From 2191f30bf43a2093fbc84b28123e5da60d9fbb51 Mon Sep 17 00:00:00 2001 From: Madison Hoover <36238844+madisonhoover4@users.noreply.github.com> Date: Thu, 18 Sep 2025 12:22:46 -0400 Subject: [PATCH] SERVER-107074: Update man pages for 8.2 (#39851) (#40489) GitOrigin-RevId: 3b4d4cd53e35a5f85dd82c8bc9e9ee0b150c79ec --- debian/mongod.1 | 1332 ++++---- debian/mongodb-parameters.5 | 6007 ++++++++++++++++++----------------- debian/mongokerberos.1 | 6 +- debian/mongoldap.1 | 17 +- debian/mongos.1 | 116 +- 5 files changed, 3867 insertions(+), 3611 deletions(-) diff --git a/debian/mongod.1 b/debian/mongod.1 index 52db7fdbf21..03bbd881a5e 100644 --- a/debian/mongod.1 +++ b/debian/mongod.1 @@ -11,7 +11,7 @@ for testing: In common operation, use the \fBconfiguration file options\f1 to control the behavior of your database. .PP -\fBConfiguration File Settings and Command\-Line Options Mapping\f1 +\fBSelf\-Managed Configuration File Settings and Command\-Line Options Mapping\f1 .PP MongoDB disables support for TLS 1.0 encryption on systems where TLS 1.1+ is available. @@ -20,7 +20,7 @@ encryption on systems where TLS 1.1+ is available. Deployments hosted in the following environments use \fBmongod\f1: .RS .IP \(bu 2 -MongoDB Atlas (https://www.mongodb.com/docs/atlas?tck=docs_server): The fully +MongoDB Atlas (https://www.mongodb.com/docs/atlas): The fully managed service for MongoDB deployments in the cloud .RE .PP @@ -61,16 +61,133 @@ corresponding \fBnet.serviceExecutor\f1 configuration option. .RE .SS CORE OPTIONS .PP -\fBmongod \-\-help\f1, \fBmongod \-h\f1 +\fBmongod \-\-auth\f1 .RS .PP -Returns information on the options and use of \fBmongod\f1\&. +Enables authorization to control user\(aqs access to database resources +and operations. When authorization is enabled, MongoDB requires all +clients to authenticate themselves first in order to determine the +access for the client. +.PP +To configure users, use the \fBmongosh\f1\f1 client. If no users +exist, the localhost interface has access to the +database until you create the first user. +.PP +See \fBSecurity\f1 for more information. .RE .PP -\fBmongod \-\-version\f1 +\fBmongod \-\-bind_ip\f1 .RS .PP -Returns the \fBmongod\f1 release number. +\fIDefault\f1: localhost +.PP +The hostnames and/or IP addresses and/or full Unix domain socket +paths on which \fBmongod\f1 should listen for client connections. You +may attach \fBmongod\f1 to any interface. To bind to multiple +addresses, enter a list of comma\-separated values. +.PP +You can specify both IPv4 and IPv6 addresses, or hostnames that +resolve to an IPv4 or IPv6 address. +.PP +If specifying an IPv6 address \fIor\f1 a hostname that resolves to an +IPv6 address to \fB\-\-bind_ip\f1\f1, you must start \fBmongod\f1 with +\fB\-\-ipv6\f1\f1 to enable IPv6 support. Specifying an IPv6 address +to \fB\-\-bind_ip\f1\f1 does not enable IPv6 support. +.PP +If specifying a +link\-local IPv6 address (https://en.wikipedia.org/wiki/Link\-local_address#IPv6) +(\fBfe80::/10\f1), you must append the +zone index (https://en.wikipedia.org/wiki/IPv6_address#Scoped_literal_IPv6_addresses_(with_zone_index)) +to that address (i.e. \fBfe80::
%\f1). +.PP +To avoid configuration updates due to IP address changes, use DNS +hostnames instead of IP addresses. It is particularly important to +use a DNS hostname instead of an IP address when configuring replica +set members or sharded cluster members. +.PP +Use hostnames instead of IP addresses to configure clusters across a +split network horizon. Starting in MongoDB 5.0, nodes that are only +configured with an IP address fail startup validation and do not start. +.PP +Before you bind your instance to a publicly\-accessible IP address, +you must secure your cluster from unauthorized access. For a complete +list of security recommendations, see +\fBSecurity Checklist for Self\-Managed Deployments\f1\&. At minimum, consider +\fBenabling authentication\f1 and \fBhardening +network infrastructure\f1\&. +.PP +For more information about IP Binding, refer to the +\fBIP Binding in Self\-Managed Deployments\f1 documentation. +.PP +To bind to all IPv4 addresses, enter \fB0.0.0.0\f1\&. +.PP +To bind to all IPv4 and IPv6 addresses, enter \fB::,0.0.0.0\f1 or +an asterisk \fB"*"\f1 (enclose the asterisk in quotes to avoid filename +pattern expansion). Alternatively, use the \fBnet.bindIpAll\f1\f1 setting. +.RS +.IP \(bu 2 +\fB\-\-bind_ip\f1 and \fB\-\-bind_ip_all\f1 are mutually exclusive. +Specifying both options causes \fBmongod\f1 to throw an error and +terminate. +.IP \(bu 2 +The command\-line option \fB\-\-bind\f1 overrides the configuration +file setting \fBnet.bindIp\f1\f1\&. +.RE +.RE +.PP +\fBmongod \-\-bind_ip_all\f1 +.RS +.PP +If specified, the \fBmongod\f1 instance binds to all IPv4 +addresses (i.e. \fB0.0.0.0\f1). If \fBmongod\f1 starts with +\fB\-\-ipv6\f1\f1, \fB\-\-bind_ip_all\f1\f1 also binds to all IPv6 addresses +(i.e. \fB::\f1). +.PP +\fBmongod\f1 only supports IPv6 if started with \fB\-\-ipv6\f1\f1\&. Specifying +\fB\-\-bind_ip_all\f1\f1 alone does not enable IPv6 support. +.PP +Before you bind your instance to a publicly\-accessible IP address, +you must secure your cluster from unauthorized access. For a complete +list of security recommendations, see +\fBSecurity Checklist for Self\-Managed Deployments\f1\&. At minimum, consider +\fBenabling authentication\f1 and \fBhardening +network infrastructure\f1\&. +.PP +For more information about IP Binding, refer to the +\fBIP Binding in Self\-Managed Deployments\f1 documentation. +.PP +Alternatively, you can set the \fB\-\-bind_ip\f1 option to \fB::,0.0.0.0\f1 +or to an asterisk \fB"*"\f1 (enclose the asterisk in quotes to avoid filename +pattern expansion). +.PP +\fB\-\-bind_ip\f1 and \fB\-\-bind_ip_all\f1 are mutually exclusive. That +is, you can specify one or the other, but not both. +.RE +.PP +\fBmongod \-\-clusterIpSourceAllowlist\f1 +.RS +.PP +A list of IP addresses/CIDR (Classless Inter\-Domain Routing (https://tools.ietf.org/html/rfc4632)) ranges against which the +\fBmongod\f1 validates authentication requests from other members of +the replica set and, if part of a sharded cluster, the \fBmongos\f1\f1 +instances. The \fBmongod\f1 verifies that the originating IP is +either explicitly in the list or belongs to a CIDR range in the list. If the +IP address is not present, the server does not authenticate the +\fBmongod\f1 or \fBmongos\f1\f1\&. +.PP +\fB\-\-clusterIpSourceAllowlist\f1\f1 has no effect on a \fBmongod\f1 started without +\fBauthentication\f1\&. +.PP +\fB\-\-clusterIpSourceAllowlist\f1\f1 accepts multiple comma\-separated IPv4/6 addresses or Classless +Inter\-Domain Routing (CIDR (https://tools.ietf.org/html/rfc4632)) ranges: +.PP +.EX + mongod \-\-clusterIpSourceAllowlist 192.0.2.0/24,127.0.0.1,::1 +.EE +.PP +Ensure \fB\-\-clusterIpSourceAllowlist\f1\f1 includes the IP address \fIor\f1 CIDR ranges that include the +IP address of each replica set member or \fBmongos\f1\f1 in the +deployment to ensure healthy communication between cluster components. .RE .PP \fBmongod \-\-config\f1, \fBmongod \-f\f1 @@ -79,7 +196,7 @@ Returns the \fBmongod\f1 release number. Specifies a configuration file for runtime configuration options. The configuration file is the preferred method for runtime configuration of \fBmongod\f1\&. The options are equivalent to the command\-line -configuration options. See \fBConfiguration File Options\f1 for +configuration options. See \fBSelf\-Managed Configuration File Options\f1 for more information. .PP Ensure the configuration file uses ASCII encoding. The \fBmongod\f1 @@ -137,490 +254,10 @@ list, for example: \fBrest, exec\f1\&. If the configuration file contains expansion directives not specified to \fB\-\-configExpand\f1\f1, the \fBmongod\f1 returns an error and terminates. .PP -See \fBExternally Sourced Configuration File Values\f1 for configuration files +See \fBExternally Sourced Configuration File Values for Self\-Managed Deployments\f1 for configuration files for more information on expansion directives. .RE .PP -\fBmongod \-\-verbose\f1, \fBmongod \-v\f1 -.RS -.PP -Increases the amount of internal reporting returned on standard output -or in log files. Increase the verbosity with the \fB\-v\f1 form by -including the option multiple times, for example: \fB\-vvvvv\f1\&. -.PP -Starting in version 4.2, MongoDB includes the Debug verbosity level -(1\-5) in the \fBlog messages\f1\&. For example, -if the verbosity level is 2, MongoDB logs \fBD2\f1\&. In previous -versions, MongoDB log messages only specified \fBD\f1 for Debug level. -.RE -.PP -\fBmongod \-\-quiet\f1 -.RS -.PP -Runs \fBmongod\f1 in a quiet mode that attempts to limit the amount -of output. -.PP -This option suppresses: -.RS -.IP \(bu 2 -output from \fBdatabase commands\f1 -.IP \(bu 2 -replication activity -.IP \(bu 2 -connection accepted events -.IP \(bu 2 -connection closed events -.RE -.RE -.PP -\fBmongod \-\-port\f1 -.RS -.PP -\fIDefault\f1: -.RS -.IP \(bu 2 -27017 if \fBmongod\f1 is not a shard member or a config server member -.IP \(bu 2 -27018 if \fBmongod\f1 is a \fBshard member\f1\f1 -.IP \(bu 2 -27019 if \fBmongod\f1 is a \fBconfig server member\f1\f1 -.RE -.PP -The TCP port on which the MongoDB instance listens for -client connections. -.PP -The \fB\-\-port\f1 option accepts a range of values between \fB0\f1 and \fB65535\f1\&. -Setting the port to \fB0\f1 configures \fBmongod\f1 to use an arbitrary port -assigned by the operating system. -.RE -.PP -\fBmongod \-\-bind_ip\f1 -.RS -.PP -\fIDefault\f1: localhost -.PP -The hostnames and/or IP addresses and/or full Unix domain socket -paths on which \fBmongod\f1 should listen for client connections. You -may attach \fBmongod\f1 to any interface. To bind to multiple -addresses, enter a list of comma\-separated values. -.PP -You can specify both IPv4 and IPv6 addresses, or hostnames that -resolve to an IPv4 or IPv6 address. -.PP -If specifying an IPv6 address \fIor\f1 a hostname that resolves to an -IPv6 address to \fB\-\-bind_ip\f1\f1, you must start \fBmongod\f1 with -\fB\-\-ipv6\f1\f1 to enable IPv6 support. Specifying an IPv6 address -to \fB\-\-bind_ip\f1\f1 does not enable IPv6 support. -.PP -If specifying a -link\-local IPv6 address (https://en.wikipedia.org/wiki/Link\-local_address#IPv6) -(\fBfe80::/10\f1), you must append the -zone index (https://en.wikipedia.org/wiki/IPv6_address#Scoped_literal_IPv6_addresses_(with_zone_index)) -to that address (i.e. \fBfe80::
%\f1). -.PP -To avoid configuration updates due to IP address changes, use DNS -hostnames instead of IP addresses. It is particularly important to -use a DNS hostname instead of an IP address when configuring replica -set members or sharded cluster members. -.PP -Use hostnames instead of IP addresses to configure clusters across a -split network horizon. Starting in MongoDB 5.0, nodes that are only -configured with an IP address fail startup validation and do not start. -.PP -Before you bind your instance to a publicly\-accessible IP address, -you must secure your cluster from unauthorized access. For a complete -list of security recommendations, see -\fBSecurity Checklist\f1\&. At minimum, consider -\fBenabling authentication\f1 and \fBhardening -network infrastructure\f1\&. -.PP -For more information about IP Binding, refer to the -\fBIP Binding\f1 documentation. -.PP -To bind to all IPv4 addresses, enter \fB0.0.0.0\f1\&. -.PP -To bind to all IPv4 and IPv6 addresses, enter \fB::,0.0.0.0\f1 or -an asterisk \fB"*"\f1 (enclose the asterisk in quotes to avoid filename -pattern expansion). Alternatively, use the \fBnet.bindIpAll\f1\f1 setting. -.RS -.IP \(bu 2 -\fB\-\-bind_ip\f1 and \fB\-\-bind_ip_all\f1 are mutually exclusive. -Specifying both options causes \fBmongod\f1 to throw an error and -terminate. -.IP \(bu 2 -The command\-line option \fB\-\-bind\f1 overrides the configuration -file setting \fBnet.bindIp\f1\f1\&. -.RE -.RE -.PP -\fBmongod \-\-bind_ip_all\f1 -.RS -.PP -If specified, the \fBmongod\f1 instance binds to all IPv4 -addresses (i.e. \fB0.0.0.0\f1). If \fBmongod\f1 starts with -\fB\-\-ipv6\f1\f1, \fB\-\-bind_ip_all\f1\f1 also binds to all IPv6 addresses -(i.e. \fB::\f1). -.PP -\fBmongod\f1 only supports IPv6 if started with \fB\-\-ipv6\f1\f1\&. Specifying -\fB\-\-bind_ip_all\f1\f1 alone does not enable IPv6 support. -.PP -Before you bind your instance to a publicly\-accessible IP address, -you must secure your cluster from unauthorized access. For a complete -list of security recommendations, see -\fBSecurity Checklist\f1\&. At minimum, consider -\fBenabling authentication\f1 and \fBhardening -network infrastructure\f1\&. -.PP -For more information about IP Binding, refer to the -\fBIP Binding\f1 documentation. -.PP -Alternatively, you can set the \fB\-\-bind_ip\f1 option to \fB::,0.0.0.0\f1 -or to an asterisk \fB"*"\f1 (enclose the asterisk in quotes to avoid filename -pattern expansion). -.PP -\fB\-\-bind_ip\f1 and \fB\-\-bind_ip_all\f1 are mutually exclusive. That -is, you can specify one or the other, but not both. -.RE -.PP -\fBmongod \-\-clusterIpSourceAllowlist\f1 -.RS -.PP -A list of IP addresses/CIDR (Classless Inter\-Domain Routing (https://tools.ietf.org/html/rfc4632)) ranges against which the -\fBmongod\f1 validates authentication requests from other members of -the replica set and, if part of a sharded cluster, the \fBmongos\f1\f1 -instances. The \fBmongod\f1 verifies that the originating IP is -either explicitly in the list or belongs to a CIDR range in the list. If the -IP address is not present, the server does not authenticate the -\fBmongod\f1 or \fBmongos\f1\f1\&. -.PP -\fB\-\-clusterIpSourceAllowlist\f1\f1 has no effect on a \fBmongod\f1 started without -\fBauthentication\f1\&. -.PP -\fB\-\-clusterIpSourceAllowlist\f1\f1 accepts multiple comma\-separated IPv4/6 addresses or Classless -Inter\-Domain Routing (CIDR (https://tools.ietf.org/html/rfc4632)) ranges: -.PP -.EX - mongod \-\-clusterIpSourceAllowlist 192.0.2.0/24,127.0.0.1,::1 -.EE -.PP -Ensure \fB\-\-clusterIpSourceAllowlist\f1\f1 includes the IP address \fIor\f1 CIDR ranges that include the -IP address of each replica set member or \fBmongos\f1\f1 in the -deployment to ensure healthy communication between cluster components. -.RE -.PP -\fBmongod \-\-clusterIpSourceWhitelist\f1 -.RS -.PP -\fIDeprecated in version 5.0:\f1 -Use \fB\-\-clusterIpSourceAllowlist\f1\f1 instead. -.PP -A list of IP addresses/CIDR (Classless Inter\-Domain Routing (https://tools.ietf.org/html/rfc4632)) ranges against which the -\fBmongod\f1 validates authentication requests from other members of -the replica set and, if part of a sharded cluster, the \fBmongos\f1\f1 -instances. The \fBmongod\f1 verifies that the originating IP is -either explicitly in the list or belongs to a CIDR range in the list. If the -IP address is not present, the server does not authenticate the -\fBmongod\f1 or \fBmongos\f1\f1\&. -.PP -\fB\-\-clusterIpSourceWhitelist\f1\f1 has no effect on a \fBmongod\f1 started without -\fBauthentication\f1\&. -.PP -\fB\-\-clusterIpSourceWhitelist\f1\f1 accepts multiple comma\-separated IPv4/6 addresses or Classless -Inter\-Domain Routing (CIDR (https://tools.ietf.org/html/rfc4632)) ranges: -.PP -.EX - mongod \-\-clusterIpSourceWhitelist 192.0.2.0/24,127.0.0.1,::1 -.EE -.PP -Ensure \fB\-\-clusterIpSourceWhitelist\f1\f1 includes the IP address \fIor\f1 CIDR ranges that include the -IP address of each replica set member or \fBmongos\f1\f1 in the -deployment to ensure healthy communication between cluster components. -.RE -.PP -\fBmongod \-\-ipv6\f1 -.RS -.PP -Enables IPv6 support. \fBmongod\f1 disables IPv6 support by default. -.PP -Setting \fB\-\-ipv6\f1\f1 does \fInot\f1 direct the \fBmongod\f1 to listen on any -local IPv6 addresses or interfaces. To configure the \fBmongod\f1 to -listen on an IPv6 interface, you must either: -.RS -.IP \(bu 2 -Configure \fB\-\-bind_ip\f1\f1 with one or more IPv6 addresses or -hostnames that resolve to IPv6 addresses, \fBor\f1 -.IP \(bu 2 -Set \fB\-\-bind_ip_all\f1\f1 to \fBtrue\f1\&. -.RE -.RE -.PP -\fBmongod \-\-listenBacklog\f1 -.RS -.PP -\fIDefault\f1: Target system specific maximum value -.PP -The maximum number of connections that can exist in the listen -queue. -.PP -Consult your local system\(aqs documentation to understand the -limitations and configuration requirements before using this -parameter. -.PP -To prevent undefined behavior, specify a value for this -parameter between \fB1\f1 and the local system \fBSOMAXCONN\f1 -constant. -.PP -The default value for the \fBlistenBacklog\f1 parameter depends on the target -system. On Linux, \fB/proc/sys/net/core/somaxconn\f1 is used. On all other -target systems, the compile time constant \fBSOMAXCONN\f1 is used. -\fBSOMAXCONN\f1 is the maximum valid value that is documented for -the \fIbacklog\f1 parameter to the \fIlisten\f1 system call. -.PP -Some systems may interpret \fBSOMAXCONN\f1 symbolically, and others -numerically. The actual \fIlisten backlog\f1 applied in practice may -differ from any numeric interpretation of the \fBSOMAXCONN\f1 constant -or argument to \fB\-\-listenBacklog\f1, and may also be constrained by -system settings like \fB/proc/sys/net/core/somaxconn\f1 on Linux. -.PP -Passing a value for the \fBlistenBacklog\f1 parameter that exceeds the -\fBSOMAXCONN\f1 constant for the local system is, by the letter of the -standards, undefined behavior. Higher values may be silently integer -truncated, may be ignored, may cause unexpected resource -consumption, or have other adverse consequences. -.PP -On systems with workloads that exhibit connection spikes, for which -it is empirically known that the local system can honor higher -values for the \fIbacklog\f1 parameter than the \fBSOMAXCONN\f1 constant, -setting the \fBlistenBacklog\f1 parameter to a higher value may reduce -operation latency as observed by the client by reducing the number -of connections which are forced into a backoff state. -.RE -.PP -\fBmongod \-\-maxConns\f1 -.RS -.PP -The maximum number of simultaneous connections that \fBmongod\f1 -accepts. This setting has no effect if it is higher than your operating -system\(aqs configured maximum connection tracking threshold. -.PP -Do not assign too low of a value to this option, or you will -encounter errors during normal application operation. -.RE -.PP -\fBmongod \-\-logpath\f1 -.RS -.PP -Sends all diagnostic logging information to a log file instead of to -standard output or to the host\(aqs \fBsyslog\f1 system. MongoDB creates -the log file at the path you specify. -.PP -By default, MongoDB moves any existing log file rather than overwriting -it. To instead append to the log file, set the \fB\-\-logappend\f1\f1 option. -.RE -.PP -\fBmongod \-\-syslog\f1 -.RS -.PP -Sends all logging output to the host\(aqs \fBsyslog\f1 system rather -than to standard output or to a log file (\fB\-\-logpath\f1\f1). -.PP -The \fB\-\-syslog\f1\f1 option is not supported on Windows. -.PP -The \fBsyslog\f1 daemon generates timestamps when it logs a message, not -when MongoDB issues the message. This can lead to misleading timestamps -for log entries, especially when the system is under heavy load. We -recommend using the \fB\-\-logpath\f1\f1 option for production systems to -ensure accurate timestamps. -.PP -MongoDB includes the \fBcomponent\f1 in its log -messages to \fBsyslog\f1\&. -.PP -.EX - ... ACCESS [repl writer worker 5] Unsupported modification to roles collection ... -.EE -.RE -.PP -\fBmongod \-\-syslogFacility\f1 -.RS -.PP -\fIDefault\f1: user -.PP -Specifies the facility level used when logging messages to syslog. -The value you specify must be supported by your -operating system\(aqs implementation of syslog. To use this option, you -must enable the \fB\-\-syslog\f1\f1 option. -.RE -.PP -\fBmongod \-\-logappend\f1 -.RS -.PP -Appends new entries to the end of the existing log file when the \fBmongod\f1 -instance restarts. Without this option, \fBmongod\f1 backs up the -existing log and create a new file. -.RE -.PP -\fBmongod \-\-logRotate\f1 -.RS -.PP -\fIDefault\f1: rename -.PP -Determines the behavior for the \fBlogRotate\f1\f1 command when -rotating the server log and/or the audit log. Specify either -\fBrename\f1 or \fBreopen\f1: -.RS -.IP \(bu 2 -\fBrename\f1 renames the log file. -.IP \(bu 2 -\fBreopen\f1 closes and reopens the log file following the typical -Linux/Unix log rotate behavior. Use \fBreopen\f1 when using the -Linux/Unix logrotate utility to avoid log loss. -.IP -If you specify \fBreopen\f1, you must also use \fB\-\-logappend\f1\f1\&. -.RE -.RE -.PP -\fBmongod \-\-timeStampFormat\f1 -.RS -.PP -\fIDefault\f1: iso8601\-local -.PP -The time format for timestamps in log messages. Specify one of the -following values: -.RS -.IP \(bu 2 -.RS -.IP \(bu 4 -Value -.IP \(bu 4 -Description -.RE -.IP \(bu 2 -.RS -.IP \(bu 4 -\fBiso8601\-utc\f1 -.IP \(bu 4 -Displays timestamps in Coordinated Universal Time (UTC) in the -ISO\-8601 format. For example, for New York at the start of the -Epoch: \fB1970\-01\-01T00:00:00.000Z\f1 -.RE -.IP \(bu 2 -.RS -.IP \(bu 4 -\fBiso8601\-local\f1 -.IP \(bu 4 -Displays timestamps in local time in the ISO\-8601 -format. For example, for New York at the start of the Epoch: -\fB1969\-12\-31T19:00:00.000\-05:00\f1 -.RE -.RE -.PP -\fB\-\-timeStampFormat\f1\f1 no longer supports \fBctime\f1\&. An example of \fBctime\f1 -formatted date is: \fBWed Dec 31 18:17:54.811\f1\&. -.RE -.PP -\fBmongod \-\-traceExceptions\f1 -.RS -.PP -For internal diagnostic use only. -.RE -.PP -\fBmongod \-\-pidfilepath\f1 -.RS -.PP -Specifies a file location to store the process ID (PID) of the \fBmongod\f1 -process. The user running the \fBmongod\f1 or \fBmongos\f1 -process must be able to write to this path. If the \fB\-\-pidfilepath\f1\f1 option is not -specified, the process does not create a PID file. This option is generally -only useful in combination with the \fB\-\-fork\f1\f1 option. -.PP -On Linux, PID file management is generally the responsibility of -your distro\(aqs init system: usually a service file in the \fB/etc/init.d\f1 -directory, or a systemd unit file registered with \fBsystemctl\f1\&. Only -use the \fB\-\-pidfilepath\f1\f1 option if you are not using one of these init -systems. For more information, please see the respective -\fBInstallation Guide\f1 for your operating system. -.PP -On macOS, PID file management is generally handled by \fBbrew\f1\&. Only use -the \fB\-\-pidfilepath\f1\f1 option if you are not using \fBbrew\f1 on your macOS system. -For more information, please see the respective Installation -Guide for your operating system. -.RE -.PP -\fBmongod \-\-keyFile\f1 -.RS -.PP -Specifies the path to a key file that stores the shared secret -that MongoDB instances use to authenticate to each other in a -\fBsharded cluster\f1 or \fBreplica set\f1\&. \fB\-\-keyFile\f1\f1 implies -\fB\-\-auth\f1\f1\&. See \fBInternal/Membership Authentication\f1 for more -information. -.PP -\fBKeyfiles for internal membership authentication\f1 use YAML format to allow for multiple keys in a -keyfile. The YAML format accepts either: -.RS -.IP \(bu 2 -A single key string (same as in earlier versions) -.IP \(bu 2 -A sequence of key strings -.RE -.PP -The YAML format is compatible with the existing single\-key -keyfiles that use the text file format. -.RE -.PP -\fBmongod \-\-setParameter\f1 -.RS -.PP -Specifies one of the MongoDB parameters described in -\fBMongoDB Server Parameters\f1\&. You can specify multiple \fBsetParameter\f1 -fields. -.RE -.PP -\fBmongod \-\-nounixsocket\f1 -.RS -.PP -Disables listening on the UNIX domain socket. \fB\-\-nounixsocket\f1\f1 applies only -to Unix\-based systems. -.PP -The \fBmongod\f1 process -always listens on the UNIX socket unless one of the following is true: -.RS -.IP \(bu 2 -\fB\-\-nounixsocket\f1\f1 is set -.IP \(bu 2 -\fBnet.bindIp\f1\f1 is not set -.IP \(bu 2 -\fBnet.bindIp\f1\f1 does not specify \fBlocalhost\f1 or its associated IP address -.RE -.PP -\fBmongod\f1 installed from official \fB\&.deb\f1 and \fB\&.rpm\f1 packages -have the \fBbind_ip\f1 configuration set to \fB127.0.0.1\f1 by -default. -.RE -.PP -\fBmongod \-\-unixSocketPrefix\f1 -.RS -.PP -\fIDefault\f1: /tmp -.PP -The path for the UNIX socket. \fB\-\-unixSocketPrefix\f1\f1 applies only -to Unix\-based systems. -.PP -If this option has no value, the -\fBmongod\f1 process creates a socket with \fB/tmp\f1 as a prefix. MongoDB -creates and listens on a UNIX socket unless one of the following is true: -.RS -.IP \(bu 2 -\fBnet.unixDomainSocket.enabled\f1\f1 is \fBfalse\f1 -.IP \(bu 2 -\fB\-\-nounixsocket\f1\f1 is set -.IP \(bu 2 -\fBnet.bindIp\f1\f1 is not set -.IP \(bu 2 -\fBnet.bindIp\f1\f1 does not specify \fBlocalhost\f1 or its associated IP address -.RE -.RE -.PP \fBmongod \-\-filePermissions\f1 .RS .PP @@ -650,120 +287,132 @@ To use \fB\-\-fork\f1\f1, configure log output for the \fBmongod\f1 with one of .RE .RE .PP -\fBmongod \-\-auth\f1 +\fBmongod \-\-help\f1, \fBmongod \-h\f1 .RS .PP -Enables authorization to control user\(aqs access to database resources -and operations. When authorization is enabled, MongoDB requires all -clients to authenticate themselves first in order to determine the -access for the client. -.PP -To configure users, use the \fBmongosh\f1\f1 client. If no users -exist, the localhost interface has access to the -database until you create the first user. -.PP -See \fBSecurity\f1 for more information. +Returns information on the options and use of \fBmongod\f1\&. .RE .PP -\fBmongod \-\-noauth\f1 +\fBmongod \-\-ipv6\f1 .RS .PP -Disables authentication. Currently the default. Exists for future -compatibility and clarity. +Enables IPv6 support. \fBmongod\f1 disables IPv6 support by default. +.PP +Setting \fB\-\-ipv6\f1\f1 does \fInot\f1 direct the \fBmongod\f1 to listen on any +local IPv6 addresses or interfaces. To configure the \fBmongod\f1 to +listen on an IPv6 interface, you must either: +.RS +.IP \(bu 2 +Configure \fB\-\-bind_ip\f1\f1 with one or more IPv6 addresses or +hostnames that resolve to IPv6 addresses, \fBor\f1 +.IP \(bu 2 +Set \fB\-\-bind_ip_all\f1\f1 to \fBtrue\f1\&. +.RE .RE .PP -\fBmongod \-\-transitionToAuth\f1 +\fBmongod \-\-keyFile\f1 .RS .PP -Allows the \fBmongod\f1 to accept and create authenticated and -non\-authenticated connections to and from other \fBmongod\f1 -and \fBmongos\f1\f1 instances in the deployment. Used for -performing rolling transition of replica sets or sharded clusters -from a no\-auth configuration to \fBinternal authentication\f1\&. Requires specifying a \fBinternal -authentication\f1 mechanism such as -\fB\-\-keyFile\f1\f1\&. +Specifies the path to a key file that stores the shared secret +that MongoDB instances use to authenticate to each other in a +\fBsharded cluster\f1 or \fBreplica set\f1\&. \fB\-\-keyFile\f1\f1 implies +\fB\-\-auth\f1\f1\&. See \fBSelf\-Managed Internal/Membership Authentication\f1 for more +information. .PP -For example, if using \fBkeyfiles\f1 for -\fBinternal authentication\f1, the \fBmongod\f1 creates -an authenticated connection with any \fBmongod\f1 or \fBmongos\f1\f1 -in the deployment using a matching keyfile. If the security mechanisms do -not match, the \fBmongod\f1 utilizes a non\-authenticated connection instead. -.PP -A \fBmongod\f1 running with \fB\-\-transitionToAuth\f1\f1 does not enforce \fBuser access -controls\f1\&. Users may connect to your deployment without any -access control checks and perform read, write, and administrative operations. -.PP -A \fBmongod\f1 running with \fBinternal authentication\f1 and \fIwithout\f1 \fB\-\-transitionToAuth\f1\f1 requires clients to connect -using \fBuser access controls\f1\&. Update clients to -connect to the \fBmongod\f1 using the appropriate \fBuser\f1 -prior to restarting \fBmongod\f1 without \fB\-\-transitionToAuth\f1\f1\&. +\fBKeyfiles for internal membership authentication\f1 use YAML format to allow for multiple keys in a +keyfile. The YAML format accepts either: +.RS +.IP \(bu 2 +A single key string (same as in earlier versions) +.IP \(bu 2 +A sequence of key strings .RE .PP -\fBmongod \-\-sysinfo\f1 -.RS -.PP -Returns diagnostic system information and then exits. The -information provides the page size, the number of physical pages, -and the number of available physical pages. +The YAML format is compatible with the existing single\-key +keyfiles that use the text file format. .RE .PP -\fBmongod \-\-noscripting\f1 +\fBmongod \-\-listenBacklog\f1 .RS .PP -Disables the scripting engine. +\fIDefault\f1: Target system \fBSOMAXCONN\f1 constant +.PP +The maximum number of connections that can exist in the listen +queue. +.PP +Consult your local system\(aqs documentation to understand the +limitations and configuration requirements before using this +parameter. +.PP +To prevent undefined behavior, specify a value for this +parameter between \fB1\f1 and the local system \fBSOMAXCONN\f1 +constant. +.PP +The default value for the \fBlistenBacklog\f1 parameter depends on the +target system. On Linux, MongoDB uses \fB/proc/sys/net/core/somaxconn\f1\&. +On all other target systems, MongoDB uses the compile time constant +\fBSOMAXCONN\f1\&. +.PP +Some systems may interpret \fBSOMAXCONN\f1 symbolically, and others +numerically. The actual \fIlisten backlog\f1 applied in practice may +differ from any numeric interpretation of the \fBSOMAXCONN\f1 constant +or argument to \fB\-\-listenBacklog\f1\&. +.PP +Passing a value for the \fBlistenBacklog\f1 parameter that exceeds the +\fBSOMAXCONN\f1 constant for the local system is, by the letter of the +standards, undefined behavior. Higher values may be silently integer +truncated, may be ignored, may cause unexpected resource +consumption, or have other adverse consequences. .RE .PP -\fBmongod \-\-notablescan\f1 +\fBmongod \-\-logappend\f1 .RS .PP -Forbids operations that require a collection scan. See \fBnotablescan\f1\f1 for additional information. +Appends new entries to the end of the existing log file when the \fBmongod\f1 +instance restarts. Without this option, \fBmongod\f1 backs up the +existing log and create a new file. .RE .PP -\fBmongod \-\-shutdown\f1 +\fBmongod \-\-logpath\f1 .RS .PP -The \fB\-\-shutdown\f1\f1 option cleanly and safely terminates the \fBmongod\f1 -process. When invoking \fBmongod\f1 with this option you must set the -\fB\-\-dbpath\f1\f1 option either directly or by way of the -\fBconfiguration file\f1 and the -\fB\-\-config\f1\f1 option. +Sends all diagnostic logging information to a log file instead of to +standard output or to the host\(aqs \fBsyslog\f1 system. MongoDB creates +the log file at the path you specify. .PP -The \fB\-\-shutdown\f1\f1 option is available only on Linux systems. -.PP -For additional ways to shut down, see also \fBStop mongod\f1 Processes\f1\&. +By default, MongoDB moves any existing log file rather than overwriting +it. To instead append to the log file, set the \fB\-\-logappend\f1\f1 option. .RE .PP -\fBmongod \-\-redactClientLogData\f1 +\fBmongod \-\-logRotate\f1 .RS .PP -\fIAvailable in MongoDB Enterprise only.\f1 +\fIDefault\f1: rename .PP -A \fBmongod\f1 running with \fB\-\-redactClientLogData\f1\f1 redacts any message accompanying a given -log event before logging. This prevents the \fBmongod\f1 from writing -potentially sensitive data stored on the database to the diagnostic log. -Metadata such as error or operation codes, line numbers, and source file -names are still visible in the logs. +Determines the behavior for the \fBlogRotate\f1\f1 command when +rotating the server log and/or the audit log. Specify either +\fBrename\f1 or \fBreopen\f1: +.RS +.IP \(bu 2 +\fBrename\f1 renames the log file. +.IP \(bu 2 +\fBreopen\f1 closes and reopens the log file following the typical +Linux/Unix log rotate behavior. Use \fBreopen\f1 when using the +Linux/Unix logrotate utility to avoid log loss. +.IP +If you specify \fBreopen\f1, you must also use \fB\-\-logappend\f1\f1\&. +.RE +.RE .PP -Use \fB\-\-redactClientLogData\f1\f1 in conjunction with -\fBEncryption at Rest\f1 and -\fBTLS/SSL (Transport Encryption)\f1 to assist compliance with -regulatory requirements. +\fBmongod \-\-maxConns\f1 +.RS .PP -For example, a MongoDB deployment might store Personally Identifiable -Information (PII) in one or more collections. The \fBmongod\f1 logs events -such as those related to CRUD operations, sharding metadata, etc. It is -possible that the \fBmongod\f1 may expose PII as a part of these logging -operations. A \fBmongod\f1 running with \fB\-\-redactClientLogData\f1\f1 removes any message -accompanying these events before being output to the log, effectively -removing the PII. +The maximum number of simultaneous connections that \fBmongod\f1 +accepts. This setting has no effect if it is higher than your operating +system\(aqs configured maximum connection tracking threshold. .PP -Diagnostics on a \fBmongod\f1 running with \fB\-\-redactClientLogData\f1\f1 may be more difficult -due to the lack of data related to a log event. See the -\fBprocess logging\f1 manual page for an -example of the effect of \fB\-\-redactClientLogData\f1\f1 on log output. -.PP -On a running \fBmongod\f1, use \fBsetParameter\f1\f1 with the -\fBredactClientLogData\f1\f1 parameter to configure this setting. +Do not assign too low of a value to this option, or you will +encounter errors during normal application operation. .RE .PP \fBmongod \-\-networkMessageCompressors\f1 @@ -816,6 +465,265 @@ between \fBmongosh\f1\f1 and \fBmongod\f1\f1 are not compressed. .RE .PP +\fBmongod \-\-noauth\f1 +.RS +.PP +Disables authentication. Currently the default. Exists for future +compatibility and clarity. +.RE +.PP +\fBmongod \-\-noscripting\f1 +.RS +.PP +Disables the scripting engine. +.RE +.PP +\fBmongod \-\-notablescan\f1 +.RS +.PP +Forbids operations that require a collection scan. See \fBnotablescan\f1\f1 for additional information. +.RE +.PP +\fBmongod \-\-nounixsocket\f1 +.RS +.PP +Disables listening on the UNIX domain socket. \fB\-\-nounixsocket\f1\f1 applies only +to Unix\-based systems. +.PP +The \fBmongod\f1 process +always listens on the UNIX socket unless one of the following is true: +.RS +.IP \(bu 2 +\fB\-\-nounixsocket\f1\f1 is set +.IP \(bu 2 +\fBnet.bindIp\f1\f1 is not set +.IP \(bu 2 +\fBnet.bindIp\f1\f1 does not specify \fBlocalhost\f1 or its associated IP address +.RE +.PP +\fBmongod\f1 installed from official \fBInstall MongoDB Community Edition on Debian\f1 +and \fBInstall MongoDB Community Edition on Red Hat or CentOS\f1 packages +have the \fBbind_ip\f1 configuration set to \fB127.0.0.1\f1 by +default. +.RE +.PP +\fBmongod \-\-outputConfig\f1 +.RS +.PP +Outputs the \fBmongod\f1 instance\(aqs configuration options, formatted +in YAML, to \fBstdout\f1 and exits the \fBmongod\f1 instance. For +configuration options that uses \fBExternally Sourced Configuration File Values for Self\-Managed Deployments\f1, +\fB\-\-outputConfig\f1\f1 returns the resolved value for those options. +.PP +This may include any configured passwords or secrets previously +obfuscated through the external source. +.PP +For usage examples, see: +.RS +.IP \(bu 2 +\fBOutput the Configuration File with Resolved Expansion Directive Values\f1 +.IP \(bu 2 +\fBConvert Self\-Managed Command\-Line Options to YAML\f1 +.RE +.RE +.PP +\fBmongod \-\-pidfilepath\f1 +.RS +.PP +Specifies a file location to store the process ID (PID) of the \fBmongod\f1 +process. The user running the \fBmongod\f1 or \fBmongos\f1 +process must be able to write to this path. If the \fB\-\-pidfilepath\f1\f1 option is not +specified, the process does not create a PID file. This option is generally +only useful in combination with the \fB\-\-fork\f1\f1 option. +.PP +On Linux, PID file management is generally the responsibility of +your distro\(aqs init system: usually a service file in the \fB/etc/init.d\f1 +directory, or a systemd unit file registered with \fBsystemctl\f1\&. Only +use the \fB\-\-pidfilepath\f1\f1 option if you are not using one of these init +systems. For more information, please see the respective +\fBInstallation Guide\f1 for your operating system. +.PP +On macOS, PID file management is generally handled by \fBbrew\f1\&. Only use +the \fB\-\-pidfilepath\f1\f1 option if you are not using \fBbrew\f1 on your macOS system. +For more information, please see the respective Installation +Guide for your operating system. +.RE +.PP +\fBmongod \-\-port\f1 +.RS +.PP +\fIDefault\f1: +.RS +.IP \(bu 2 +27017 if \fBmongod\f1 is not a shard member or a config server member +.IP \(bu 2 +27018 if \fBmongod\f1 is a \fBshard member\f1\f1 +.IP \(bu 2 +27019 if \fBmongod\f1 is a \fBconfig server member\f1\f1 +.RE +.PP +The TCP port on which the MongoDB instance listens for +client connections. +.PP +The \fB\-\-port\f1 option accepts a range of values between \fB0\f1 and \fB65535\f1\&. +Setting the port to \fB0\f1 configures \fBmongod\f1 to use an arbitrary port +assigned by the operating system. +.RE +.PP +\fBmongod \-\-quiet\f1 +.RS +.PP +Runs \fBmongod\f1 in a quiet mode that attempts to limit the amount +of output. +.PP +This option suppresses: +.RS +.IP \(bu 2 +output from \fBdatabase commands\f1 +.IP \(bu 2 +replication activity +.IP \(bu 2 +connection accepted events +.IP \(bu 2 +connection closed events +.RE +.RE +.PP +\fBmongod \-\-redactClientLogData\f1 +.RS +.PP +\fIAvailable in MongoDB Enterprise only.\f1 +.PP +A \fBmongod\f1 running with \fB\-\-redactClientLogData\f1\f1 redacts any message accompanying a given +log event before logging. This prevents the \fBmongod\f1 from writing +potentially sensitive data stored on the database to the diagnostic log. +Metadata such as error or operation codes, line numbers, and source file +names are still visible in the logs. +.PP +Use \fB\-\-redactClientLogData\f1\f1 in conjunction with +\fBEncryption at Rest\f1 and +\fBTLS/SSL (Transport Encryption)\f1 to assist compliance with +regulatory requirements. +.PP +For example, a MongoDB deployment might store Personally Identifiable +Information (PII) in one or more collections. The \fBmongod\f1 logs events +such as those related to CRUD operations, sharding metadata, etc. It is +possible that the \fBmongod\f1 may expose PII as a part of these logging +operations. A \fBmongod\f1 running with \fB\-\-redactClientLogData\f1\f1 removes any message +accompanying these events before being output to the log, effectively +removing the PII. +.PP +Diagnostics on a \fBmongod\f1 running with \fB\-\-redactClientLogData\f1\f1 may be more difficult +due to the lack of data related to a log event. See the +\fBprocess logging\f1 manual page for an +example of the effect of \fB\-\-redactClientLogData\f1\f1 on log output. +.PP +On a running \fBmongod\f1, use \fBsetParameter\f1\f1 with the +\fBredactClientLogData\f1\f1 parameter to configure this setting. +.RE +.PP +\fBmongod \-\-setParameter\f1 +.RS +.PP +Specifies one of the MongoDB parameters described in +\fBMongoDB Server Parameters for a Self\-Managed Deployment\f1\&. You can specify multiple \fBsetParameter\f1 +fields. +.RE +.PP +\fBmongod \-\-shutdown\f1 +.RS +.PP +The \fB\-\-shutdown\f1\f1 option cleanly and safely terminates the \fBmongod\f1 +process. When invoking \fBmongod\f1 with this option you must set the +\fB\-\-dbpath\f1\f1 option either directly or by way of the +\fBconfiguration file\f1 and the +\fB\-\-config\f1\f1 option. +.PP +The \fB\-\-shutdown\f1\f1 option is available only on Linux systems. +.PP +For additional ways to shut down, see also \fBStop mongod\f1 Processes\f1\&. +.RE +.PP +\fBmongod \-\-sysinfo\f1 +.RS +.PP +Returns diagnostic system information and then exits. The +information provides the page size, the number of physical pages, +and the number of available physical pages. +.RE +.PP +\fBmongod \-\-syslog\f1 +.RS +.PP +Sends all logging output to the host\(aqs \fBsyslog\f1 system rather +than to standard output or to a log file (\fB\-\-logpath\f1\f1). +.PP +The \fB\-\-syslog\f1\f1 option is not supported on Windows. +.PP +The \fBsyslog\f1 daemon generates timestamps when it logs a message, not +when MongoDB issues the message. This can lead to misleading timestamps +for log entries, especially when the system is under heavy load. We +recommend using the \fB\-\-logpath\f1\f1 option for production systems to +ensure accurate timestamps. +.PP +MongoDB includes the \fBcomponent\f1 in its log +messages to \fBsyslog\f1\&. +.PP +.EX + ... ACCESS [repl writer worker 5] Unsupported modification to roles collection ... +.EE +.RE +.PP +\fBmongod \-\-syslogFacility\f1 +.RS +.PP +\fIDefault\f1: user +.PP +Specifies the facility level used when logging messages to syslog. +The value you specify must be supported by your +operating system\(aqs implementation of syslog. To use this option, you +must enable the \fB\-\-syslog\f1\f1 option. +.RE +.PP +\fBmongod \-\-timeStampFormat\f1 +.RS +.PP +\fIDefault\f1: iso8601\-local +.PP +The time format for timestamps in log messages. Specify one of the +following values: +.RS +.IP \(bu 2 +.RS +.IP \(bu 4 +Value +.IP \(bu 4 +Description +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBiso8601\-utc\f1 +.IP \(bu 4 +Displays timestamps in Coordinated Universal Time (UTC) in the +ISO\-8601 format. For example, for New York at the start of the +Epoch: \fB1970\-01\-01T00:00:00.000Z\f1 +.RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBiso8601\-local\f1 +.IP \(bu 4 +Displays timestamps in local time in the ISO\-8601 +format. For example, for New York at the start of the Epoch: +\fB1969\-12\-31T19:00:00.000\-05:00\f1 +.RE +.RE +.PP +\fB\-\-timeStampFormat\f1\f1 no longer supports \fBctime\f1\&. An example of \fBctime\f1 +formatted date is: \fBWed Dec 31 18:17:54.811\f1\&. +.RE +.PP \fBmongod \-\-timeZoneInfo\f1 .RS .PP @@ -849,27 +757,89 @@ and use the \fBtimeZoneInfo\f1\f1 parameter. \fBprocessManagement.timeZoneInfo\f1\f1\&. .RE .PP -\fBmongod \-\-outputConfig\f1 +\fBmongod \-\-traceExceptions\f1 .RS .PP -Outputs the \fBmongod\f1 instance\(aqs configuration options, formatted -in YAML, to \fBstdout\f1 and exits the \fBmongod\f1 instance. For -configuration options that uses \fBExternally Sourced Configuration File Values\f1, -\fB\-\-outputConfig\f1\f1 returns the resolved value for those options. -.PP -This may include any configured passwords or secrets previously -obfuscated through the external source. -.PP -For usage examples, see: -.RS -.IP \(bu 2 -\fBOutput the Configuration File with Resolved Expansion Directive Values\f1 -.IP \(bu 2 -\fBConvert Command\-Line Options to YAML\f1 +For internal diagnostic use only. .RE +.PP +\fBmongod \-\-transitionToAuth\f1 +.RS +.PP +Allows the \fBmongod\f1 to accept and create authenticated and +non\-authenticated connections to and from other \fBmongod\f1 +and \fBmongos\f1\f1 instances in the deployment. Used for +performing rolling transition of replica sets or sharded clusters +from a no\-auth configuration to \fBinternal authentication\f1\&. Requires specifying a \fBinternal +authentication\f1 mechanism such as +\fB\-\-keyFile\f1\f1\&. +.PP +For example, if using \fBkeyfiles\f1 for +\fBinternal authentication\f1, the \fBmongod\f1 creates +an authenticated connection with any \fBmongod\f1 or \fBmongos\f1\f1 +in the deployment using a matching keyfile. If the security mechanisms do +not match, the \fBmongod\f1 utilizes a non\-authenticated connection instead. +.PP +A \fBmongod\f1 running with \fB\-\-transitionToAuth\f1\f1 does not enforce \fBuser access +controls\f1\&. Users may connect to your deployment without any +access control checks and perform read, write, and administrative operations. +.PP +A \fBmongod\f1 running with \fBinternal authentication\f1 and \fIwithout\f1 \fB\-\-transitionToAuth\f1\f1 requires clients to connect +using \fBuser access controls\f1\&. Update clients to +connect to the \fBmongod\f1 using the appropriate \fBuser\f1 +prior to restarting \fBmongod\f1 without \fB\-\-transitionToAuth\f1\f1\&. +.RE +.PP +\fBmongod \-\-unixSocketPrefix\f1 +.RS +.PP +\fIDefault\f1: /tmp +.PP +The path for the UNIX socket. \fB\-\-unixSocketPrefix\f1\f1 applies only +to Unix\-based systems. +.PP +If this option has no value, the +\fBmongod\f1 process creates a socket with \fB/tmp\f1 as a prefix. MongoDB +creates and listens on a UNIX socket unless one of the following is true: +.RS +.IP \(bu 2 +\fBnet.unixDomainSocket.enabled\f1\f1 is \fBfalse\f1 +.IP \(bu 2 +\fB\-\-nounixsocket\f1\f1 is set +.IP \(bu 2 +\fBnet.bindIp\f1\f1 is not set +.IP \(bu 2 +\fBnet.bindIp\f1\f1 does not specify \fBlocalhost\f1 or its associated IP address +.RE +.RE +.PP +\fBmongod \-\-verbose\f1, \fBmongod \-v\f1 +.RS +.PP +Increases the amount of internal reporting returned on standard output +or in log files. Increase the verbosity with the \fB\-v\f1 form by +including the option multiple times, for example: \fB\-vvvvv\f1\&. +.PP +Starting in version 4.2, MongoDB includes the Debug verbosity level +(1\-5) in the \fBlog messages\f1\&. For example, +if the verbosity level is 2, MongoDB logs \fBD2\f1\&. In previous +versions, MongoDB log messages only specified \fBD\f1 for Debug level. +.RE +.PP +\fBmongod \-\-version\f1 +.RS +.PP +Returns the \fBmongod\f1 release number. .RE .SS LDAP AUTHENTICATION OR AUTHORIZATION OPTIONS .PP +Starting in MongoDB 8.0, LDAP authentication and authorization is +deprecated. LDAP is available and will continue to operate without +changes throughout the lifetime of MongoDB 8. LDAP will be removed in a +future major release. +.PP +For details, see \fBLDAP Deprecation\f1\&. +.PP \fBmongod \-\-ldapServers\f1 .RS .PP @@ -1031,7 +1001,7 @@ libraries by default. Defer to the documentation associated with each SASL mechanism for guidance on installation and configuration. .PP If using the \fBGSSAPI\f1 SASL mechanism for use with -\fBKerberos Authentication\f1, verify the following for the +\fBKerberos Authentication on Self\-Managed Deployments\f1, verify the following for the \fBmongod\f1 host machine: .PP \fBLinux\f1\f1 @@ -1416,7 +1386,7 @@ To specify the \fBWiredTiger Storage Engine\f1\&. .IP \(bu 4 \fBinMemory\f1 .IP \(bu 4 -To specify the \fBIn\-Memory Storage Engine\f1\&. +To specify the \fBIn\-Memory Storage Engine for Self\-Managed Deployments\f1\&. .IP \fIAvailable in MongoDB Enterprise only.