diff options
6 files changed, 38 insertions, 2 deletions
diff --git a/buildscripts/resmokeconfig/suites/sharding_continuous_config_stepdown.yml b/buildscripts/resmokeconfig/suites/sharding_continuous_config_stepdown.yml index 9ddd6b19111..37c1d3df880 100644 --- a/buildscripts/resmokeconfig/suites/sharding_continuous_config_stepdown.yml +++ b/buildscripts/resmokeconfig/suites/sharding_continuous_config_stepdown.yml @@ -85,6 +85,7 @@ selector: - jstests/sharding/shard_identity_config_update.js - jstests/sharding/mongos_does_not_gossip_logical_time_without_keys.js - jstests/sharding/key_rotation.js + - jstests/sharding/keys_rotation_interval_sec.js # Runs setShardVersion/getShardVersion against the config server and we don't support retries # for this command - jstests/sharding/major_version_check.js diff --git a/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml b/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml index 1bd0907f6b1..44f46244ea7 100644 --- a/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml +++ b/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml @@ -34,6 +34,7 @@ selector: - jstests/sharding/advance_logical_time_with_valid_signature.js # New feature in v3.6 mongo shell. - jstests/sharding/causal_consistency_shell_support.js + - jstests/sharding/keys_rotation_interval_sec.js # Changes to currentOp format in 3.6. - jstests/sharding/features3.js - jstests/sharding/migration_ignore_interrupts_3.js diff --git a/jstests/sharding/keys_rotation_interval_sec.js b/jstests/sharding/keys_rotation_interval_sec.js new file mode 100644 index 00000000000..213c95f2f87 --- /dev/null +++ b/jstests/sharding/keys_rotation_interval_sec.js @@ -0,0 +1,29 @@ +/** + * Test that the keys on config server are rotated according to the KeysRotationIntervalSec value + */ + +(function() { + "use strict"; + const kRotationInterval = 30; + let st = new ShardingTest({ + mongos: 1, + shards: {rs0: {nodes: 2}}, + mongosWaitsForKeys: true, + other: {configOptions: {setParameter: "KeysRotationIntervalSec=30"}} + }); + + let keys = st.s.getDB("admin").system.keys.find(); + let maxExpireTime = Timestamp(Date.now() / 1000 + kRotationInterval * 2, 0); + + assert(keys.count() >= 2); + keys.toArray().forEach(function(key, i) { + assert.hasFields( + key, + ["purpose", "key", "expiresAt"], + "key document " + i + ": " + tojson(key) + ", did not have all of the expected fields"); + assert.lte(bsonWoCompare(key.expiresAt, maxExpireTime), + 0, + "key document " + i + ": " + tojson(key) + "expiresAt value is greater than: " + + maxExpireTime); + }); +})(); diff --git a/src/mongo/db/keys_collection_manager.cpp b/src/mongo/db/keys_collection_manager.cpp index c309e30bc1f..e91d9af8dad 100644 --- a/src/mongo/db/keys_collection_manager.cpp +++ b/src/mongo/db/keys_collection_manager.cpp @@ -45,6 +45,7 @@ namespace mongo { +const Seconds KeysCollectionManager::kKeyValidInterval{3 * 30 * 24 * 60 * 60}; // ~3 months namespace { Milliseconds kDefaultRefreshWaitTime(30 * 1000); diff --git a/src/mongo/db/keys_collection_manager.h b/src/mongo/db/keys_collection_manager.h index 9333ba284d9..53de6257b32 100644 --- a/src/mongo/db/keys_collection_manager.h +++ b/src/mongo/db/keys_collection_manager.h @@ -53,6 +53,8 @@ class ShardingCatalogClient; */ class KeysCollectionManager { public: + static const Seconds kKeyValidInterval; + KeysCollectionManager(std::string purpose, ShardingCatalogClient* client, Seconds keyValidForInterval); diff --git a/src/mongo/s/sharding_initialization.cpp b/src/mongo/s/sharding_initialization.cpp index 7bd0e74ba90..7c1dddb4e2f 100644 --- a/src/mongo/s/sharding_initialization.cpp +++ b/src/mongo/s/sharding_initialization.cpp @@ -89,6 +89,9 @@ MONGO_EXPORT_STARTUP_SERVER_PARAMETER(ShardingTaskExecutorPoolRefreshRequirement MONGO_EXPORT_STARTUP_SERVER_PARAMETER(ShardingTaskExecutorPoolRefreshTimeoutMS, int, ConnectionPool::kDefaultRefreshTimeout.count()); +MONGO_EXPORT_STARTUP_SERVER_PARAMETER(KeysRotationIntervalSec, + int, + KeysCollectionManager::kKeyValidInterval.count()); namespace { @@ -100,7 +103,6 @@ using executor::ShardingTaskExecutor; static constexpr auto kRetryInterval = Seconds{2}; const std::string kKeyManagerPurposeString = "SigningClusterTime"; -const Seconds kKeyValidInterval(3 * 30 * 24 * 60 * 60); // ~3 months auto makeTaskExecutor(std::unique_ptr<NetworkInterface> net) { auto netPtr = net.get(); @@ -236,7 +238,7 @@ Status initializeGlobalShardingState(OperationContext* opCtx, } auto keyManager = stdx::make_unique<KeysCollectionManager>( - kKeyManagerPurposeString, grid->catalogClient(opCtx), kKeyValidInterval); + kKeyManagerPurposeString, grid->catalogClient(opCtx), Seconds(KeysRotationIntervalSec)); keyManager->startMonitoring(opCtx->getServiceContext()); LogicalTimeValidator::set(opCtx->getServiceContext(), |