.\" Man page generated from reStructuredText. . .TH "MONGOS" "1" "Aug 16, 2019" "4.2" "mongodb-manual" .SH NAME mongos \- MongoDB Sharded Cluster Query Router . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .SS On this page .INDENT 0.0 .IP \(bu 2 \fI\%Synopsis\fP .IP \(bu 2 \fI\%Considerations\fP .IP \(bu 2 \fI\%Options\fP .UNINDENT .SH SYNOPSIS .sp For a sharded cluster, the \fI\%mongos\fP instances provide the interface between the client applications and the sharded cluster. The \fI\%mongos\fP instances route queries and write operations to the shards. From the perspective of the application, a \fI\%mongos\fP instance behaves identically to any other MongoDB instance. .SH CONSIDERATIONS .INDENT 0.0 .IP \(bu 2 Never change the name of the \fI\%mongos\fP binary. .IP \(bu 2 Starting in version 4.0, MongoDB disables support for TLS 1.0 encryption on systems where TLS 1.1+ is available. For more details, see 4.0\-disable\-tls\&. .IP \(bu 2 Starting in MongoDB 4.0, the \fI\%mongos\fP binary will crash when attempting to connect to \fBmongod\fP instances whose feature compatibility version (fCV) is greater than that of the \fI\%mongos\fP\&. For example, you cannot connect a MongoDB 4.0 version \fI\%mongos\fP to a 4.2 sharded cluster with fCV set to 4.2\&. You can, however, connect a MongoDB 4.0 version \fI\%mongos\fP to a 4.2 sharded cluster with fCV set to 4.0\&. .UNINDENT .SH OPTIONS .sp \fBSEE ALSO:\fP .INDENT 0.0 .INDENT 3.5 conf\-file\-command\-line\-mapping .UNINDENT .UNINDENT .INDENT 0.0 .INDENT 3.5 .IP "Starting in version 4.2" .INDENT 0.0 .IP \(bu 2 MongoDB deprecates the SSL options and insteads adds new corresponding TLS options. .IP \(bu 2 MongoDB adds \fI\%\-\-tlsClusterCAFile\fP/\fBnet.tls.clusterCAFile\fP\&. (Also availalbe in 3.4.18+, 3.6.9+, 4.0.3+) .UNINDENT .UNINDENT .UNINDENT .SS Core Options .INDENT 0.0 .TP .B \-\-help, \-h Returns information on the options and use of \fBmongos\fP\&. .UNINDENT .INDENT 0.0 .TP .B \-\-version Returns the \fBmongos\fP release number. .UNINDENT .INDENT 0.0 .TP .B \-\-config , \-f Specifies a configuration file for runtime configuration options. The configuration file is the preferred method for runtime configuration of \fBmongos\fP\&. The options are equivalent to the command\-line configuration options. See /reference/configuration\-options for more information. .sp Ensure the configuration file uses ASCII encoding. The \fBmongos\fP instance does not support configuration files with non\-ASCII encoding, including UTF\-8. .UNINDENT .INDENT 0.0 .TP .B \-\-configExpand \fIDefault\fP: none .sp New in version 4.2. .sp Enables using Expansion Directives in configuration files. Expansion directives allow you to set externally sourced values for configuration file options. .sp \fI\%\-\-configExpand\fP supports the following expansion directives: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fBnone\fP T} T{ Default. \fBmongos\fP does not expand expansion directives. \fBmongos\fP fails to start if any configuration file settings use expansion directives. T} _ T{ \fBrest\fP T} T{ \fBmongos\fP expands \fB__rest\fP expansion directives when parsing the configuration file. T} _ T{ \fBexec\fP T} T{ \fBmongos\fP expands \fB__exec\fP expansion directives when parsing the configuration file. T} _ .TE .sp You can specify multiple expansion directives as a comma\-separated list, e.g. \fBrest, exec\fP\&. If the configuration file contains expansion directives not specified to \fI\%\-\-configExpand\fP, the \fBmongos\fP returns an error and terminates. .sp See externally\-sourced\-values for configuration files for more information on expansion directives. .UNINDENT .INDENT 0.0 .TP .B \-\-verbose, \-v Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the \fB\-v\fP form by including the option multiple times, (e.g. \fB\-vvvvv\fP\&.) .UNINDENT .INDENT 0.0 .TP .B \-\-quiet Runs \fBmongos\fP in a quiet mode that attempts to limit the amount of output. .sp This option suppresses: .INDENT 7.0 .IP \(bu 2 output from database commands .IP \(bu 2 replication activity .IP \(bu 2 connection accepted events .IP \(bu 2 connection closed events .