diff options
Diffstat (limited to 'debian/mongos.1')
| -rw-r--r-- | debian/mongos.1 | 309 |
1 files changed, 217 insertions, 92 deletions
diff --git a/debian/mongos.1 b/debian/mongos.1 index e9e6f6d2464..40a5149e2b3 100644 --- a/debian/mongos.1 +++ b/debian/mongos.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "MONGOS" "1" "Aug 16, 2019" "4.2" "mongodb-manual" +.TH "MONGOS" "1" "Jun 23, 2020" "4.4" "mongodb-manual" .SH NAME mongos \- MongoDB Sharded Cluster Query Router . @@ -52,6 +52,10 @@ any other MongoDB instance. .IP \(bu 2 Never change the name of the \fI\%mongos\fP binary. .IP \(bu 2 +Starting in version 4.4, \fI\%mongos\fP +can support hedged reads to minimize +latencies. +.IP \(bu 2 Starting in version 4.0, MongoDB disables support for TLS 1.0 encryption on systems where TLS 1.1+ is available. For more details, see 4.0\-disable\-tls\&. @@ -366,15 +370,16 @@ maximum size of the connection pool. This setting prevents the \fI\%mongos\fP from causing connection spikes on the individual shards\&. Spikes like these may disrupt the operation and memory allocation of the sharded cluster\&. -.sp -\fBNOTE:\fP -.INDENT 7.0 -.INDENT 3.5 -Changed in version 2.6: MongoDB removed the upward limit on the \fBmaxIncomingConnections\fP -setting. - -.UNINDENT .UNINDENT +.INDENT 0.0 +.TP +.B \-\-logpath <path> +Sends all diagnostic logging information to a log file instead of to +standard output or to the host\(aqs syslog system. MongoDB creates +the log file at the path you specify. +.sp +By default, MongoDB will move any existing log file rather than overwrite +it. To instead append to the log file, set the \fI\%\-\-logappend\fP option. .UNINDENT .INDENT 0.0 .TP @@ -419,16 +424,6 @@ must enable the \fI\%\-\-syslog\fP option. .UNINDENT .INDENT 0.0 .TP -.B \-\-logpath <path> -Sends all diagnostic logging information to a log file instead of to -standard output or to the host\(aqs syslog system. MongoDB creates -the log file at the path you specify. -.sp -By default, MongoDB will move any existing log file rather than overwrite -it. To instead append to the log file, set the \fI\%\-\-logappend\fP option. -.UNINDENT -.INDENT 0.0 -.TP .B \-\-logappend Appends new entries to the end of the existing log file when the \fBmongos\fP instance restarts. Without this option, \fBmongod\fP will back up the @@ -436,6 +431,24 @@ existing log and create a new file. .UNINDENT .INDENT 0.0 .TP +.B \-\-logRotate <string> +\fIDefault\fP: rename +.sp +Determines the behavior for the \fBlogRotate\fP command. +Specify either \fBrename\fP or \fBreopen\fP: +.INDENT 7.0 +.IP \(bu 2 +\fBrename\fP renames the log file. +.IP \(bu 2 +\fBreopen\fP closes and reopens the log file following the typical +Linux/Unix log rotate behavior. Use \fBreopen\fP when using the +Linux/Unix logrotate utility to avoid log loss. +.sp +If you specify \fBreopen\fP, you must also use \fI\%\-\-logappend\fP\&. +.UNINDENT +.UNINDENT +.INDENT 0.0 +.TP .B \-\-redactClientLogData New in version 3.4: Available in MongoDB Enterprise only. @@ -464,20 +477,8 @@ due to the lack of data related to a log event. See the process logging manual page for an example of the effect of \fI\%\-\-redactClientLogData\fP on log output. .sp -You can enable or disable log redaction on a running \fBmongos\fP -using the \fBsetParameter\fP database command. -.INDENT 7.0 -.INDENT 3.5 -.sp -.nf -.ft C -db.adminCommand( - { setParameter: 1, redactClientLogData : true | false } -) -.ft P -.fi -.UNINDENT -.UNINDENT +On a running \fBmongos\fP, use \fBsetParameter\fP with the +\fBredactClientLogData\fP parameter to configure this setting. .UNINDENT .INDENT 0.0 .TP @@ -497,13 +498,6 @@ Description T} _ T{ -\fBctime\fP -T} T{ -Displays timestamps as \fBWed Dec 31 -18:17:54.811\fP\&. -T} -_ -T{ \fBiso8601\-utc\fP T} T{ Displays timestamps in Coordinated Universal Time (UTC) in the @@ -516,19 +510,50 @@ T{ T} T{ Displays timestamps in local time in the ISO\-8601 format. For example, for New York at the start of the Epoch: -\fB1969\-12\-31T19:00:00.000\-0500\fP +\fB1969\-12\-31T19:00:00.000\-05:00\fP T} _ .TE +.sp +\fBNOTE:\fP +.INDENT 7.0 +.INDENT 3.5 +Starting in MongoDB 4.4, \fI\%\-\-timeStampFormat\fP no longer supports \fBctime\fP\&. +An example of \fBctime\fP formatted date is: \fBWed Dec 31 +18:17:54.811\fP\&. +.UNINDENT +.UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-pidfilepath <path> -Specifies a file location to hold the process ID of the \fBmongos\fP -process where \fBmongos\fP will write its PID. This is useful for -tracking the \fBmongos\fP process in combination with -the \fI\%\-\-fork\fP option. Without a specified \fI\%\-\-pidfilepath\fP option, the -process creates no PID file. +Specifies a file location to store the process ID (PID) of the \fBmongos\fP +process. The user running the \fBmongod\fP or \fBmongos\fP +process must be able to write to this path. If the \fI\%\-\-pidfilepath\fP option is not +specified, the process does not create a PID file. This option is generally +only useful in combination with the \fI\%\-\-fork\fP option. +.INDENT 7.0 +.INDENT 3.5 +.IP "Linux" +.sp +On Linux, PID file management is generally the responsibility of +your distro\(aqs init system: usually a service file in the \fB/etc/init.d\fP +directory, or a systemd unit file registered with \fBsystemctl\fP\&. Only +use the \fI\%\-\-pidfilepath\fP option if you are not using one of these init +systems. For more information, please see the respective +Installation Guide for your operating system. +.UNINDENT +.UNINDENT +.INDENT 7.0 +.INDENT 3.5 +.IP "macOS" +.sp +On macOS, PID file management is generally handled by \fBbrew\fP\&. Only use +the \fI\%\-\-pidfilepath\fP option if you are not using \fBbrew\fP on your macOS system. +For more information, please see the respective +Installation Guide for your operating system. +.UNINDENT +.UNINDENT .UNINDENT .INDENT 0.0 .TP @@ -563,6 +588,19 @@ fields. .UNINDENT .INDENT 0.0 .TP +.B \-\-noscripting +Disables the scripting engine. When disabled, you cannot use +operations that perform server\-side execution of JavaScript code, +such as the \fB$where\fP query operator, \fBmapReduce\fP +command, \fB$accumulator\fP, and \fB$function\fP\&. +.sp +If you do not use these operations, disable server\-side scripting. +.sp +New in version 4.4. + +.UNINDENT +.INDENT 0.0 +.TP .B \-\-nounixsocket Disables listening on the UNIX domain socket. \fI\%\-\-nounixsocket\fP applies only to Unix\-based systems. @@ -578,10 +616,9 @@ always listens on the UNIX socket unless one of the following is true: \fBnet.bindIp\fP does not specify \fBlocalhost\fP or its associated IP address .UNINDENT .sp -New in version 2.6: \fBmongos\fP installed from official \&.deb and \&.rpm packages +\fBmongos\fP installed from official \&.deb and \&.rpm packages have the \fBbind_ip\fP configuration set to \fB127.0.0.1\fP by default. - .UNINDENT .INDENT 0.0 .TP @@ -622,6 +659,8 @@ background. By default \fBmongos\fP does not run as a daemon: typically you will run \fBmongos\fP as a daemon, either by using \fI\%\-\-fork\fP or by using a controlling process that handles the daemonization process (e.g. as with \fBupstart\fP and \fBsystemd\fP). +.sp +The \fI\%\-\-fork\fP option is not supported on Windows. .UNINDENT .INDENT 0.0 .TP @@ -718,6 +757,47 @@ between \fBmongo\fP shell and \fBmongod\fP are not compressed. .UNINDENT .INDENT 0.0 .TP +.B \-\-serviceExecutor <string> +\fIDefault\fP: synchronous +.sp +New in version 3.6. + +.sp +Determines