of IP addresses. It is particularly important to +use a DNS hostname instead of an IP address when configuring replica +set members or sharded cluster members. +.PP +Use hostnames instead of IP addresses to configure clusters across a +split network horizon. Starting in MongoDB 5.0, nodes that are only +configured with an IP address will fail startup validation and will +not start. .PP Before binding to a non\-localhost (e.g. publicly accessible) IP address, ensure you have secured your cluster from unauthorized @@ -677,13 +686,6 @@ connect to the \fBmongod\f1\f1 using the appropriate \fBuser\f1 prior to restarting \fBmongod\f1\f1 without \fB\-\-transitionToAuth\f1\f1\&. .RE .PP -\fBmongod \-\-cpu\f1 -.RS -.PP -Forces the \fBmongod\f1\f1 process to report the percentage of CPU time in -write lock, every four seconds. -.RE -.PP \fBmongod \-\-sysinfo\f1 .RS .PP @@ -721,6 +723,8 @@ For additional ways to shut down, see also \fBStop mongod\f1 Processes\f1\&. \fBmongod \-\-redactClientLogData\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP A \fBmongod\f1\f1 running with \fB\-\-redactClientLogData\f1\f1 redacts any message accompanying a given log event before logging. This prevents the \fBmongod\f1\f1 from writing potentially sensitive data stored on the database to the diagnostic log. @@ -935,6 +939,8 @@ For the corresponding configuration file setting, see \fBmongod \-\-ldapServers\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The LDAP server against which the \fBmongod\f1\f1 authenticates users or determines what actions a user is authorized to perform on a given database. If the LDAP server specified has any replicated instances, @@ -975,6 +981,8 @@ server is unavailable. \fBmongod \-\-ldapQueryUser\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The identity with which \fBmongod\f1\f1 binds as, when connecting to or performing queries on an LDAP server. .PP @@ -1000,28 +1008,27 @@ instead of \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapQueryPassword\f1\f1\&. You both \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapBindWithOSDefaults\f1\f1 at the same time. .RE .PP -\fBmongod \-\-ldapQueryPassword\f1 -.RS +\fIAvailable in MongoDB Enterprise only.\f1 .PP The password used to bind to an LDAP server when using \fB\-\-ldapQueryUser\f1\f1\&. You must use \fB\-\-ldapQueryPassword\f1\f1 with \fB\-\-ldapQueryUser\f1\f1\&. .PP -If unset, \fBmongod\f1\f1 will not attempt to bind to the LDAP server. +If not set, \fBmongod\f1\f1 does not attempt to bind to the LDAP server. .PP -This setting can be configured on a running \fBmongod\f1\f1 using +You can configure this setting on a running \fBmongod\f1\f1 using \fBsetParameter\f1\f1\&. .PP Starting in MongoDB 4.4, the \fBldapQueryPassword\f1 \fBsetParameter\f1\f1 command accepts either a string or -an array of strings. If set to an array, each password is tried -until one succeeds. This can be used to perform a rollover of the -LDAP account password without downtime for MongoDB. +an array of strings. If \fBldapQueryPassword\f1 is set to an array, MongoDB tries +each password in order until one succeeds. Use a password array to roll over the +LDAP account password without downtime. .PP Windows MongoDB deployments can use \fB\-\-ldapBindWithOSDefaults\f1\f1 -instead of \fB\-\-ldapQueryPassword\f1\f1 and \fB\-\-ldapQueryPassword\f1\f1\&. You cannot specify -both \fB\-\-ldapQueryPassword\f1\f1 and \fB\-\-ldapBindWithOSDefaults\f1\f1 at the same time. -.RE +instead of \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapQueryPassword\f1\f1\&. +You cannot specify both \fB\-\-ldapQueryPassword\f1\f1 and +\fB\-\-ldapBindWithOSDefaults\f1\f1 at the same time. .PP \fBmongod \-\-ldapBindWithOSDefaults\f1 .RS @@ -1052,6 +1059,8 @@ Use \fB\-\-ldapBindWithOSDefaults\f1\f1 to replace \fB\-\-ldapQueryUser\f1\f1 an .PP \fIDefault\f1: simple .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The method \fBmongod\f1\f1 uses to authenticate to an LDAP server. Use with \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapQueryPassword\f1\f1 to connect to the LDAP server. @@ -1074,6 +1083,8 @@ using \fBDIGEST\-MD5\f1 mechanism. .PP \fIDefault\f1: DIGEST\-MD5 .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP A comma\-separated list of SASL mechanisms \fBmongod\f1\f1 can use when authenticating to the LDAP server. The \fBmongod\f1\f1 and the LDAP server must agree on at least one mechanism. The \fBmongod\f1\f1 @@ -1145,6 +1156,8 @@ For Windows, please see the Windows SASL documentation (https://msdn.microsoft.c .PP \fIDefault\f1: tls .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP By default, \fBmongod\f1\f1 creates a TLS/SSL secured connection to the LDAP server. .PP @@ -1173,6 +1186,8 @@ credentials between \fBmongod\f1\f1 and the LDAP server. .PP \fIDefault\f1: 10000 .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The amount of time in milliseconds \fBmongod\f1\f1 should wait for an LDAP server to respond to a request. .PP @@ -1188,6 +1203,8 @@ This setting can be configured on a running \fBmongod\f1\f1 using \fBmongod \-\-ldapUserToDNMapping\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP Maps the username provided to \fBmongod\f1\f1 for authentication to a LDAP Distinguished Name (DN). You may need to use \fB\-\-ldapUserToDNMapping\f1\f1 to transform a username into an LDAP DN in the following scenarios: @@ -1352,6 +1369,8 @@ This setting can be configured on a running \fBmongod\f1\f1 using the \fBmongod \-\-ldapAuthzQueryTemplate\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP A relative LDAP query URL formatted conforming to RFC4515 (https://tools.ietf.org/search/rfc4515) and RFC4516 (https://tools.ietf.org/html/rfc4516) that \fBmongod\f1\f1 executes to obtain the LDAP groups to which the authenticated user belongs to. The query is relative to the host or hosts specified in \fB\-\-ldapServers\f1\f1\&. @@ -1459,7 +1478,7 @@ To specify the \fBWiredTiger Storage Engine\f1\&. .IP \(bu 4 To specify the \fBIn\-Memory Storage Engine\f1\&. .IP -Available in MongoDB Enterprise only. +\fIAvailable in MongoDB Enterprise only.\f1 .RE .RE .PP @@ -2015,10 +2034,18 @@ and is always set to \fBtrue\f1\&. In earlier versions of MongoDB, \fB\-\-enableMajorityReadConcern\f1\f1 was configurable. .PP If you are using a three\-member primary\-secondary\-arbiter (PSA) -architecture, the write concern \fB"majority"\f1\f1 can cause -performance issues if a secondary is unavailable or lagging. See -\fBMitigate Performance Issues with PSA Replica Set\f1 for advice on how to mitigate these -issues. +architecture, consider the following: +.RS +.IP \(bu 2 +The write concern \fB"majority"\f1\f1 can cause +performance issues if a secondary is unavailable or lagging. For +advice on how to mitigate these issues, see +\fBMitigate Performance Issues with PSA Replica Set\f1\&. +.IP \(bu 2 +If you are using a global default \fB"majority"\f1\f1 +and the write concern is less than the size of the majority, +your queries may return stale (not fully replicated) data. +.RE .RE .SS SHARDED CLUSTER OPTIONS .PP @@ -3331,7 +3358,17 @@ This is the default profiler level. \fB1\f1 .IP \(bu 4 The profiler collects data for operations that take longer -than the value of \fBslowms\f1\&. +than the value of \fBslowms\f1 or that match a \fBfilter\f1\&. +.IP +When a filter is set: +.RS +.IP \(bu 6 +The \fBslowms\f1 and \fBsampleRate\f1 options are not used for +profiling. +.IP \(bu 6 +The profiler only captures operations that match the +\fBfilter\f1\&. +.RE .RE .IP \(bu 2 .RS @@ -3361,9 +3398,7 @@ that run for longer than this threshold are considered \fIslow\f1\&. .PP When \fBlogLevel\f1\f1 is set to \fB0\f1, MongoDB records \fIslow\f1 operations to the diagnostic log at a rate determined by -\fBslowOpSampleRate\f1\f1\&. Starting in MongoDB -4.2, the secondaries of replica sets log \fBall oplog entry messages -that take longer than the slow operation threshold to apply\f1 regardless of the sample rate. +\fBslowOpSampleRate\f1\f1\&. .PP At higher \fBlogLevel\f1\f1 settings, all operations appear in the diagnostic log regardless of their latency with the following @@ -3395,6 +3430,43 @@ diagnostic log and, if enabled, the profiler. .RE .SS AUDIT OPTIONS .PP +\fBmongod \-\-auditCompressionMode\f1 +.RS +.PP +Specifies the compression mode for \fBaudit log encryption\f1\&. You must also enable audit log +encryption using either \fB\-\-auditEncryptionKeyUID\f1\f1 or +\fB\-\-auditLocalKeyFile\f1\f1\&. +.PP +\fB\-\-auditCompressionMode\f1\f1 can be set to one of these values: +.RS +.IP \(bu 2 +.RS +.IP \(bu 4 +Value +.IP \(bu 4 +Description +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBzstd\f1 +.IP \(bu 4 +Use the \fBzstd\f1 algorithm to compress the audit log. +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBnone\f1 \fI(default)\f1 +.IP \(bu 4 +Do not compress the audit log. +.RE +.RE +.PP +Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. +MongoDB Enterprise and Atlas have different configuration +requirements. +.RE +.PP \fBmongod \-\-auditDestination\f1 .RS .PP @@ -3445,6 +3517,20 @@ Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-e and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&. .RE .PP +\fBmongod \-\-auditEncryptionKeyUID\f1 +.RS +.PP +Specifies the unique identifier of the Key Management +Interoperability Protocol (KMIP) key for \fBaudit log encryption\f1\&. +.PP +You cannot use \fB\-\-auditEncryptionKeyUID\f1\f1 and +\fB\-\-auditLocalKeyFile\f1\f1 together. +.PP +Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. +MongoDB Enterprise and Atlas have different configuration +requirements. +.RE +.PP \fBmongod \-\-auditFormat\f1 .RS .PP @@ -3483,6 +3569,25 @@ Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-e and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&. .RE .PP +\fBmongod \-\-auditLocalKeyFile\f1 +.RS +.PP +Specifies the path and file name for a local audit key file for +\fBaudit log encryption\f1\&. +.PP +Only use \fB\-\-auditLocalKeyFile\f1\f1 for testing because the key is +not secured. To secure the key, use +\fB\-\-auditEncryptionKeyUID\f1\f1 and an external Key +Management Interoperability Protocol (KMIP) server. +.PP +You cannot use \fB\-\-auditLocalKeyFile\f1\f1 and +\fB\-\-auditEncryptionKeyUID\f1\f1 together. +.PP +Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. +MongoDB Enterprise and Atlas have different configuration +requirements. +.RE +.PP \fBmongod \-\-auditPath\f1 .RS .PP @@ -3517,6 +3622,37 @@ the configuration file. Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server) and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&. .RE +.SS SNMP OPTIONS +.PP +MongoDB Enterprise on macOS does \fInot\f1 include support for SNMP due +to SERVER\-29352 (https://jira.mongodb.org/browse/SERVER\-29352)\&. +.PP +\fBmongod \-\-snmp\-disabled\f1 +.RS +.PP +Disables SNMP access to \fBmongod\f1\f1\&. The option is incompatible +with \fB\-\-snmp\-subagent\f1\f1 and \fB\-\-snmp\-master\f1\f1\&. +.RE +.PP +\fBmongod \-\-snmp\-subagent\f1 +.RS +.PP +Runs SNMP as a subagent. The option is incompatible with \fB\-\-snmp\-disabled\f1\f1\&. +.RE +.PP +\fBmongod \-\-snmp\-master\f1 +.RS +.PP +Runs SNMP as a master. The option is incompatible with \fB\-\-snmp\-disabled\f1\f1\&. +.RE +.RS +.IP \(bu 2 +\fBMonitor MongoDB With SNMP on Linux\f1 +.IP \(bu 2 +\fBMonitor MongoDB Windows with SNMP\f1 +.IP \(bu 2 +\fBTroubleshoot SNMP\f1 +.RE .SS INMEMORY OPTIONS .PP \fBmongod \-\-inMemorySizeGB\f1 @@ -3792,8 +3928,36 @@ KMIP server. .PP Starting in 4.0, on macOS or Windows, you can use a certificate from the operating system\(aqs secure store instead of a PEM key -file. See \fB\-\-kmipClientCertificateSelector\f1\f1\&. When using the secure store, you do not -need to, but can, also specify the \fB\-\-kmipServerCAFile\f1\f1\&. +file. See \fB\-\-kmipClientCertificateSelector\f1\f1\&. When using the secure +store, you do not need to, but can, also specify the \fB\-\-kmipServerCAFile\f1\f1\&. +.RE +.PP +\fBmongod \-\-kmipActivateKeys\f1 +.RS +.PP +\fIDefault\f1: true +.PP +Activates all newly created KMIP keys upon creation and then periodically +checks those keys are in an active state. +.PP +When \fB\-\-kmipActivateKeys\f1 is \fBtrue\f1 and you have existing keys on a +KMIP server, the key must be activated first or the \fBmongod\f1\f1 node +will fail to start. +.PP +If the key being used by the mongod transitions into a non\-active state, +the \fBmongod\f1\f1 node will shut down unless \fBkmipActivateKeys\f1 is +false. To ensure you have an active key, rotate the KMIP master key by +using \fB\-\-kmipRotateMasterKey\f1\f1\&. +.RE +.PP +\fBmongod \-\-kmipKeyStatePollingSeconds\f1 +.RS +.PP +\fIDefault\f1: 900 seconds +.PP +Frequency in seconds at which mongod polls the KMIP server for active keys. +.PP +To disable disable polling, set the value to \fB\-1\f1\&. .RE .PP \fBmongod \-\-eseDatabaseKeyRollover\f1 diff --git a/debian/mongodb-parameters.5 b/debian/mongodb-parameters.5 index bc12365dfd0..8d9062f1f2c 100644 --- a/debian/mongodb-parameters.5 +++ b/debian/mongodb-parameters.5 @@ -39,15 +39,7 @@ For additional configuration options, see .PP Remove support for the deprecated \fBMONGODB\-CR\f1 authentication mechanism. .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Specifies the list of authentication mechanisms the server accepts. Set this to one or more of the following values. If you specify multiple @@ -122,15 +114,7 @@ authentication mechanisms, use the following command: \fBclusterAuthMode\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Set the \fBclusterAuthMode\f1\f1 to either \fBsendX509\f1 or \fBx509\f1\&. Useful during \fBrolling upgrade to use x509 for @@ -149,15 +133,7 @@ For more information about TLS/SSL and MongoDB, see \fBenableLocalhostAuthBypass\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Specify \fB0\f1 or \fBfalse\f1 to disable localhost authentication bypass. Enabled by default. @@ -185,9 +161,39 @@ start\-up, and cannot change this setting with the \fBsetParameter\f1\f1 database command. .RE .PP +\fBldapForceMultiThreadMode\f1 +.RS +.PP +\fIDefault\f1: false +.PP +Enables the performance of concurrent LDAP operations. +.PP +Only if you are certain that your instance of \fBlibldap\f1 +is safe to use in this mode, enable this flag. You may experience +crashes of the MongoDB process if the \fBlibldap\f1 version you are using +is not thread safe. +.PP +You must use \fBldapForceMultiThreadMode\f1\f1 to use LDAP connection +pool. To enable LDAP connection pool, set \fBldapForceMultiThreadMode\f1\f1 +and \fBldapUseConnectionPool\f1\f1 to \fBtrue\f1\&. +.PP +If you have any concerns regarding your MongoDB version, OS version or +libldap version, please contact MongoDB Support. +.RE +.PP \fBldapUserCacheInvalidationInterval\f1 .RS .PP +Starting in MongoDB 5.2, the update interval for cached user information +retrieved from an LDAP server depends on +\fBldapShouldRefreshUserCacheEntries\f1\f1: +.RS +.IP \(bu 2 +If true, use \fBldapUserCacheRefreshInterval\f1\f1\&. +.IP \(bu 2 +If false, use \fBldapUserCacheInvalidationInterval\f1\f1\&. +.RE +.PP For use with MongoDB deployments using \fBLDAP Authorization\f1\&. Available for \fBmongod\f1\f1 instances only. @@ -207,6 +213,90 @@ increasing the load on the LDAP server. Defaults to 30 seconds. .RE .PP +\fBldapUserCacheRefreshInterval\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 30 seconds +.PP +Starting in MongoDB 5.2, the update interval for cached user information +retrieved from an LDAP server depends on +\fBldapShouldRefreshUserCacheEntries\f1\f1: +.RS +.IP \(bu 2 +If true, use \fBldapUserCacheRefreshInterval\f1\f1\&. +.IP \(bu 2 +If false, use \fBldapUserCacheInvalidationInterval\f1\f1\&. +.RE +.PP +For MongoDB deployments using \fBLDAP Authorization\f1\&. +.PP +The interval in seconds that \fBmongod\f1\f1 waits before +refreshing the cached user information from the LDAP server. +.PP +The maximum interval is 86,400 seconds (24 hours). +.PP +For example, the following sets +\fBldapUserCacheRefreshInterval\f1\f1 to \fB4000\f1 seconds: +.PP +.EX + mongod \-\-setParameter ldapUserCacheRefreshInterval=4000 +.EE +.PP +Or, if using the \fBsetParameter\f1\f1 command within +\fBmongosh\f1\f1: +.PP +.EX + db.adminCommand( { setParameter: 1, ldapUserCacheRefreshInterval: 4000 } ) +.EE +.RE +.PP +\fBldapUserCacheStalenessInterval\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 90 seconds +.PP +For MongoDB deployments using \fBLDAP Authorization\f1\&. +.PP +The interval in seconds that \fBmongod\f1\f1 retains the cached +LDAP user information after the last cache refresh. +.PP +If more than \fBldapUserCacheStalenessInterval\f1\f1 seconds +elapse without a successful refresh of the user information from the +LDAP server, then \fBmongod\f1\f1: +.RS +.IP \(bu 2 +Invalidates the cached LDAP user information. +.IP \(bu 2 +Is unavailable for LDAP users. LDAP users are unable to +authenticate until \fBmongod\f1\f1 contacts the LDAP +server. +.RE +.PP +The maximum interval is 86,400 seconds (24 hours). +.PP +For example, the following sets +\fBldapUserCacheStalenessInterval\f1\f1 to \fB4000\f1 seconds: +.PP +.EX + mongod \-\-setParameter ldapUserCacheStalenessInterval=4000 +.EE +.PP +Or, if using the \fBsetParameter\f1\f1 command within +\fBmongosh\f1\f1: +.PP +.EX + db.adminCommand( { setParameter: 1, ldapUserCacheStalenessInterval: 4000 } ) +.EE +.RE +.PP \fBldapUseConnectionPool\f1 .RS .PP @@ -271,10 +361,11 @@ start\-up, and cannot change this setting during runtime with the .PP \fINew in version 4.2.1 and 4.0.13\f1 .PP -\fIChanged in version 4.4\f1 Changed default value to \fB2\f1\&. In previous -versions, the default is unset. +\fIChanged starting in MongoDB versions 4.4.15, 5.0.9, and 6.0.0\f1 +Changed default value to \fB2147483647\f1\&. In previous versions, the +default is unset. .PP -\fIDefault\f1: 2 +\fIDefault\f1: 2147483647 .PP The maximum number of connections to keep open to each LDAP server. .PP @@ -289,6 +380,12 @@ start\-up, and cannot change this setting during runtime with the .PP \fINew in version 4.2.1 and 4.0.13\f1 .PP +\fIChanged starting in MongoDB versions 4.4.15, 5.0.9, and 6.0.0\f1 +Changed default value to \fB2\f1\&. In previous versions, the +default is unset. +.PP +\fIDefault\f1: 2 +.PP The maximum number of in\-progress connect operations to each LDAP server. .PP You can only set @@ -329,6 +426,38 @@ start\-up, and cannot change this setting with the \fBsetParameter\f1\f1 database command. .RE .PP +\fBldapShouldRefreshUserCacheEntries\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: true +.PP +For MongoDB deployments using \fBLDAP Authorization\f1\&. +.PP +Starting in MongoDB 5.2, the update interval for cached user information +retrieved from an LDAP server depends on +\fBldapShouldRefreshUserCacheEntries\f1\f1: +.RS +.IP \(bu 2 +If true, use \fBldapUserCacheRefreshInterval\f1\f1\&. +.IP \(bu 2 +If false, use \fBldapUserCacheInvalidationInterval\f1\f1\&. +.RE +.PP +You can only set \fBldapShouldRefreshUserCacheEntries\f1\f1 +during startup in the \fBconfiguration file\f1\f1 or +with the \fB\-\-setParameter\f1 option on the command line. For example, +the following disables +\fBldapShouldRefreshUserCacheEntries\f1\f1: +.PP +.EX + mongod \-\-setParameter ldapShouldRefreshUserCacheEntries=false +.EE +.RE +.PP \fBmaxValidateMemoryUsageMB\f1 .RS .PP @@ -413,7 +542,7 @@ TLS/SSL\f1\&. .PP Specify the cipher string for OpenSSL when using TLS/SSL encryption. For a list of cipher strings, see -https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER\-STRINGS (https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER\-STRINGS)\&. +https://www.openssl.org/docs/man1.1.1/man1/ciphers.html (https://www.openssl.org/docs/man1.1.1/man1/ciphers.html)\&. Multiple cipher strings can be provided as a colon\-separated list. .PP This parameter is only for use with TLS 1.2 or earlier. To specify @@ -513,15 +642,7 @@ cipher suites, use the \fBopensslCipherConfig\f1\f1 parameter: \fBsaslauthdPath\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Specify the path to the Unix Domain Socket of the \fBsaslauthd\f1 instance to use for proxy authentication. @@ -530,15 +651,7 @@ instance to use for proxy authentication. \fBsaslHostName\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fBsaslHostName\f1\f1 overrides MongoDB\(aqs default hostname detection for the purpose of configuring SASL and Kerberos @@ -568,15 +681,7 @@ Windows: \fBsaslServiceName\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Allows users to override the default \fBKerberos\f1 service name component of the \fBKerberos\f1 @@ -598,15 +703,7 @@ Ensure that your driver supports alternate service names. .PP \fIDefault\f1: \fB10000\f1 .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Changes the number of hashing iterations used for all new \fBSCRAM\-SHA\-1\f1 passwords. More iterations increase the amount of @@ -646,15 +743,7 @@ Or, if using the \fBsetParameter\f1\f1 command within .PP \fIDefault\f1: \fB15000\f1 .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Changes the number of hashing iterations used for all new \fBSCRAM\-SHA\-256\f1 passwords. More iterations increase the amount of @@ -692,15 +781,7 @@ Or, if using the \fBsetParameter\f1\f1 command within \fBsslMode\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Set the \fBnet.ssl.mode\f1\f1 to either \fBpreferSSL\f1 or \fBrequireSSL\f1\&. Useful during \fBrolling upgrade to TLS/SSL\f1 to minimize downtime. @@ -719,15 +800,7 @@ For more information about TLS/SSL and MongoDB, see \fBtlsMode\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Set to either: .RS @@ -821,15 +894,7 @@ seconds: .PP \fIDefault\f1: false .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP A TLS certificate is set for a \fBmongod\f1\f1 or \fBmongos\f1\f1 either by the @@ -851,15 +916,7 @@ deployment. \fBtlsWithholdClientCertificate\f1 is mutually exclusive with \fBtlsX509ClusterAuthDNOverride\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP An alternative Distinguished Name (DN) that the instance can also use to identify members of the deployment. @@ -900,15 +957,7 @@ For more information about membership certificate requirements, see .PP \fIDefault\f1 : 30 .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Starting in MongoDB 4.4, \fBmongod\f1\f1/\fBmongos\f1\f1 logs a warning on connection if the presented x.509 certificate @@ -953,15 +1002,7 @@ For more information on x.509 certificate validity, see RFC 5280 .PP Use \fBtlsWithholdClientCertificate\f1\f1 instead. .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP A TLS certificate is set for a \fBmongod\f1\f1 or \fBmongos\f1\f1 either by the @@ -985,11 +1026,7 @@ deployment. \fBsslWithholdClientCertificate\f1 is mutually exclusive with .PP \fIDefault\f1: 30 .PP -Available for -.PP -\fBmongos\f1\f1 -.PP - only. +Available for \fBmongos\f1\f1 only. .PP On a \fBmongos\f1\f1 instance, specifies the interval (in seconds) at which the \fBmongos\f1\f1 instance checks to determine whether @@ -1006,15 +1043,7 @@ value of \fB86400\f1 seconds (24 hours). .PP \fIDefault\f1: 0 .