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-port \fIDefault\fP: 27017 .sp The TCP port on which the \fI\%mongos\fP instance listens for client connections. .UNINDENT .INDENT 0.0 .TP .B \-\-bind_ip \fIDefault\fP: localhost .sp \fBNOTE:\fP .INDENT 7.0 .INDENT 3.5 Starting in MongoDB 3.6, \fBmongos\fP bind to localhost by default. See 3.6\-bind\-to\-localhost\&. .UNINDENT .UNINDENT .sp The hostnames and/or IP addresses and/or full Unix domain socket paths on which \fBmongos\fP should listen for client connections. You may attach \fBmongos\fP to any interface. To bind to multiple addresses, enter a list of comma\-separated values. .INDENT 7.0 .INDENT 3.5 .SS Example .sp \fBlocalhost,/tmp/mongod.sock\fP .UNINDENT .UNINDENT .sp You can specify both IPv4 and IPv6 addresses, or hostnames that resolve to an IPv4 or IPv6 address. .INDENT 7.0 .INDENT 3.5 .SS Example .sp \fBlocalhost, 2001:0DB8:e132:ba26:0d5c:2774:e7f9:d513\fP .UNINDENT .UNINDENT .sp \fBNOTE:\fP .INDENT 7.0 .INDENT 3.5 If specifying an IPv6 address \fIor\fP a hostname that resolves to an IPv6 address to \fI\%\-\-bind_ip\fP, you must start \fBmongos\fP with \fI\%\-\-ipv6\fP to enable IPv6 support. Specifying an IPv6 address to \fI\%\-\-bind_ip\fP does not enable IPv6 support. .UNINDENT .UNINDENT .sp If specifying a \fI\%link\-local IPv6 address\fP (\fBfe80::/10\fP), you must append the \fI\%zone index\fP to that address (i.e. \fBfe80::
%\fP). .INDENT 7.0 .INDENT 3.5 .SS Example .sp \fBlocalhost,fe80::a00:27ff:fee0:1fcf%enp0s3\fP .UNINDENT .UNINDENT .INDENT 7.0 .INDENT 3.5 .SS Tip .sp When possible, use a logical DNS hostname instead of an ip address, particularly when configuring replica set members or sharded cluster members. The use of logical DNS hostnames avoids configuration changes due to ip address changes. .UNINDENT .UNINDENT .sp \fBWARNING:\fP .INDENT 7.0 .INDENT 3.5 Before binding to a non\-localhost (e.g. publicly accessible) IP address, ensure you have secured your cluster from unauthorized access. For a complete list of security recommendations, see /administration/security\-checklist\&. At minimum, consider enabling authentication and hardening network infrastructure\&. .UNINDENT .UNINDENT .sp For more information about IP Binding, refer to the /core/security\-mongodb\-configuration documentation. .sp To bind to all IPv4 addresses, enter \fB0.0.0.0\fP\&. .sp To bind to all IPv4 and IPv6 addresses, enter \fB::,0.0.0.0\fP or starting in MongoDB 4.2, an asterisk \fB"*"\fP (enclose the asterisk in quotes to avoid filename pattern expansion). Alternatively, use the \fBnet.bindIpAll\fP setting. .sp \fBNOTE:\fP .INDENT 7.0 .INDENT 3.5 .INDENT 0.0 .IP \(bu 2 \fB\-\-bind_ip\fP and \fB\-\-bind_ip_all\fP are mutually exclusive. Specifying both options causes \fBmongos\fP to throw an error and terminate. .IP \(bu 2 The command\-line option \fB\-\-bind\fP overrides the configuration file setting \fBnet.bindIp\fP\&. .UNINDENT .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-bind_ip_all New in version 3.6. .sp If specified, the \fBmongos\fP instance binds to all IPv4 addresses (i.e. \fB0.0.0.0\fP). If \fBmongos\fP starts with \fI\%\-\-ipv6\fP, \fI\%\-\-bind_ip_all\fP also binds to all IPv6 addresses (i.e. \fB::\fP). .sp \fBmongos\fP only supports IPv6 if started with \fI\%\-\-ipv6\fP\&. Specifying \fI\%\-\-bind_ip_all\fP alone does not enable IPv6 support. .sp \fBWARNING:\fP .INDENT 7.0 .INDENT 3.5 Before binding to a non\-localhost (e.g. publicly accessible) IP address, ensure you have secured your cluster from unauthorized access. For a complete list of security recommendations, see /administration/security\-checklist\&. At minimum, consider enabling authentication and hardening network infrastructure\&. .UNINDENT .UNINDENT .sp For more information about IP Binding, refer to the /core/security\-mongodb\-configuration documentation. .sp Alternatively, you can set the \fB\-\-bind_ip\fP option to \fB::,0.0.0.0\fP or, starting in MongoDB 4.2, to an asterisk \fB"*"\fP (enclose the asterisk in quotes to avoid filename pattern expansion). .sp \fBNOTE:\fP .INDENT 7.0 .INDENT 3.5 \fB\-\-bind_ip\fP and \fB\-\-bind_ip_all\fP are mutually exclusive. That is, you can specify one or the other, but not both. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-maxConns The maximum number of simultaneous connections that \fBmongos\fP will accept. This setting has no effect if it is higher than your operating system\(aqs configured maximum connection tracking threshold. .sp Do not assign too low of a value to this option, or you will encounter errors during normal application operation. .sp This is particularly useful for a \fI\%mongos\fP if you have a client that creates multiple connections and allows them to timeout rather than closing them. .sp In this case, set \fBmaxIncomingConnections\fP to a value slightly higher than the maximum number of connections that the client creates, or the maximum size of the connection pool. .sp This setting prevents the \fI\%mongos\fP from causing connection spikes on the individual shards\&. Spikes like these may disrupt the operation and memory allocation of the sharded cluster\&. .sp \fBNOTE:\fP .INDENT 7.0 .INDENT 3.5 Changed in version 2.6: MongoDB removed the upward limit on the \fBmaxIncomingConnections\fP setting. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-syslog Sends all logging output to the host\(aqs syslog system rather than to standard output or to a log file (\fI\%\-\-logpath\fP). .sp The \fI\%\-\-syslog\fP option is not supported on Windows. .sp \fBWARNING:\fP .INDENT 7.0 .INDENT 3.5 The \fBsyslog\fP daemon generates timestamps when it logs a message, not when MongoDB issues the message. This can lead to misleading timestamps for log entries, especially when the system is under heavy load. We recommend using the \fI\%\-\-logpath\fP option for production systems to ensure accurate timestamps. .UNINDENT .UNINDENT .sp Starting in version 4.2, MongoDB includes the component in its log messages to \fBsyslog\fP\&. .INDENT 7.0 .INDENT 3.5 .sp .nf .ft C \&... ACCESS [repl writer worker 5] Unsupported modification to roles collection ... .ft P .fi .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-syslogFacility \fIDefault\fP: user .sp Specifies the facility level used when logging messages to syslog. The value you specify must be supported by your operating system\(aqs implementation of syslog. To use this option, you must enable the \fI\%\-\-syslog\fP option. .UNINDENT .INDENT 0.0 .TP .B \-\-logpath Sends all diagnostic logging information to a log file instead of to standard output or to the host\(aqs syslog system. MongoDB creates the log file at the path you specify. .sp By default, MongoDB will move any existing log file rather than overwrite it. To instead append to the log file, set the \fI\%\-\-logappend\fP option. .UNINDENT .INDENT 0.0 .TP .B \-\-logappend Appends new entries to the end of the existing log file when the \fBmongos\fP instance restarts. Without this option, \fBmongod\fP will back up the existing log and create a new file. .UNINDENT .INDENT 0.0 .TP .B \-\-redactClientLogData New in version 3.4: Available in MongoDB Enterprise only. .sp A \fBmongos\fP running with \fI\%\-\-redactClientLogData\fP redacts any message accompanying a given log event before logging. This prevents the \fBmongos\fP from writing potentially sensitive data stored on the database to the diagnostic log. Metadata such as error or operation codes, line numbers, and source file names are still visible in the logs. .sp Use \fI\%\-\-redactClientLogData\fP in conjunction with /core/security\-encryption\-at\-rest and /core/security\-transport\-encryption to assist compliance with regulatory