the threading and execution model \fBmongos\fP uses to +execute client requests. The \fB\-\-serviceExecutor\fP option accepts one +of the following values: +.TS +center; +|l|l|. +_ +T{ +Value +T} T{ +Description +T} +_ +T{ +\fBsynchronous\fP +T} T{ +The \fBmongos\fP uses synchronous networking and manages its +networking thread pool on a per connection basis. Previous +versions of MongoDB managed threads in this way. +T} +_ +T{ +\fBadaptive\fP +T} T{ +The \fBmongos\fP uses the new experimental asynchronous +networking mode with an adaptive thread pool which manages +threads on a per request basis. This mode should have more +consistent performance and use less resources when there are +more inactive connections than database requests. +T} +_ +.TE +.UNINDENT +.INDENT 0.0 +.TP .B \-\-timeZoneInfo <path> The full path from which to load the time zone database. If this option is not provided, then MongoDB will use its built\-in time zone database. @@ -969,9 +1049,6 @@ For more information about TLS and MongoDB, see .B \-\-clusterAuthMode <option> \fIDefault\fP: keyFile .sp -New in version 2.6. - -.sp The authentication mode used for cluster authentication. If you use internal x.509 authentication, specify so here. This option can have one of the following values: @@ -1057,6 +1134,13 @@ the certificate returned by the \fI\%\-\-tlsCertificateSelector\fP\&. If using x.509 authentication, \fB\-\-tlsCAFile\fP or \fBtls.CAFile\fP must be specified unless using \fB\-\-tlsCertificateSelector\fP\&. .sp +Changed in version 4.4: \fBmongod\fP / \fI\%mongos\fP logs a warning on +connection if the presented x.509 certificate expires within \fB30\fP +days of the \fBmongod/mongos\fP host system time. See +4.4\-rel\-notes\-certificate\-expiration\-warning for more +information. + +.sp For more information about TLS and MongoDB, see /tutorial/configure\-ssl and /tutorial/configure\-ssl\-clients . @@ -1239,21 +1323,43 @@ The \fBthumbprint\fP is sometimes referred to as a T} _ .TE +.sp +Changed in version 4.4: \fBmongod\fP / \fI\%mongos\fP logs a warning on +connection if the presented x.509 certificate expires within \fB30\fP +days of the \fBmongod/mongos\fP host system time. See +4.4\-rel\-notes\-certificate\-expiration\-warning for more +information. + .UNINDENT .INDENT 0.0 .TP .B \-\-tlsCRLFile <filename> -New in version 4.2. +New in version 4.2: For MongoDB 4.0 and earlier, see \fI\%\-\-sslCRLFile\fP\&. .sp -Specifies the the \fB\&.pem\fP file that contains the Certificate Revocation +Specifies the \fB\&.pem\fP file that contains the Certificate Revocation List. Specify the file name of the \fB\&.pem\fP file using relative or absolute paths. .sp \fBNOTE:\fP .INDENT 7.0 .INDENT 3.5 -Starting in MongoDB 4.0, you cannot specify \fI\%\-\-tlsCRLFile\fP on macOS. Use \fI\%\-\-tlsCertificateSelector\fP instead. +.INDENT 0.0 +.IP \(bu 2 +Starting in MongoDB 4.0, you cannot specify a CRL file on +macOS. Instead, you can use the system SSL certificate store, +which uses OCSP (Online Certificate Status Protocol) to +validate the revocation status of certificates. See +\fI\%\-\-sslCertificateSelector\fP in MongoDB 4.0 and +\fI\%\-\-tlsCertificateSelector\fP in MongoDB 4.2+ to use the +system SSL certificate store. +.IP \(bu 2 +Starting in version 4.4, to check for certificate revocation, +MongoDB \fBenables\fP the use of OCSP +(Online Certificate Status Protocol) by default as an +alternative to specifying a CRL file or using the system SSL +certificate store. +.UNINDENT .UNINDENT .UNINDENT .sp @@ -1428,9 +1534,6 @@ For more information about TLS/SSL and MongoDB, see Deprecated since version 4.2: Use \fI\%\-\-tlsMode\fP instead. .sp -New in version 2.6. - -.sp Enables TLS/SSL or mixed TLS/SSL used