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Available in MongoDB Enterprise only. .PP @@ -1034,15 +1063,7 @@ other clients simultaneously. .PP \fIDefault\f1: true .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIAvailable starting in MongoDB 4.0.11 (and 3.6.14 and 3.4.22)\f1 .PP @@ -1054,20 +1075,57 @@ startup in the config file or on the command line. .RE .SS GENERAL PARAMETERS .PP -\fBconnPoolMaxShardedConnsPerHost\f1 +\fBallowDiskUseByDefault\f1 .RS .PP -\fIDefault\f1: 200 +\fIDefault\f1: True +.PP +Available for \fBmongod\f1\f1 only. .PP -Available for both +Starting in MongoDB 6.0, pipeline stages that require more than 100 +megabytes of memory to execute write temporary files to disk by +default. In earlier verisons of MongoDB, you must pass +\fB{ allowDiskUse: true }\f1 to individual \fBfind\f1 and \fBaggregate\f1 +commands to enable this behavior. .PP -\fBmongod\f1\f1 +Individual \fBfind\f1 and \fBaggregate\f1 commands may override the +\fBallowDiskUseByDefault\f1\f1 parameter by either: +.RS +.IP \(bu 2 +Using \fB{ allowDiskUse: true }\f1 to allow writing temporary files out +to disk when \fBallowDiskUseByDefault\f1 is set to \fBfalse\f1 +.IP \(bu 2 +Using \fB{ allowDiskUse: false }\f1 to prohibit writing temporary files +out to disk when \fBallowDiskUseByDefault\f1 is set to \fBtrue\f1 +.RE +.PP +.EX + mongod \-\-setParameter allowDiskUseByDefault=false +.EE .PP - and +\fBallowDiskUseByDefault\f1\f1 only works on \fBmongod\f1\f1 +not \fBmongos\f1\f1\&. \fBmongos\f1\f1 never writes temporary +files to disk. Use the \fBsetParameter\f1\f1 command in +a \fBmongosh\f1\f1 session that is connected to a running +\fBmongod\f1\f1 to change the value of the parameter while the +server is running: +.PP +.EX + db.adminCommand( + { + setParameter: 1, + allowDiskUseByDefault: false + } + ) +.EE +.RE +.PP +\fBconnPoolMaxShardedConnsPerHost\f1 +.RS .PP -\fBmongos\f1\f1 +\fIDefault\f1: 200 .PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Sets the maximum size of the legacy connection pools for communication to the shards. The size of a pool does not prevent the creation of @@ -1093,15 +1151,7 @@ startup in the config file or on the command line. For example: \fBconnPoolMaxShardedInUseConnsPerHost\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Sets the maximum number of in\-use connections at any given time for the legacy sharded cluster connection pools. @@ -1121,15 +1171,7 @@ startup in the config file or on the command line. For example: \fBshardedConnPoolIdleTimeoutMinutes\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Sets the time limit that a connection in the legacy sharded cluster connection pool can remain idle before being closed. @@ -1151,15 +1193,7 @@ startup in the config file or on the command line. For example: .PP \fIDefault\f1: 200 .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Sets the maximum size of the legacy connection pools for outgoing connections to other \fBmongod\f1\f1 instances in the global connection pool. The size @@ -1185,15 +1219,7 @@ in the config file or on the command line. For example: \fBconnPoolMaxInUseConnsPerHost\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Sets the maximum number of in\-use connections at any given time for for outgoing connections to other \fBmongod\f1\f1 instances in @@ -1214,15 +1240,7 @@ startup in the config file or on the command line. For example: \fBglobalConnPoolIdleTimeoutMinutes\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Sets the time limit that connection in the legacy global connection pool can remain idle before being closed. @@ -1245,15 +1263,7 @@ example: .PP \fIDefault\f1: 600000 (10 minutes) .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Sets the expiration threshold in milliseconds for idle cursors before MongoDB removes them; specifically, MongoDB removes cursors that have @@ -1335,14 +1345,44 @@ following option: .EE .RE .PP -\fBnotablescan\f1 +\fBmaxNumActiveUserIndexBuilds\f1 .RS .PP -Available for +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 3 +.PP +MongoDB limits the number of concurrent user index builds to control +WiredTiger cache pressure. The primary node can run up to +\fBmaxNumActiveUserIndexBuilds\f1 concurrent user index builds. This is +a global limit that applies across collections. +.PP +System indexes are not limited to \fBmaxNumActiveUserIndexBuilds\f1, +however a running system index build will count against the limit for +user index builds. +.PP +After reaching \fBmaxNumActiveUserIndexBuilds\f1, MongodDB blocks +additional user index builds until the number of concurrent index +builds drops below the \fBmaxNumActiveUserIndexBuilds\f1 limit. If an +index build is blocked, the server logs a message, "Too many index +builds running simultaneously, waiting until the number of active +index builds is below the threshold". +.PP +The following command sets a limit of 4 concurrent index builds: .PP -\fBmongod\f1\f1 +.EX + db.adminCommand( { setParameter: 1, maxNumActiveUserIndexBuilds: 4 } ) +.EE +.PP +See also: \fBmaxIndexBuildMemoryUsageMegabytes\f1\f1 +.RE +.PP +\fBnotablescan\f1 +.RS .PP - only. +Available for \fBmongod\f1\f1 only. .PP Specify whether \fBall\f1 queries must use indexes. If \fB1\f1, MongoDB will not execute queries that require a collection scan and will return an @@ -1373,11 +1413,7 @@ affect queries in all databases, including administrative queries. \fBttlMonitorEnabled\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP \fIDefault\f1: \fBtrue\f1 .PP @@ -1410,15 +1446,7 @@ MongoDB internal system operations that depend on \fBtcpFastOpenServer\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIDefault\f1: \fBtrue\f1 .PP @@ -1477,15 +1505,7 @@ RFC7413 (https://tools.ietf.org/html/rfc7413)\&. \fBtcpFastOpenClient\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIDefault\f1: \fBtrue\f1 .PP @@ -1523,15 +1543,7 @@ RFC7413 (https://tools.ietf.org/html/rfc7413)\&. \fBtcpFastOpenQueueSize\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIDefault\f1: \fB1024\f1 .PP @@ -1579,11 +1591,7 @@ RFC7413 TCP Fast Open Section 6: TFO Applicability (https://tools.ietf.org/html/ .PP The JavaScript engine\(aqs JIT compiler is now disabled by default. .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP The MongoDB JavaScript engine uses SpiderMonkey, which implements Just\-in\-Time (JIT) compilation for improved performance when running scripts. @@ -1607,6 +1615,18 @@ Alternately, you may enable the JIT at startup time by starting the .EE .RE .PP +\fBindexMaxNumGeneratedKeysPerDocument\f1 +.RS +.PP +\fIDefault\f1: 100000 +.PP +Limits the maximum number of keys generated for a document to +prevent out of memory errors. It is possible to raise the limit, but +if an operation requires more keys than the +\fBindexMaxNumGeneratedKeysPerDocument\f1\f1 parameter specifies, +the operation will fail. +.RE +.PP \fBmaxIndexBuildMemoryUsageMegabytes\f1 .RS .PP @@ -1679,11 +1699,7 @@ startup in the config file or on the command line. For example: \fBwatchdogPeriodSeconds\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP @@ -1797,20 +1813,34 @@ for example: mongod \-\-setParameter "tcmallocReleaseRate=5.0" .EE .RE -.SS LOGGING PARAMETERS .PP -\fBlogLevel\f1 +\fBfassertOnLockTimeoutForStepUpDown\f1 .RS .PP -Available for both +Default: 15 seconds +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Allows a server that receives a request to step up or step down, to +terminate if it is unable to comply (for example due +to faulty server disks) within the timeout. This enables a cluster to +successfully elect a new primary node and thus continue to be available. +.PP +\fBfassertOnLockTimeoutForStepUpDown\f1 defaults to 15 seconds. To disable +nodes from fasserting, set \fBfassertOnLockTimeoutForStepUpDown=0\f1\&. .PP -\fBmongod\f1\f1 +The following example disables nodes from fasserting: .PP - and +.EX + mongod \-\-setParameter fassertOnLockTimeoutForStepUpDown=0 +.EE +.RE +.SS LOGGING PARAMETERS .PP -\fBmongos\f1\f1 +\fBlogLevel\f1 +.RS .PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Specify an integer between \fB0\f1 and \fB5\f1 signifying the verbosity of the \fBlogging\f1, where \fB5\f1 is the @@ -1834,15 +1864,7 @@ The following example sets the \fBlogLevel\f1\f1 to \fB2\f1: \fBlogComponentVerbosity\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Sets the verbosity levels of various \fBcomponents\f1 for \fBlog messages\f1\&. The verbosity level determines the amount of \fBInformational and Debug\f1 @@ -1990,27 +2012,19 @@ the log verbosity level, see \fBConfigure Log Verbosity Levels\f1\&. \fBmaxLogSizeKB\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: non\-negative integer .PP \fIDefault\f1: 10 .PP -Specifies the maxium size, in kilobytes, for an individual +Specifies the maximum size, in kilobytes, for an individual attribute field in a log entry; attributes exceeding this limit are truncated. .PP Truncated attribute fields print field content up to the \fBmaxLogSizeKB\f1\f1 limit and excise field content past that -limit, retaining valid JSON formating. Log entires that contain +limit, retaining valid JSON formatting. Log entries that contain truncated attributes append a \fBtruncated\f1 object to the end of the log entry. .PP @@ -2035,15 +2049,7 @@ kilobytes: \fBquiet\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Sets quiet logging mode. If \fB1\f1, \fBmongod\f1\f1 will go into a quiet logging @@ -2073,15 +2079,7 @@ Consider the following example which sets the \fBredactClientLogData\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: boolean .PP @@ -2112,15 +2110,7 @@ To enable log redaction on a running \fBmongod\f1 or \fBtraceExceptions\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Configures \fBmongod\f1\f1 to log full source code stack traces for every database and socket C++ exception, for use with debugging. @@ -2139,15 +2129,7 @@ Consider the following example which sets the \fBsuppressNoTLSPeerCertificateWarning\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: boolean .PP @@ -2202,15 +2184,7 @@ for specific diagnostic purposes. \fBdiagnosticDataCollectionEnabled\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: boolean .PP @@ -2231,11 +2205,7 @@ For example, the following disables the diagnostic collection: .PP \fIType\f1: String .PP -Available for -.PP -\fBmongos\f1\f1 -.PP - only. +Available for \fBmongos\f1\f1 only. .PP Specify the directory for the diagnostic directory for \fBmongos\f1\f1\&. If the directory does not exist, @@ -2266,15 +2236,7 @@ the process does not have permissions to create the directory. .PP Increased default size to 200 megabytes. .