requirements. .sp For example, a MongoDB deployment might store Personally Identifiable Information (PII) in one or more collections. The \fBmongos\fP logs events such as those related to CRUD operations, sharding metadata, etc. It is possible that the \fBmongos\fP may expose PII as a part of these logging operations. A \fBmongos\fP running with \fI\%\-\-redactClientLogData\fP removes any message accompanying these events before being output to the log, effectively removing the PII. .sp Diagnostics on a \fBmongos\fP running with \fI\%\-\-redactClientLogData\fP may be more difficult due to the lack of data related to a log event. See the process logging manual page for an example of the effect of \fI\%\-\-redactClientLogData\fP on log output. .sp You can enable or disable log redaction on a running \fBmongos\fP using the \fBsetParameter\fP database command. .INDENT 7.0 .INDENT 3.5 .sp .nf .ft C db.adminCommand( { setParameter: 1, redactClientLogData : true | false } ) .ft P .fi .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-timeStampFormat \fIDefault\fP: iso8601\-local .sp The time format for timestamps in log messages. Specify one of the following values: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fBctime\fP T} T{ Displays timestamps as \fBWed Dec 31 18:17:54.811\fP\&. T} _ T{ \fBiso8601\-utc\fP T} T{ Displays timestamps in Coordinated Universal Time (UTC) in the ISO\-8601 format. For example, for New York at the start of the Epoch: \fB1970\-01\-01T00:00:00.000Z\fP T} _ T{ \fBiso8601\-local\fP T} T{ Displays timestamps in local time in the ISO\-8601 format. For example, for New York at the start of the Epoch: \fB1969\-12\-31T19:00:00.000\-0500\fP T} _ .TE .UNINDENT .INDENT 0.0 .TP .B \-\-pidfilepath Specifies a file location to hold the process ID of the \fBmongos\fP process where \fBmongos\fP will write its PID. This is useful for tracking the \fBmongos\fP process in combination with the \fI\%\-\-fork\fP option. Without a specified \fI\%\-\-pidfilepath\fP option, the process creates no PID file. .UNINDENT .INDENT 0.0 .TP .B \-\-keyFile Specifies the path to a key file that stores the shared secret that MongoDB instances use to authenticate to each other in a sharded cluster or replica set\&. \fI\%\-\-keyFile\fP implies \fBclient authorization\fP\&. See inter\-process\-auth for more information. .sp Starting in MongoDB 4.2, keyfiles for internal membership authentication use YAML format to allow for multiple keys in a keyfile. The YAML format accepts content of: .INDENT 7.0 .IP \(bu 2 a single key string (same as in earlier versions), .IP \(bu 2 multiple key strings (each string must be enclosed in quotes), or .IP \(bu 2 sequence of key strings. .UNINDENT .sp The YAML format is compatible with the existing single\-key keyfiles that use the text file format. .UNINDENT .INDENT 0.0 .TP .B \-\-setParameter Specifies one of the MongoDB parameters described in /reference/parameters\&. You can specify multiple \fBsetParameter\fP fields. .UNINDENT .INDENT 0.0 .TP .B \-\-nounixsocket Disables listening on the UNIX domain socket. \fI\%\-\-nounixsocket\fP applies only to Unix\-based systems. .sp The \fBmongos\fP process always listens on the UNIX socket unless one of the following is true: .INDENT 7.0 .IP \(bu 2 \fI\%\-\-nounixsocket\fP is set .IP \(bu 2 \fBnet.bindIp\fP is not set .IP \(bu 2 \fBnet.bindIp\fP does not specify \fBlocalhost\fP or its associated IP address .UNINDENT .sp New in version 2.6: \fBmongos\fP installed from official \&.deb and \&.rpm packages have the \fBbind_ip\fP configuration set to \fB127.0.0.1\fP by default. .UNINDENT .INDENT 0.0 .TP .B \-\-unixSocketPrefix \fIDefault\fP: /tmp .sp The path for the UNIX socket. \fI\%\-\-unixSocketPrefix\fP applies only to Unix\-based systems. .sp If this option has no value, the \fBmongos\fP process creates a socket with \fB/tmp\fP as a prefix. MongoDB creates and listens on a UNIX socket unless one of the following is true: .INDENT 7.0 .IP \(bu 2 \fBnet.unixDomainSocket.enabled\fP is \fBfalse\fP .IP \(bu 2 \fI\%\-\-nounixsocket\fP is set .IP \(bu 2 \fBnet.bindIp\fP is not set .IP \(bu 2 \fBnet.bindIp\fP does not specify \fBlocalhost\fP or its associated IP address .