for all network connections. The argument to the \fI\%\-\-sslMode\fP option can be one of the following: .TS @@ -1586,9 +1689,6 @@ For more information about TLS/SSL and MongoDB, see Deprecated since version 4.2: Use \fI\%\-\-tlsClusterPassword\fP instead. .sp -New in version 2.6. - -.sp Specifies the password to de\-crypt the x.509 certificate\-key file specified with \fB\-\-sslClusterFile\fP\&. Use the \fI\%\-\-sslClusterPassword\fP option only if the certificate\-key file is encrypted. In all cases, the \fBmongos\fP @@ -1774,14 +1874,29 @@ _ Deprecated since version 4.2: Use \fI\%\-\-tlsCRLFile\fP instead. .sp -Specifies the the \fB\&.pem\fP file that contains the Certificate Revocation +Specifies the \fB\&.pem\fP file that contains the Certificate Revocation List. Specify the file name of the \fB\&.pem\fP file using relative or absolute paths. .sp \fBNOTE:\fP .INDENT 7.0 .INDENT 3.5 -Starting in MongoDB 4.0, you cannot specify \fI\%\-\-sslCRLFile\fP on macOS. Use \fI\%\-\-sslCertificateSelector\fP instead. +.INDENT 0.0 +.IP \(bu 2 +Starting in MongoDB 4.0, you cannot specify a CRL file on +macOS. Instead, you can use the system SSL certificate store, +which uses OCSP (Online Certificate Status Protocol) to +validate the revocation status of certificates. See +\fI\%\-\-sslCertificateSelector\fP in MongoDB 4.0 and +\fI\%\-\-tlsCertificateSelector\fP in MongoDB 4.2+ to use the +system SSL certificate store. +.IP \(bu 2 +Starting in version 4.4, to check for certificate revocation, +MongoDB \fBenables\fP the use of OCSP +(Online Certificate Status Protocol) by default as an +alternative to specifying a CRL file or using the system SSL +certificate store. +.UNINDENT .UNINDENT .UNINDENT .sp @@ -1847,9 +1962,6 @@ For more information about TLS/SSL and MongoDB, see Deprecated since version 4.2: Use \fI\%\-\-tlsAllowInvalidHostnames\fP instead. .sp -New in version 3.0. - -.sp Disables the validation of the hostnames in TLS/SSL certificates, when connecting to other members of the replica set or sharded cluster for inter\-process authentication. This allows \fBmongos\fP to connect @@ -1866,9 +1978,6 @@ For more information about TLS/SSL and MongoDB, see Deprecated since version 4.2: Use \fI\%\-\-tlsDisabledProtocols\fP instead. .sp -New in version 3.0.7. - -.sp Prevents a MongoDB server running with TLS/SSL from accepting incoming connections that use a specific protocol or protocols. To specify multiple protocols, use a comma separated list of protocols. @@ -1981,9 +2090,6 @@ and \fI\%MongoDB Atlas\fP\&. .INDENT 0.0 .TP .B \-\-auditFormat -New in version 2.6. - -.sp Specifies the format of the output file for auditing if \fI\%\-\-auditDestination\fP is \fBfile\fP\&. The \fI\%\-\-auditFormat\fP option can have one of the following values: .TS @@ -2026,9 +2132,6 @@ and \fI\%MongoDB Atlas\fP\&. .INDENT 0.0 .TP .B \-\-auditPath -New in version 2.6. - -.sp Specifies the output file for auditing if \fI\%\-\-auditDestination\fP has value of \fBfile\fP\&. The \fI\%\-\-auditPath\fP option can take either a full path name or a relative path name. @@ -2044,9 +2147,6 @@ and \fI\%MongoDB Atlas\fP\&. .INDENT 0.0 .TP .B \-\-auditFilter -New in version 2.6. - -.sp Specifies the filter to limit the types of operations the audit system records. The option takes a string representation of a query document of the form: .INDENT 7.0 @@ -2126,14 +2226,14 @@ New in version 4.0. New in version 3.4: Available in MongoDB Enterprise only. .sp -The LDAP server against which the \fBmongos\fP executes LDAP operations -against to authenticate users or determine what actions a user is authorized -to perform on a given database. If the LDAP server specified has any -replicated instances, you may specify the