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: integer .PP @@ -2302,15 +2264,7 @@ be greater than maximum diagnostic file size \fBdiagnosticDataCollectionFileSizeMB\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: integer .PP @@ -2334,15 +2288,7 @@ The minimum value for \fBdiagnosticDataCollectionPeriodMillis\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: integer .PP @@ -2364,18 +2310,63 @@ milliseconds. .RE .SS REPLICATION AND CONSISTENCY .PP -\fBenableOverrideClusterChainingSetting\f1 +\fBdisableSplitHorizonIPCheck\f1 .RS .PP -Available for both +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: false +.RE +.PP +To configure cluster nodes for split horizon DNS (https://en.wikipedia.org/wiki/Split\-horizon_DNS), use host names +instead of IP addresses. +.PP +Starting in MongoDB v5.0, \fBreplSetInitiate\f1\f1 and +\fBreplSetReconfig\f1\f1 reject configurations that use IP +addresses instead of hostnames. .PP -\fBmongod\f1\f1 +Use \fBdisableSplitHorizonIPCheck\f1\f1 to modify nodes that +cannot be updated to use host names. The parameter only applies to the +configuration commands. .PP - and +\fBmongod\f1\f1 and \fBmongos\f1\f1 do not rely on +\fBdisableSplitHorizonIPCheck\f1\f1 for validation at startup. +Legacy \fBmongod\f1\f1 and \fBmongos\f1\f1 instances that use IP +addresses instead of host names will start after an upgrade. +.PP +Instances that are configured with IP addresses log a warning to use +host names instead of IP addresses. +.PP +To allow configuration changes using IP addresses, set +\fBdisableSplitHorizonIPCheck=true\f1 using the command line: +.PP +.EX + /usr/local/bin/mongod \-\-setParameter disableSplitHorizonIPCheck=true \-f /etc/mongod.conf +.EE +.PP +To allow configuration changes using IP addresses, set +\fBdisableSplitHorizonIPCheck=true\f1 using the node\(aqs configuration +file: +.PP +.EX + setParameter: + disableSplitHorizonIPCheck: true +.EE +.PP +If you attempt to update \fBdisableSplitHorizonIPCheck\f1 at runtime, +\fBdb.adminCommand()\f1\f1 returns an error: +.PP +.EX + db.adminCommand( { setParameter: 1, "disableSplitHorizonIPCheck": true } ) + MongoServerError: not allowed to change [disableSplitHorizonIPCheck] at runtime +.EE .PP -\fBmongos\f1\f1 +\fBenableOverrideClusterChainingSetting\f1 +.RS .PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: boolean .PP @@ -2404,15 +2395,7 @@ For example, to set the .PP New in version 4.0.4 (and version 3.6.9). .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: integer .PP @@ -2436,15 +2419,7 @@ for a \fBmongod\f1\f1 instance to 10 minutes: \fBlocalLogicalSessionTimeoutMinutes\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: integer .PP @@ -2480,15 +2455,7 @@ for a test \fBmongod\f1\f1 instance to 20 minutes: \fBmaxAcceptableLogicalClockDriftSecs\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: integer .PP @@ -2519,15 +2486,7 @@ for a \fBmongod\f1\f1 instance to 15 minutes: \fBmaxSessions\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: integer .PP @@ -2545,18 +2504,43 @@ for a \fBmongod\f1\f1 instance to 1000: .EE .RE .PP -\fBstoreFindAndModifyImagesInSideCollection\f1 +\fBoplogBatchDelayMillis\f1 .RS .PP -Available for both +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 0 +.PP +The number of milliseconds to delay applying batches of oplog +operations on secondary nodes. By default, \fBoplogBatchDelayMillis\f1 +is \fB0\f1, meaning oplog batches are applied with no delay. When there +is no delay, MongoDB may apply frequent, small oplog batches to +secondaries. +.PP +Increasing \fBoplogBatchDelayMillis\f1 causes MongoDB to apply oplog +batches less frequently on secondaries, with each batch containing +larger amounts of data. This reduces IOPS (Input/Output +Operations Per Second) on secondaries, but adds latency for writes +with write concern \fB"majority"\f1\f1\&. .PP -\fBmongod\f1\f1 +You can only set \fBoplogBatchDelayMillis\f1 at startup. You cannot set +\fBoplogBatchDelayMillis\f1 during runtime. .PP - and +For example, run the following command to set the +\fBoplogBatchDelayMillis\f1 for a \fBmongod\f1\f1 instance to 20 +milliseconds: +.PP +.EX + mongod \-\-setParameter oplogBatchDelayMillis=20 +.EE +.RE .PP -\fBmongos\f1\f1 +\fBstoreFindAndModifyImagesInSideCollection\f1 +.RS .PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: boolean .PP @@ -2611,11 +2595,7 @@ During runtime, you can also set the parameter with the \fBTransactionRecordMinimumLifetimeMinutes\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP @@ -2709,11 +2689,7 @@ network error. The default value is equivalent to 24 hours. .PP \fIType\f1: String .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP The preferred source for performing \fBinitial sync\f1\&. Specify one of the following read preference modes: @@ -2757,6 +2733,32 @@ configuration file setting or the \fB\-\-setParameter\f1\f1 command line option. .RE .PP +\fBinitialSyncMethod\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: String +.PP +\fIDefault\f1: \fBlogical\f1 +.PP +Available only in MongoDB Enterprise. +.PP +Method used for \fBinitial sync\f1\&. +.PP +Set to \fBlogical\f1 to use \fBlogical initial sync\f1\&. Set to \fBfileCopyBased\f1 to +use \fBfile copy based initial sync\f1\&. +.PP +This parameter only affects the sync method for the member on which +it is specified. Setting this parameter on a single replica set +member does not affect the sync method of any other replica set +members. +.PP +You can only set this parameter on startup, using either the +\fBsetParameter\f1\f1 configuration file setting or the +\fB\-\-setParameter\f1\f1 command line option. +.RE +.PP \fBmaxNumSyncSourceChangesPerHour\f1 .RS .PP @@ -2782,11 +2784,7 @@ sync from the new primary. \fBoplogFetcherUsesExhaust\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP \fIType\f1: boolean .PP @@ -2812,11 +2810,7 @@ You can only set this parameter on startup, using either the .PP \fIDefault\f1: 60 .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Maximum time in seconds for a member of a \fBreplica set\f1 to wait for the \fBfind\f1\f1 command to finish during @@ -2830,16 +2824,16 @@ for the \fBfind\f1\f1 command to finish during .PP \fIDefault\f1: 16 .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Maximum number of threads to use to apply replicated operations in -parallel. Values can range from 1 to 256 inclusive. You can only set -\fBreplWriterThreadCount\f1\f1 at startup and cannot change this -setting with the \fBsetParameter\f1\f1 command. +parallel. Values can range from 1 to 256 inclusive. However, the +maximum number of threads used is capped at twice the number of +available cores. +.PP +You can only set \fBreplWriterThreadCount\f1\f1 at startup and +cannot change this setting with the \fBsetParameter\f1\f1 +command. .PP \fBreplWriterMinThreadCount\f1\f1 .RE @@ -2851,11 +2845,7 @@ setting with the \fBsetParameter\f1\f1 command. .PP \fIDefault\f1: 0 .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Minimum number of threads to use to apply replicated operations in parallel. Values can range from 0 to 256 inclusive. You can only set @@ -2902,11 +2892,7 @@ roughly 68 years. \fBwaitForSecondaryBeforeNoopWriteMS\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP @@ -2937,11 +2923,7 @@ During runtime, you can also set the parameter with the \fBcreateRollbackDataFiles\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP \fIType\f1: boolean .PP @@ -3031,11 +3013,7 @@ During runtime, you can also set the parameter with the \fBmirrorReads\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP \fINew in version 4.4\f1 .PP @@ -3151,12 +3129,76 @@ Or if using the \fBsetParameter\f1\f1 command in a db.adminCommand( { setParameter: 1, mirrorReads: { samplingRate: 0.10 } } ) .EE .RE +.PP +\fBallowMultipleArbiters\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: false +.PP +Specifies whether the replica set allows the use of multiple arbiters. +.PP +The use of multiple arbiters is not recommended: +.RS +.IP \(bu 2 +Multiple arbiters prevent the reliable use of the majority write concern. +MongoDB counts arbiters in calculating a membership majority, but arbiters +do not store data. With the inclusion of multiple arbiters, it\(aqs possible +for a majority write operation to return success before the write replicates +to a majority of data bearing nodes. +.IP \(bu 2 +Multiple arbiters allow replica sets to accept writes even when the +replica set doesn\(aqt have sufficient secondaries for data replication. +.RE +.PP +For more information, see +\fBConcerns with Multiple Arbiters\f1\&. +.PP +The parameter can only be set during startup: +.PP +.EX + mongod \-\-setParameter allowMultipleArbiters=true +.EE +.RE .SS SHARDING PARAMETERS .PP Starting in version 4.2, MongoDB removes the parameter \fBAsyncRequestsSenderUseBaton\f1 and always enables the performance enhancement controlled by the parameter. .PP +\fBchunkDefragmentationThrottlingMS\f1 +.RS +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 0 +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Specifies the minimum time period (in milliseconds) between +consecutive split and merge commands run by the \fBbalancer\f1 when +the \fBchunks\f1 in a \fBsharded\f1 collection +are defragmented. \fBchunkDefragmentationThrottlingMS\f1\f1 +limits the rate of split and merge commands. +.PP +The following example sets +\fBchunkDefragmentationThrottlingMS\f1\f1 to \fB10\f1 milliseconds: +.PP +.EX + mongod \-\-setParameter chunkDefragmentationThrottlingMS=10 +.EE +.PP +During runtime, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, chunkDefragmentationThrottlingMS: 10 } ) +.EE +.RE +.PP \fBdisableResumableRangeDeleter\f1 .RS .PP @@ -3164,11 +3206,7 @@ enhancement controlled by the parameter. .PP \fIDefault\f1: false .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP If set on a shard\(aqs primary, specifies if range deletion is paused on the shard. If set to \fBtrue\f1, cleanup of \fBchunk\(garanges @@ -3211,11 +3249,7 @@ this setting using the \fBsetParameter\f1\f1 database command. .PP \fIDefault\f1: true .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP If set on the config server\(aqs primary, enables or disables the index consistency check for sharded collections. The parameter has no @@ -3254,11 +3288,7 @@ During runtime, you can also set the parameter with the .PP \fIDefault\f1: 600000 .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP If set on the config server\(aqs primary, the interval, in milliseconds, at which the config server\(aqs primary checks the index @@ -3290,15 +3320,7 @@ For example, the following sets the interval at 300000 milliseconds .PP \fIDefault\f1: true .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP This parameter allows the catalog cache to be refreshed only if the shard needs to be refreshed. If disabled, any stale chunk will cause @@ -3328,13 +3350,9 @@ this setting using the \fBsetParameter\f1\f1 database command. .PP \fIDefault\f1: 150 .PP -Available for +Available for \fBmongos\f1\f1 only. .PP -\fBmongos\f1\f1 -.PP - only. -.PP -Specifies the maximimum time limit (in milliseconds) for the +Specifies the maximum time limit (in milliseconds) for the \fBhedged read\f1\&. That is, the additional read sent to hedge the read operation uses the \fBmaxTimeMS\f1 value of \fBmaxTimeMSForHedgedReads\f1\f1 while the read operation @@ -3370,11 +3388,7 @@ Or if using the \fBsetParameter\f1\f1 command in a .PP \fIDefault\f1: 10 .