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-filePermissions \fIDefault\fP: \fB0700\fP .sp Sets the permission for the UNIX domain socket file. .sp \fI\%\-\-filePermissions\fP applies only to Unix\-based systems. .UNINDENT .INDENT 0.0 .TP .B \-\-fork Enables a daemon mode that runs the \fBmongos\fP process in the background. By default \fBmongos\fP does not run as a daemon: typically you will run \fBmongos\fP as a daemon, either by using \fI\%\-\-fork\fP or by using a controlling process that handles the daemonization process (e.g. as with \fBupstart\fP and \fBsystemd\fP). .UNINDENT .INDENT 0.0 .TP .B \-\-transitionToAuth New in version 3.4: Allows the \fBmongos\fP to accept and create authenticated and non\-authenticated connections to and from other \fBmongod\fP and \fI\%mongos\fP instances in the deployment. Used for performing rolling transition of replica sets or sharded clusters from a no\-auth configuration to internal authentication\&. Requires specifying a internal authentication mechanism such as \fI\%\-\-keyFile\fP\&. .sp For example, if using keyfiles for internal authentication, the \fBmongos\fP creates an authenticated connection with any \fBmongod\fP or \fI\%mongos\fP in the deployment using a matching keyfile. If the security mechanisms do not match, the \fBmongos\fP utilizes a non\-authenticated connection instead. .sp A \fBmongos\fP running with \fI\%\-\-transitionToAuth\fP does not enforce user access controls\&. Users may connect to your deployment without any access control checks and perform read, write, and administrative operations. .sp \fBNOTE:\fP .INDENT 7.0 .INDENT 3.5 A \fBmongos\fP running with internal authentication and \fIwithout\fP \fI\%\-\-transitionToAuth\fP requires clients to connect using user access controls\&. Update clients to connect to the \fBmongos\fP using the appropriate user prior to restarting \fBmongos\fP without \fI\%\-\-transitionToAuth\fP\&. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-networkMessageCompressors \fIDefault\fP: snappy,zstd,zlib .sp New in version 3.4. .sp Specifies the default compressor(s) to use for communication between this \fBmongos\fP instance and: .INDENT 7.0 .IP \(bu 2 other members of the sharded cluster .IP \(bu 2 a \fBmongo\fP shell .IP \(bu 2 drivers that support the \fBOP_COMPRESSED\fP message format. .UNINDENT .sp MongoDB supports the following compressors: .INDENT 7.0 .IP \(bu 2 snappy .IP \(bu 2 zlib (Available starting in MongoDB 3.6) .IP \(bu 2 zstd (Available starting in MongoDB 4.2) .UNINDENT .sp \fBIn versions 3.6 and 4.0\fP, \fBmongod\fP and \fI\%mongos\fP enable network compression by default with \fBsnappy\fP as the compressor. .sp \fBStarting in version 4.2\fP, \fBmongod\fP and \fI\%mongos\fP instances default to both \fBsnappy,zstd,zlib\fP compressors, in that order. .sp To disable network compression, set the value to \fBdisabled\fP\&. .sp \fBIMPORTANT:\fP .INDENT 7.0 .INDENT 3.5 Messages are compressed when both parties enable network compression. Otherwise, messages between the parties are uncompressed. .UNINDENT .UNINDENT .sp If you specify multiple compressors, then the order in which you list the compressors matter as well as the communication initiator. For example, if a \fBmongo\fP shell specifies the following network compressors \fBzlib,snappy\fP and the \fBmongod\fP specifies \fBsnappy,zlib\fP, messages between \fBmongo\fP shell and \fBmongod\fP uses \fBzlib\fP\&. .sp If the parties do not share at least one common compressor, messages between the parties are uncompressed. For example, if a \fBmongo\fP shell specifies the network compressor \fBzlib\fP and \fBmongod\fP specifies \fBsnappy\fP, messages between \fBmongo\fP