host and port of each replicated -server in a comma\-delimited list. +The LDAP server against which the \fBmongos\fP authenticates users or +determines what actions a user is authorized to perform on a given +database. If the LDAP server specified has any replicated instances, +you may specify the host and port of each replicated server in a +comma\-delimited list. .sp -If your LDAP infrastrucure partitions the LDAP directory over multiple LDAP -servers, specify \fIone\fP LDAP server any of its replicated instances to +If your LDAP infrastructure partitions the LDAP directory over multiple LDAP +servers, specify \fIone\fP LDAP server or any of its replicated instances to \fI\%\-\-ldapServers\fP\&. MongoDB supports following LDAP referrals as defined in \fI\%RFC 4511 4.1.10\fP\&. Do not use \fI\%\-\-ldapServers\fP for listing every LDAP server in your infrastructure. @@ -2145,6 +2245,24 @@ If unset, \fBmongos\fP cannot use LDAP authentication or authorization\&. .UNINDENT .INDENT 0.0 .TP +.B \-\-ldapValidateLDAPServerConfig <boolean> +\fIAvailable in MongoDB Enterprise\fP +.sp +A flag that determines if the \fI\%mongos\fP instance checks +the availability of the \fI\%LDAP server(s)\fP as part of its startup: +.INDENT 7.0 +.IP \(bu 2 +If \fBtrue\fP, the \fI\%mongos\fP instance performs the +availability check and only continues to start up if the LDAP +server is available. +.IP \(bu 2 +If \fBfalse\fP, the \fI\%mongos\fP instance skips the +availability check; i.e. the instance starts up even if the LDAP +server is unavailable. +.UNINDENT +.UNINDENT +.INDENT 0.0 +.TP .B \-\-ldapQueryUser <string> New in version 3.4: Available in MongoDB Enterprise only. @@ -2205,7 +2323,7 @@ both \fI\%\-\-ldapQueryPassword\fP and \fI\%\-\-ldapBindWithOSDefaults\fP at the .INDENT 0.0 .TP .B \-\-ldapBindWithOSDefaults <bool> -\fIDefault\fP: False +\fIDefault\fP: false .sp New in version 3.4: Available in MongoDB Enterprise for the Windows platform only. @@ -2247,12 +2365,12 @@ connect to the LDAP server. .UNINDENT .sp If you specify \fBsasl\fP, you can configure the available SASL mechanisms -using \fI\%\-\-ldapBindSASLMechanisms\fP\&. \fBmongos\fP defaults to +using \fI\%\-\-ldapBindSaslMechanisms\fP\&. \fBmongos\fP defaults to using \fBDIGEST\-MD5\fP mechanism. .UNINDENT .INDENT 0.0 .TP -.B \-\-ldapBindSASLMechanisms <string> +.B \-\-ldapBindSaslMechanisms <string> \fIDefault\fP: DIGEST\-MD5 .sp New in version 3.4: Available in MongoDB Enterprise only. @@ -2497,10 +2615,17 @@ username against the \fBmatch\fP filter. If a match is found, authenticating the user. \fBmongos\fP does not check the remaining documents in the array. .sp -If the given document does not match the provided authentication name, or -the transformation described by the document fails, \fBmongos\fP continues -through the list of documents to find additional matches. If no matches are -found in any document, \fBmongos\fP returns an error. +If the given document does not match the provided authentication +name, \fI\%mongos\fP continues through the list of documents +to find additional matches. If no matches are found in any document, +or the transformation the document describes fails, +\fI\%mongos\fP returns an error. +.sp +Starting in MongoDB 4.4, \fI\%mongos\fP also returns an error +if one of the transformations cannot be evaluated due to networking +or authentication failures to the LDAP server. \fI\%mongos\fP +rejects the connection request and does not check the remaining +documents in the array. .INDENT 7.0 .INDENT 3.5 .SS Example @@ -2579,6 +2704,6 @@ Set \fI\%\-\-bind_ip_all\fP to \fBtrue\fP\&. .SH AUTHOR MongoDB Documentation Project .SH COPYRIGHT -2008-2019 +2008-2020 .\" Generated by docutils manpage writer. . |