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP For \fBmoveChunk\f1\f1 operations, specifies the maximum percentage of untrasferred data allowed by the migration protocol @@ -3387,7 +3401,7 @@ latency during concurrent \fBupsert\f1\f1 and \fBdelete\f1\f1 operations. .PP For example, to set the maximum percentage to 20, you can issue the -followingduring startup: +following during startup: .PP .EX mongod \-\-setParameter maxCatchUpPercentageBeforeBlockingWrites=20 @@ -3399,6 +3413,51 @@ You cannot change Live Migration Protocol (https://github.com/mongodb/mongo/blob/master/src/mongo/db/s/README.md#the\-live\-migration\-protocol) .RE .PP +\fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1 +.RS +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 500 +.PP +Available for \fBmongod\f1\f1 only. +.PP +Limits the time a shard waits for a critical section within a +transaction. +.PP +When a query accesses a shard, a \fBchunk migration\f1 or \fBDDL operation\f1 may already hold the critical +section for the collection. If the query finds the critical +section is taken, the shard waits until the critical section has +been released. When the shard returns control to \fBmongos\f1\f1, +\fBmongos\f1\f1 retries the query. However, if a multi\-shard +transaction interacts with an operation that takes the critical +section on multiple shards, the interaction can result in a +distributed deadlock. +.PP +\fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1\f1 +limits the maximum time a shard waits within a transaction for the +critical section to be released. +.PP +To reduce the maximum wait time for the critical section within a +transaction, lower the the value of +\fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1\f1\&. +.PP +If \fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1\f1 +is too low, \fBmongos\f1\f1 could use all of its retry attempts +and return an error. +.PP +You can set +\fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1\f1 at +startup and during runtime. +.PP +For example, to set \fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1\f1 +to 400 milliseconds: +.PP +.EX + db.adminCommand( { setParameter: 1, metadataRefreshInTransactionMaxWaitBehindCritSecMS: 400 } ) +.EE +.RE +.PP \fBreadHedgingMode\f1 .RS .PP @@ -3406,11 +3465,7 @@ Live Migration Protocol (https://github.com/mongodb/mongo/blob/master/src/mongo/ .PP \fIDefault\f1: on .PP -Available for -.PP -\fBmongos\f1\f1 -.PP - only. +Available for \fBmongos\f1\f1 only. .PP Specifies whether \fBmongos\f1\f1 supports hedged reads for those read operations whose \fBread preference\f1 have enabled the hedged read option. @@ -3474,11 +3529,7 @@ Or if using the \fBsetParameter\f1\f1 command in a .PP \fIDefault\f1: 15000 .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Specifies the time (in milliseconds) to wait for any ongoing database operations to complete before initiating a shutdown of @@ -3507,11 +3558,7 @@ Or if using the \fBsetParameter\f1\f1 command in a .PP \fIDefault\f1: 15000 .PP -Available for -.PP -\fBmongos\f1\f1 -.PP - only. +Available for \fBmongos\f1\f1 only. .PP Specifies the time (in milliseconds) to wait for any ongoing database operations to complete before initiating a shutdown of @@ -3555,7 +3602,7 @@ replica set is the config server replica set: .IP \(bu 2 For MongoDB 3.2.0\-3.2.9, the monitoring \fBmongod\f1\f1 or \fBmongos\f1\f1 instance will become unusable and needs to be -restarted. See the v3.2 troubleshooting guide (https://docs.mongodb.com/v3.2/tutorial/troubleshoot\-sharded\-clusters/#a\-config\-server\-replica\-set\-member\-become\-unavailable) +restarted. See the v3.2 troubleshooting guide (https://www.mongodb.com/docs/v3.2/tutorial/troubleshoot\-sharded\-clusters/#a\-config\-server\-replica\-set\-member\-become\-unavailable) for more details. .IP \(bu 2 For MongoDB 3.2.10 and later 3.2\-series, see also @@ -3582,7 +3629,7 @@ If the monitored replica set is the config server replica set and must restart \fBmongod\f1\f1 or \fBmongos\f1\f1 if the \fBmongod\f1\f1 or \fBmongos\f1\f1 instance cannot reach any of the config servers for the specified number of times. See the -v3.2 troubleshooting guide (https://docs.mongodb.com/v3.2/tutorial/troubleshoot\-sharded\-clusters/#a\-config\-server\-replica\-set\-member\-become\-unavailable) +v3.2 troubleshooting guide (https://www.mongodb.com/docs/v3.2/tutorial/troubleshoot\-sharded\-clusters/#a\-config\-server\-replica\-set\-member\-become\-unavailable) for more details. .RE .PP @@ -3593,22 +3640,11 @@ Type: integer .PP Default: 300000 (5 minutes) .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Maximum time that \fBmongos\f1\f1 goes without communication to a host before \fBmongos\f1\f1 drops all connections to the host. .PP -You can only set this parameter during start\-up and cannot change -this setting using the \fBsetParameter\f1\f1 database command. -.PP If set, \fBShardingTaskExecutorPoolHostTimeoutMS\f1\f1 should be greater than the sum of \fBShardingTaskExecutorPoolRefreshRequirementMS\f1\f1 and @@ -3617,9 +3653,20 @@ greater than the sum of \fBShardingTaskExecutorPoolHostTimeoutMS\f1\f1 to be greater than the sum. .PP +The following example sets +\fBShardingTaskExecutorPoolHostTimeoutMS\f1\f1 to \fB120000\f1 +during startup: +.PP .EX mongos \-\-setParameter ShardingTaskExecutorPoolHostTimeoutMS=120000 .EE +.PP +During runtime, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, ShardingTaskExecutorPoolHostTimeoutMS: 120000 } ) +.EE .RE .PP \fBShardingTaskExecutorPoolMaxConnecting\f1 @@ -3629,15 +3676,7 @@ Type: integer .PP Default: 2 .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Maximum number of simultaneous initiating connections (including pending connections in setup/refresh state) each TaskExecutor @@ -3650,12 +3689,20 @@ less than or equal to \fBShardingTaskExecutorPoolMaxSize\f1\f1\&. If it is greater, \fBmongos\f1\f1 ignores the \fBShardingTaskExecutorPoolMaxConnecting\f1\f1 value. .PP -You can only set this parameter during start\-up and cannot change -this setting using the \fBsetParameter\f1\f1 database command. +The following example sets +\fBShardingTaskExecutorPoolMaxConnecting\f1\f1 to \fB20\f1 +during startup: .PP .EX mongos \-\-setParameter ShardingTaskExecutorPoolMaxConnecting=20 .EE +.PP +During runtime, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, ShardingTaskExecutorPoolMaxConnecting: 20 } ) +.EE .RE .PP \fBShardingTaskExecutorPoolMaxSize\f1 @@ -3665,15 +3712,7 @@ Type: integer .PP Default: 2 64 \- 1 .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Maximum number of outbound connections each TaskExecutor connection pool can open to any given \fBmongod\f1\f1 instance. The maximum @@ -3684,11 +3723,19 @@ is: ShardingTaskExecutorPoolMaxSize * taskExecutorPoolSize .EE .PP -You can only set this parameter during start\-up and cannot change -this setting using the \fBsetParameter\f1\f1 database command. +The following example sets +\fBShardingTaskExecutorPoolMaxSize\f1\f1 to \fB20\f1 +during startup: +.PP +.EX + mongos \-\-setParameter ShardingTaskExecutorPoolMaxSize=20 +.EE +.PP +During runtime, you can also set the parameter with the +\fBsetParameter\f1\f1 command: .PP .EX - mongos \-\-setParameter ShardingTaskExecutorPoolMaxSize=4 + db.adminCommand( { setParameter: 1, ShardingTaskExecutorPoolMaxSize: 20 } ) .EE .PP \fBmongos\f1\f1 can have up to \fBn\f1 TaskExecutor connection @@ -3698,22 +3745,56 @@ pools, where \fBn\f1 is the number of cores. See \fBShardingTaskExecutorPoolMinSize\f1\f1 .RE .PP -\fBShardingTaskExecutorPoolMinSize\f1 +\fBShardingTaskExecutorPoolMaxSizeForConfigServers\f1 .RS .PP Type: integer .PP -Default: 1 +Default: \-1 .PP -Available for both +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP -\fBmongod\f1\f1 +Optional override for \fBShardingTaskExecutorPoolMaxSize\f1\f1 to set the maximum number +of outbound connections each TaskExecutor connection pool can open to a +\fBconfiguration server\f1\&. .PP - and +When set to: +.RS +.IP \(bu 2 +\fB\-1\f1, \fBShardingTaskExecutorPoolMaxSize\f1\f1 is used. This is the default. +.IP \(bu 2 +an integer value greater than \fB\-1\f1, overrides the +maximum number of outbound connections each TaskExecutor +connection pool can open to a configuration server. +.RE .PP -\fBmongos\f1\f1 +Parameter only applies to sharded deployments. .PP -\&. +The following example sets \fBShardingTaskExecutorPoolMaxSize\f1\f1 to \fB2\f1 during startup, which +sets the maximum number of outbound connections each +TaskExecutor connection pool can open to a configuration server to +\fB2\f1: +.PP +.EX + mongos \-\-setParameter ShardingTaskExecutorPoolMaxSizeForConfigServers=2 +.EE +.PP +During runtime, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, ShardingTaskExecutorPoolMaxSizeForConfigServers: 2 } ) +.EE +.RE +.PP +\fBShardingTaskExecutorPoolMinSize\f1 +.RS +.PP +Type: integer +.PP +Default: 1 +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Minimum number of outbound connections each TaskExecutor connection pool can open to any given \fBmongod\f1\f1 instance. @@ -3735,13 +3816,21 @@ In MongoDB 4.4, the \fBwarmMinConnectionsInShardingTaskExecutorPoolOnStartup\f1\f1 parameter is enabled by default for the \fBmongos\f1\f1\&. .PP -You can only set this parameter during start\-up and cannot change -this setting using the \fBsetParameter\f1\f1 database command. +The following example sets +\fBShardingTaskExecutorPoolMinSize\f1\f1 to \fB2\f1 +during startup: .PP .EX mongos \-\-setParameter ShardingTaskExecutorPoolMinSize=2 .EE .PP +During runtime, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, ShardingTaskExecutorPoolMinSize: 2 } ) +.EE +.PP \fBmongos\f1\f1 can have up to \fBn\f1 TaskExecutor connection pools, where \fBn\f1 is the number of cores. See \fBtaskExecutorPoolSize\f1\f1\&. @@ -3753,28 +3842,61 @@ pools, where \fBn\f1 is the number of cores. See .RE .RE .PP -\fBShardingTaskExecutorPoolRefreshRequirementMS\f1 +\fBShardingTaskExecutorPoolMinSizeForConfigServers\f1 .RS .PP Type: integer .PP -Default: 60000 (1 minute) +Default: \-1 +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP -Available for both +Optional override for \fBShardingTaskExecutorPoolMinSize\f1\f1 to set the minimum number +of outbound connections each TaskExecutor connection pool can open to a +\fBconfiguration server\f1\&. .PP -\fBmongod\f1\f1 +When set to: +.RS +.IP \(bu 2 +\fB\-1\f1, \fBShardingTaskExecutorPoolMinSize\f1\f1 is used. This is the default. +.IP \(bu 2 +an integer value greater than \fB\-1\f1, overrides the +minimum number of outbound connections each TaskExecutor +connection pool can open to a configuration server. +.RE .PP - and +Parameter only applies to sharded deployments. .PP -\fBmongos\f1\f1 +The following example sets \fBShardingTaskExecutorPoolMinSize\f1\f1 to \fB2\f1 during startup, which +sets the minimum number of outbound connections each +TaskExecutor connection pool can open to a configuration server to +\fB2\f1: .PP -\&. +.EX + mongos \-\-setParameter ShardingTaskExecutorPoolMinSizeForConfigServers=2 +.EE .PP -Maximum time the \fBmongos\f1\f1 waits before attempting to -heartbeat a resting connection in the pool. +During runtime, you can also set the parameter with the +\fBsetParameter\f1\f1 command: .PP -You can only set this parameter during start\-up and cannot change -this setting using the \fBsetParameter\f1\f1 database command. +.EX + db.adminCommand( { setParameter: 1, ShardingTaskExecutorPoolMinSizeForConfigServers: 2 } ) +.EE +.RE +.PP +\fBShardingTaskExecutorPoolRefreshRequirementMS\f1 +.RS +.PP +Type: integer +.PP +Default: 60000 (1 minute) +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Maximum time the \fBmongos\f1\f1 waits before attempting to +heartbeat a resting connection in the pool. An idle connection may be +discarded during the refresh if the pool is above its +\fBminimum size\f1\&. .PP If set, \fBShardingTaskExecutorPoolRefreshRequirementMS\f1\f1 should be greater than \fBShardingTaskExecutorPoolRefreshTimeoutMS\f1\f1\&. @@ -3782,9 +3904,20 @@ Otherwise, \fBmongos\f1\f1 adjusts the value of \fBShardingTaskExecutorPoolRefreshTimeoutMS\f1\f1 to be less than \fBShardingTaskExecutorPoolRefreshRequirementMS\f1\f1\&. .PP +The following example sets +\fBShardingTaskExecutorPoolRefreshRequirementMS\f1\f1 to +\fB90000\f1 during startup: +.PP .EX mongos \-\-setParameter ShardingTaskExecutorPoolRefreshRequirementMS=90000 .EE +.PP +During runtime, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, ShardingTaskExecutorPoolRefreshRequirementMS: 90000 } ) +.EE .RE .PP \fBShardingTaskExecutorPoolRefreshTimeoutMS\f1 @@ -3794,31 +3927,31 @@ Type: integer .PP Default: 20000 (20 seconds) .