shell and \fBmongod\fP are not compressed. .UNINDENT .INDENT 0.0 .TP .B \-\-serviceExecutor \fIDefault\fP: synchronous .sp New in version 3.6. .sp Determines the threading and execution model \fBmongos\fP uses to execute client requests. The \fB\-\-serviceExecutor\fP option accepts one of the following values: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fBsynchronous\fP T} T{ The \fBmongos\fP uses synchronous networking and manages its networking thread pool on a per connection basis. Previous versions of MongoDB managed threads in this way. T} _ T{ \fBadaptive\fP T} T{ The \fBmongos\fP uses the new experimental asynchronous networking mode with an adaptive thread pool which manages threads on a per request basis. This mode should have more consistent performance and use less resources when there are more inactive connections than database requests. T} _ .TE .UNINDENT .INDENT 0.0 .TP .B \-\-timeZoneInfo The full path from which to load the time zone database. If this option is not provided, then MongoDB will use its built\-in time zone database. .sp The configuration file included with Linux and macOS packages sets the time zone database path to \fB/usr/share/zoneinfo\fP by default. .sp The built\-in time zone database is a copy of the \fI\%Olson/IANA time zone database\fP\&. It is updated along with MongoDB releases, but the release cycle of the time zone database differs from the release cycle of MongoDB. A copy of the most recent release of the time zone database can be downloaded from \fI\%https://downloads.mongodb.org/olson_tz_db/timezonedb\-latest.zip\fP\&. .INDENT 7.0 .INDENT 3.5 .sp .nf .ft C wget https://downloads.mongodb.org/olson_tz_db/timezonedb\-latest.zip unzip timezonedb\-latest.zip mongos \-\-timeZoneInfo timezonedb\-2017b/ .ft P .fi .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-outputConfig New in version 4.2. .sp Outputs the \fBmongos\fP instance\(aqs configuration options, formatted in YAML, to \fBstdout\fP and exits the \fBmongos\fP instance. For configuration options that uses externally\-sourced\-values, \fI\%\-\-outputConfig\fP returns the resolved value for those options. .sp \fBWARNING:\fP .INDENT 7.0 .INDENT 3.5 This may include any configured passwords or secrets previously obfuscated through the external source. .UNINDENT .UNINDENT .sp For usage examples, see: .INDENT 7.0 .IP \(bu 2 expansion\-directive\-output .IP \(bu 2 /tutorial/convert\-command\-line\-options\-to\-yaml .UNINDENT .UNINDENT .SS Sharded Cluster Options .INDENT 0.0 .TP .B \-\-configdb /,... Changed in version 3.2. .sp Specifies the configuration servers for the sharded cluster\&. .sp Starting in MongoDB 3.2, config servers for sharded clusters can be deployed as a replica set\&. The replica set config servers must run the WiredTiger storage engine\&. MongoDB 3.2 deprecates the use of three mirrored \fBmongod\fP instances for config servers. .sp Specify the config server replica set name and the hostname and port of at least one of the members of the config server replica set. .INDENT 7.0 .INDENT 3.5 .sp .nf .ft C sharding: configDB: /cfg1.example.net:27019, cfg2.example.net:27019,... .ft P .fi .UNINDENT .UNINDENT .sp The \fI\%mongos\fP instances for the sharded cluster must specify the same config server replica set name but can specify hostname and port of different members of the replica set. .UNINDENT .INDENT 0.0 .TP .B \-\-localThreshold \fIDefault\fP: 15 .sp Specifies the ping time, in milliseconds, that \fI\%mongos\fP uses to determine which secondary replica set members to pass read operations from clients. The default value of \fB15\fP corresponds to the default value in all of the client \fI\%drivers\fP\&. .sp When \fI\%mongos\fP receives a request that permits reads to secondary members, the \fI\%mongos\fP will: .INDENT 7.0 .IP \(bu 2 Find the member of the set with the lowest ping time. .IP \(bu 2 Construct a list of replica set members that is within a ping time of 15 