-
Type: Improvement
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: 2.5.4
-
Component/s: Replication, Security
Some cluster operations applications, such as backup or monitoring services, may wish to add note entries to the replication oplog. These entries would have no affect on the operation of a replica set, but could be used by such applications to learn about the relative progress of nodes applying an oplog.
This can be accomplished today by directly appending "n"-type entries to the oplog, but there is no way to create a privilege for only appending "n"-type entries to the oplog. As a result, services cannot be given the least privilege needed to just leave notes in the oplog.
The proposal is to introduce a new command and corresponding action type, appendOplogNote. The target of the action would be the cluster resource, and the target of the command would be the "admin" database. The command would take one argument, the "data" field, which would be stored in the "o" field of an n-type oplog entry.
This privilege would be given to the backup@admin role.
NOTE: The command should write to the appropriate oplog, depending on if the node is a replica set member (local.oplog.rs), a master/slave replication node (local.oplog.$main) or a config server (local.oplog.$main).
- is related to
-
SERVER-18489 Ban users from directly writing to oplog when running as a replica set member
- Closed
- related to
-
SERVER-28559 appendOplogNote command needs to ensure it's still primary after taking locks
- Closed