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Maximum time the \fBmongos\f1\f1 waits for a heartbeat before timing out the heartbeat. .PP -You can only set this parameter during start\-up and cannot change -this setting using the \fBsetParameter\f1\f1 database command. -.PP If set, \fBShardingTaskExecutorPoolRefreshTimeoutMS\f1\f1 should be less than \fBShardingTaskExecutorPoolRefreshRequirementMS\f1\f1\&. Otherwise, \fBmongos\f1\f1 adjusts the value of \fBShardingTaskExecutorPoolRefreshTimeoutMS\f1\f1 to be less than \fBShardingTaskExecutorPoolRefreshRequirementMS\f1\f1\&. .PP +The following example sets +\fBShardingTaskExecutorPoolRefreshTimeoutMS\f1\f1 to +\fB30000\f1 during startup: +.PP .EX mongos \-\-setParameter ShardingTaskExecutorPoolRefreshTimeoutMS=30000 .EE +.PP +During runtime, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, ShardingTaskExecutorPoolRefreshTimeoutMS: 30000 } ) +.EE .RE .PP \fBShardingTaskExecutorPoolReplicaSetMatching\f1 @@ -3828,15 +3961,7 @@ Type: string .PP Default: "automatic" .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP On a \fBmongos\f1\f1 instance, this parameter sets the policy that determines the minimum size limit of its connection pools to @@ -3974,11 +4099,7 @@ Type: integer .PP Default: 1 .PP -Available for -.PP -\fBmongos\f1\f1 -.PP - only. +Available for \fBmongos\f1\f1 only. .PP The number of Task Executor connection pools to use for a given \fBmongos\f1\f1\&. @@ -4001,7 +4122,7 @@ Starting in MongoDB 4.0, the default value of .IP \(bu 2 In MongoDB 4.0 deployment, you can set \fBtaskExecutorPoolSize\f1\f1 to \fB0\f1 and, on Linux, set -AsyncRequestsSenderUseBaton (https://docs.mongodb.com/v4.0/reference/parameters/#param.AsyncRequestsSenderUseBaton) to +AsyncRequestsSenderUseBaton (https://www.mongodb.com/docs/v4.0/reference/parameters/#param.AsyncRequestsSenderUseBaton) to \fBfalse\f1 for the previous behavior. .IP \(bu 2 In MongoDB 4.2+ deployment, MongoDB removes the @@ -4030,11 +4151,7 @@ Type: boolean .PP \fIDefault\f1: true .PP -Available for -.PP -\fBmongos\f1\f1 -.PP - only. +Available for \fBmongos\f1\f1 only. .PP Configures a \fBmongos\f1\f1 instance to preload the routing table for a sharded cluster on startup. With this setting @@ -4066,11 +4183,7 @@ Type: boolean .PP \fIDefault\f1: true .PP -Available for -.PP -\fBmongos\f1\f1 -.PP - only. +Available for \fBmongos\f1\f1 only. .PP Configures a \fBmongos\f1\f1 instance to prewarm its connection pool on startup. With this parameter enabled, the @@ -4110,11 +4223,7 @@ Type: integer .PP \fIDefault\f1: 2000 (2 seconds) .PP -Available for -.PP -\fBmongos\f1\f1 -.PP - only. +Available for \fBmongos\f1\f1 only. .PP Sets the timeout threshold in milliseconds for a \fBmongos\f1\f1 to wait for \fBShardingTaskExecutorPoolMinSize\f1\f1 @@ -4140,11 +4249,7 @@ You can only set this parameter on startup, using either the .PP The parameter is also available starting in 3.4.18 and 3.6.10 .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Type: Non\-negative integer .PP @@ -4176,11 +4281,7 @@ command: .PP The parameter is also available starting in 3.4.18 and 3.6.10 .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Type: Non\-negative integer .PP @@ -4213,18 +4314,15 @@ command: .PP Default: 900 (15 minutes) .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Minimum delay before a migrated \fBchunk\f1 is deleted from the source shard. .PP Before deleting the chunk during chunk migration, MongoDB waits for -\fBorphanCleanupDelaySecs\f1\f1 or for in\-progress queries involving -the chunk to complete on the shard primary, whichever is longer. +\fBorphanCleanupDelaySecs\f1\f1 or for in\-progress queries +involving the chunk to complete on the shard primary, whichever is +longer. .PP However, because the shard primary has no knowledge of in\-progress queries run on the shard secondaries, queries that use the chunk but are run on @@ -4258,11 +4356,7 @@ This may also be set using the \fBsetParameter\f1\f1 command: .PP The parameter is also available starting in 3.4.17 and 3.6.7. .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Type: Non\-negative integer .PP @@ -4297,17 +4391,12 @@ command: \fBrangeDeleterBatchSize\f1 .RS .PP -The parameter is also available starting in 3.4.19 and 3.6.10 -.PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Type: Non\-negative integer .PP -Default: 128 +Default: 2147483647 starting in MongoDB 5.1.2, 5.0.6, and 4.4.12 (128 +in earlier MongoDB versions) .PP The maximum number of documents in each batch to delete during the cleanup stage of \fBchunk migration\f1 @@ -4333,11 +4422,7 @@ command: \fBskipShardingConfigurationChecks\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Type: boolean .PP @@ -4370,15 +4455,7 @@ MongoDB 3.4.11+ \fBfindChunksOnConfigTimeoutMS\f1 .RS .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Type: Non\-negative integer .PP @@ -4395,16 +4472,340 @@ value: mongod \-\-setParameter findChunksOnConfigTimeoutMS=1000000 .EE .RE -.SS STORAGE PARAMETERS +.SS HEALTH MANAGER PARAMETERS .PP -\fBhonorSystemUmask\f1 +\fBactiveFaultDurationSecs\f1 +.RS +.PP +\fIType\f1: Document +.PP +Available for \fBmongos\f1\f1 only. +.PP +The amount of time to wait from a \fB\f1 failure until the +\fBmongos\f1 is removed from the cluster, in seconds. +.PP +When a failure is detected and a Health Manager is configured as +\fBcritical\f1, the server waits for the specified interval +before removing the \fBmongos\f1 from the cluster. +.PP +For example, to set the duration from failure to crash to five +minutes, issue the following at startup: +.PP +.EX + mongos \-\-setParameter activeFaultDurationSecs=300 +.EE +.PP +Or if using the \fBsetParameter\f1\f1 command in a +\fBmongosh\f1\f1 session that is connected to a running +\fBmongos\f1\f1: +.PP +.EX + db.adminCommand( + { + setParameter: 1, + activeFaultDurationSecs: 300 + } + ) +.EE +.PP +Parameters set with \fBsetParameter\f1\f1 do not persist across +restarts. See the \fBsetParameter page\f1 for details. +.PP +To make this setting persistent, set \fBactiveFaultDurationSecs\f1 +in your \fBmongos config file\f1 using the +\fBsetParameter\f1\f1 option as in the following example: +.PP +.EX + setParameter: + activeFaultDurationSecs: 300 +.EE +.RE +.PP +\fBhealthMonitoringIntensities\f1 .RS .PP -Available for +\fIType\f1: Array of documents .PP -\fBmongod\f1\f1 +Available for \fBmongos\f1\f1 only. .PP - only. +Use this parameter to set intensity levels for Health Managers\&. +.PP +\fBhealthMonitoringIntensities\f1 accepts an array of documents, +\fBvalues\f1\&. Each document in \fBvalues\f1 takes two fields: +.RS +.IP \(bu 2 +\fBtype\f1, the Health Manager facet +.IP \(bu 2 +\fBintensity\f1, the intensity level +.RE +.SS HEALTH MANAGERS +.RS +.IP \(bu 2 +.RS +.IP \(bu 4 +Facet +.IP \(bu 4 +What the Health Observer Checks +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBconfigServer\f1 +.IP \(bu 4 +Cluster health issues related to connectivity to the config server. +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBdns\f1 +.IP \(bu 4 +Cluster health issues related to DNS availability and functionality. +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBldap\f1 +.IP \(bu 4 +Cluster health issues related to LDAP availability and functionality. +.RE +.RE +.SS INTENSITY LEVELS +.RS +.IP \(bu 2 +.RS +.IP \(bu 4 +Intensity Level +.IP \(bu 4 +Description +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBcritical\f1 +.IP \(bu 4 +The Health Manager on this facet is enabled and has the ability to move the +failing \fBmongos\f1 out of the cluster if an error +occurs. The Health Manager waits the amount of time specified by +\fBactiveFaultDurationSecs\f1\f1 before stopping and moving +the \fBmongos\f1 out of the cluster automatically. +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBnon\-critical\f1 +.IP \(bu 4 +The Health Manager on this facet is enabled and logs +errors, but the \fBmongos\f1 remains in the cluster if +errors are encountered. +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBoff\f1 +.IP \(bu 4 +The Health Manager on this facet is disabled. The \fBmongos\f1 does not perform any health checks on this facet. This +is the default intensity level. +.RE +.RE +.PP +For example, to set the \fBdns\f1 Health Manager facet to the +\fBcritical\f1 intensity level, issue the following at startup: +.PP +.EX + mongos \-\-setParameter \(aqhealthMonitoringIntensities={ values:[ { type:"dns", intensity: "critical"} ] }\(aq +.EE +.PP +Or if using the \fBsetParameter\f1\f1 command in a +\fBmongosh\f1\f1 session that is connected to a running +\fBmongos\f1\f1: +.PP +.EX + db.adminCommand( + { + setParameter: 1, + healthMonitoringIntensities: { values: [ { type: "dns", intensity: "critical" } ] } } ) + } + ) +.EE +.PP +Parameters set with \fBsetParameter\f1\f1 do not persist across +restarts. See the \fBsetParameter page\f1 for details. +.PP +To make this setting persistent, set \fBhealthMonitoringIntensities\f1 +in your \fBmongos config file\f1 using the +\fBsetParameter\f1\f1 option as in the following example: +.PP +.EX + setParameter: + healthMonitoringIntensities: "{ values:[ { type:\"dns\", intensity: \"critical\"} ] }" +.EE +.RE +.PP +\fBhealthMonitoringIntervals\f1 +.RS +.PP +\fIType\f1: Array of documents +.PP +Available for \fBmongos\f1\f1 only. +.PP +How often this Health Manager will run, in milliseconds. +.PP +\fBhealthMonitoringIntervals\f1 accepts an array of documents, +\fBvalues\f1\&. Each document in \fBvalues\f1 takes two fields: +.RS +.IP \(bu 2 +\fBtype\f1, the Health Manager facet +.IP \(bu 2 +\fBinterval\f1, the time interval it runs at, in milliseconds +.RE +.SS HEALTH MANAGERS +.RS +.IP \(bu 2 +.RS +.IP \(bu 4 +Facet +.IP \(bu 4 +What the Health Observer Checks +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBconfigServer\f1 +.IP \(bu 4 +Cluster health issues related to connectivity to the config server. +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBdns\f1 +.IP \(bu 4 +Cluster health issues related to DNS availability and functionality. +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBldap\f1 +.IP \(bu 4 +Cluster health issues related to LDAP availability and functionality. +.RE +.RE +.PP +For example, to set the \fBldap\f1 Health Manager facet to the +run health checks every 30 seconds, issue the following at startup: +.PP +.EX + mongos \-\-setParameter \(aqhealthMonitoringIntervals={ values:[ { type:"ldap", interval: "30000"} ] }\(aq +.EE +.PP +Or if using the \fBsetParameter\f1\f1 command in a +\fBmongosh\f1\f1 session that is connected to a running +\fBmongos\f1\f1: +.PP +.EX + db.adminCommand( + { + setParameter: 1, + healthMonitoringIntervals: { values: [ { type: "ldap", interval: "30000" } ] } } ) + } + ) +.EE +.PP +Parameters set with \fBsetParameter\f1\f1 do not persist across +restarts. See the \fBsetParameter page\f1 for details. +.PP +To make this setting persistent, set \fBhealthMonitoringIntervals\f1 +in your \fBmongos config file\f1 using the +\fBsetParameter\f1\f1 option as in the following example: +.PP +.EX + setParameter: + healthMonitoringIntervals: "{ values: [{type: \"ldap\", interval: 200}] }" +.EE +.RE +.PP +\fBprogressMonitor\f1 +.RS +.PP +\fIType\f1: Document +.PP +Available for \fBmongos\f1\f1 only. +.PP +\fBProgress Monitor\f1 runs tests +to ensure that Health Manager checks do not become stuck or +unresponsive. Progress Monitor runs these tests in intervals specified +by \fBinterval\f1\&. If a health