milliseconds of the nearest suitable member of the set. .sp If you specify a value for the \fI\%\-\-localThreshold\fP option, \fI\%mongos\fP will construct the list of replica members that are within the latency allowed by this value. .IP \(bu 2 Select a member to read from at random from this list. .UNINDENT .sp The ping time used for a member compared by the \fI\%\-\-localThreshold\fP setting is a moving average of recent ping times, calculated at most every 10 seconds. As a result, some queries may reach members above the threshold until the \fI\%mongos\fP recalculates the average. .sp See the replica\-set\-read\-preference\-behavior\-member\-selection section of the read preference documentation for more information. .UNINDENT .SS TLS Options .INDENT 0.0 .INDENT 3.5 .SS See .sp /tutorial/configure\-ssl for full documentation of MongoDB\(aqs support. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B \-\-tlsMode New in version 4.2. .sp Enables TLS used for all network connections. The argument to the \fI\%\-\-tlsMode\fP option can be one of the following: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fBdisabled\fP T} T{ The server does not use TLS. T} _ T{ \fBallowTLS\fP T} T{ Connections between servers do not use TLS. For incoming connections, the server accepts both TLS and non\-TLS. T} _ T{ \fBpreferTLS\fP T} T{ Connections between servers use TLS. For incoming connections, the server accepts both TLS and non\-TLS. T} _ T{ \fBrequireTLS\fP T} T{ The server uses and accepts only TLS encrypted connections. T} _ .TE .sp If \fB\-\-tlsCAFile\fP or \fBtls.CAFile\fP is not specified and you are not using x.509 authentication, the system\-wide CA certificate store will be used when connecting to an TLS\-enabled server. .sp If using x.509 authentication, \fB\-\-tlsCAFile\fP or \fBtls.CAFile\fP must be specified unless using \fB\-\-tlsCertificateSelector\fP\&. .sp For more information about TLS and MongoDB, see /tutorial/configure\-ssl and /tutorial/configure\-ssl\-clients . .UNINDENT .INDENT 0.0 .TP .B \-\-tlsCertificateKeyFile New in version 4.2. .sp \fBNOTE:\fP .INDENT 7.0 .INDENT 3.5 Starting in 4.0, on macOS or Windows, you can use a certificate from the operating system\(aqs secure store instead of specifying a PEM file. See \fI\%\-\-tlsCertificateSelector\fP\&. .UNINDENT .UNINDENT .sp Specifies the \fB\&.pem\fP file that contains both the TLS certificate and key. .INDENT 7.0 .IP \(bu 2 On Linux/BSD, you must specify \fI\%\-\-tlsCertificateKeyFile\fP when TLS is enabled. .IP \(bu 2 On Windows or macOS, you must specify either \fI\%\-\-tlsCertificateKeyFile\fP or \fI\%\-\-tlsCertificateSelector\fP when TLS is enabled. .UNINDENT .sp For more information about TLS and MongoDB, see /tutorial/configure\-ssl and /tutorial/configure\-ssl\-clients . .UNINDENT .INDENT 0.0 .TP .B \-\-tlsCertificateKeyFilePassword New in version 4.2. .sp Specifies the password to de\-crypt the certificate\-key file (i.e. \fI\%\-\-tlsCertificateKeyFile\fP). Use the \fI\%\-\-tlsCertificateKeyFilePassword\fP option only if the certificate\-key file is encrypted. In all cases, the \fBmongos\fP will redact the password from all logging and reporting output. .sp Starting in MongoDB 4.0: .INDENT 7.0 .IP \(bu 2 On Linux/BSD, if the private key in the PEM file is encrypted and you do not specify the \fI\%\-\-tlsCertificateKeyFilePassword\fP option, MongoDB will prompt for a passphrase. See ssl\-certificate\-password\&. .IP \(bu 2 On macOS or Windows, if the private key in the PEM file is encrypted, you must explicitly specify the \fI\%\-\-tlsCertificateKeyFilePassword\fP option. Alternatively, you can use a certificate from the secure system store (see \fI\%\-\-tlsCertificateSelector\fP) instead of a PEM file or use an unencrypted PEM file. .UNINDENT .sp For more information about TLS and MongoDB, see /tutorial/configure\-ssl and /tutorial/configure\-ssl\-clients . .UNINDENT .INDENT 0.0 .TP .B \-\-clusterAuthMode