When updating user/roles info on a mongod/mongos the in-memory role graph and user cache is updated instantly in the standard case.
In the case of multiple mongos's there is a 10 min interval in between the mongos pings to the config servers for new user and role data. This means that there is a potential 10 min delay in communicating information about for instance a revoked user across the cluster. This interval can be configured to be lower with the risk of introducing network noise and repeated cache invalidation.
This can be resolved by implementing a piggyback of the ordinary ping done by mongos to the config servers every 30 seconds.
An additional improvement would be to not invalidate the cache in its entirety but only update the parts that has been changed.
- is related to
-
SERVER-16849 On mongos we always invalidate the user cache once, even if no user definitions are changing
- Closed
-
SERVER-17617 One config server being down can block read operations on config data for seconds
- Closed
-
SERVER-1448 Host sharding config data on a replica set
- Closed
-
SERVER-11997 User cache is invalidated too often and too crudely
- Closed
- related to
-
SERVER-13586 Remove user cache invalidation from user management commands
- Backlog