check begins but does not complete within +the timeout given by \fBdeadline\f1, Progress Monitor stops the +\fBmongos\f1 and removes it from the cluster. +.SS PROGRESSMONITOR FIELDS +.RS +.IP \(bu 2 +.RS +.IP \(bu 4 +Field +.IP \(bu 4 +Description +.IP \(bu 4 +Units +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBinterval\f1 +.IP \(bu 4 +How often to ensure Health Managers are not stuck or unresponsive. +.IP \(bu 4 +Milliseconds +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBdeadline\f1 +.IP \(bu 4 +Timeout before automatically failing the \fBmongos\f1 +if a Health Manager check is not making progress. +.IP \(bu 4 +Seconds +.RE +.RE +.PP +To set the \fBinterval\f1 to 1000 milliseconds and the \fBdeadline\f1 +to 300 seconds, issue the following at startup: +.PP +.EX + mongos \-\-setParameter \(aqprogressMonitor={"interval": 1000, "deadline": 300}\(aq +.EE +.PP +Or if using the \fBsetParameter\f1\f1 command in a +\fBmongosh\f1\f1 session that is connected to a running +\fBmongos\f1\f1: +.PP +.EX + db.adminCommand( + { + setParameter: 1, + progressMonitor: { interval: 1000, deadline: 300 } ) + } + ) +.EE +.PP +Parameters set with \fBsetParameter\f1\f1 do not persist across +restarts. See the \fBsetParameter page\f1 for details. +.PP +To make this setting persistent, set \fBprogressMonitor\f1 +in your \fBmongos config file\f1 using the +\fBsetParameter\f1\f1 option as in the following example: +.PP +.EX + setParameter: + progressMonitor: "{ interval: 1000, deadline: 300 }" +.EE +.RE +.SS STORAGE PARAMETERS +.PP +\fBhonorSystemUmask\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. .PP \fIDefault\f1: \fBfalse\f1 .PP @@ -4433,11 +4834,7 @@ this setting using the \fBsetParameter\f1\f1 database command. \fBjournalCommitInterval\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Specify an integer between \fB1\f1 and \fB500\f1 signifying the number of milliseconds (ms) between journal commits. @@ -4457,15 +4854,11 @@ Consider the following example which sets the .PP \fIDefault\f1: \fB300\f1 .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP The minimum time window in seconds for which the storage engine keeps the snapshot history. If you query data using read concern -:readconcern: snapshot and specify an +\fB"snapshot"\f1\f1 and specify an \fBatClusterTime\f1 value older than the specified \fBminSnapshotHistoryWindowInSeconds\f1, \fBmongod\f1\f1 returns a \fBSnapshotTooOld\f1 error. @@ -4478,22 +4871,19 @@ Consider the following example which sets the .EX db.adminCommand( { setParameter: 1, minSnapshotHistoryWindowInSeconds: 600 } ) .EE -.RS -.IP \(bu 2 -Read concern \fB"snapshot"\f1\f1 -.IP \(bu 2 -\fBSnapshots and Checkpoints\f1 -.RE +.PP +Increasing the value of +\fBminSnapshotHistoryWindowInSeconds\f1\f1 increases disk +usage. For more information, see \fBSnapshot History Retention\f1\&. +.PP +To modify this value for a MongoDB Atlas (https://www.mongodb.com/docs/atlas/) cluster, you +must contact Atlas Support (https://www.mongodb.com/docs/atlas/support/)\&. .RE .PP \fBprocessUmask\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Overrides the default permissions used for groups and other users when \fBhonorSystemUmask\f1\f1 is set to \fBfalse\f1\&. By default, @@ -4522,11 +4912,7 @@ settings for the owner: \fBsyncdelay\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Specify the interval in seconds between \fBfsync\f1 operations where \fBmongod\f1\f1 flushes its working memory to disk. By @@ -4557,11 +4943,7 @@ parameter. The parameter has no effect starting in MongoDB 4.4. .PP \fIDefault\f1: 0 (No specified maximum) .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Specify the maximum size (in GB) for the "lookaside (or cache overflow) table" file WiredTigerLAS.wt for MongoDB @@ -4614,11 +4996,7 @@ instead. \fBwiredTigerConcurrentReadTransactions\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Available for the WiredTiger storage engine only. .PP @@ -4635,11 +5013,7 @@ into the WiredTiger storage engine. \fBwiredTigerConcurrentWriteTransactions\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Available for the WiredTiger storage engine only. .PP @@ -4656,11 +5030,7 @@ into the WiredTiger storage engine. \fBwiredTigerEngineRuntimeConfig\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP Specify \fBwiredTiger\f1 storage engine configuration options for a running \fBmongod\f1\f1 instance. You can \fIonly\f1 set this @@ -4680,8 +5050,8 @@ Consider the following operation prototype: }) .EE .PP -See the WiredTiger documentation for all available WiredTiger -configuration options (http://source.wiredtiger.com/mongodb\-3.4/struct_w_t___c_o_n_n_e_c_t_i_o_n.html#)\&. +See the WiredTiger documentation for all available +WiredTiger configuration options (http://source.wiredtiger.com/mongodb\-5.0/struct_w_t___c_o_n_n_e_c_t_i_o_n.html#)\&. .RE .SS AUDITING PARAMETERS .PP @@ -4695,15 +5065,7 @@ configuration options (http://source.wiredtiger.com/mongodb\-3.4/struct_w_t___c_ Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server) and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&. .PP -Available for both -.PP -\fBmongod\f1\f1 -.PP - and -.PP -\fBmongos\f1\f1 -.PP -\&. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP Enables the \fBauditing\f1 of authorization successes for the \fBauthCheck\f1 @@ -4748,6 +5110,61 @@ configuration and update its internal state. Using the default value of 300 seconds, non\-config nodes may lag up to 5 minutes behind a setAuditConfig command. .RE +.PP +\fBauditEncryptionHeaderMetadataFile\f1 +.RS +.PP +\fIType\f1: string +.PP +Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. +MongoDB Enterprise and Atlas have different configuration +requirements. +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Path and file name for logging metadata audit headers for \fBaudit +log encryption\f1\&. A header is +placed at the top of each audit log file and contains metadata for +decrypting the audit log. The headers are also stored in the +\fBaudit log\f1\&. +.PP +You can only set \fBauditEncryptionHeaderMetadataFile\f1\f1 +during startup in the \fBconfiguration file\f1\f1 or +with the \fB\-\-setParameter\f1 option on the command line. For example, +the following sets the path and file for +\fBauditEncryptionHeaderMetadataFile\f1\f1: +.PP +.EX + mongod \-\-setParameter auditEncryptionHeaderMetadataFile=/auditFiles/auditHeadersMetadataFile.log +.EE +.RE +.PP +\fBauditEncryptKeyWithKMIPGet\f1 +.RS +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: false +.PP +Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. +MongoDB Enterprise and Atlas have different configuration +requirements. +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Enables \fBaudit log encryption\f1 for Key Management +Interoperability Protocol (KMIP) servers that only support KMIP +protocol version 1.0 or 1.1. +.PP +You can only set \fBauditEncryptKeyWithKMIPGet\f1\f1 during +startup in the \fBconfiguration file\f1\f1 or with +the \fB\-\-setParameter\f1 option on the command line. For example, the +following sets \fBauditEncryptKeyWithKMIPGet\f1\f1 to \fBtrue\f1: +.PP +.EX + mongod \-\-setParameter auditEncryptKeyWithKMIPGet=true +.EE +.RE .SS TRANSACTION PARAMETERS .PP \fBcoordinateCommitReturnImmediatelyAfterPersistingDecision\f1 @@ -4757,11 +5174,7 @@ to 5 minutes behind a setAuditConfig command. .PP \fIDefault\f1: true .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP If \fBtrue\f1, the \fBshard\f1 transaction coordinator returns a \fBmulti\-document transaction\f1 commit decision to the client as soon as @@ -4795,11 +5208,7 @@ During runtime, you can also set the parameter with the \fBtransactionLifetimeLimitSeconds\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP \fIDefault\f1: 60 .PP @@ -4849,11 +5258,7 @@ performance. \fBmaxTransactionLockRequestTimeoutMillis\f1 .RS .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP @@ -4945,53 +5350,6 @@ command; for example: .RE .SS SLOT-BASED EXECUTION PARAMETERS .PP -\fBinternalQueryEnableSlotBasedExecutionEngine\f1 -.RS -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: true -.PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. -.PP -If \fBinternalQueryEnableSlotBasedExecutionEngine\f1\f1 is -\fBtrue\f1: -.RS -.IP \(bu 2 -Enhanced query execution is used if possible. If used, the document -structure is separated from the document content, and only the -required fields are used in the engine computations. This improves -performance and ensures database resources are efficiently used. -.IP \(bu 2 -If enhanced query execution is used, the query plan \fBexplain -results\f1 have a different -structure and contain additional information about the execution -plan. -.RE -.PP -If \fBinternalQueryEnableSlotBasedExecutionEngine\f1\f1 is -\fBfalse\f1, enhanced query execution is not used. -.PP -The following sets -\fBinternalQueryEnableSlotBasedExecutionEngine\f1\f1 to -\fBfalse\f1: -.PP -.EX - mongod \-\-setParameter internalQueryEnableSlotBasedExecutionEngine=false -.EE -.PP -You can also use the \fBsetParameter\f1\f1 command within the -MongoDB Shell (https://docs.mongodb.com/mongodb\-shell/): -.PP -.EX - db.adminCommand( { setParameter: 1, internalQueryEnableSlotBasedExecutionEngine: false } ) -.EE -.RE -.PP \fBplanCacheSize\f1 .RS .PP @@ -4999,13 +5357,9 @@ MongoDB Shell (https://docs.mongodb.com/mongodb\-shell/): .PP \fIDefault\f1: 5% .PP -Available for -.PP -\fBmongod\f1\f1 -.PP - only. +Available for \fBmongod\f1\f1 only. .PP -Sets the size of the \fBplan cache\f1 for the enhanced query +Sets the size of the \fBplan cache\f1 for the slot based query execution engine. .PP You can set the \fBplanCacheSize\f1\f1 value to either: @@ -5030,7 +5384,7 @@ megabytes: .EE .PP You can also use the \fBsetParameter\f1\f1 command within the -MongoDB Shell (https://docs.mongodb.com/mongodb\-shell/): +MongoDB Shell (https://www.mongodb.com/docs/mongodb\-shell/): .PP .EX db.adminCommand( { setParameter: 1, planCacheSize: "80MB" } ) diff --git a/debian/mongoldap.1 b/debian/mongoldap.1 index 9ccc3ebc7a6..9da9060b6e6 100644 --- a/debian/mongoldap.1 +++ b/debian/mongoldap.1 @@ -1,6 +1,8 @@ .TH mongoldap 1 .SH MONGOLDAP +\fIMongoDB Enterprise\f1 .SH SYNOPSIS +.PP Starting in version 3.4, MongoDB Enterprise provides \fBmongoldap\f1\f1 for testing MongoDB\(aqs LDAP \fBconfiguration options\f1 against a running LDAP server or set @@ -174,6 +176,18 @@ configuration files are valid, the output might be as follows: [OK] Successfully acquired the following roles: ... .EE +.SH BEHAVIOR +.PP +Starting in MonogoDB 5.1, \fBmongoldap\f1 supports prefixing LDAP +server with \fBsrv:\f1 and \fBsrv_raw:\f1\&. +.PP +If your connection string specifies \fB"srv:<DNS_NAME>"\f1, \fBmongoldap\f1 +verifies that \fB"_ldap._tcp.gc._msdcs.<DNS_NAME>"\f1 exists for SRV to +support Active Directory. If not found, it verifies +\fB"_ldap._tcp.<DNS_NAME>"\f1 exists for SRV. If an SRV record cannot be +found, \fBmongoldap\f1 warns you to use \fB"srv_raw:<DNS_NAME>"\f1 instead. +\fBmongoldap\f1 does the reverse check for \fB"srv_raw:<DNS_NAME>"\f1 by +checking for \fB"_ldap._tcp.<DNS NAME>"\f1\&. .SH OPTIONS .PP \fBmongoldap \-\-config\f1, \fBmongoldap \-f\f1 @@ -235,6 +249,8 @@ If unset, \fBmongoldap\f1\f1 cannot use \fBLDAP authentication or authorization\ \fBmongoldap \-\-ldapQueryUser\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The identity with which \fBmongoldap\f1\f1 binds as, when connecting to or performing queries on an LDAP server. .PP @@ -260,22 +276,27 @@ instead of \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapQueryPassword\f1\f1\&. You both \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapBindWithOSDefaults\f1\f1 at the same time. .RE .PP -\fBmongoldap \-\-ldapQueryPassword\f1 -.RS +\fIAvailable in MongoDB Enterprise only.\f1 .PP The password used to bind to an LDAP server when using \fB\-\-ldapQueryUser\f1\f1\&. You must use \fB\-\-ldapQueryPassword\f1\f1 with \fB\-\-ldapQueryUser\f1\f1\&. .PP -If unset, \fBmongoldap\f1\f1 will not attempt to bind to the LDAP server. +If not set, \fBmongoldap\f1\f1 does not attempt to bind to the LDAP server. .PP -This setting can be configured on a running \fBmongoldap\f1\f1 using +You can configure this setting on a running \fBmongoldap\f1\f1 using \fBsetParameter\f1\f1\&. .PP +Starting in MongoDB 4.4, the \fBldapQueryPassword\f1 +\fBsetParameter\f1\f1 command accepts either a string or +an array of strings. If \fBldapQueryPassword\f1 is set to an array, MongoDB tries +each password in order until one succeeds. Use a password array to roll over the +LDAP account password without downtime. +.PP Windows MongoDB deployments can use \fB\-\-ldapBindWithOSDefaults\f1\f1 -instead of \fB\-\-ldapQueryPassword\f1\f1 and \fB\-\-ldapQueryPassword\f1\f1\&. You cannot specify -both \fB\-\-ldapQueryPassword\f1\f1 and \fB\-\-ldapBindWithOSDefaults\f1\f1 at the same time. -.RE +instead of \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapQueryPassword\f1\f1\&. +You cannot specify both \fB\-\-ldapQueryPassword\f1\f1 and +\fB\-\-ldapBindWithOSDefaults\f1\f1 at the same time. .PP \fBmongoldap \-\-ldapBindWithOSDefaults\f1 .RS @@ -306,6 +327,8 @@ Use \fB\-\-ldapBindWithOSDefaults\f1\f1 to replace \fB\-\-ldapQueryUser\f1\f1 an .PP \fIDefault\f1: simple .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The method \fBmongoldap\f1\f1 uses to authenticate to an LDAP server. Use with \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapQueryPassword\f1\f1 to connect to the LDAP server. .PP @@ -345,6 +368,8 @@ using \fBDIGEST\-MD5\f1 mechanism. .PP \fIDefault\f1: DIGEST\-MD5 .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP A comma\-separated list of SASL mechanisms \fBmongoldap\f1\f1 can use when authenticating to the LDAP server. The \fBmongoldap\f1\f1 and the LDAP server must agree on at least one mechanism. The \fBmongoldap\f1\f1 @@ -416,6 +441,8 @@ For Windows, please see the Windows SASL documentation (https://msdn.microsoft.c .PP \fIDefault\f1: tls .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP By default, \fBmongoldap\f1\f1 creates a TLS/SSL secured connection to the LDAP server. .PP @@ -444,6 +471,8 @@ credentials between \fBmongoldap\f1\f1 and the LDAP server. .PP \fIDefault\f1: 10000 .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The amount of time in milliseconds \fBmongoldap\f1\f1 should wait for an LDAP server to respond to a request. .PP @@ -459,6 +488,8 @@ This setting can be configured on a running \fBmongoldap\f1\f1 using \fBmongoldap \-\-ldapUserToDNMapping\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP Maps the username provided to \fBmongoldap\f1\f1 for authentication to a LDAP Distinguished Name (DN). You may need to use \fB\-\-ldapUserToDNMapping\f1\f1 to transform a username into an LDAP DN in the following scenarios: @@ -623,6 +654,8 @@ This setting can be configured on a running \fBmongoldap\f1\f1 using the \fBmongoldap \-\-ldapAuthzQueryTemplate\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP A relative LDAP query URL formatted conforming to RFC4515 (https://tools.ietf.org/search/rfc4515) and RFC4516 (https://tools.ietf.org/html/rfc4516) that \fBmongoldap\f1\f1 executes to obtain the LDAP groups to which the authenticated user belongs to. The query is relative to the host or hosts specified in \fB\-\-ldapServers\f1\f1\&. diff --git a/debian/mongos.1 b/debian/mongos.1 index 56f8b808986..227c4089e15 100644 --- a/debian/mongos.1 +++ b/debian/mongos.1 @@ -20,8 +20,8 @@ Starting in version 4.0, MongoDB disables support for TLS 1.0 encryption on systems where TLS 1.1+ is available. For more details, see \fBDisable TLS 1.0\f1\&. .IP \(bu 2 -Starting in MongoDB 4.0, the \fBmongos\f1\f1 binary will crash when -attempting to connect to \fBmongod\f1\f1 instances whose +The \fBmongos\f1\f1 binary will crash when attempting to connect +to \fBmongod\f1\f1 instances whose \fBfeature compatibility version (fCV)\f1 is greater than that of the \fBmongos\f1\f1\&. For example, you cannot connect a MongoDB 4.0 version \fBmongos\f1\f1 to a 4.2 @@ -191,10 +191,15 @@ link\-local IPv6 address (https://en.wikipedia.org/wiki/Link\-local_address#IPv6 zone index (https://en.wikipedia.org/wiki/IPv6_address#Scoped_literal_IPv6_addresses_(with_zone_index)) to that address (i.e. \fBfe80::<address>%<adapter\-name>\f1). .PP -When possible, use a logical DNS hostname instead of an ip address, -particularly when configuring replica set members or sharded cluster -members. The use of logical DNS hostnames avoids configuration -changes due to ip address changes. +To avoid configuration updates due to IP address changes, use DNS +hostnames instead of IP addresses. It is particularly important to +use a DNS hostname instead of an IP address when configuring replica +set members or sharded cluster members. +.PP +Use hostnames instead of IP addresses to configure clusters across a +split network horizon. Starting in MongoDB 5.0, nodes that are only +configured with an IP address will fail startup validation and will +not start. .PP Before binding to a non\-localhost (e.g. publicly accessible) IP address, ensure you have secured your cluster from unauthorized @@ -349,6 +354,8 @@ If you specify \fBreopen\f1, you must also use \fB\-\-logappend\f1\f1\&. \fBmongos \-\-redactClientLogData\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP A \fBmongos\f1\f1 running with \fB\-\-redactClientLogData\f1\f1 redacts any message accompanying a given log event before logging. This prevents the \fBmongos\f1\f1 from writing potentially sensitive data stored on the database to the diagnostic log. @@ -726,7 +733,7 @@ port of different members of the replica set. Specifies the ping time, in milliseconds, that \fBmongos\f1\f1 uses to determine which secondary replica set members to pass read operations from clients. The default value of \fB15\f1 corresponds to -the default value in all of the client drivers (https://docs.mongodb.com/drivers/)\&. +the default value in all of the client drivers (https://www.mongodb.com/docs/drivers/)\&. .PP When \fBmongos\f1\f1 receives a request that permits reads to \fBsecondary\f1 members, the \fBmongos\f1\f1 will: @@ -1773,6 +1780,43 @@ available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-e .RE .SS AUDIT OPTIONS .PP +\fBmongos \-\-auditCompressionMode\f1 +.RS +.PP +Specifies the compression mode for \fBaudit log encryption\f1\&. You must also enable audit log +encryption using either \fB\-\-auditEncryptionKeyUID\f1\f1 or +\fB\-\-auditLocalKeyFile\f1\f1\&. +.PP +\fB\-\-auditCompressionMode\f1\f1 can be set to one of these values: +.RS +.IP \(bu 2 +.RS +.IP \(bu 4 +Value +.IP \(bu 4 +Description +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBzstd\f1 +.IP \(bu 4 +Use the \fBzstd\f1 algorithm to compress the audit log. +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBnone\f1 \fI(default)\f1 +.IP \(bu 4 +Do not compress the audit log. +.RE +.RE +.PP +Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. +MongoDB Enterprise and Atlas have different configuration +requirements. +.RE +.PP \fBmongos \-\-auditDestination\f1 .RS .PP @@ -1823,6 +1867,20 @@ Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-e and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&. .RE .PP +\fBmongos \-\-auditEncryptionKeyUID\f1 +.RS +.PP +Specifies the unique identifier of the Key Management +Interoperability Protocol (KMIP) key for \fBaudit log encryption\f1\&. +.PP +You cannot use \fB\-\-auditEncryptionKeyUID\f1\f1 and +\fB\-\-auditLocalKeyFile\f1\f1 together. +.PP +Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. +MongoDB Enterprise and Atlas have different configuration +requirements. +.RE +.PP \fBmongos \-\-auditFormat\f1 .RS .PP @@ -1861,6 +1919,25 @@ Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-e and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&. .RE .PP +\fBmongos \-\-auditLocalKeyFile\f1 +.RS +.PP +Specifies the path and file name for a local audit key file for +\fBaudit log encryption\f1\&. +.PP +Only use \fB\-\-auditLocalKeyFile\f1\f1 for testing because the key is +not secured. To secure the key, use +\fB\-\-auditEncryptionKeyUID\f1\f1 and an external Key +Management Interoperability Protocol (KMIP) server. +.PP +You cannot use \fB\-\-auditLocalKeyFile\f1\f1 and +\fB\-\-auditEncryptionKeyUID\f1\f1 together. +.PP +Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. +MongoDB Enterprise and Atlas have different configuration +requirements. +.RE +.PP \fBmongos \-\-auditPath\f1 .RS .PP @@ -1934,6 +2011,8 @@ only and not the profiler since profiling is not available on \fBmongos \-\-ldapServers\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The LDAP server against which the \fBmongos\f1\f1 authenticates users or determines what actions a user is authorized to perform on a given database. If the LDAP server specified has any replicated instances, @@ -1974,6 +2053,8 @@ server is unavailable. \fBmongos \-\-ldapQueryUser\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The identity with which \fBmongos\f1\f1 binds as, when connecting to or performing queries on an LDAP server. .PP @@ -2002,6 +2083,8 @@ both \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapBindWithOSDefaults\f1\f1 at the s \fBmongos \-\-ldapQueryPassword\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The password used to bind to an LDAP server when using \fB\-\-ldapQueryUser\f1\f1\&. You must use \fB\-\-ldapQueryPassword\f1\f1 with \fB\-\-ldapQueryUser\f1\f1\&. @@ -2045,6 +2128,8 @@ Use \fB\-\-ldapBindWithOSDefaults\f1\f1 to replace \fB\-\-ldapQueryUser\f1\f1 an .PP \fIDefault\f1: simple .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The method \fBmongos\f1\f1 uses to authenticate to an LDAP server. Use with \fB\-\-ldapQueryUser\f1\f1 and \fB\-\-ldapQueryPassword\f1\f1 to connect to the LDAP server. @@ -2067,6 +2152,8 @@ using \fBDIGEST\-MD5\f1 mechanism. .PP \fIDefault\f1: DIGEST\-MD5 .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP A comma\-separated list of SASL mechanisms \fBmongos\f1\f1 can use when authenticating to the LDAP server. The \fBmongos\f1\f1 and the LDAP server must agree on at least one mechanism. The \fBmongos\f1\f1 @@ -2138,6 +2225,8 @@ For Windows, please see the Windows SASL documentation (https://msdn.microsoft.c .PP \fIDefault\f1: tls .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP By default, \fBmongos\f1\f1 creates a TLS/SSL secured connection to the LDAP server. .PP @@ -2166,6 +2255,8 @@ credentials between \fBmongos\f1\f1 and the LDAP server. .PP \fIDefault\f1: 10000 .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP The amount of time in milliseconds \fBmongos\f1\f1 should wait for an LDAP server to respond to a request. .PP @@ -2181,6 +2272,8 @@ This setting can be configured on a running \fBmongos\f1\f1 using \fBmongos \-\-ldapUserToDNMapping\f1 .RS .PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP Maps the username provided to \fBmongos\f1\f1 for authentication to a LDAP Distinguished Name (DN). You may need to use \fB\-\-ldapUserToDNMapping\f1\f1 to transform a username into an LDAP DN in the following scenarios: |