\f1 .RE @@ -1577,7 +1547,7 @@ a replica set member: To repair a \fBreplica set\f1 member, if you have an intact copy of your data available (e.g. a recent backup or an intact member of the \fBreplica set\f1), restore from that intact -copy instead. To learn more, see \fBResync a Member of a Replica Set\f1\&. +copy instead. To learn more, see \fBResync a Member of a Self\-Managed Replica Set\f1\&. .IP \(bu 4 If you choose to run \fBmongod \-\-repair\f1\f1 against a replica set member and the operation modifies the data or the @@ -1623,7 +1593,10 @@ uses for all data. The memory consumed by an index build (see \fBmaxIndexBuildMemoryUsageMegabytes\f1\f1) is separate from the WiredTiger cache memory. .PP -Values can range from \fB0.25\f1 GB to \fB10000\f1 GB. +Avoid increasing the WiredTiger internal cache size above its +default value. If your use case requires to do so, you can use +\fB\-\-wiredTigerCacheSizePct\f1\f1 to specify a percentage of up to 80% of available +memory. Values can range from \fB0.25\f1 GB to \fB10000\f1 GB. .PP The default WiredTiger internal cache size is the larger of either: .RS @@ -1647,9 +1620,6 @@ system memory, is used as the maximum RAM available. .PP To see the memory limit, see \fBhostInfo.system.memLimitMB\f1\f1\&. .PP -Avoid increasing the WiredTiger internal cache size above its -default value. -.PP With WiredTiger, MongoDB utilizes both the WiredTiger internal cache and the filesystem cache. .PP @@ -1668,9 +1638,8 @@ decrease WiredTiger internal cache size. .PP The default WiredTiger internal cache size value assumes that there is a single \fBmongod\f1\f1 instance per machine. If a single machine -contains multiple MongoDB instances, then you should decrease the setting to -accommodate the other \fBmongod\f1\f1 -instances. +contains multiple MongoDB instances, decrease the setting to accommodate +the other \fBmongod\f1\f1 instances. .PP If you run \fBmongod\f1\f1 in a container (for example, \fBlxc\f1, \fBcgroups\f1, Docker, etc.) that does \fInot\f1 have access to all of the @@ -1678,6 +1647,74 @@ RAM available in a system, you must set \fB\-\-wiredTigerCacheSizeGB\f1\f1 to a less than the amount of RAM available in the container. The exact amount depends on the other processes running in the container. See \fBmemLimitMB\f1\f1\&. +.PP +You can only provide one of either \fB\-\-wiredTigerCacheSizeGB\f1\f1 or +\fB\-\-wiredTigerCacheSizePct\f1\f1\&. +.RE +.PP +\fBmongod \-\-wiredTigerCacheSizePct\f1 +.RS +.PP +Defines the maximum amount of memory to allocate for cache as a +percentage of physical RAM. The memory that an index build consumes (see +\fBmaxIndexBuildMemoryUsageMegabytes\f1\f1) is separate from the +WiredTiger cache memory. +.PP +You can specify a percentage of up to 80% of available memory. +Values range from \fB0.25\f1 GB to \fB10000\f1 GB. +.PP +The default WiredTiger internal cache size is the larger of either: +.RS +.IP \(bu 2 +50% of (RAM \- 1 GB), or +.IP \(bu 2 +256 MB. +.RE +.PP +For example, on a system with a total of 4GB of RAM the +WiredTiger cache uses 1.5GB of RAM (\fB0.5 * (4 GB \- 1 GB) = +1.5 GB\f1). Conversely, on a system with a total of 1.25 GB of +RAM WiredTiger allocates 256 MB to the WiredTiger cache +because that is more than half of the total RAM minus one +gigabyte (\fB0.5 * (1.25 GB \- 1 GB) = 128 MB < 256 MB\f1). +.PP +In some instances, such as when running in a container, the database +can have memory constraints that are lower than the total system +memory. In such instances, this memory limit, rather than the total +system memory, is used as the maximum RAM available. +.PP +To see the memory limit, see \fBhostInfo.system.memLimitMB\f1\f1\&. +.PP +With WiredTiger, MongoDB utilizes both the WiredTiger internal cache +and the filesystem cache. +.PP +With the filesystem cache, MongoDB automatically uses all free memory +that is not used by the WiredTiger cache or by other processes. +.PP +The \fB\-\-wiredTigerCacheSizePct\f1\f1 limits the size of the WiredTiger internal +cache. The operating system uses the available free memory +for filesystem cache, which allows the compressed MongoDB data +files to stay in memory. In addition, the operating system +uses any free RAM to buffer file system blocks and file system +cache. +.PP +To accommodate the additional consumers of RAM, you may have to +decrease WiredTiger internal cache size. +.PP +The default WiredTiger internal cache size value assumes that there is a +single \fBmongod\f1\f1 instance per machine. If a single machine +contains multiple MongoDB instances, decrease the setting to accommodate +the other \fBmongod\f1\f1 instances. +.PP +If you run \fBmongod\f1\f1 in a container (for example, \fBlxc\f1, +\fBcgroups\f1, Docker, etc.) that does \fInot\f1 have access to all of the +RAM available in a system, you must set \fB\-\-wiredTigerCacheSizePct\f1\f1 to a value +less than the amount of RAM available in the container. The exact +amount depends on the other processes running in the container. See +\fBmemLimitMB\f1\f1\&. +.PP +You can only provide one of either \fB\-\-wiredTigerCacheSizePct\f1\f1 or +\fB\-\-wiredTigerCacheSizeGB\f1\f1\&. .RE .PP \fBmongod \-\-wiredTigerJournalCompressor\f1 @@ -1855,6 +1892,18 @@ through a restart, update the value of \fB\-\-oplogMinRetentionHours\f1\f1\&. .RE .PP +\fBmongod \-\-enableMajorityReadConcern\f1 +.RS +.PP +\fIDefault\f1: true +.PP +Configures support for \fB"majority"\f1\f1 read concern. +.PP +Starting in MongoDB 5.0, +\fB\-\-enableMajorityReadConcern\f1\f1 cannot be changed +and is always set to \fBtrue\f1\&. In earlier versions of MongoDB, +\fB\-\-enableMajorityReadConcern\f1\f1 was configurable. +.PP If you are using a three\-member primary\-secondary\-arbiter (PSA) architecture, consider the following: .RS @@ -1862,7 +1911,7 @@ architecture, consider the following: The write concern \fB"majority"\f1\f1 can cause performance issues if a secondary is unavailable or lagging. For advice on how to mitigate these issues, see -\fBMitigate Performance Issues with PSA Replica Set\f1\&. +\fBMitigate Performance Issues with a Self\-Managed PSA Replica Set\f1\&. .IP \(bu 2 If you are using a global default \fB"majority"\f1\f1 and the write concern is less than the size of the majority, @@ -1980,11 +2029,11 @@ The server uses and accepts only TLS encrypted connections. .RE .PP If \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 is not -specified and you are not using x.509 authentication, you must set the +specified and you are not using X.509 authentication, you must set the \fBtlsUseSystemCA\f1\f1 parameter to \fBtrue\f1\&. This makes MongoDB use the system\-wide CA certificate store when connecting to a TLS\-enabled server. .PP -If using x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 +If using X.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&. .PP For more information about TLS and MongoDB, see @@ -2063,7 +2112,7 @@ For more information about TLS and MongoDB, see \fIDefault\f1: keyFile .PP The authentication mode used for cluster authentication. If you use -\fBinternal x.509 authentication\f1, +\fBinternal X.509 authentication\f1, specify so here. This option can have one of the following values: .RS .IP \(bu 2 @@ -2087,7 +2136,7 @@ Accept only keyfiles. \fBsendKeyFile\f1 .IP \(bu 4 For rolling upgrade purposes. Send a keyfile for -authentication but can accept both keyfiles and x.509 +authentication but can accept both keyfiles and X.509 certificates. .RE .IP \(bu 2 @@ -2095,8 +2144,8 @@ certificates. .IP \(bu 4 \fBsendX509\f1 .IP \(bu 4 -For rolling upgrade purposes. Send the x.509 certificate for -authentication but can accept both keyfiles and x.509 +For rolling upgrade purposes. Send the X.509 certificate for +authentication but can accept both keyfiles and X.509 certificates. .RE .IP \(bu 2 @@ -2104,17 +2153,17 @@ certificates. .IP \(bu 4 \fBx509\f1 .IP \(bu 4 -Recommended. Send the x.509 certificate for authentication and -accept only x.509 certificates. +Recommended. Send the X.509 certificate for authentication and +accept only X.509 certificates. .RE .RE .PP If \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 is not -specified and you are not using x.509 authentication, you must set the +specified and you are not using X.509 authentication, you must set the \fBtlsUseSystemCA\f1\f1 parameter to \fBtrue\f1\&. This makes MongoDB use the system\-wide CA certificate store when connecting to a TLS\-enabled server. .PP -If using x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 +If using X.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&. .PP For more information about TLS and MongoDB, see @@ -2125,7 +2174,7 @@ For more information about TLS and MongoDB, see \fBmongod \-\-tlsClusterFile\f1 .RS .PP -Specifies the \&.pem file that contains the x.509 +Specifies the \&.pem file that contains the X.509 certificate\-key file for \fBmembership authentication\f1 for the cluster or replica set. .PP On macOS or Windows, you can use the @@ -2142,14 +2191,12 @@ internal cluster authentication or the alternative option or the certificate returned by the \fB\-\-tlsCertificateSelector\f1\f1\&. .PP -If using x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 +If using X.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&. .PP \fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on -connection if the presented x.509 certificate expires within \fB30\f1 -days of the \fBmongod/mongos\f1 host system time. See -\fBx.509 Certificates Nearing Expiry Trigger Warnings\f1 for more -information. +connection if the presented X.509 certificate expires within \fB30\f1 +days of the \fBmongod/mongos\f1 host system time. .PP For more information about TLS and MongoDB, see \fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and @@ -2247,7 +2294,7 @@ Available on Windows and macOS as an alternative to .PP Specifies a certificate property in order to select a matching certificate from the operating system\(aqs certificate store -for \fBinternal x.509 membership authentication\f1\&. +for \fBinternal X.509 membership authentication\f1\&. .PP \fB\-\-tlsClusterFile\f1\f1 and \fB\-\-tlsClusterCertificateSelector\f1\f1 options are mutually @@ -2306,28 +2353,26 @@ intermediate CA certificate, the secure certificate store must contain the intermedia CA certificate \fIand\f1 the root CA certificate. .PP \fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on -connection if the presented x.509 certificate expires within \fB30\f1 -days of the \fBmongod/mongos\f1 host system time. See -\fBx.509 Certificates Nearing Expiry Trigger Warnings\f1 for more -information. +connection if the presented X.509 certificate expires within \fB30\f1 +days of the \fBmongod/mongos\f1 host system time. .RE .PP \fBmongod \-\-tlsClusterPassword\f1 .RS .PP -Specifies the password to decrypt the x.509 certificate\-key file +Specifies the password to decrypt the X.509 certificate\-key file specified with \fB\-\-tlsClusterFile\f1\f1\&. Use the \fB\-\-tlsClusterPassword\f1\f1 option only if the certificate\-key file is encrypted. In all cases, the \fBmongod\f1 redacts the password from all logging and reporting output. .RS .IP \(bu 2 -On Linux/BSD, if the private key in the x.509 file is encrypted and +On Linux/BSD, if the private key in the X.509 file is encrypted and you do not specify the \fB\-\-tlsClusterPassword\f1\f1 option, MongoDB prompts for a passphrase. See \fBTLS/SSL Certificate Passphrase\f1\&. .IP \(bu 2 -On macOS, if the private key in the x.509 file is +On macOS, if the private key in the X.509 file is encrypted, you must explicitly specify the \fB\-\-tlsClusterPassword\f1\f1 option. Alternatively, you can either use a certificate from the secure system store (see @@ -2450,7 +2495,7 @@ connect. .PP If you specify \fB\-\-tlsAllowInvalidCertificates\f1 or \fBtls.allowInvalidCertificates: -true\f1 when using x.509 authentication, an invalid certificate is +true\f1 when using X.509 authentication, an invalid certificate is only sufficient to establish a TLS connection but is \fIinsufficient\f1 for authentication. .PP @@ -2559,48 +2604,36 @@ available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-e .PP Configures the \fBdatabase profiler\f1 level. The following profiler levels are available: +.PP +\fB0\f1\f1 .RS -.IP \(bu 2 -.RS -.IP \(bu 4 -Level -.IP \(bu 4 -Description -.RE -.IP \(bu 2 -.RS -.IP \(bu 4 -\fB0\f1 -.IP \(bu 4 +.PP The profiler is off and does not collect any data. This is the default profiler level. .RE -.IP \(bu 2 +.PP +\fB1\f1\f1 .RS -.IP \(bu 4 -\fB1\f1 -.IP \(bu 4 +.PP The profiler collects data for operations that exceed the \fBslowms\f1 threshold or match a specified \fBfilter\f1\&. -.IP +.PP When a filter is set: .RS -.IP \(bu 6 +.IP \(bu 2 The \fBslowms\f1 and \fBsampleRate\f1 options are not used for profiling. -.IP \(bu 6 +.IP \(bu 2 The profiler only captures operations that match the \fBfilter\f1\&. .RE .RE -.IP \(bu 2 +.PP +\fB2\f1\f1 .RS -.IP \(bu 4 -\fB2\f1 -.IP \(bu 4 +.PP The profiler collects data for all operations. .RE -.RE .PP Profiling can degrade performance and expose unencrypted query data in the system log. Carefully consider any performance and security implications @@ -2845,8 +2878,9 @@ The \fB\f1 can be \fBany field in the audit message\f1, including fields To specify an audit filter, enclose the filter document in single quotes to pass the document as a string. .PP -To specify the audit filter in a \fBconfiguration file\f1, you must use the YAML format of -the configuration file. +To specify the audit filter in a +\fBconfiguration file\f1, you must use the YAML format +of the configuration file. .PP Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server) and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&. @@ -3161,10 +3195,10 @@ Available in MongoDB Enterprise only. \fBmongod \-\-kmipClientCertificatePassword\f1 .RS .PP -The password (if one exists) for the client certificate passed into -\fB\-\-kmipClientCertificateFile\f1\f1\&. Is used for -authenticating MongoDB to the KMIP server. Requires that a -\fB\-\-kmipClientCertificateFile\f1\f1 be provided. +The password to decrypt the Private Key of the Client Certificate that +connects to the KMIP server. This option authenticates +MongoDB to the KMIP server and requires that you provide a +\fB\-\-kmipClientCertificateFile\f1\f1\&. .PP Available in MongoDB Enterprise only. .RE diff --git a/debian/mongodb-parameters.5 b/debian/mongodb-parameters.5 index f2c1eaf63b9..80c71885dff 100644 --- a/debian/mongodb-parameters.5 +++ b/debian/mongodb-parameters.5 @@ -1,6 +1,13 @@ .TH mongodb-parameters 5 -.SH MONGODB SERVER PARAMETERS +.SH MONGODB SERVER PARAMETERS FOR A SELF-MANAGED DEPLOYMENT +Starting in MongoDB 8.0, LDAP authentication and authorization is +deprecated. LDAP is available and will continue to operate without +changes throughout the lifetime of MongoDB 8. LDAP will be removed in a +future major release. +.PP +For details, see \fBLDAP Deprecation\f1\&. .SH SYNOPSIS +.PP MongoDB provides a number of configuration options that you can set using: .RS @@ -29,11 +36,25 @@ and \fBmongos\f1\f1: .RE .PP For additional configuration options, see -\fBConfiguration File Options\f1, \fBmongod\f1\f1 and +\fBSelf\-Managed Configuration File Options\f1, \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .SH PARAMETERS .SS AUTHENTICATION PARAMETERS .PP +\fBallowRolesFromX509Certificates\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: true +.PP +A boolean flag that allows or disallows the retrieval of +authorization roles from client X.509 certificates. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.RE +.PP \fBauthenticationMechanisms\f1 .RS .PP @@ -42,7 +63,7 @@ Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. Specifies the list of authentication mechanisms the server accepts. Set this to one or more of the following values. If you specify multiple values, use a comma\-separated list and no spaces. For descriptions -of the authentication mechanisms, see \fBAuthentication\f1\&. +of the authentication mechanisms, see \fBAuthentication on Self\-Managed Deployments\f1\&. .RS .IP \(bu 2 .RS @@ -115,6 +136,26 @@ authentication mechanisms, use the following command: .EE .RE .PP +\fBauthFailedDelayMs\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: 0 +.PP +Available in MongoDB Enterprise only. +.PP +The number of milliseconds to wait before informing clients that their +authentication attempt has failed. This parameter may be in the range +\fB0\f1 to \fB5000\f1, inclusive. +.PP +Setting this parameter makes brute\-force login attacks on a database +more time\-consuming. However, clients waiting for a response from the +MongoDB server still consume server resources, and this may adversely +impact benign login attempts if the server is denying access to many +other clients simultaneously. +.RE +.PP \fBawsSTSRetryCount\f1 .RS .PP @@ -182,7 +223,7 @@ bypass. Enabled by default. This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. .PP -See \fBLocalhost Exception\f1 for more information. +See \fBLocalhost Exception in Self\-Managed Deployments\f1 for more information. .RE .PP \fBenforceUserClusterSeparation\f1 @@ -202,34 +243,30 @@ run the following command during startup: .EX mongod \-\-setParameter enforceUserClusterSeparation=false .EE -.PP -If you set the \fBenforceUserClusterSeparation\f1 parameter to \fBfalse\f1, -the server doesn\(aqt distinguish between client certificates, which -applications use to authenticate, and intra\-cluster certificates, which -have privileged access. This has no effect if your \fBclusterAuthMode\f1 -is \fBkeyFile\f1\&. However, if your \fBclusterAuthMode\f1 is \fBx509\f1, user -certificates that use the allowed scheme are conflated with cluster -certificates and granted privileged access. -.PP -Your existing certificates are granted internal privileges if you do the -following: -.RS -.IP \(bu 2 -Create a user, with a name allowed by this parameter. -.IP \(bu 2 -Set the \fBenforceUserClusterSeparation\f1 parameter to \fBfalse\f1\&. -.IP \(bu 2 -Set \fBclusterAuthMode\f1 to \fBx509\f1\&. .RE .PP -You must not upgrade from \fBkeyFile\f1 to \fBx509\f1 without validating -that you\(aqve removed users with elevated privileges that the -\fBenforceUserClusterSeparation\f1 flag allowed you to create. +\fBJWKSMinimumQuiescePeriodSecs\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: 60 seconds (1 minute) +.PP +Specifies the minimum time period that must pass between subsequent fetches of +a given IdP\(aqs \fBJWKSetURI\f1 endpoint. If an RSA public key is changed multiple +times within the quiesce period, that key may not work as expected +for up to a minute unless the quiesce period is manually reduced. If this parameter +is set to zero, there is no quiesce period and the key can be refreshed repeatedly. +.PP +This parameter is available at both startup and runtime. To set the +parameter, use the \fBsetParameter\f1\f1 setting. .RE .PP \fBKeysRotationIntervalSec\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP \fIDefault\f1: 7776000 seconds (90 days) .PP Specifies the number of seconds for which an HMAC signing key (https://en.wikipedia.org/wiki/Hash\-based_message_authentication_code) @@ -240,9 +277,114 @@ This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. .RE .PP +\fBldapConnectionPoolHostRefreshIntervalMillis\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIDefault\f1: 60000 +.PP +The number of milliseconds in\-between health checks of the pooled +LDAP connections. +.PP +You can only set +\fBldapConnectionPoolHostRefreshIntervalMillis\f1\f1 during +start\-up, and cannot change this setting with the +\fBsetParameter\f1\f1 database command. +.RE +.PP +\fBldapConnectionPoolIdleHostTimeoutSecs\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIDefault\f1: 300 +.PP +The maximum number of seconds that the pooled connections to an LDAP +server can remain idle before being closed. +.PP +You can only set +\fBldapConnectionPoolIdleHostTimeoutSecs\f1\f1 during +start\-up, and cannot change this setting with the +\fBsetParameter\f1\f1 database command. +.RE +.PP +\fBldapConnectionPoolMaximumConnectionsInProgressPerHost\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIChanged starting in MongoDB versions 5.0.9 and 6.0.0\f1 +Changed default value to \fB2\f1\&. In previous versions, the +default is unset. +.PP +\fIDefault\f1: 2 +.PP +The maximum number of in\-progress connect operations to each LDAP server. +.PP +You can only set +\fBldapConnectionPoolMaximumConnectionsInProgressPerHost\f1\f1 +during start\-up, and cannot change this setting with the +\fBsetParameter\f1\f1 database command. +.RE +.PP +\fBldapConnectionPoolMaximumConnectionsPerHost\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIChanged starting in MongoDB versions 5.0.9 and 6.0.0\f1 +Changed default value to \fB2147483647\f1\&. In previous versions, the +default is unset. +.PP +\fIDefault\f1: 2147483647 +.PP +The maximum number of connections to keep open to each LDAP server. +.PP +You can only set +\fBldapConnectionPoolMaximumConnectionsPerHost\f1\f1 during +start\-up, and cannot change this setting during run time with the +\fBsetParameter\f1\f1 database command. +.RE +.PP +\fBldapConnectionPoolMinimumConnectionsPerHost\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIDefault\f1: 1 +.PP +The minimum number of connections to keep open to each LDAP server. +.PP +You can only set +\fBldapConnectionPoolMinimumConnectionsPerHost\f1\f1 during +start\-up, and cannot change this setting during run time with the +\fBsetParameter\f1\f1 database command. +.RE +.PP +\fBldapConnectionPoolUseLatencyForHostPriority\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIDefault\f1: true +.PP +A boolean that determines whether the LDAP connection pool (see +\fBldapUseConnectionPool\f1\f1) should use latency of the LDAP +servers to determine the connection order (from lowest latency to +highest). +.PP +You can only set +\fBldapConnectionPoolUseLatencyForHostPriority\f1\f1 during +start\-up, and cannot change this setting during run time with the +\fBsetParameter\f1\f1 database command. +.RE +.PP \fBldapForceMultiThreadMode\f1 .RS .PP +Available for \fBmongod\f1\f1 only. +.PP \fIDefault\f1: false .PP Enables the performance of concurrent LDAP operations. @@ -263,7 +405,7 @@ libldap version, please contact MongoDB Support. \fBldapQueryPassword\f1 .RS .PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +Available for \fBmongod\f1\f1 only. .PP \fIType\f1: string .PP @@ -276,7 +418,7 @@ If not set, mongod or mongos does not attempt to bind to the LDAP server. \fBldapQueryUser\f1 .RS .PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +Available for \fBmongod\f1\f1 only. .PP \fIType\f1: string .PP @@ -289,13 +431,13 @@ If not set, mongod or mongos does not attempt to bind to the LDAP server. \fBldapRetryCount\f1 .RS .PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP \fIDefault\f1: 0 .PP -For MongoDB deployments using \fBLDAP Authorization\f1\&. +For MongoDB deployments using \fBLDAP Authorization on Self\-Managed Deployments\f1\&. .PP Number of operation retries by the server LDAP manager after a network error. @@ -315,11 +457,70 @@ Or, if using the \fBsetParameter\f1\f1 command within .EE .RE .PP +\fBldapShouldRefreshUserCacheEntries\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: true +.PP +For MongoDB deployments using \fBLDAP Authorization on Self\-Managed Deployments\f1\&. +.PP +Starting in MongoDB 5.2, the update interval for cached user information +retrieved from an LDAP server depends on +\fBldapShouldRefreshUserCacheEntries\f1\f1: +.RS +.IP \(bu 2 +If true, use \fBldapUserCacheRefreshInterval\f1\f1\&. +.IP \(bu 2 +If false, use \fBldapUserCacheInvalidationInterval\f1\f1\&. +.RE +.PP +You can only set \fBldapShouldRefreshUserCacheEntries\f1\f1 +during startup in the \fBconfiguration file\f1\f1 or +with the \fB\-\-setParameter\f1 option on the command line. For example, +the following disables +\fBldapShouldRefreshUserCacheEntries\f1\f1: +.PP +.EX + mongod \-\-setParameter ldapShouldRefreshUserCacheEntries=false +.EE +.RE +.PP +\fBldapUseConnectionPool\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +Specifies whether MongoDB should use connection pooling when +connecting to the LDAP server for authentication/authorization. +.PP +MongoDB uses the following default values: +.RS +.IP \(bu 2 +true on Windows. +.IP \(bu 2 +true on Linux where MongoDB Enterprise binaries are linked against +\fBlibldap_r\f1\&. +.IP \(bu 2 +false on Linux where MongoDB Enterprise binaries are linked against +\fBlibldap\f1\&. +.RE +.PP +You can only set \fBldapUseConnectionPool\f1\f1 during +start\-up, and cannot change this setting with the +\fBsetParameter\f1\f1 database command. +.RE +.PP \fBldapUserCacheInvalidationInterval\f1 .RS .PP Available for \fBmongod\f1\f1 only. .PP +\fIDefault\f1: 30 seconds +.PP Starting in MongoDB 5.2, the update interval for cached user information retrieved from an LDAP server depends on \fBldapShouldRefreshUserCacheEntries\f1\f1: @@ -331,7 +532,7 @@ If false, use \fBldapUserCacheInvalidationInterval\f1\f1\&. .RE .PP For use with MongoDB deployments using -\fBLDAP Authorization\f1\&. +\fBLDAP Authorization on Self\-Managed Deployments\f1\&. .PP The interval (in seconds) that the \fBmongod\f1\f1 instance waits between external user cache flushes. After MongoDB flushes the @@ -344,8 +545,6 @@ MongoDB and the LDAP server can be out of sync, but reduces the load on the LDAP server. Conversely, decreasing the value specified decreases the time MongoDB and the LDAP server can be out of sync while increasing the load on the LDAP server. -.PP -Defaults to 30 seconds. .RE .PP \fBldapUserCacheRefreshInterval\f1 @@ -367,7 +566,7 @@ If true, use \fBldapUserCacheRefreshInterval\f1\f1\&. If false, use \fBldapUserCacheInvalidationInterval\f1\f1\&. .RE .PP -For MongoDB deployments using \fBLDAP Authorization\f1\&. +For MongoDB deployments using \fBLDAP Authorization on Self\-Managed Deployments\f1\&. .PP The interval in seconds that \fBmongod\f1\f1 waits before refreshing the cached user information from the LDAP server. @@ -398,7 +597,7 @@ Available for \fBmongod\f1\f1 only. .PP \fIDefault\f1: 90 seconds .PP -For MongoDB deployments using \fBLDAP Authorization\f1\&. +For MongoDB deployments using \fBLDAP Authorization on Self\-Managed Deployments\f1\&. .PP The interval in seconds that \fBmongod\f1\f1 retains the cached LDAP user information after the last cache refresh. @@ -438,155 +637,11 @@ Or, if using the \fBsetParameter\f1\f1 command within .EE .RE .PP -\fBldapUseConnectionPool\f1 -.RS -.PP -Specifies whether MongoDB should use connection pooling when -connecting to the LDAP server for authentication/authorization. -.PP -MongoDB uses the following default values: -.RS -.IP \(bu 2 -true on Windows. -.IP \(bu 2 -true on Linux where MongoDB Enterprise binaries are linked against -\fBlibldap_r\f1\&. -.IP \(bu 2 -false on Linux where MongoDB Enterprise binaries are linked against -\fBlibldap\f1\&. -.RE -.PP -You can only set \fBldapUseConnectionPool\f1\f1 during -start\-up, and cannot change this setting with the -\fBsetParameter\f1\f1 database command. -.RE -.PP -\fBldapConnectionPoolUseLatencyForHostPriority\f1 -.RS -.PP -\fIDefault\f1: true -.PP -A boolean that determines whether the LDAP connection pool (see -\fBldapUseConnectionPool\f1\f1) should use latency of the LDAP -servers to determine the connection order (from lowest latency to -highest). -.PP -You can only set -\fBldapConnectionPoolUseLatencyForHostPriority\f1\f1 during -start\-up, and cannot change this setting during run time with the -\fBsetParameter\f1\f1 database command. -.RE -.PP -\fBldapConnectionPoolMinimumConnectionsPerHost\f1 -.RS -.PP -\fIDefault\f1: 1 -.PP -The minimum number of connections to keep open to each LDAP server. -.PP -You can only set -\fBldapConnectionPoolMinimumConnectionsPerHost\f1\f1 during -start\-up, and cannot change this setting during run time with the -\fBsetParameter\f1\f1 database command. -.RE -.PP -\fBldapConnectionPoolMaximumConnectionsPerHost\f1 -.RS -.PP -\fIChanged starting in MongoDB versions 5.0.9 and 6.0.0\f1 -Changed default value to \fB2147483647\f1\&. In previous versions, the -default is unset. -.PP -\fIDefault\f1: 2147483647 -.PP -The maximum number of connections to keep open to each LDAP server. -.PP -You can only set -\fBldapConnectionPoolMaximumConnectionsPerHost\f1\f1 during -start\-up, and cannot change this setting during run time with the -\fBsetParameter\f1\f1 database command. -.RE -.PP -\fBldapConnectionPoolMaximumConnectionsInProgressPerHost\f1 -.RS -.PP -\fIChanged starting in MongoDB versions 5.0.9 and 6.0.0\f1 -Changed default value to \fB2\f1\&. In previous versions, the -default is unset. -.PP -\fIDefault\f1: 2 -.PP -The maximum number of in\-progress connect operations to each LDAP server. -.PP -You can only set -\fBldapConnectionPoolMaximumConnectionsInProgressPerHost\f1\f1 -during start\-up, and cannot change this setting with the -\fBsetParameter\f1\f1 database command. -.RE -.PP -\fBldapConnectionPoolHostRefreshIntervalMillis\f1 -.RS -.PP -\fIDefault\f1: 60000 -.PP -The number of milliseconds in\-between health checks of the pooled -LDAP connections. -.PP -You can only set -\fBldapConnectionPoolHostRefreshIntervalMillis\f1\f1 during -start\-up, and cannot change this setting with the -\fBsetParameter\f1\f1 database command. -.RE -.PP -\fBldapConnectionPoolIdleHostTimeoutSecs\f1 -.RS -.PP -\fIDefault\f1: 300 -.PP -The maximum number of seconds that the pooled connections to an LDAP -server can remain idle before being closed. -.PP -You can only set -\fBldapConnectionPoolIdleHostTimeoutSecs\f1\f1 during -start\-up, and cannot change this setting with the -\fBsetParameter\f1\f1 database command. -.RE -.PP -\fBldapShouldRefreshUserCacheEntries\f1 +\fBmaxValidateMemoryUsageMB\f1 .RS .PP Available for \fBmongod\f1\f1 only. .PP -\fIType\f1: boolean -.PP -\fIDefault\f1: true -.PP -For MongoDB deployments using \fBLDAP Authorization\f1\&. -.PP -Starting in MongoDB 5.2, the update interval for cached user information -retrieved from an LDAP server depends on -\fBldapShouldRefreshUserCacheEntries\f1\f1: -.RS -.IP \(bu 2 -If true, use \fBldapUserCacheRefreshInterval\f1\f1\&. -.IP \(bu 2 -If false, use \fBldapUserCacheInvalidationInterval\f1\f1\&. -.RE -.PP -You can only set \fBldapShouldRefreshUserCacheEntries\f1\f1 -during startup in the \fBconfiguration file\f1\f1 or -with the \fB\-\-setParameter\f1 option on the command line. For example, -the following disables -\fBldapShouldRefreshUserCacheEntries\f1\f1: -.PP -.EX - mongod \-\-setParameter ldapShouldRefreshUserCacheEntries=false -.EE -.RE -.PP -\fBmaxValidateMemoryUsageMB\f1 -.RS -.PP \fIDefault\f1: 200 .PP The maximum memory usage limit in megabytes for the @@ -598,24 +653,101 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. +.RE +.RE +.PP +\fBocspEnabled\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Available on Linux and macOS. +.PP +\fIDefault\f1: true +.PP +The flag that enables or disables OCSP. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +For example, the following disables OCSP: +.PP +.EX + mongod \-\-setParameter ocspEnabled=false ... +.EE +.PP +Starting in MongoDB 6.0, if \fBocspEnabled\f1\f1 is set to \fBtrue\f1 during +initial sync, all nodes must be able to reach the \fBOCSP\f1 +responder. +.PP +If a member fails in the \fBSTARTUP2\f1\f1 state, set +\fBtlsOCSPVerifyTimeoutSecs\f1\f1 to a value that is less than \fB5\f1\&. +.RS +.IP \(bu 2 +\fBocspStaplingRefreshPeriodSecs\f1\f1 +.IP \(bu 2 +\fBtlsOCSPStaplingTimeoutSecs\f1\f1 +.IP \(bu 2 +\fBtlsOCSPVerifyTimeoutSecs\f1\f1 +.RE +.RE +.PP +\fBocspStaplingRefreshPeriodSecs\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Available on Linux. +.PP +The number of seconds to wait before refreshing the stapled OCSP +status response. Specify a number greater than or equal to 1. +.PP +You can only set \fBocspStaplingRefreshPeriodSecs\f1\f1 during +startup in the \fBconfiguration file\f1\f1 or with +the \fB\-\-setParameter\f1 option on the command line. For example, the +following sets the parameter to 3600 seconds: +.PP +.EX + mongod \-\-setParameter ocspStaplingRefreshPeriodSecs=3600 ... +.EE +.PP +Starting in MongoDB 5.0, the \fBrotateCertificates\f1\f1 command +and \fBdb.rotateCertificates()\f1\f1 method will also refresh any +stapled OCSP responses. +.RS +.IP \(bu 2 +\fBocspEnabled\f1\f1 +.IP \(bu 2 +\fBtlsOCSPStaplingTimeoutSecs\f1\f1 +.IP \(bu 2 +\fBtlsOCSPVerifyTimeoutSecs\f1\f1 .RE .RE .PP \fBoidcIdentityProviders\f1 .RS .PP +Available for \fBmongod\f1\f1 only. +.PP Use this parameter to specify identity provider (IDP) configurations when using \fBOpenID Connect Authentication\f1\&. .PP \fBoidcIdentityProviders\f1 accepts an array of zero or more identity provider (IDP) configurations. An empty array (default) indicates no OpenID Connect -support is enabled. When more than one IDP is defined, \fBoidcIdentityProviders\f1 -uses the \fBmatchPattern\f1 field to select an IDP. Array order determines the -priority and the first IDP is always selected. +support is enabled. +.PP +When more than one IDP is defined, \fBoidcIdentityProviders\f1 uses the +\fBmatchPattern\f1 field to select an IDP. Array order determines the priority +and the first IDP is always selected. +.PP +Starting in MongoDB 8.0, when multiple identity providers (IDP) are +defined, the \fBoidcIdentityProviders\f1\f1 parameter accepts duplicate +\fBissuer\f1 values as long as the \fBaudience\f1 value is unique for each +issuer. This is also available in versions 7.3 and 7.0. .SS OIDCIDENTITYPROVIDERS FIELDS .RS .IP \(bu 2 @@ -641,6 +773,11 @@ string The issuer URI of the IDP that the server should accept tokens from. This must match the \fBiss\f1 field in any JWT used for authentication. .IP +Starting in MongoDB 8.0, when multiple identity providers (IDP) are +defined, the \fBoidcIdentityProviders\f1\f1 parameter accepts duplicate +\fBissuer\f1 values as long as the \fBaudience\f1 value is unique for each +issuer. This is also available in versions 7.3 and 7.0. +.IP If you specify an unreachable issuer URI, MongoDB: .RS .IP \(bu 6 @@ -729,6 +866,13 @@ Required string .IP \(bu 4 Specifies the application or service that the access token is intended for. +.IP +Starting in MongoDB 7.0, only one \fBaudience\f1 oidcIdentityProviders +field can be specified for OIDC access tokens. \fBaudience\f1 fields +with empty arrays or arrays of multiple strings are invalid. +.IP +When more than one IDP is defined, this must be a unique value for +each configuration that shares an \fBissuer\f1\&. .RE .IP \(bu 2 .RS @@ -834,6 +978,9 @@ integer .IP \(bu 4 Frequency, in seconds, to request an updated JSON Web Key Set (JWKS) from the IDP. A setting of 0 disables polling. +.IP +When more than one IDP is defined, this must be the same value for +each configuration that shares an \fBissuer\f1\&. .RE .IP \(bu 2 .RS @@ -858,73 +1005,11 @@ This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. .RE .PP -\fBocspEnabled\f1 -.RS -.PP -Available on Linux and macOS. -.PP -\fIDefault\f1: true -.PP -The flag that enables or disables OCSP. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -For example, the following disables OCSP: -.PP -.EX - mongod \-\-setParameter ocspEnabled=false ... -.EE -.PP -Starting in MongoDB 6.0, if \fBocspEnabled\f1\f1 is set to \fBtrue\f1 during -initial sync, all nodes must be able to reach the \fBOCSP\f1 -responder. -.PP -If a member fails in the \fBSTARTUP2\f1\f1 state, set -\fBtlsOCSPVerifyTimeoutSecs\f1\f1 to a value that is less than \fB5\f1\&. -.RS -.IP \(bu 2 -\fBocspValidationRefreshPeriodSecs\f1\f1 -.IP \(bu 2 -\fBtlsOCSPStaplingTimeoutSecs\f1\f1 -.IP \(bu 2 -\fBtlsOCSPVerifyTimeoutSecs\f1\f1 -.RE -.RE -.PP -\fBocspValidationRefreshPeriodSecs\f1 -.RS -.PP -Available on Linux. -.PP -The number of seconds to wait before refreshing the stapled OCSP -status response. Specify a number greater than or equal to 1. -.PP -You can only set \fBocspValidationRefreshPeriodSecs\f1\f1 during -startup in the \fBconfiguration file\f1\f1 or with -the \fB\-\-setParameter\f1 option on the command line. For example, the -following sets the parameter to 3600 seconds: -.PP -.EX - mongod \-\-setParameter ocspValidationRefreshPeriodSecs=3600 ... -.EE -.PP -Starting in MongoDB 5.0, the \fBrotateCertificates\f1\f1 command -and \fBdb.rotateCertificates()\f1\f1 method will also refresh any -stapled OCSP responses. -.RS -.IP \(bu 2 -\fBocspEnabled\f1\f1 -.IP \(bu 2 -\fBtlsOCSPStaplingTimeoutSecs\f1\f1 -.IP \(bu 2 -\fBtlsOCSPVerifyTimeoutSecs\f1\f1 -.RE -.RE -.PP \fBopensslCipherConfig\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP \fIAvailable on Linux only\f1 .PP With the use of native TLS/SSL libraries, the parameter @@ -956,6 +1041,8 @@ cipher string of \fB\(aqHIGH:!EXPORT:!aNULL@STRENGTH\(aq\f1: \fBopensslCipherSuiteConfig\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP \fIAvailable on Linux only\f1 .PP Specify the list of supported cipher suites OpenSSL should permit @@ -984,6 +1071,8 @@ with a \fBopensslCipherSuiteConfig\f1\f1 cipher suite of \fBopensslDiffieHellmanParameters\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP \fIAvailable on Linux only\f1 .PP Specify the path to the PEM file that contains the OpenSSL @@ -1020,6 +1109,23 @@ cipher suites, use the \fBopensslCipherConfig\f1\f1 parameter: .EE .RE .PP +\fBpessimisticConnectivityCheckForAcceptedConnections\f1 +.RS +.PP +\fIAvailable on Linux only\f1 +.PP +\fIType:\f1 boolean +.PP +\fIDefault:\f1 false +.PP +When set to \fBtrue\f1, instructs the server to check the connectivity of accepted connections +before processing them and to immediately discard connections that the client terminates. +.PP +Consider enabling this parameter on smaller instance types. You can use it when +you want to trade a small amount of latency on new connection establishment for +reduced server work when processing new connections that have already been closed on the client side. +.RE +.PP \fBsaslauthdPath\f1 .RS .PP @@ -1054,10 +1160,10 @@ following: .RS .IP \(bu 2 Linux: -\fBConfigure MongoDB with Kerberos Authentication on Linux\f1 +\fBConfigure Self\-Managed MongoDB with Kerberos Authentication on Linux\f1 .IP \(bu 2 Windows: -\fBConfigure MongoDB with Kerberos Authentication on Windows\f1 +\fBConfigure Self\-Managed MongoDB with Kerberos Authentication on Windows\f1 .RE .RE .PP @@ -1101,10 +1207,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP For example, the following sets the \fBscramIterationCount\f1\f1 @@ -1151,10 +1257,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP For example, the following sets the \fBscramSHA256IterationCount\f1\f1 @@ -1202,6 +1308,39 @@ parameter, use the \fBsetParameter\f1\f1 command. \fBtlsMode\f1\f1 .RE .PP +\fBtlsClusterAuthX509Override\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Overrides the \fBclusterAuthX509\f1\f1 configuration options. +.PP +.EX + setParameter: + tlsClusterAuthX509Override: "{ attributes: \(aqO=MongoDB, OU=MongoDB Server\(aq }" +.EE +.PP +The parameter supports \fBattributes\f1 and \fBextensionValue\f1 overrides. +.PP +When the server authenticates connections from members, it analyzes the +X.509 certificate to determine whether it belongs to a cluster member. +If the server uses the \fBattributes\f1\f1 +setting or the \fBattributes\f1 field on the +\fBtlsClusterAuthX509Override\f1\f1 parameter, it checks +the Distinguished Name (DN) values of the certificate. +If the \fBextensionValue\f1\f1 setting or the +\fBextensionValue\f1 field of +the \fBtlsClusterAuthX509Override\f1\f1 parameter is set, it checks +the extension values of the certificate. If it finds a match, +it authorizes the connection as a peer. +.PP +Use this parameter to rotate certificates when the new certificates have +different attributes or extension values. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.RE +.PP \fBtlsMode\f1 .RS .PP @@ -1233,40 +1372,11 @@ For more information about TLS/SSL and MongoDB, see \fBsslMode\f1\f1 .RE .PP -\fBtlsClusterAuthX509Override\f1 -.RS -.PP -Overrides the \fBclusterAuthX509\f1\f1 configuration options. -.PP -.EX - setParameter: - tlsClusterAuthX509Override: { attributes: O=MongoDB, OU=MongoDB Server } -.EE -.PP -The parameter supports \fBattributes\f1 and \fBextensionValue\f1 overrides. -.PP -When the server authenticates connections from members, it analyzes the -X.509 certificate to determine whether it belongs to a cluster member. -If the server uses the \fBattributes\f1\f1 -setting or the \fBattributes\f1 field on the -\fBtlsClusterAuthX509Override\f1\f1 parameter, it checks -the Distinguished Name (DN) values of the certificate. -If the \fBextensionValue\f1\f1 setting or the -\fBextensionValue\f1 field of -the \fBtlsClusterAuthX509Override\f1\f1 parameter is set, it checks -the extension values of the certificate. If it finds a match, -it authorizes the connection as a peer. -.PP -Use this parameter to rotate certificates when the new certificates have -different attributes or extension values. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.RE -.PP \fBtlsOCSPStaplingTimeoutSecs\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP Available for Linux. .PP The maximum number of seconds the @@ -1290,7 +1400,7 @@ For example, the following sets the .IP \(bu 2 \fBocspEnabled\f1\f1 .IP \(bu 2 -\fBocspValidationRefreshPeriodSecs\f1\f1 +\fBocspStaplingRefreshPeriodSecs\f1\f1 .IP \(bu 2 \fBtlsOCSPVerifyTimeoutSecs\f1\f1 .RE @@ -1299,6 +1409,8 @@ For example, the following sets the \fBtlsOCSPVerifyTimeoutSecs\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP Available for Linux and Windows. .PP \fIDefault\f1: 5 @@ -1322,7 +1434,7 @@ For example, the following sets the .IP \(bu 2 \fBocspEnabled\f1\f1 .IP \(bu 2 -\fBocspValidationRefreshPeriodSecs\f1\f1 +\fBocspStaplingRefreshPeriodSecs\f1\f1 .IP \(bu 2 \fBtlsOCSPStaplingTimeoutSecs\f1\f1 .RE @@ -1398,9 +1510,9 @@ Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. An alternative Distinguished Name (DN) that the instance can also use to identify members of the deployment. .PP -For a MongoDB deployment that uses x.509 certificates for +For a MongoDB deployment that uses X.509 certificates for \fBclusterAuthMode\f1\f1, deployment members identify -each other using x.509 certificates ( +each other using X.509 certificates ( \fBnet.tls.clusterFile\f1\f1, if specified, and \fBnet.tls.certificateKeyFile\f1\f1) during intra\-cluster communications. For members of the same deployment, the \fBDN\f1 from @@ -1425,15 +1537,15 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP You can use this parameter for a rolling update of certificates to new certificates that contain a new \fBDN\f1 value. See -\fBRolling Update of x.509 Cluster Certificates that Contain New DN\f1\&. +\fBRotate X.509 Certificates without clusterAuthX509 Attributes on Self\-Managed Clusters\f1\&. .PP For more information about membership certificate requirements, see \fBMember Certificate Requirements\f1 for details. @@ -1447,7 +1559,7 @@ Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. \fIDefault\f1 : 30 .PP \fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on connection if the -presented x.509 certificate expires within \fB30\f1 days of the +presented X.509 certificate expires within \fB30\f1 days of the \fBmongod/mongos\f1 system clock. Use the \fBtlsX509ExpirationWarningThresholdDays\f1\f1 parameter to control the certificate expiration warning threshold: @@ -1467,10 +1579,7 @@ This parameter has a minimum value of \fB0\f1\&. This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. .PP -See \fBx.509 Certificates Nearing Expiry Trigger Warnings\f1 for more -information on x.509 expiration warnings. -.PP -For more information on x.509 certificate validity, see RFC 5280 +For more information on X.509 certificate validity, see RFC 5280 4.1.2.5 (https://tools.ietf.org/html/rfc5280#section\-4.1.2.5)\&. .RE .PP @@ -1494,46 +1603,12 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .RE -.PP -\fBauthFailedDelayMs\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIDefault\f1: 0 -.PP -Available in MongoDB Enterprise only. -.PP -The number of milliseconds to wait before informing clients that their -authentication attempt has failed. This parameter may be in the range -\fB0\f1 to \fB5000\f1, inclusive. -.PP -Setting this parameter makes brute\-force login attacks on a database -more time\-consuming. However, clients waiting for a response from the -MongoDB server still consume server resources, and this may adversely -impact benign login attempts if the server is denying access to many -other clients simultaneously. -.RE -.PP -\fBallowRolesFromX509Certificates\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIDefault\f1: true -.PP -A boolean flag that allows or disallows the retrieval of -authorization roles from client x.509 certificates. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.RE .SS GENERAL PARAMETERS .PP \fBallowDiskUseByDefault\f1 @@ -1566,10 +1641,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP .EX @@ -1593,70 +1668,6 @@ server is running: .EE .RE .PP -\fBhttpVerboseLogging\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -Adds more verbose tracing for curl on Linux and macOS. Has no affect on Windows. -.PP -By default, the parameter is unset. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -.EX - mongos \-\-setParameter httpVerboseLogging=true -.EE -.RE -.PP -\fBslowConnectionThresholdMillis\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIDefault\f1: 100 -.PP -Sets the time limit in milliseconds to log the establishment of slow -server connections. -.PP -If a connection takes longer to establish than the -\fBslowConnectionThresholdMillis\f1\f1 parameter, an event is -added to the \fBlog\f1 with the message \fBmsg\f1 -field set to \fB"Slow connection establishment"\f1\&. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets \fBslowConnectionThresholdMillis\f1\f1 -to \fB250\f1 milliseconds. -.PP -.EX - mongod \-\-setParameter slowConnectionThresholdMillis=250 -.EE -.PP -Or, if using the \fBsetParameter\f1\f1 command within -\fBmongosh\f1\f1: -.PP -.EX - db.adminCommand( { setParameter: 1, slowConnectionThresholdMillis: 250 } ) -.EE -.RE -.PP \fBconnPoolMaxConnsPerHost\f1 .RS .PP @@ -1706,24 +1717,6 @@ parameter, use the \fBsetParameter\f1\f1 setting. \fBconnPoolMaxConnsPerHost\f1\f1 .RE .PP -\fBglobalConnPoolIdleTimeoutMinutes\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -Sets the time limit that connection in the legacy global connection -pool can remain idle before being closed. -.PP -By default, the parameter is unset. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -.EX - mongos \-\-setParameter globalConnPoolIdleTimeoutMinutes=10 -.EE -.RE -.PP \fBcursorTimeoutMillis\f1 .RS .PP @@ -1739,10 +1732,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP For example, the following sets the \fBcursorTimeoutMillis\f1\f1 @@ -1766,19 +1759,220 @@ time for a query to return results. Use tools like the \fBcursor.explain()\f1\f1 cursor modifier to analyze the average query time and select an appropriate timeout period. .PP -MongoDB cleans up \fBorphaned cursors\f1 linked to -sessions as part of session management. This means that orphaned cursors -with session ids do not use \fBcursorTimeoutMillis\f1 to control the -timeout. +MongoDB cleans up \fBorphaned cursors\f1 after the +\fBcursorTimeoutMillis\f1 threshold only if they are not tied to sessions. .PP -For operations that return a cursor and have an idle period -longer than \fBlocalLogicalSessionTimeoutMinutes\f1\f1, -use \fBMongo.startSession()\f1\f1 to perform the operation -within an explicit session. To refresh the session, run -the \fBrefreshSessions\f1\f1 command. For details, see +MongoDB cleans up cursors linked to sessions with the +\fBlocalLogicalSessionTimeoutMinutes\f1\f1 lifecycle, regardless of +the \fBcursorTimeoutMillis\f1 value. To handle long idle periods, +use \fBMongo.startSession()\f1\f1 and refresh the session using the +\fBrefreshSessions\f1\f1 command. For details, see \fBRefresh a Cursor with refreshSessions\f1\f1\&. .RE .PP +\fBfassertOnLockTimeoutForStepUpDown\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Default: 15 seconds +.PP +Allows a server that receives a request to step up or step down, to +terminate if it is unable to comply (for example due +to faulty server disks) within the timeout. This enables a cluster to +successfully elect a new primary node and thus continue to be available. +.PP +\fBfassertOnLockTimeoutForStepUpDown\f1 defaults to 15 seconds. To disable +nodes from fasserting, set \fBfassertOnLockTimeoutForStepUpDown=0\f1\&. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following example disables nodes from fasserting: +.PP +.EX + mongod \-\-setParameter fassertOnLockTimeoutForStepUpDown=0 +.EE +.RE +.PP +\fBglobalConnPoolIdleTimeoutMinutes\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Sets the time limit that connection in the legacy global connection +pool can remain idle before being closed. +.PP +By default, the parameter is unset. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +.EX + mongos \-\-setParameter globalConnPoolIdleTimeoutMinutes=10 +.EE +.RE +.PP +\fBhttpVerboseLogging\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Adds more verbose tracing for curl on Linux and macOS. Has no affect on Windows. +.PP +By default, the parameter is unset. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +.EX + mongos \-\-setParameter httpVerboseLogging=true +.EE +.RE +.PP +\fBindexBuildMinAvailableDiskSpaceMB\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIDefault\f1: 500 MB +.PP +Sets the minimum available disk space in megabytes required for index +builds. +.PP +Must be greater than or equal to 0 MB, and less than or equal to 8 +TB. 0 disables the minimum disk space requirement. +.PP +A new index build cannot be started and a current index build is +cancelled if the available disk space is below +\fBindexBuildMinAvailableDiskSpaceMB\f1\&. +.PP +If you increase \fBindexBuildMinAvailableDiskSpaceMB\f1, ensure your +server has enough available disk space. Also, if you set +\fBindexBuildMinAvailableDiskSpaceMB\f1 too high, you might +needlessly prevent index builds when there is enough available +disk space and \fBindexBuildMinAvailableDiskSpaceMB\f1 could be +set lower. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following example sets \fBindexBuildMinAvailableDiskSpaceMB\f1 to 650 MB: +.PP +.EX + db.adminCommand( { setParameter: 1, indexBuildMinAvailableDiskSpaceMB: 650 } ) +.EE +.PP +You can also set \fBindexBuildMinAvailableDiskSpaceMB\f1 at startup. +For example: +.PP +.EX + mongod \-\-setParameter indexBuildMinAvailableDiskSpaceMB=650 +.EE +.RE +.PP +\fBindexMaxNumGeneratedKeysPerDocument\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: 100000 +.PP +Limits the maximum number of keys generated for a document to +prevent out of memory errors. It is possible to raise the limit, but +if an operation requires more keys than the +\fBindexMaxNumGeneratedKeysPerDocument\f1\f1 parameter specifies, +the operation will fail. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.RE +.PP +\fBingressAdmissionControllerTicketPoolSize\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIDefault\f1: \fB1000000\f1 +.PP +Controls the maximum number of operations admitted concurrently +to the ingress queue. The default value of \fB1000000\f1 represents the +numerical equivalent of unbounded, which admits all incoming +operations up to the default maximum connections that MongoDB allows. +.PP +Increasing this value while there are operations waiting on the +queue unblocks as many operations as the new pool size permits. +Decreasing this value does not block any currently executing +operations, but incoming controllable operations are blocked +until there are tickets available. +.PP +.EX + mongod \-\-setParameter ingressAdmissionControllerTicketPoolSize=100000 +.EE +.PP +Avoid modifying \fBingressAdmissionControllerTicketPoolSize\f1\f1 +unless directed by MongoDB engineers. This setting has major +implications across both WiredTiger and MongoDB. +.RE +.PP +\fBmaxIndexBuildMemoryUsageMegabytes\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +Limits the amount of memory that simultaneous \fBindex builds\f1 +on one collection may consume for their duration. The specified amount of +memory is shared between all indexes built using a single +\fBcreateIndexes\f1\f1 command or its shell helper +\fBdb.collection.createIndexes()\f1\f1\&. Increasing the limit improves +sorting performance when the index build process generates and sorts index +keys. The memory consumed by an index build is separate from the +WiredTiger cache memory (see \fBcacheSizeGB\f1\f1). +.RS +.IP \(bu 2 +Set this value to 0\-0.8 to limit builds to a percentage of +memory. +.IP \(bu 2 +Set this value to 1.0 or greater to limit builds to an absolute number of +megabytes. +.RE +.PP +If this setting allocates less than 50 MB, \fBmongod\f1 uses a minimum of 50 +MB. If the percentage setting is greater than 0.8, \fBmongod\f1 uses a maximum +of 80% of available memory. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.RE +.PP \fBmaxNumActiveUserIndexBuilds\f1 .RS .PP @@ -1814,10 +2008,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following command sets a limit of 4 concurrent index builds: @@ -1840,26 +2034,26 @@ See also: .PP Available for \fBmongod\f1\f1 only. .PP -Specify whether \fBall\f1 queries must use indexes. If \fB1\f1, MongoDB -will not execute queries that require a collection scan and will return an -error. +Prevents running some collection scans when an index could be used, whether +present or not. If \fBtrue\f1, MongoDB will not execute queries that require +a collection scan and will return an error. Exclusions include queries +without filters and queries against capped collections, such as the oplog. .PP -Consider the following example which sets \fBnotablescan\f1\f1 to \fB1\f1 +Consider the following example which sets \fBnotablescan\f1\f1 to \fBtrue\f1 or true: .PP .EX - db.adminCommand( { setParameter: 1, notablescan: 1 } ) + db.adminCommand( { setParameter: 1, notablescan: true } ) .EE .PP -Setting \fBnotablescan\f1\f1 to \fB1\f1 can be useful for testing +Setting \fBnotablescan\f1\f1 to \fBtrue\f1 can be useful for testing application queries, for example, to identify queries that scan an entire collection and cannot use an index. .PP To detect unindexed queries without \fBnotablescan\f1, consider reading -the \fBAnalyze Query Performance\f1 and -\fBOptimize Query Performance\f1 -sections and using the \fBlogLevel\f1\f1 parameter, -\fBmongostat\f1\f1 and \fBprofiling\f1\&. +the \fBAnalyze Query Performance\f1 section and using +the \fBlogLevel\f1\f1 parameter, \fBmongostat\f1\f1 and +\fBprofiling\f1\&. .PP Don\(aqt run production \fBmongod\f1\f1 instances with \fBnotablescan\f1\f1 because preventing collection scans can potentially @@ -1869,10 +2063,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP \fBnotablescan\f1 does not allow unbounded queries that use a @@ -1880,46 +2074,237 @@ clustered index because the queries require a full collection scan. For more information, see \fBCollection Scans\f1\&. .RE .PP -\fBttlMonitorEnabled\f1 +\fBreportOpWriteConcernCountersInServerStatus\f1 .RS .PP Available for \fBmongod\f1\f1 only. .PP -\fIDefault\f1: \fBtrue\f1 +\fIDefault\f1: false .PP -To support \fBTTL Indexes\f1, \fBmongod\f1\f1 -instances have a background thread that is responsible for deleting -documents from collections with TTL indexes. +A boolean flag that determines whether the +\fBdb.serverStatus()\f1\f1 method and \fBserverStatus\f1\f1 +command return \fBopWriteConcernCounters\f1\f1 information. +.PP +.EX + mongod \-\-setParameter reportOpWriteConcernCountersInServerStatus=true +.EE +.RE +.PP +\fBslowConnectionThresholdMillis\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: 100 +.PP +Sets the time limit in milliseconds to log the establishment of slow +server connections. +.PP +If a connection takes longer to establish than the +\fBslowConnectionThresholdMillis\f1\f1 parameter, an event is +added to the \fBlog\f1 with the message \fBmsg\f1 +field set to \fB"Slow connection establishment"\f1\&. .PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP -To disable this worker thread for a \fBmongod\f1\f1, set -\fBttlMonitorEnabled\f1\f1 to \fBfalse\f1, as in the following -operations: +The following example sets \fBslowConnectionThresholdMillis\f1\f1 +to \fB250\f1 milliseconds. .PP .EX - db.adminCommand( { setParameter: 1, ttlMonitorEnabled: false } ) + mongod \-\-setParameter slowConnectionThresholdMillis=250 .EE .PP -Alternately, you may disable the thread at startup time by starting the -\fBmongod\f1\f1 instance with the following option: +Or, if using the \fBsetParameter\f1\f1 command within +\fBmongosh\f1\f1: .PP .EX - mongod \-\-setParameter ttlMonitorEnabled=false + db.adminCommand( { setParameter: 1, slowConnectionThresholdMillis: 250 } ) +.EE +.RE +.PP +\fBtcmallocAggressiveMemoryDecommit\f1 is deprecated in 8.0. MongoDB 8.0 uses an +updated version of \fBtcmalloc\f1 that improves memory fragmentation and management. +See \fBtcmalloc upgrade\f1 for more information. To release +memory back to the operating system, consider using \fBtcmallocEnableBackgroundThread\f1\f1 +instead. +.PP +\fBtcmallocEnableBackgroundThread\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: boolean +.PP +Default: true +.PP +If set to \fBtrue\f1, \fBtcmallocEnableBackgroundThread\f1 creates a background +thread that periodically releases memory back to the operating system. The +value of \fBtcmallocReleaseRate\f1\f1 determines the rate, in bytes per +second, at which the background thread releases memory. +.PP +If \fBtcmallocEnableBackgroundThread\f1 is \fBtrue\f1 and \fBtcmallocReleaseRate\f1 +is \fB0\f1, MongoDB still releases memory. +.PP +For improved memory usage, we recommend using the default value +of \fBtrue\f1\&. To learn more about improvements to performance and memory +management, see \fBUpgraded TCMalloc\f1\&. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +The following operation sets \fBtcmallocEnableBackgroundThread\f1 +to \fBfalse\f1: +.PP +.EX + mongod \-\-setParameter "tcmallocEnableBackgroundThread=false" +.EE +.RE +.PP +\fBtcmallocReleaseRate\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Default: 0 +.PP +Specifies the TCMalloc release rate (https://github.com/google/tcmalloc/blob/master/docs/tuning.md) +in bytes per second. Release rate refers to the rate at which MongoDB +releases unused memory to the system. If \fBtcmallocReleaseRate\f1 is set to +\fB0\f1 MongoDB doesn\(aqt release memory back to the system. Increase +this value to return memory faster; decrease it to return memory slower. +.PP +If \fBtcmallocEnableBackgroundThread\f1 is \fBtrue\f1 and \fBtcmallocReleaseRate\f1 +is \fB0\f1, MongoDB still releases memory. +.PP +Starting in MongoDB 8.0, the default value of \fBtcmallocReleaseRate\f1 is +reduced to \fB0\f1 due to a \fBtcmalloc upgrade\f1 +that prioritizes CPU performance over memory release. +.PP +In earlier versions, MongoDB used an older version of \fBtcmalloc\f1 that: +.RS +.IP \(bu 2 +Set the default \fBtcmallocReleaseRate\f1 to \fB1\f1\&. +.IP \(bu 2 +Accepted values for \fBtcmallocReleaseRate\f1 between \fB0\f1 and \fB10\f1, +inclusive. +.RE +.PP +If you run MongoDB on a platform that uses \fBtcmalloc\-gperf\f1 such as +Windows, PPC, or s390x, \fBtcmallocReleaseRate\f1 has the same behavior +as earlier MongoDB versions. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +To modify the release rate during run time, you can use the +\fBsetParameter\f1\f1 command. For example: +.PP +.EX + db.adminCommand( { setParameter: 1, tcmallocReleaseRate: 2097152 } ) .EE .PP -Do not run production \fBmongod\f1\f1 instances with -\fBttlMonitorEnabled\f1 disabled, except under guidance from MongoDB -support. Preventing TTL document removal can negatively impact -MongoDB internal system operations that depend on TTL Indexes. +You can also set \fBtcmallocReleaseRate\f1\f1 at startup time; +for example: +.PP +.EX + mongod \-\-setParameter "tcmallocReleaseRate=5.0" +.EE +.RE +.PP +\fBtcpFastOpenClient\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: \fBtrue\f1 +.PP +\fILinux Operating System Only\f1 +.PP +Enables support for outbound TCP Fast Open (TFO) connections from the +\fBmongod/mongos\f1 to a client. TFO requires both the client +and the \fBmongod/mongos\f1 host machine support and enable TFO. +.PP +Linux operating systems running Linux Kernel 4.11 or later can +support outbound TFO. +.PP +Set the value of \fB/proc/sys/net/ipv4/tcp_fastopen\f1 to enable +outbound TFO connections: +.RS +.IP \(bu 2 +\fB1\f1 to enable only outbound TFO connections. +.IP \(bu 2 +\fB3\f1 to enable inbound and outbound TFO connections. +.RE +.PP +This parameter has no effect if the host operating system does not +support \fIor\f1 is not configured to support TFO connections. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +RFC7413 (https://tools.ietf.org/html/rfc7413)\&. +.RE +.PP +\fBtcpFastOpenQueueSize\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: \fB1024\f1 +.PP +As part of establishing a TCP Fast Open (TFO) connection, the client +submits a valid TFO cookie to the \fBmongod/mongos\f1 \fIbefore\f1 +completion of the standard TCP 3\-way handshake. The +\fBmongod/mongos\f1 keeps a queue of all such pending TFO connections. +.PP +The \fBtcpFastOpenQueueSize\f1 parameter sets the size of the queue of +pending TFO connections. While the queue is full, the +\fBmongod/mongos\f1 falls back to the normal three\-way handshake for +incoming client requests and ignores the presence of TFO cookies. +Once the queue size falls back below the limit, the \fBmongod/mongos\f1 +begins accepting new TFO cookies. +.RS +.IP \(bu 2 +Increasing the default queue size may improve the effect of +TFO on network performance. However, large queue sizes also +increase the risk of server resource exhaustion due to excessive +incoming TFO requests. +.IP \(bu 2 +Decreasing the default queue size may reduce the risk of resource +server resource exhaustion due to excessive incoming TFO requests. +However, small queue sizes may also reduce the effect of TFO on +network performance. +.IP +The minimum queue size is \fB0\f1\&. A queue of \fB0\f1 effectively +disables TFO. +.RE +.PP +This parameter has no effect on host operating systems that do +not support or are not configured for TFO connections. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.RS +.IP \(bu 2 +RFC7413 TCP Fast Open Section 5: Security Considerations (https://tools.ietf.org/html/rfc7413#section\-5) +.IP \(bu 2 +RFC7413 TCP Fast Open Section 6: TFO Applicability (https://tools.ietf.org/html/rfc7413#section\-6) +.RE .RE .PP \fBtcpFastOpenServer\f1 @@ -1974,270 +2359,49 @@ support \fIor\f1 is not configured to support TFO connections. This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. .PP -See \fBSupport for TCP Fast Open\f1 for more information on -MongoDB TFO support. -.PP RFC7413 (https://tools.ietf.org/html/rfc7413)\&. .RE .PP -\fBtcpFastOpenClient\f1 +\fBttlMonitorEnabled\f1 .RS .PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +Available for \fBmongod\f1\f1 only. .PP \fIDefault\f1: \fBtrue\f1 .PP -\fILinux Operating System Only\f1 -.PP -Enables support for outbound TCP Fast Open (TFO) connections from the -\fBmongod/mongos\f1 to a client. TFO requires both the client -and the \fBmongod/mongos\f1 host machine support and enable TFO. -.PP -Linux operating systems running Linux Kernel 4.11 or later can -support outbound TFO. -.PP -Set the value of \fB/proc/sys/net/ipv4/tcp_fastopen\f1 to enable -outbound TFO connections: -.RS -.IP \(bu 2 -\fB1\f1 to enable only outbound TFO connections. -.IP \(bu 2 -\fB3\f1 to enable inbound and outbound TFO connections. -.RE -.PP -This parameter has no effect if the host operating system does not -support \fIor\f1 is not configured to support TFO connections. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -See \fBSupport for TCP Fast Open\f1 for more information on -MongoDB TFO support. -.PP -RFC7413 (https://tools.ietf.org/html/rfc7413)\&. -.RE -.PP -\fBtcpFastOpenQueueSize\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIDefault\f1: \fB1024\f1 -.PP -As part of establishing a TCP Fast Open (TFO) connection, the client -submits a valid TFO cookie to the \fBmongod/mongos\f1 \fIbefore\f1 -completion of the standard TCP 3\-way handshake. The -\fBmongod/mongos\f1 keeps a queue of all such pending TFO connections. -.PP -The \fBtcpFastOpenQueueSize\f1 parameter sets the size of the queue of -pending TFO connections. While the queue is full, the -\fBmongod/mongos\f1 falls back to the normal three\-way handshake for -incoming client requests and ignores the presence of TFO cookies. -Once the queue size falls back below the limit, the \fBmongod/mongos\f1 -begins accepting new TFO cookies. -.RS -.IP \(bu 2 -Increasing the default queue size may improve the effect of -TFO on network performance. However, large queue sizes also -increase the risk of server resource exhaustion due to excessive -incoming TFO requests. -.IP \(bu 2 -Decreasing the default queue size may reduce the risk of resource -server resource exhaustion due to excessive incoming TFO requests. -However, small queue sizes may also reduce the effect of TFO on -network performance. -.IP -The minimum queue size is \fB0\f1\&. A queue of \fB0\f1 effectively -disables TFO. -.RE -.PP -This parameter has no effect on host operating systems that do -not support or are not configured for TFO connections. See -\fBSupport for TCP Fast Open\f1 for more information on -MongoDB TFO support. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.RS -.IP \(bu 2 -RFC7413 TCP Fast Open Section 5: Security Considerations (https://tools.ietf.org/html/rfc7413#section\-5) -.IP \(bu 2 -RFC7413 TCP Fast Open Section 6: TFO Applicability (https://tools.ietf.org/html/rfc7413#section\-6) -.RE -.RE -.PP -\fBdisableJavaScriptJIT\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -The MongoDB JavaScript engine uses SpiderMonkey, which implements -Just\-in\-Time (JIT) compilation for improved performance when running scripts. +To support \fBTTL Indexes\f1, \fBmongod\f1\f1 +instances have a background thread that is responsible for deleting +documents from collections with TTL indexes. .PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP -To enable the JIT, set \fBdisableJavaScriptJIT\f1\f1 to \fBfalse\f1, as in -the following example: +To disable this worker thread for a \fBmongod\f1\f1, set +\fBttlMonitorEnabled\f1\f1 to \fBfalse\f1, as in the following +operations: .PP .EX - db.adminCommand( { setParameter: 1, disableJavaScriptJIT: false } ) + db.adminCommand( { setParameter: 1, ttlMonitorEnabled: false } ) .EE .PP -\fB$where\f1\f1 will reuse existing JavaScript interpreter -contexts, so changes to \fBdisableJavaScriptJIT\f1\f1 may not -take effect immediately for these operations. -.PP -Alternately, you may enable the JIT at startup time by starting the +Alternately, you may disable the thread at startup time by starting the \fBmongod\f1\f1 instance with the following option: .PP .EX - mongod \-\-setParameter disableJavaScriptJIT=false -.EE -.RE -.PP -\fBindexBuildMinAvailableDiskSpaceMB\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIDefault\f1: 500 MB -.PP -Sets the minimum available disk space in megabytes required for index -builds. -.PP -Must be greater than or equal to 0 MB, and less than or equal to 8 -TB. 0 disables the minimum disk space requirement. -.PP -A new index build cannot be started and a current index build is -cancelled if the available disk space is below -\fBindexBuildMinAvailableDiskSpaceMB\f1\&. -.PP -If you increase \fBindexBuildMinAvailableDiskSpaceMB\f1, ensure your -server has enough available disk space. Also, if you set -\fBindexBuildMinAvailableDiskSpaceMB\f1 too high, you might -needlessly prevent index builds when there is enough available -disk space and \fBindexBuildMinAvailableDiskSpaceMB\f1 could be -set lower. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets \fBindexBuildMinAvailableDiskSpaceMB\f1 to 650 MB: -.PP -.EX - db.adminCommand( { setParameter: 1, indexBuildMinAvailableDiskSpaceMB: 650 } ) + mongod \-\-setParameter ttlMonitorEnabled=false .EE .PP -You can also set \fBindexBuildMinAvailableDiskSpaceMB\f1 at startup. -For example: -.PP -.EX - mongod \-\-setParameter indexBuildMinAvailableDiskSpaceMB=650 -.EE -.RE -.PP -\fBindexMaxNumGeneratedKeysPerDocument\f1 -.RS -.PP -\fIDefault\f1: 100000 -.PP -Limits the maximum number of keys generated for a document to -prevent out of memory errors. It is possible to raise the limit, but -if an operation requires more keys than the -\fBindexMaxNumGeneratedKeysPerDocument\f1\f1 parameter specifies, -the operation will fail. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.RE -.PP -\fBmaxIndexBuildMemoryUsageMegabytes\f1 -.RS -.PP -\fIDefault\f1: 200 -.PP -Limits the amount of memory that simultaneous index -builds on one collection may consume for the duration of the -builds. The specified amount of memory is shared between all -indexes built using a single -\fBcreateIndexes\f1\f1 command or its shell helper -\fBdb.collection.createIndexes()\f1\f1\&. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The memory consumed by an index build is separate from the -WiredTiger cache memory (see -\fBcacheSizeGB\f1\f1). -.PP -\fBmaxIndexBuildMemoryUsageMegabytes\f1 sets a limit on how much -memory the index build uses at once. This can impact performance -when the \fBindex build process\f1 generates -and sorts keys for the index. Increasing the memory limit -improves sorting performance during an index build. -.PP -Index builds may be initiated either by a user command such as -\fBcreateIndexes\f1\f1 or by an administrative process such as an -\fBinitial sync\f1\&. Both are subject to the limit -set by \fBmaxIndexBuildMemoryUsageMegabytes\f1\f1\&. -.PP -An \fBinitial sync\f1 populates only one collection -at a time and has no risk of exceeding the memory limit. However, it is -possible for a user to start index builds on multiple collections in -multiple databases simultaneously and potentially consume an amount of -memory greater than the limit set by -\fBmaxIndexBuildMemoryUsageMegabytes\f1\f1\&. -.PP -To minimize the impact of building an index on replica sets and -sharded clusters with replica set shards, use a rolling index build -procedure as described on \fBRolling Index Builds on Replica Sets\f1\&. -.PP -Changing \fBmaxIndexBuildMemoryUsageMegabytes\f1 does not affect an -in progress index build if it has already started a collection scan. -However, a forced replica set reconfiguration restarts the collection -scan and uses the most current -\fBmaxIndexBuildMemoryUsageMegabytes\f1 provided. -.RS -.IP \(bu 2 -For \fBfeature compatibility version (fcv)\f1 \fB"4.2"\f1 -and later, the index build memory limit applies to all index builds. -.RE -.RE -.PP -\fBreportOpWriteConcernCountersInServerStatus\f1 -.RS -.PP -\fIDefault\f1: false -.PP -A boolean flag that determines whether the -\fBdb.serverStatus()\f1\f1 method and \fBserverStatus\f1\f1 -command return \fBopWriteConcernCounters\f1\f1 information. -.PP -.EX - mongod \-\-setParameter reportOpWriteConcernCountersInServerStatus=true -.EE +Do not run production \fBmongod\f1\f1 instances with +\fBttlMonitorEnabled\f1 disabled, except under guidance from MongoDB +support. Preventing TTL document removal can negatively impact +MongoDB internal system operations that depend on TTL Indexes. .RE .PP \fBwatchdogPeriodSeconds\f1 @@ -2319,592 +2483,8 @@ It is an error to set \fBwatchdogPeriodSeconds\f1\f1 at run time if the \fBStorage Node Watchdog\f1 was not enabled at startup time. .RE -.PP -\fBtcmallocAggressiveMemoryDecommit\f1 -.RS -.PP -To release memory back to the operating system, consider using -\fBtcmallocEnableBackgroundThread\f1\f1 instead. -.PP -\fIType\f1: integer (\fB0\f1 or \fB1\f1 only) -.PP -Default: 0 -.PP -If you enable \fBtcmallocAggressiveMemoryDecommit\f1, MongoDB: -.RS -.IP \(bu 2 -releases a \fBchunk\f1 of memory to system, and -.IP \(bu 2 -attempts to return all neighboring free chunks. -.RE -.PP -A value of \fB1\f1 enables \fBtcmallocAggressiveMemoryDecommit\f1; -\fB0\f1 disables this parameter. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -If you enable this parameter, the system will require new memory allocations -for use. Consider enabling \fBtcmallocAggressiveMemoryDecommit\f1 -only on memory\-constrained systems and after pursuing other memory and -performance options. -.RE -.PP -\fBtcmallocEnableBackgroundThread\f1 -.RS -.PP -\fIType\f1: boolean -.PP -Default: true -.PP -If set to \fBtrue\f1, \fBtcmallocEnableBackgroundThread\f1 creates a background -thread that periodically releases memory back to the operating system. The -value of \fBtcmallocReleaseRate\f1\f1 determines the rate, in bytes per -second, at which the background thread releases memory. -.PP -If \fBtcmallocEnableBackgroundThread\f1 is \fBtrue\f1 and \fBtcmallocReleaseRate\f1 -is \fB0\f1, MongoDB still releases memory. -.PP -For improved memory usage, we recommend using the default value -of \fBtrue\f1\&. To learn more about improvements to performance and memory -management, see \fBUpgraded TCMalloc\f1\&. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -The following operation sets \fBtcmallocEnableBackgroundThread\f1 -to \fBfalse\f1: -.PP -.EX - mongod \-\-setParameter "tcmallocEnableBackgroundThread=false" -.EE -.RE -.PP -\fBtcmallocReleaseRate\f1 -.RS -.PP -Default: 0 -.PP -Specifies the tcmalloc release rate (https://github.com/google/tcmalloc/blob/master/docs/tuning.md) -in bytes per second. Release rate refers to the rate at which MongoDB -releases unused memory to the system. If \fBtcmallocReleaseRate\f1 is set to -\fB0\f1 MongoDB doesn\(aqt release memory back to the system. Increase -this value to return memory faster; decrease it to return memory slower. -.PP -If \fBtcmallocEnableBackgroundThread\f1 is \fBtrue\f1 and \fBtcmallocReleaseRate\f1 -is \fB0\f1, MongoDB still releases memory. -.PP -Starting in MongoDB 8.0, the default value of \fBtcmallocReleaseRate\f1 is -reduced to \fB0\f1 due to a \fBtcmalloc upgrade\f1 -that prioritizes CPU performance over memory release. Earlier versions of -MongoDB used an older version of \fBtcmalloc\f1 that set the default -\fBtcmallocReleaseRate\f1 to \fB1\f1 to balance memory release and performance. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -To modify the release rate during run time, you can use the -\fBsetParameter\f1\f1 command; for example: -.PP -.EX - db.adminCommand( { setParameter: 1, tcmallocReleaseRate: 5.0 } ) -.EE -.PP -You can also set \fBtcmallocReleaseRate\f1\f1 at startup time; -for example: -.PP -.EX - mongod \-\-setParameter "tcmallocReleaseRate=5.0" -.EE -.RE -.PP -\fBfassertOnLockTimeoutForStepUpDown\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -Default: 15 seconds -.PP -Allows a server that receives a request to step up or step down, to -terminate if it is unable to comply (for example due -to faulty server disks) within the timeout. This enables a cluster to -successfully elect a new primary node and thus continue to be available. -.PP -\fBfassertOnLockTimeoutForStepUpDown\f1 defaults to 15 seconds. To disable -nodes from fasserting, set \fBfassertOnLockTimeoutForStepUpDown=0\f1\&. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example disables nodes from fasserting: -.PP -.EX - mongod \-\-setParameter fassertOnLockTimeoutForStepUpDown=0 -.EE -.RE .SS LOGGING PARAMETERS .PP -\fBlogLevel\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -Specify an integer between \fB0\f1 and \fB5\f1 signifying the verbosity -of the \fBlogging\f1, where \fB5\f1 is the -most verbose. -.PP -The default \fBlogLevel\f1\f1 is \fB0\f1 (Informational). -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets the \fBlogLevel\f1\f1 to \fB2\f1: -.PP -.EX - db.adminCommand( { setParameter: 1, logLevel: 2 } ) -.EE -.RS -.IP \(bu 2 -\fBlogComponentVerbosity\f1\f1 -.IP \(bu 2 -\fBsystemLog.verbosity\f1\f1 -.RE -.RE -.PP -\fBlogComponentVerbosity\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -Sets the verbosity levels of various \fBcomponents\f1 for \fBlog messages\f1\&. The verbosity level determines the -amount of \fBInformational and Debug\f1 -messages MongoDB outputs. -.PP -The verbosity level can range from \fB0\f1 to \fB5\f1: -.RS -.IP \(bu 2 -\fB0\f1 is the MongoDB\(aqs default log verbosity level, to include -\fBInformational\f1 messages. -.IP \(bu 2 -\fB1\f1 to \fB5\f1 increases the verbosity level to include -\fBDebug\f1 messages. -.RE -.PP -For a component, you can also specify \fB\-1\f1 to inherit the parent\(aqs -verbosity level. -.PP -To specify the verbosity level, use a document similar to the -following: -.PP -.EX - { - verbosity: , - : { verbosity: }, - : { - verbosity: , - : { verbosity: } - }, - ... - } -.EE -.PP -For the components, you can specify just the \fB: \f1 -in the document, unless you are setting both the parent verbosity -level and that of the child component(s) as well: -.PP -.EX - { - verbosity: , - : , - : { - verbosity: , - : - } - ... - } -.EE -.PP -The top\-level \fBverbosity\f1 field corresponds to -\fBsystemLog.verbosity\f1\f1 which sets the default level for all -components. The default value of \fBsystemLog.verbosity\f1\f1 is -\fB0\f1\&. -.PP -The components correspond to the following settings: -.RS -.IP \(bu 2 -\fBaccessControl\f1\f1 -.IP \(bu 2 -\fBcommand\f1\f1 -.IP \(bu 2 -\fBcontrol\f1\f1 -.IP \(bu 2 -\fBftdc\f1\f1 -.IP \(bu 2 -\fBgeo\f1\f1 -.IP \(bu 2 -\fBindex\f1\f1 -.IP \(bu 2 -\fBnetwork\f1\f1 -.IP \(bu 2 -\fBquery\f1\f1 -.IP \(bu 2 -\fBreplication\f1\f1 -.IP \(bu 2 -\fBreplication.election\f1\f1 -.IP \(bu 2 -\fBreplication.heartbeats\f1\f1 -.IP \(bu 2 -\fBreplication.initialSync\f1\f1 -.IP \(bu 2 -\fBreplication.rollback\f1\f1 -.IP \(bu 2 -\fBrecovery\f1\f1 -.IP \(bu 2 -\fBsharding\f1\f1 -.IP \(bu 2 -\fBstorage\f1\f1 -.IP \(bu 2 -\fBstorage.journal\f1\f1 -.IP \(bu 2 -\fBtransaction\f1\f1 -.IP \(bu 2 -\fBwrite\f1\f1 -.RE -.PP -Unless explicitly set, the component has the verbosity level of its -parent. For example, \fBstorage\f1 is the parent of -\fBstorage.journal\f1\&. That is, if you specify a \fBstorage\f1\f1 verbosity level, this level -also applies to: -.RS -.IP \(bu 2 -\fBstorage.journal\f1\f1 components -\fIunless\f1 you specify the verbosity level for -\fBstorage.journal\f1\f1\&. -.IP \(bu 2 -\fBstorage.recovery\f1\f1 components -\fIunless\f1 you specify the verbosity level for -\fBstorage.recovery\f1\f1\&. -.RE -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -For example, the following sets the \fBdefault verbosity -level\f1\f1 to \fB1\f1, the \fBquery\f1\f1 to \fB2\f1, the -\fBstorage\f1\f1 to \fB2\f1, -and the \fBstorage.journal\f1\f1 to \fB1\f1\&. -.PP -.EX - db.adminCommand( { - setParameter: 1, - logComponentVerbosity: { - verbosity: 1, - query: { verbosity: 2 }, - storage: { - verbosity: 2, - journal: { - verbosity: 1 - } - } - } - } ) -.EE -.PP -You can also set parameter \fBlogComponentVerbosity\f1\f1 at -startup time, passing the verbosity level document as a string. -.PP -.EX - mongod \-\-setParameter "logComponentVerbosity={command: 3}" -.EE -.PP -\fBmongosh\f1\f1 also provides the \fBdb.setLogLevel()\f1\f1 -to set the log level for a single component. For various ways to set -the log verbosity level, see \fBConfigure Log Verbosity Levels\f1\&. -.RE -.PP -\fBmaxLogSizeKB\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: non\-negative integer -.PP -\fIDefault\f1: 10 -.PP -Specifies the maximum size, in kilobytes, for an individual -attribute field in a log entry; attributes exceeding this limit are -truncated. -.PP -Truncated attribute fields print field content up to the -\fBmaxLogSizeKB\f1\f1 limit and excise field content past that -limit, retaining valid JSON formatting. Log entries that contain -truncated attributes append a \fBtruncated\f1 object to the end of the -log entry. -.PP -See \fBlog message truncation\f1 for more -information. -.PP -A value of \fB0\f1 disables truncation entirely. Negative values for -this parameter are not valid. -.PP -Using a large value, or disabling truncation with a value of -\fB0\f1, may adversely affect system performance and negatively -impact database operations. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets the maximum log line size to \fB20\f1 -kilobytes: -.PP -.EX - mongod \-\-setParameter maxLogSizeKB=20 -.EE -.RE -.PP -\fBprofileOperationResourceConsumptionMetrics\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: false -.PP -Flag that determines whether operations collect resource -consumption metrics and report them in the slow query logs. -If you enable \fBprofiling\f1, -these metrics are also included. -.PP -If set to \fBtrue\f1, running the \fBexplain\f1\f1 command -returns \fBoperationMetrics\f1 when the verbosity -is \fBexecutionStats\f1 or higher. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.RE -.PP -\fBquiet\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -Sets quiet logging mode. If -\fB1\f1, \fBmongod\f1\f1 will go into a quiet logging -mode which will not log the following events/activities: -.RS -.IP \(bu 2 -connection events; -.IP \(bu 2 -the \fBdrop\f1\f1 command, the -\fBdropIndexes\f1\f1 command, the -\fBvalidate\f1\f1 command; and -.IP \(bu 2 -replication synchronization activities. -.RE -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -Consider the following example which sets the -\fBquiet\f1 parameter to \fB1\f1: -.PP -.EX - db.adminCommand( { setParameter: 1, quiet: 1 } ) -.EE -.PP -\fBsystemLog.quiet\f1\f1 -.RE -.PP -\fBredactClientLogData\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: boolean -.PP -Available in MongoDB Enterprise only. -.PP -Configure the \fBmongod\f1\f1 or \fBmongos\f1\f1 to -redact any message accompanying a given log event before logging. -This prevents the program from writing potentially sensitive data -stored on the database to the diagnostic log. Metadata such as error -or operation codes, line numbers, and source file names are still -visible in the logs. -.PP -Use \fBredactClientLogData\f1\f1 in conjunction with -\fBEncryption at Rest\f1 and -\fBTLS/SSL (Transport Encryption)\f1 to assist compliance with -regulatory requirements. -.PP -To enable log redaction at startup, you can either: -.RS -.IP \(bu 2 -Start \fBmongod\f1\f1 with the -\fB\-\-redactClientLogData\f1\f1 option: -.IP -.EX - mongod \-\-redactClientLogData -.EE -.IP \(bu 2 -Set the \fBsecurity.redactClientLogData\f1\f1 option in the -\fBconfiguration file\f1: -.IP -.EX - security: - redactClientLogData: true - ... -.EE -.RE -.PP -You can\(aqt use the \fB\-\-setParameter\f1\f1 -option to set \fBredactClientLogData\f1\f1 at startup. -.PP -To enable log redaction on a running \fBmongod\f1 or -\fBmongos\f1, use the following command: -.PP -.EX - db.adminCommand( { setParameter: 1, redactClientLogData : true } ) -.EE -.PP -\fBsecurity.redactClientLogData\f1\f1 -.RE -.PP -\fBredactEncryptedFields\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: \fBtrue\f1 -.PP -Configures \fBmongod\f1\f1 and \fBmongos\f1\f1 to redact field values -of encrypted \fBBinary\f1\f1 data from all -\fBlog messages\f1\&. -.RS -.IP \(bu 2 -If the \fBredactClientLogData\f1\f1 parameter or the -\fBsecurity.redactClientLogData\f1\f1 setting is set to \fBfalse\f1 and -\fBredactEncryptedFields\f1 is set to \fBtrue\f1 (the default), encrypted -fields are redacted from all log messages. -.IP \(bu 2 -If the \fBredactClientLogData\f1\f1 parameter or -\fBsecurity.redactClientLogData\f1\f1 setting is set to \fBtrue\f1, -all fields are redacted, regardless of the \fBredactEncryptedFields\f1 -setting. -.RE -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.RE -.PP -\fBtraceExceptions\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -Configures \fBmongod\f1\f1 to log full source code stack traces -for every database and socket C++ exception, for use with debugging. -If \fBtrue\f1, \fBmongod\f1\f1 will log full stack traces. -.PP -This parameter is only available at runtime. To set the -parameter, use the \fBsetParameter\f1\f1 command. -.PP -Consider the following example which sets the -\fBtraceExceptions\f1 to \fBtrue\f1: -.PP -.EX - db.adminCommand( { setParameter: 1, traceExceptions: true } ) -.EE -.PP -\fBsystemLog.traceAllExceptions\f1\f1 -.RE -.PP -\fBsuppressNoTLSPeerCertificateWarning\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: false -.PP -By default, a \fBmongod\f1\f1 or \fBmongos\f1\f1 with -\fBTLS/SSL enabled\f1 and -\fBnet.ssl.allowConnectionsWithoutCertificates\f1 : \fBtrue\f1 -lets clients connect without providing a certificate for -validation while logging an warning. Set -\fBsuppressNoTLSPeerCertificateWarning\f1 to \fB1\f1 or \fBtrue\f1 to -suppress those warnings. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -The following operation sets \fBsuppressNoTLSPeerCertificateWarning\f1 -to \fBtrue\f1: -.PP -.EX - db.adminCommand( { setParameter: 1, suppressNoTLSPeerCertificateWarning: true} ) -.EE -.RE -.PP \fBenableDetailedConnectionHealthMetricLogLines\f1 .RS .PP @@ -3025,12 +2605,438 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .RE +.PP +\fBlogComponentVerbosity\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: 0 +.PP +Sets the verbosity levels of various \fBcomponents\f1 for \fBlog messages\f1\&. The verbosity level determines the +amount of \fBInformational and Debug\f1 +messages MongoDB outputs. +.PP +The verbosity level can range from \fB0\f1 to \fB5\f1: +.RS +.IP \(bu 2 +\fB0\f1 is the MongoDB\(aqs default log verbosity level, to include +\fBInformational\f1 messages. +.IP \(bu 2 +\fB1\f1 to \fB5\f1 increases the verbosity level to include +\fBDebug\f1 messages. +.RE +.PP +For a component, you can also specify \fB\-1\f1 to inherit the parent\(aqs +verbosity level. +.PP +To specify the verbosity level, use a document similar to the +following: +.PP +.EX + { + verbosity: , + : { verbosity: }, + : { + verbosity: , + : { verbosity: } + }, + ... + } +.EE +.PP +For the components, you can specify just the \fB: \f1 +in the document, unless you are setting both the parent verbosity +level and that of the child component(s) as well: +.PP +.EX + { + verbosity: , + : , + : { + verbosity: , + : + } + ... + } +.EE +.PP +The top\-level \fBverbosity\f1 field corresponds to +\fBsystemLog.verbosity\f1\f1 which sets the default level for all +components. The default value of \fBsystemLog.verbosity\f1\f1 is +\fB0\f1\&. +.PP +The components correspond to the following settings: +.RS +.IP \(bu 2 +\fBaccessControl\f1\f1 +.IP \(bu 2 +\fBassert\f1\f1 +.IP \(bu 2 +\fBcommand\f1\f1 +.IP \(bu 2 +\fBcontrol\f1\f1 +.IP \(bu 2 +\fBftdc\f1\f1 +.IP \(bu 2 +\fBgeo\f1\f1 +.IP \(bu 2 +\fBindex\f1\f1 +.IP \(bu 2 +\fBnetwork\f1\f1 +.IP \(bu 2 +\fBquery\f1\f1 +.IP \(bu 2 +\fBquery.rejected\f1\f1 +.IP \(bu 2 +\fBqueryStats\f1\f1 +.IP \(bu 2 +\fBreplication\f1\f1 +.IP \(bu 2 +\fBreplication.election\f1\f1 +.IP \(bu 2 +\fBreplication.heartbeats\f1\f1 +.IP \(bu 2 +\fBreplication.initialSync\f1\f1 +.IP \(bu 2 +\fBreplication.rollback\f1\f1 +.IP \(bu 2 +\fBrecovery\f1\f1 +.IP \(bu 2 +\fBsharding\f1\f1 +.IP \(bu 2 +\fBstorage\f1\f1 +.IP \(bu 2 +\fBstorage.journal\f1\f1 +.IP \(bu 2 +\fBtransaction\f1\f1 +.IP \(bu 2 +\fBwrite\f1\f1 +.RE +.PP +Unless explicitly set, the component has the verbosity level of its +parent. For example, \fBstorage\f1 is the parent of +\fBstorage.journal\f1\&. That is, if you specify a \fBstorage\f1\f1 verbosity level, this level +also applies to: +.RS +.IP \(bu 2 +\fBstorage.journal\f1\f1 components +\fIunless\f1 you specify the verbosity level for +\fBstorage.journal\f1\f1\&. +.IP \(bu 2 +\fBstorage.recovery\f1\f1 components +\fIunless\f1 you specify the verbosity level for +\fBstorage.recovery\f1\f1\&. +.RE +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +For example, the following sets the \fBdefault verbosity +level\f1\f1 to \fB1\f1, the \fBquery\f1\f1 to \fB2\f1, the +\fBstorage\f1\f1 to \fB2\f1, +and the \fBstorage.journal\f1\f1 to \fB1\f1\&. +.PP +.EX + db.adminCommand( { + setParameter: 1, + logComponentVerbosity: { + verbosity: 1, + query: { verbosity: 2 }, + storage: { + verbosity: 2, + journal: { + verbosity: 1 + } + } + } + } ) +.EE +.PP +You can also set parameter \fBlogComponentVerbosity\f1\f1 at +startup time, passing the verbosity level document as a string. +.PP +.EX + mongod \-\-setParameter "logComponentVerbosity={command: 3}" +.EE +.PP +\fBmongosh\f1\f1 also provides the \fBdb.setLogLevel()\f1\f1 +to set the log level for a single component. For various ways to set +the log verbosity level, see \fBConfigure Log Verbosity Levels\f1\&. +.RE +.PP +\fBlogLevel\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: 0 (informational) +.PP +Specify an integer between \fB0\f1 and \fB5\f1 signifying the verbosity +of the \fBlogging\f1, where \fB5\f1 is the +most verbose. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following example sets the \fBlogLevel\f1\f1 to \fB2\f1: +.PP +.EX + db.adminCommand( { setParameter: 1, logLevel: 2 } ) +.EE +.RS +.IP \(bu 2 +\fBlogComponentVerbosity\f1\f1 +.IP \(bu 2 +\fBsystemLog.verbosity\f1\f1 +.RE +.RE +.PP +\fBmaxLogSizeKB\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: non\-negative integer +.PP +\fIDefault\f1: 10 +.PP +Specifies the maximum size, in kilobytes, for an individual +attribute field in a log entry; attributes exceeding this limit are +truncated. +.PP +Truncated attribute fields print field content up to the +\fBmaxLogSizeKB\f1\f1 limit and excise field content past that +limit, retaining valid JSON formatting. Log entries that contain +truncated attributes append a \fBtruncated\f1 object to the end of the +log entry. +.PP +See \fBlog message truncation\f1 for more +information. +.PP +A value of \fB0\f1 disables truncation entirely. Negative values for +this parameter are not valid. +.PP +Using a large value, or disabling truncation with a value of +\fB0\f1, may adversely affect system performance and negatively +impact database operations. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following example sets the maximum log line size to \fB20\f1 +kilobytes: +.PP +.EX + mongod \-\-setParameter maxLogSizeKB=20 +.EE +.RE +.PP +\fBquiet\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Sets quiet logging mode. If +\fB1\f1, \fBmongod\f1\f1 will go into a quiet logging +mode which will not log the following events/activities: +.RS +.IP \(bu 2 +connection events; +.IP \(bu 2 +the \fBdrop\f1\f1 command, the +\fBdropIndexes\f1\f1 command, the +\fBvalidate\f1\f1 command; and +.IP \(bu 2 +replication synchronization activities. +.RE +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +Consider the following example which sets the +\fBquiet\f1 parameter to \fB1\f1: +.PP +.EX + db.adminCommand( { setParameter: 1, quiet: 1 } ) +.EE +.PP +\fBsystemLog.quiet\f1\f1 +.RE +.PP +\fBredactClientLogData\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: boolean +.PP +Available in MongoDB Enterprise only. +.PP +Configure the \fBmongod\f1\f1 or \fBmongos\f1\f1 to +redact any message accompanying a given log event before logging. +This prevents the program from writing potentially sensitive data +stored on the database to the diagnostic log. Metadata such as error +or operation codes, line numbers, and source file names are still +visible in the logs. +.PP +Use \fBredactClientLogData\f1\f1 in conjunction with +\fBEncryption at Rest\f1 and +\fBTLS/SSL (Transport Encryption)\f1 to assist compliance with +regulatory requirements. +.PP +To enable log redaction at startup, you can either: +.RS +.IP \(bu 2 +Start \fBmongod\f1\f1 with the +\fB\-\-redactClientLogData\f1\f1 option: +.IP +.EX + mongod \-\-redactClientLogData +.EE +.IP \(bu 2 +Set the \fBsecurity.redactClientLogData\f1\f1 option in the +\fBconfiguration file\f1: +.IP +.EX + security: + redactClientLogData: true + ... +.EE +.RE +.PP +You can\(aqt use the \fB\-\-setParameter\f1\f1 +option to set \fBredactClientLogData\f1\f1 at startup. +.PP +To enable log redaction on a running \fBmongod\f1 or +\fBmongos\f1, use the following command: +.PP +.EX + db.adminCommand( { setParameter: 1, redactClientLogData : true } ) +.EE +.PP +\fBsecurity.redactClientLogData\f1\f1 +.RE +.PP +\fBredactEncryptedFields\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: \fBtrue\f1 +.PP +Configures \fBmongod\f1\f1 and \fBmongos\f1\f1 to redact field values +of encrypted \fBBinary\f1\f1 data from all +\fBlog messages\f1\&. +.RS +.IP \(bu 2 +If the \fBredactClientLogData\f1\f1 parameter or the +\fBsecurity.redactClientLogData\f1\f1 setting is set to \fBfalse\f1 and +\fBredactEncryptedFields\f1 is set to \fBtrue\f1 (the default), encrypted +fields are redacted from all log messages. +.IP \(bu 2 +If the \fBredactClientLogData\f1\f1 parameter or +\fBsecurity.redactClientLogData\f1\f1 setting is set to \fBtrue\f1, +all fields are redacted, regardless of the \fBredactEncryptedFields\f1 +setting. +.RE +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.RE +.PP +\fBsuppressNoTLSPeerCertificateWarning\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: false +.PP +By default, a \fBmongod\f1\f1 or \fBmongos\f1\f1 with +\fBTLS/SSL enabled\f1 and +\fBnet.ssl.allowConnectionsWithoutCertificates\f1 : \fBtrue\f1 +lets clients connect without providing a certificate for +validation while logging an warning. Set +\fBsuppressNoTLSPeerCertificateWarning\f1 to \fB1\f1 or \fBtrue\f1 to +suppress those warnings. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +The following operation sets \fBsuppressNoTLSPeerCertificateWarning\f1 +to \fBtrue\f1: +.PP +.EX + db.adminCommand( { setParameter: 1, suppressNoTLSPeerCertificateWarning: true} ) +.EE +.RE +.PP +\fBtraceExceptions\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Configures \fBmongod\f1\f1 to log full source code stack traces +for every database and socket C++ exception, for use with debugging. +If \fBtrue\f1, \fBmongod\f1\f1 will log full stack traces. +.PP +This parameter is only available at runtime. To set the +parameter, use the \fBsetParameter\f1\f1 command. +.PP +Consider the following example which sets the +\fBtraceExceptions\f1 to \fBtrue\f1: +.PP +.EX + db.adminCommand( { setParameter: 1, traceExceptions: true } ) +.EE +.PP +\fBsystemLog.traceAllExceptions\f1\f1 +.RE .SS DIAGNOSTIC PARAMETERS .PP To facilitate analysis of the MongoDB server behavior by MongoDB @@ -3062,35 +3068,6 @@ with minimal impact on performance and storage size. Typically, these values will only need modifications as requested by MongoDB engineers for specific diagnostic purposes. .PP -\fBdiagnosticDataCollectionEnabled\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: true -.PP -Determines whether to enable the collecting and logging of data for -diagnostic purposes. Diagnostic logging is enabled by default. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -For example, the following disables the diagnostic collection: -.PP -.EX - mongod \-\-setParameter diagnosticDataCollectionEnabled=false -.EE -.RE -.PP \fBdiagnosticDataCollectionDirectoryPath\f1 .RS .PP @@ -3127,10 +3104,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .RE .PP @@ -3141,21 +3118,27 @@ Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: integer .PP -\fIDefault\f1: 200 +\fIDefault\f1: \fB250\f1 (\fB500\f1 in sharded clusters) .PP Specifies the maximum size, in megabytes, of the \fBdiagnostic.data\f1 directory. If directory size exceeds this number, the oldest diagnostic files in the directory are automatically deleted based on the timestamp in the file name. .PP +\fBdiagnosticDataCollectionDirectorySizeMB\f1 has a default +value of 400 MB for \fBmongos\f1\f1 and \fBmongod\f1\f1 +instances used in sharded clusters. \fBmongod\f1 instances used +in replica set or as standalone servers have a default value +of 200 MB. +.PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP For example, the following sets the maximum size of the directory to @@ -3172,6 +3155,35 @@ be greater than maximum diagnostic file size \fBdiagnosticDataCollectionFileSizeMB\f1\f1\&. .RE .PP +\fBdiagnosticDataCollectionEnabled\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: true +.PP +Determines whether to enable the collecting and logging of data for +diagnostic purposes. Diagnostic logging is enabled by default. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +For example, the following disables the diagnostic collection: +.PP +.EX + mongod \-\-setParameter diagnosticDataCollectionEnabled=false +.EE +.RE +.PP \fBdiagnosticDataCollectionFileSizeMB\f1 .RS .PP @@ -3188,10 +3200,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP For example, the following sets the maximum size of each diagnostic @@ -3221,10 +3233,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP For example, the following sets the interval to @@ -3240,6 +3252,107 @@ milliseconds. .RE .SS REPLICATION AND CONSISTENCY .PP +\fBallowMultipleArbiters\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: false +.PP +Specifies whether the replica set allows the use of multiple arbiters. +.PP +The use of multiple arbiters is not recommended: +.RS +.IP \(bu 2 +Multiple arbiters prevent the reliable use of the majority write concern. +MongoDB counts arbiters in calculating a membership majority, but arbiters +do not store data. With the inclusion of multiple arbiters, it\(aqs possible +for a majority write operation to return success before the write replicates +to a majority of data bearing nodes. +.IP \(bu 2 +Multiple arbiters allow replica sets to accept writes even when the +replica set doesn\(aqt have sufficient secondaries for data replication. +.RE +.PP +For more information, see +\fBConcerns with Multiple Arbiters\f1\&. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +.EX + mongod \-\-setParameter allowMultipleArbiters=true +.EE +.RE +.PP +\fBconnectTimeoutMs\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 10000 +.PP +Sets the connection timeout, +in milliseconds, for the \fBreplica set +monitor\f1\&. +.PP +This parameter is only available at startup. If you set this parameter, +it must be greater than or equal to 500. +.PP +The following example sets \fBconnectTimeoutMs\f1 for a \fBmongod\f1 +instance to 700 milliseconds: +.PP +.EX + mongod \-\-setParameter connectTimeoutMs=700 +.EE +.RE +.PP +\fBcreateRollbackDataFiles\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: true +.PP +Flag that determines whether MongoDB creates \fBrollback files\f1 that contains documents affected during a +rollback. +.PP +By default, \fBcreateRollbackDataFiles\f1\f1 is \fBtrue\f1 and +MongoDB creates the rollback files. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following example sets \fBcreateRollbackDataFiles\f1\f1 +to false so that the rollback files are not created: +.PP +.EX + mongod \-\-setParameter createRollbackDataFiles=false +.EE +.PP +During run time, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, createRollbackDataFiles: false } ) +.EE +.PP +For more information, see \fBCollect Rollback Data\f1\&. +.RE +.PP \fBdisableSplitHorizonIPCheck\f1 .RS .PP @@ -3284,6 +3397,31 @@ parameter, use the \fBsetParameter\f1\f1 setting. .EE .RE .PP +\fBenableFlowControl\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: true +.PP +Enables or disables the mechanism that controls the rate at which the +primary applies its writes with the goal of keeping the secondary members\(aq +\fBmajority committed\f1\f1 lag under a +configurable maximum value. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.RE +.PP \fBenableOverrideClusterChainingSetting\f1 .RS .PP @@ -3310,297 +3448,11 @@ For example, to set the .EE .RE .PP -\fBlogicalSessionRefreshMillis\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 300000 (5 minutes) -.PP -The interval (in milliseconds) at which the cache refreshes its logical -session records against the main session store. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -For example, to set the \fBlogicalSessionRefreshMillis\f1\f1 -for a \fBmongod\f1\f1 instance to 10 minutes: -.PP -.EX - mongod \-\-setParameter logicalSessionRefreshMillis=600000 -.EE -.RE -.PP -\fBlocalLogicalSessionTimeoutMinutes\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 30 -.PP -This parameter is intended for testing purposes only and not for -production use. -.PP -The time in minutes that a \fBsession\f1 remains active -after its most recent use. Sessions that have not received a new -read/write operation from the client or been refreshed with -\fBrefreshSessions\f1\f1 within this threshold are cleared from the -cache. State associated with an expired session may be cleaned up by the -server at any time. -.PP -This parameter applies only to the instance on which it is set. To -set this parameter on replica sets and sharded clusters, you must -specify the same value on every member; otherwise, sessions will -not function properly. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -For example, to set the \fBlocalLogicalSessionTimeoutMinutes\f1\f1 -for a test \fBmongod\f1\f1 instance to 20 minutes: -.PP -.EX - mongod \-\-setParameter localLogicalSessionTimeoutMinutes=20 -.EE -.RE -.PP -\fBmaxAcceptableLogicalClockDriftSecs\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 31536000 (1 year) -.PP -The maximum amount by which the current cluster time can be advanced; -specifically, \fBmaxAcceptableLogicalClockDriftSecs\f1\f1 is the -maximum difference between the new value of the cluster time and the -current cluster time. Cluster time is a logical time used for -ordering of operations. -.PP -You cannot advance the cluster time to a new value if the new -cluster time differs from the current cluster time by more than -\fBmaxAcceptableLogicalClockDriftSecs\f1\f1\&. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -For example, to set the \fBmaxAcceptableLogicalClockDriftSecs\f1\f1 -for a \fBmongod\f1\f1 instance to 15 minutes: -.PP -.EX - mongod \-\-setParameter maxAcceptableLogicalClockDriftSecs=900 -.EE -.RE -.PP -\fBmaxSessions\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 1000000 -.PP -The maximum number of sessions that can be cached. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -For example, to set the \fBmaxSessions\f1\f1 -for a \fBmongod\f1\f1 instance to 1000: -.PP -.EX - mongod \-\-setParameter maxSessions=1000 -.EE -.RE -.PP -\fBoplogBatchDelayMillis\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 0 -.PP -The number of milliseconds to delay applying batches of oplog -operations on secondary nodes. By default, \fBoplogBatchDelayMillis\f1 -is \fB0\f1, meaning oplog batches are applied with no delay. When there -is no delay, MongoDB may apply frequent, small oplog batches to -secondaries. -.PP -Increasing \fBoplogBatchDelayMillis\f1 causes MongoDB to apply oplog -batches less frequently on secondaries, with each batch containing -larger amounts of data. This reduces IOPS (Input/Output -Operations Per Second) on secondaries, but adds latency for writes -with write concern \fB"majority"\f1\f1\&. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -For example, run the following command to set the -\fBoplogBatchDelayMillis\f1 for a \fBmongod\f1\f1 instance to 20 -milliseconds: -.PP -.EX - mongod \-\-setParameter oplogBatchDelayMillis=20 -.EE -.RE -.PP -\fBperiodicNoopIntervalSecs\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 10 -.PP -The duration in seconds between \fBnoop\f1 writes on each individual node. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -To modify this value for a MongoDB Atlas (https://www.mongodb.com/docs/atlas/) cluster, you -must contact Atlas Support (https://www.mongodb.com/docs/atlas/support/)\&. -.PP -The following example sets the \fBperiodicNoopIntervalSecs\f1 to 1 second at -startup: -.PP -.EX - mongod \-\-setParameter periodicNoopIntervalSecs=1 -.EE -.RE -.PP -\fBstoreFindAndModifyImagesInSideCollection\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: true -.PP -Determines whether the temporary documents required for -\fBretryable\f1 \fBfindAndModify\f1\f1 -commands are stored in the \fIside\f1 collection -(\fBconfig.image_collection\f1). -.PP -If \fBstoreFindAndModifyImagesInSideCollection\f1 is: -.RS -.IP \(bu 2 -\fBtrue\f1, the temporary documents are stored in the side -collection. -.IP \(bu 2 -\fBfalse\f1, the temporary documents are stored in the \fBreplica -set oplog\f1\&. -.RE -.PP -Keep \fBstoreFindAndModifyImagesInSideCollection\f1 set to -\fBtrue\f1 if you: -.RS -.IP \(bu 2 -Have a large \fBretryable\f1 -\fBfindAndModify\f1\f1 workload. -.IP \(bu 2 -Require more temporary document space for \fBretryable\f1 \fBfindAndModify\f1\f1 commands than is -available in the \fBreplica set oplog\f1\&. -.RE -.PP -\fBSecondaries\f1 may experience increased CPU -usage when \fBstoreFindAndModifyImagesInSideCollection\f1 -is \fBtrue\f1\&. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -For example, to set -\fBstoreFindAndModifyImagesInSideCollection\f1 to \fBfalse\f1 -during startup: -.PP -.EX - mongod \-\-setParameter storeFindAndModifyImagesInSideCollection=false -.EE -.PP -During run time, you can also set the parameter with the -\fBsetParameter\f1\f1 command: -.PP -.EX - db.adminCommand( { setParameter: 1, storeFindAndModifyImagesInSideCollection: false } ) -.EE -.RE -.PP -\fBTransactionRecordMinimumLifetimeMinutes\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 30 -.PP -The minimum lifetime a transaction record exists in the -\fBtransactions\f1\f1 collection before the record becomes -eligible for cleanup. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -For example, to set the \fBTransactionRecordMinimumLifetimeMinutes\f1\f1 -for a \fBmongod\f1\f1 instance to 20 minutes: -.PP -.EX - mongod \-\-setParameter TransactionRecordMinimumLifetimeMinutes=20 -.EE -.PP -\fBlocalLogicalSessionTimeoutMinutes\f1\f1 -.RE -.PP -\fBenableFlowControl\f1 -.RS -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: true -.PP -Enables or disables the mechanism that controls the rate at which the -primary applies its writes with the goal of keeping the secondary members\(aq -\fBmajority committed\f1\f1 lag under a -configurable maximum value. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -For flow control to engage, the replica set/sharded cluster must -have: \fBfeatureCompatibilityVersion (fCV)\f1 of -\fB4.2\f1 and read concern \fBmajority enabled\f1\f1\&. That is, enabled flow -control has no effect if fCV is not \fB4.2\f1 or if read concern -majority is disabled. -.RE -.PP \fBflowControlTargetLagSeconds\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP \fIType\f1: integer .PP \fIDefault\f1: 10 @@ -3621,16 +3473,18 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .RE .PP \fBflowControlWarnThresholdSeconds\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP \fIType\f1: integer .PP \fIDefault\f1: 10 @@ -3645,33 +3499,165 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .RE .PP -\fBinitialSyncTransientErrorRetryPeriodSeconds\f1 +\fBheartBeatFrequencyMs\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP \fIType\f1: integer .PP -\fIDefault\f1: 86400 +\fIDefault\f1: 10000 .PP -The amount of time in seconds a secondary performing initial sync -attempts to resume the process if interrupted by a transient -network error. The default value is equivalent to 24 hours. +When \fBreplicaSetMonitorProtocol\f1\f1 is set to \fB\(aqsdam\(aq\f1, +\fBheartBeatFrequencyMs\f1 determines how long, +in milliseconds, to wait between \fBhello\f1\f1 requests. +.PP +When \fBreplicaSetMonitorProtocol\f1\f1 is set to \fB\(aqstreamable\(aq\f1, +\fBheartBeatFrequencyMs\f1 determines how long, +in milliseconds, to wait between \fBhello\f1\f1 round trip time +(RTT) measurements. RTT measurements are used in +\fBserver selection\f1\&. +.PP +This parameter is only available at startup. If you set this +parameter, it must be greater than or equal to 500. +.PP +The following example sets \fBheartBeatFrequencyMs\f1 +in a \fBmongod\f1 instance to 700 milliseconds: +.PP +.EX + mongod \-\-setParameter heartBeatFrequencyMs=700 +.EE +.RE +.PP +\fBinitialSyncIndexBuildMemoryPercentage\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: double +.PP +\fIDefault\f1: 10.0 +.PP +The percentage of system memory that MongoDB allocates for index builds +during \fBinitial sync\f1\&. The amount of system +memory used is bound by the values of +\fBinitialSyncIndexBuildMemoryMinMB\f1\f1 and +\fBinitialSyncIndexBuildMemoryMaxMB\f1\f1\&. +.PP +You can specify a value between \fB0.0\f1 and \fB80.0\f1, inclusive. .PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE +.PP +For example, to set the \fBinitialSyncIndexBuildMemoryPercentage\f1 +for a \fBmongod\f1\f1 instance to 40%: +.PP +.EX + mongod \-\-setParameter initialSyncIndexBuildMemoryPercentage=40 +.EE +.RE +.PP +\fBinitialSyncIndexBuildMemoryMaxMB\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 16384 +.PP +The maximum amount of system memory, in megabytes, that MongoDB can use for +index builds during \fBinitial sync\f1\&. +.PP +You can specify a value between \fB50\f1 and \fB10000000\f1\&. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +For example, to set the \fBinitialSyncIndexBuildMemoryMaxMB\f1 +for a \fBmongod\f1\f1 instance to 20000 MB: +.PP +.EX + mongod \-\-setParameter initialSyncIndexBuildMemoryMaxMB=20000 +.EE +.RE +.PP +\fBinitialSyncIndexBuildMemoryMinMB\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: Integer +.PP +\fIDefault\f1: 200 +.PP +The minimum amount of system memory, in megabytes, that MongoDB can use for +index builds during \fBinitial sync\f1\&. +.PP +You can specify a value between \fB50\f1 and \fB10000000\f1\&. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +For example, to set the \fBinitialSyncIndexBuildMemoryMinMB\f1 +for a \fBmongod\f1\f1 instance to 60 MB: +.PP +.EX + mongod \-\-setParameter initialSyncIndexBuildMemoryMinMB=60 +.EE +.RE +.PP +\fBinitialSyncMethod\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: String +.PP +\fIDefault\f1: \fBlogical\f1 +.PP +Available only in MongoDB Enterprise. +.PP +Method used for \fBinitial sync\f1\&. +.PP +Set to \fBlogical\f1 to use \fBlogical initial sync\f1\&. Set to \fBfileCopyBased\f1 to +use \fBfile copy based initial sync\f1\&. +.PP +This parameter only affects the sync method for the member on which +it is specified. Setting this parameter on a single replica set +member does not affect the sync method of any other replica set +members. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. .RE .PP \fBinitialSyncSourceReadPreference\f1 @@ -3721,34 +3707,147 @@ This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. .RE .PP -\fBinitialSyncMethod\f1 +\fBinitialSyncTransientErrorRetryPeriodSeconds\f1 .RS .PP -Available for \fBmongod\f1\f1 only. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP -\fIType\f1: String +\fIType\f1: integer .PP -\fIDefault\f1: \fBlogical\f1 +\fIDefault\f1: 86400 .PP -Available only in MongoDB Enterprise. +The amount of time in seconds a secondary performing initial sync +attempts to resume the process if interrupted by a transient +network error. The default value is equivalent to 24 hours. .PP -Method used for \fBinitial sync\f1\&. +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.RE .PP -Set to \fBlogical\f1 to use \fBlogical initial sync\f1\&. Set to \fBfileCopyBased\f1 to -use \fBfile copy based initial sync\f1\&. +\fBlocalLogicalSessionTimeoutMinutes\f1 +.RS .PP -This parameter only affects the sync method for the member on which -it is specified. Setting this parameter on a single replica set -member does not affect the sync method of any other replica set -members. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 30 +.PP +This parameter is intended for testing purposes only and not for +production use. +.PP +The time in minutes that a \fBsession\f1 remains active +after its most recent use. Sessions that have not received a new +read/write operation from the client or been refreshed with +\fBrefreshSessions\f1\f1 within this threshold are cleared from the +cache. State associated with an expired session may be cleaned up by the +server at any time. +.PP +This parameter applies only to the instance on which it is set. To +set this parameter on replica sets and sharded clusters, you must +specify the same value on every member; otherwise, sessions will +not function properly. .PP This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. +.PP +For example, to set the \fBlocalLogicalSessionTimeoutMinutes\f1\f1 +for a test \fBmongod\f1\f1 instance to 20 minutes: +.PP +.EX + mongod \-\-setParameter localLogicalSessionTimeoutMinutes=20 +.EE +.RE +.PP +\fBlocalThresholdMs\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 15 +.PP +Defines the length of the latency window used in +\fBserver selection\f1 in +milliseconds. +.PP +This parameter is only available at startup. If you set this parameter, +it must be greater than or equal to 0. +.PP +The following example sets \fBlocalThresholdMs\f1 +for a \fBmongod\f1 instance to 20 milliseconds: +.PP +.EX + mongod \-\-setParameter localThresholdMs=20 +.EE +.RE +.PP +\fBlogicalSessionRefreshMillis\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 300000 (5 minutes) +.PP +The interval (in milliseconds) at which the cache refreshes its logical +session records against the main session store. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +For example, to set the \fBlogicalSessionRefreshMillis\f1\f1 +for a \fBmongod\f1\f1 instance to 10 minutes: +.PP +.EX + mongod \-\-setParameter logicalSessionRefreshMillis=600000 +.EE +.RE +.PP +\fBmaxAcceptableLogicalClockDriftSecs\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 31536000 (1 year) +.PP +The maximum amount by which the current cluster time can be advanced; +specifically, \fBmaxAcceptableLogicalClockDriftSecs\f1\f1 is the +maximum difference between the new value of the cluster time and the +current cluster time. Cluster time is a logical time used for +ordering of operations. +.PP +You cannot advance the cluster time to a new value if the new +cluster time differs from the current cluster time by more than +\fBmaxAcceptableLogicalClockDriftSecs\f1\f1\&. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +For example, to set the \fBmaxAcceptableLogicalClockDriftSecs\f1\f1 +for a \fBmongod\f1\f1 instance to 15 minutes: +.PP +.EX + mongod \-\-setParameter maxAcceptableLogicalClockDriftSecs=900 +.EE .RE .PP \fBmaxNumSyncSourceChangesPerHour\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP \fIType\f1: integer .PP \fIDefault\f1: 3 @@ -3771,251 +3870,32 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .RE .PP -\fBoplogFetcherUsesExhaust\f1 +\fBmaxSessions\f1 .RS .PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: true -.PP -Enables or disables \fBstreaming replication\f1\&. Set the value to \fBtrue\f1 to enable -streaming replication. -.PP -Set the value to \fBfalse\f1 to disable streaming replication. If -disabled, secondaries fetch batches of \fBoplog\f1 -entries by issuing a request to their \fIsync from\f1 source and waiting for a -response. This requires a network roundtrip for each batch of \fBoplog\f1 entries. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.RE -.PP -\fBoplogInitialFindMaxSeconds\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: integer .PP -\fIDefault\f1: 60 +\fIDefault\f1: 1000000 .PP -Maximum time in seconds for a member of a \fBreplica set\f1 to wait -for the \fBfind\f1\f1 command to finish during -\fBdata synchronization\f1\&. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.RE -.PP -\fBreplWriterThreadCount\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 16 -.PP -Maximum number of threads to use to apply replicated operations in -parallel. Values can range from 1 to 256 inclusive. However, the -maximum number of threads used is capped at twice the number of -available cores. +The maximum number of sessions that can be cached. .PP This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. .PP -\fBreplWriterMinThreadCount\f1\f1 -.RE -.PP -\fBreplWriterMinThreadCount\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 0 -.PP -Minimum number of threads to use to apply replicated operations in -parallel. Values can range from 0 to 256 inclusive. You can only set -\fBreplWriterMinThreadCount\f1\f1 at startup and cannot change -this setting with the \fBsetParameter\f1\f1 command. -.PP -Parallel application of replication operations uses up to -\fBreplWriterThreadCount\f1\f1 threads. If -\fBreplWriterMinThreadCount\f1\f1 is configured with a value -less than \fBreplWriterThreadCount\f1\f1, the thread pool will -timeout idle threads until the total count of threads in the thread -pool is equal to \fBreplWriterMinThreadCount\f1\f1\&. -.PP -\fBreplWriterMinThreadCount\f1\f1 must be configured with a value -that is less than or equal to \fBreplWriterThreadCount\f1\f1\&. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.RE -.PP -\fBrollbackTimeLimitSecs\f1 -.RS -.PP -\fIType\f1: 64\-bit integer -.PP -\fIDefault\f1: 86400 (1 day) -.PP -Maximum age of data that can be rolled back. Negative values for -this parameter are not valid. -.PP -If the time between the end -of the to\-be\-rolledback instance\(aqs oplog and the first operation -after the common point (the last point where the source node and the -to\-be\-rolledback node had the same data) exceeds this value, the -rollback will fail. -.PP -To effectively have an unlimited rollback period, set the value to -\fB2147483647\f1 which is the maximum value allowed and equivalent to -roughly 68 years. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.RE -.PP -\fBwaitForSecondaryBeforeNoopWriteMS\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 10 -.PP -The length of time (in milliseconds) that a secondary must wait if -the \fBafterClusterTime\f1 is greater than the last applied time from -the oplog. After the \fBwaitForSecondaryBeforeNoopWriteMS\f1 passes, -if the \fBafterClusterTime\f1 is still greater than the last applied -time, the secondary makes a no\-op write to advance the last applied -time. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets the -\fBwaitForSecondaryBeforeNoopWriteMS\f1\f1 to 20 milliseconds: +For example, to set the \fBmaxSessions\f1\f1 +for a \fBmongod\f1\f1 instance to 1000: .PP .EX - mongod \-\-setParameter waitForSecondaryBeforeNoopWriteMS=20 -.EE -.PP -During run time, you can also set the parameter with the -\fBsetParameter\f1\f1 command: -.PP -.EX - db.adminCommand( { setParameter: 1, waitForSecondaryBeforeNoopWriteMS: 20 } ) -.EE -.RE -.PP -\fBcreateRollbackDataFiles\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: true -.PP -Flag that determines whether MongoDB creates \fBrollback files\f1 that contains documents affected during a -rollback. -.PP -By default, \fBcreateRollbackDataFiles\f1\f1 is \fBtrue\f1 and -MongoDB creates the rollback files. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets \fBcreateRollbackDataFiles\f1\f1 -to false so that the rollback files are not created: -.PP -.EX - mongod \-\-setParameter createRollbackDataFiles=false -.EE -.PP -During run time, you can also set the parameter with the -\fBsetParameter\f1\f1 command: -.PP -.EX - db.adminCommand( { setParameter: 1, createRollbackDataFiles: false } ) -.EE -.PP -For more information, see \fBCollect Rollback Data\f1\&. -.RE -.PP -\fBreplBatchLimitBytes\f1 -.RS -.PP -\fIDefault\f1: 104857600 (100MB) -.PP -Sets the maximum oplog application batch size in bytes. -.PP -Values can range from 16777216 (16MB) to 104857600 (100MB) inclusive. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets \fBreplBatchLimitBytes\f1\f1 -to 64 MB to limit the oplog application batch size: -.PP -.EX - mongod \-\-setParameter replBatchLimitBytes=67108864 -.EE -.PP -During run time, you can also set the parameter with the -\fBsetParameter\f1\f1 command: -.PP -.EX - db.adminCommand( { setParameter: 1, replBatchLimitBytes: 64 * 1024 * 1024 } ) + mongod \-\-setParameter maxSessions=1000 .EE .RE .PP @@ -4106,16 +3986,69 @@ default value is \fB1000\f1\&. The \fBmaxTimeMS\f1 for the mirrored reads is separate from the \fBmaxTimeMS\f1 of the original read being mirrored. .RE +.IP \(bu 2 +.RS +.IP \(bu 4 +\fBtargetedMirroring\f1 +.IP \(bu 4 +Contains fields to configure how you target specific nodes for +cache warming. For more information on targeted +mirroring, see \fBTargeted Mirrored Reads\f1\&. +.IP +Includes the following fields: +.RS +.IP \(bu 6 +.RS +.IP \(bu 8 +\fBtag\f1 +.IP \(bu 8 +Defaults to an empty \fBBSONObj\f1\&. The +\fBreplica set tag\f1 +that you can use to target nodes for mirroring. You can +configure a node for targeted mirroring using the following syntax: +.IP +\fBtag: { "": "" }\f1 +.IP +You can only supply one tag. All nodes within the same +replica set that have these tags are targeted. +.RE +.IP \(bu 6 +.RS +.IP \(bu 8 +\fBsamplingRate\f1 +.IP \(bu 8 +\fIType\f1: Float +.IP +\fIRange\f1: \fB0.0\f1 to \fB1.0\f1 (inclusive) +.IP +The rate at which targeted reads are mirrored to the host or hosts. +A rate of \fB0.0\f1 means no reads are mirrored, and a rate of +\fB1.0\f1 means all reads are mirrored. Although \fBsamplingRate\f1 defaults +to \fB0.01\f1, the \fBtargetedMirroring\f1 feature is off by default, +since the \fBtag\f1 field defaults to empty. +.RE +.IP \(bu 6 +.RS +.IP \(bu 8 +\fBmaxTimeMS\f1 +.IP \(bu 8 +\fIType\f1: int +.IP +The maximum time in milliseconds before the mirrored read times out. +The minumum value for \fBmaxTimeMS\f1 is \fB0\f1\&. Defaults to \fB1000\f1\&. +.RE +.RE +.RE .RE .PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP If you specify from the configuration file or on the command @@ -4144,38 +4077,340 @@ Or if using the \fBsetParameter\f1\f1 command in a .EE .RE .PP -\fBallowMultipleArbiters\f1 +\fBmirrorReadsMaxConnPoolSize\f1 +.RS +.PP +\fIType\f1: int +.PP +\fIDefault\f1: 4 +.PP +Controls the maximum number of connections in the mirroring pool. This parameter +affects both \fBgeneral\f1 and +\fBtargeted\f1 mirrored reads. +\fBmirrorReadsMaxConnPoolSize\f1 has a minimum value of 1. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.RE +.PP +\fBoplogBatchDelayMillis\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 0 +.PP +The number of milliseconds to delay applying batches of oplog +operations on secondary nodes. By default, \fBoplogBatchDelayMillis\f1 +is \fB0\f1, meaning oplog batches are applied with no delay. When there +is no delay, MongoDB may apply frequent, small oplog batches to +secondaries. +.PP +Increasing \fBoplogBatchDelayMillis\f1 causes MongoDB to apply oplog +batches less frequently on secondaries, with each batch containing +larger amounts of data. This reduces IOPS (Input/Output +Operations Per Second) on secondaries, but adds latency for writes +with write concern \fB"majority"\f1\f1\&. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +For example, run the following command to set the +\fBoplogBatchDelayMillis\f1 for a \fBmongod\f1\f1 instance to 20 +milliseconds: +.PP +.EX + mongod \-\-setParameter oplogBatchDelayMillis=20 +.EE +.RE +.PP +\fBoplogFetcherUsesExhaust\f1 .RS .PP Available for \fBmongod\f1\f1 only. .PP \fIType\f1: boolean .PP -\fIDefault\f1: false +\fIDefault\f1: true .PP -Specifies whether the replica set allows the use of multiple arbiters. +Enables or disables \fBstreaming replication\f1\&. Set the value to \fBtrue\f1 to enable +streaming replication. .PP -The use of multiple arbiters is not recommended: -.RS -.IP \(bu 2 -Multiple arbiters prevent the reliable use of the majority write concern. -MongoDB counts arbiters in calculating a membership majority, but arbiters -do not store data. With the inclusion of multiple arbiters, it\(aqs possible -for a majority write operation to return success before the write replicates -to a majority of data bearing nodes. -.IP \(bu 2 -Multiple arbiters allow replica sets to accept writes even when the -replica set doesn\(aqt have sufficient secondaries for data replication. +Set the value to \fBfalse\f1 to disable streaming replication. If +disabled, secondaries fetch batches of \fBoplog\f1 +entries by issuing a request to their \fIsync from\f1 source and waiting for a +response. This requires a network roundtrip for each batch of \fBoplog\f1 entries. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. .RE .PP -For more information, see -\fBConcerns with Multiple Arbiters\f1\&. +\fBoplogInitialFindMaxSeconds\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 60 +.PP +Maximum time in seconds for a member of a \fBreplica set\f1 to wait +for the \fBfind\f1\f1 command to finish during +\fBdata synchronization\f1\&. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.RE +.PP +\fBperiodicNoopIntervalSecs\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 10 +.PP +The duration in seconds between \fBnoop\f1 writes on each individual node. .PP This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. .PP +To modify this value for a MongoDB Atlas (https://www.mongodb.com/docs/atlas/) cluster, you +must contact Atlas Support (https://www.mongodb.com/docs/atlas/support/)\&. +.PP +The following example sets the \fBperiodicNoopIntervalSecs\f1 to 1 second at +startup: +.PP .EX - mongod \-\-setParameter allowMultipleArbiters=true + mongod \-\-setParameter periodicNoopIntervalSecs=1 +.EE +.RE +.PP +\fBreplBatchLimitBytes\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIDefault\f1: 104857600 (100MB) +.PP +Sets the maximum oplog application batch size in bytes. +.PP +Values can range from 16777216 (16MB) to 104857600 (100MB) inclusive. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following example sets \fBreplBatchLimitBytes\f1\f1 +to 64 MB to limit the oplog application batch size: +.PP +.EX + mongod \-\-setParameter replBatchLimitBytes=67108864 +.EE +.PP +During run time, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, replBatchLimitBytes: 64 * 1024 * 1024 } ) +.EE +.RE +.PP +\fBreplicaSetMonitorProtocol\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: string +.PP +\fIDefault\f1: "streamable" +.PP +Determines which replica set monitor protocol to use. You can set this +parameter to \fB"streamable"\f1, which is compliant with Server Discovery and +Monitoring (SDAM) (https://github.com/mongodb/specifications/blob/master/source/server\-discovery\-and\-monitoring/server\-discovery\-and\-monitoring.md) +specification and allows for constant \fBhello\f1\f1 +requests. You can also set this parameter to \fB"sdam"\f1, which is compliant +with SDAM specification. +.PP +This parameter is only available at startup. +.PP +The following example sets +\fBreplicaSetMonitorProtocol\f1 to \fB"sdam"\f1 on a \fBmongod\f1 +instance: +.PP +.EX + mongod \-\-setParameter replicaSetMonitorProtocol=\(aqsdam\(aq +.EE +.RE +.PP +\fBreplWriterMinThreadCount\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 0 +.PP +Minimum number of threads to use to apply replicated operations in +parallel. Values can range from 0 to 256 inclusive. You can only set +\fBreplWriterMinThreadCount\f1\f1 at startup and cannot change +this setting with the \fBsetParameter\f1\f1 command. +.PP +Parallel application of replication operations uses up to +\fBreplWriterThreadCount\f1\f1 threads. If +\fBreplWriterMinThreadCount\f1\f1 is configured with a value +less than \fBreplWriterThreadCount\f1\f1, the thread pool will +timeout idle threads until the total count of threads in the thread +pool is equal to \fBreplWriterMinThreadCount\f1\f1\&. +.PP +\fBreplWriterMinThreadCount\f1\f1 must be configured with a value +that is less than or equal to \fBreplWriterThreadCount\f1\f1\&. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.RE +.PP +\fBreplWriterThreadCount\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 16 +.PP +Maximum number of threads to use to apply replicated operations in +parallel. Values can range from 1 to 256 inclusive. However, the +maximum number of threads used is capped at twice the number of +available cores. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +\fBreplWriterMinThreadCount\f1\f1 +.RE +.PP +\fBrollbackTimeLimitSecs\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: 64\-bit integer +.PP +\fIDefault\f1: 86400 (1 day) +.PP +Maximum age of data that can be rolled back. Negative values for +this parameter are not valid. +.PP +If the time between the end +of the to\-be\-rolledback instance\(aqs oplog and the first operation +after the common point (the last point where the source node and the +to\-be\-rolledback node had the same data) exceeds this value, the +rollback will fail. +.PP +To effectively have an unlimited rollback period, set the value to +\fB2147483647\f1 which is the maximum value allowed and equivalent to +roughly 68 years. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.RE +.PP +\fBTransactionRecordMinimumLifetimeMinutes\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 30 +.PP +The minimum lifetime a transaction record exists in the +\fBtransactions\f1\f1 collection before the record becomes +eligible for cleanup. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +For example, to set the \fBTransactionRecordMinimumLifetimeMinutes\f1\f1 +for a \fBmongod\f1\f1 instance to 20 minutes: +.PP +.EX + mongod \-\-setParameter TransactionRecordMinimumLifetimeMinutes=20 +.EE +.PP +\fBlocalLogicalSessionTimeoutMinutes\f1\f1 +.RE +.PP +\fBwaitForSecondaryBeforeNoopWriteMS\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 10 +.PP +The length of time (in milliseconds) that a secondary must wait if +the \fBafterClusterTime\f1 is greater than the last applied time from +the oplog. After the \fBwaitForSecondaryBeforeNoopWriteMS\f1 passes, +if the \fBafterClusterTime\f1 is still greater than the last applied +time, the secondary makes a no\-op write to advance the last applied +time. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following example sets the +\fBwaitForSecondaryBeforeNoopWriteMS\f1\f1 to 20 milliseconds: +.PP +.EX + mongod \-\-setParameter waitForSecondaryBeforeNoopWriteMS=20 +.EE +.PP +During run time, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, waitForSecondaryBeforeNoopWriteMS: 20 } ) .EE .RE .SS SHARDING PARAMETERS @@ -4198,10 +4433,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP This example sets \fBanalyzeShardKeyCharacteristicsDefaultSampleSize\f1 @@ -4219,6 +4454,45 @@ During run time, you can set or modify the parameter with the .EE .RE .PP +\fBanalyzeShardKeyMonotonicityCorrelationCoefficientThreshold\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: double +.PP +\fIDefault\f1: 0.7 +.PP +Specifies the \fBRecordId\f1 correlation coefficient threshold used to +determine if a shard key is monotonically changing in insertion order. +Must be greater than \fB0\f1 and less than or equal to \fB1\f1\&. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +This example sets +\fBanalyzeShardKeyMonotonicityCorrelationCoefficientThreshold\f1 to +\fB1\f1 at startup: +.PP +.EX + mongod \-\-setParameter analyzeShardKeyMonotonicityCorrelationCoefficientThreshold=1 +.EE +.PP +During run time, you can set or modify the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, analyzeShardKeyMonotonicityCorrelationCoefficientThreshold: 1 } ) +.EE +.RE +.PP \fBanalyzeShardKeyNumMostCommonValues\f1 .RS .PP @@ -4238,10 +4512,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP This example sets \fBanalyzeShardKeyNumMostCommonValues\f1 @@ -4277,10 +4551,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP This example sets \fBanalyzeShardKeyNumRanges\f1 to \fB50\f1 at startup: @@ -4297,45 +4571,6 @@ During run time, you can set or modify the parameter with the .EE .RE .PP -\fBanalyzeShardKeyMonotonicityCorrelationCoefficientThreshold\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: double -.PP -\fIDefault\f1: 0.7 -.PP -Specifies the \fBRecordId\f1 correlation coefficient threshold used to -determine if a shard key is monotonically changing in insertion order. -Must be greater than \fB0\f1 and less than or equal to \fB1\f1\&. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -This example sets -\fBanalyzeShardKeyMonotonicityCorrelationCoefficientThreshold\f1 to -\fB1\f1 at startup: -.PP -.EX - mongod \-\-setParameter analyzeShardKeyMonotonicityCorrelationCoefficientThreshold=1 -.EE -.PP -During run time, you can set or modify the parameter with the -\fBsetParameter\f1\f1 command: -.PP -.EX - db.adminCommand( { setParameter: 1, analyzeShardKeyMonotonicityCorrelationCoefficientThreshold: 1 } ) -.EE -.RE -.PP \fBautoMergerIntervalSecs\f1 .RS .PP @@ -4355,10 +4590,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP This example sets \fBautoMergerIntervalSecs\f1 to 7200 seconds, @@ -4395,10 +4630,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP This example sets \fBautoMergerThrottlingMS\f1 to 60000 milliseconds, @@ -4433,10 +4668,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP This example sets \fBbalancerMigrationsThrottlingMs\f1 to 2000 @@ -4454,6 +4689,38 @@ During run time, you can also set the parameter with the .EE .RE .PP +\fBcatalogCacheCollectionMaxEntries\f1 +.RS +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 10000 +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Maximum number of entries allowed in the catalog cache for +collections. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.RE +.PP +\fBcatalogCacheDatabaseMaxEntries\f1 +.RS +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 10000 +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Maximum number of entries allowed in the catalog cache for +databases. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.RE +.PP \fBchunkDefragmentationThrottlingMS\f1 .RS .PP @@ -4473,10 +4740,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets @@ -4494,68 +4761,6 @@ During run time, you can also set the parameter with the .EE .RE .PP -\fBchunkMigrationConcurrency\f1 -.RS -.PP -\fIAvailable starting in MongoDB 7.0, 6.3, 6.0.6 (and 5.0.15).\f1 -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 1 -.PP -Specifies an integer that sets the number of threads on the source -shard and the receiving shard for \fBchunk migration\f1\&. Chunk migrations use the number -of threads that you set on the receiving shard for both the source -and receiving shard. -.PP -Increasing the concurrency improves chunk migration performance, but -also increases the workload and disk IOPS usage on the source -shard and the receiving shard. -.PP -Maximum value is 500. -.PP -You should typically use half the total number of CPU cores as -threads. For example, if the total is 16 cores, set -\fBchunkMigrationConcurrency\f1 to 8 threads (or fewer). -.PP -If \fBchunkMigrationConcurrency\f1 is greater than \fB1\f1, the -\fB_secondaryThrottle\f1 configuration setting is ignored. The -\fB_secondaryThrottle\f1 setting determines when the chunk migration -proceeds with the next document in the chunk. For details, see -\fBRange Migration and Replication\f1\&. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets \fBchunkMigrationConcurrency\f1 to \fB5\f1: -.PP -.EX - mongod \-\-setParameter chunkMigrationConcurrency=5 -.EE -.PP -During run time, you can also set the parameter with the -\fBsetParameter\f1\f1 command: -.PP -.EX - db.adminCommand( { setParameter: 1, chunkMigrationConcurrency: 5 } ) -.EE -.PP -To configure collection balancing, see -\fBconfigureCollectionBalancing\f1\f1\&. -.PP -To learn about defragmenting sharded collections, see -\fBDefragment Sharded Collections\f1\&. -.RE -.PP \fBdisableResumableRangeDeleter\f1 .RS .PP @@ -4565,15 +4770,13 @@ Available for \fBmongod\f1\f1 only. .PP \fIDefault\f1: false .PP -If set on a shard\(aqs primary, specifies if range deletion is paused on -the shard. If set to \fBtrue\f1, cleanup of \fBranges\f1 -containing \fBorphaned documents\f1 is paused. -The shard can continue to donate chunks to other shards, but the -donated documents will not be removed from this shard until you set -this parameter to \fBfalse\f1\&. This shard can continue to receive -chunks from other shards as long as it does not have a pending range -deletion task in the \fBconfig.rangeDeletions\f1\f1 collection that -overlaps with the incoming chunk\(aqs range. +If set on a shard\(aqs primary, specifies if MongoDB pauses range deletion on +the shard. If set to \fBtrue\f1, MongoDB pauses cleanup of \fBranges\f1 containing \fBorphaned documents\f1\&. The shard +can continue to donate chunks to other shards, but the shard does not remove +donated documents until you set this parameter to \fBfalse\f1\&. This shard can +continue to receive chunks from other shards as long as it does not have a +pending range deletion task in the \fBconfig.rangeDeletions\f1\f1 collection +that overlaps with the incoming chunk\(aqs range. .PP When \fBdisableResumableRangeDeleter\f1\f1 is \fBtrue\f1, chunk migrations fail if \fBorphaned documents\f1 @@ -4589,138 +4792,28 @@ the shard\(aqs replica set. In the event of a failover, this setting\(aqs value on the new primary dictates the behavior of the range deleter. .PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. +Starting in MongoDB 8.2, you can set \fBdisableResumableRangeDeleter\f1 during +both startup and run time. +.PP +To set \fBdisableResumableRangeDeleter\f1 at startup, use the following command: .PP .EX mongod \-\-setParameter disableResumableRangeDeleter=false .EE -.RE .PP -\fBenableShardedIndexConsistencyCheck\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: true -.PP -If set on the config server\(aqs primary, enables or disables the index -consistency check for sharded collections. The parameter has no -effect on the \fBmongod\f1\f1 if it is not the config server\(aqs -primary. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets -\fBenableShardedIndexConsistencyCheck\f1\f1 to \fBfalse\f1 for a -config server primary: +To set \fBdisableResumableRangeDeleter\f1 during run time, use the following command: .PP .EX - mongod \-\-setParameter enableShardedIndexConsistencyCheck=false + db.adminCommand( { setParameter: 1, disableResumableRangeDeleter: false } ) .EE -.PP -During run time, you can also set the parameter with the -\fBsetParameter\f1\f1 command: -.PP -.EX - db.adminCommand( { setParameter: 1, enableShardedIndexConsistencyCheck: false } ) -.EE -.RS -.IP \(bu 2 -\fBshardedIndexConsistencyCheckIntervalMS\f1\f1 parameter -.IP \(bu 2 -\fBshardedIndexConsistency\f1\f1 metrics returned by the -\fBserverStatus\f1\f1 command. -.RE -.RE -.PP -\fBopportunisticSecondaryTargeting\f1 -.RS -.PP -Available for \fBmongos\f1\f1 only. -.PP -\fIType\f1: boolean -.PP -\fIDefault\f1: \fBfalse\f1 -.PP -Determines whether \fBmongos\f1 performs opportunistic reads against -replica sets. -.PP -When this parameter is set to \fBtrue\f1, \fBmongos\f1\f1 directs secondary -reads to secondaries with active connections. It sends the request to the -first secondary that accepts the connection. When this parameter is set to -\fBfalse\f1, \fBmongos\f1\f1 holds secondary reads until it can establish -a connection to a specific secondary, (except in the case of -\fBhedged reads\f1). -.PP -Under certain workloads, opportunistic reads may trigger the -opening of unnecessary connections from \fBmongos\f1\f1 to -\fBmongod\f1\f1 and reduce overall performance. -This parameter should not be enabled unless your application has -a specific need for the feature. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -For example, to set \fBopportunisticSecondaryTargeting\f1 during startup: -.PP -.EX - mongos \-\-setParameter opportunisticSecondaryTargeting=true -.EE -.RE -.PP -\fBshardedIndexConsistencyCheckIntervalMS\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 600000 -.PP -If set on the config server\(aqs primary, the interval, in -milliseconds, at which the config server\(aqs primary checks the index -consistency of sharded collections. The parameter has no effect on -the \fBmongod\f1\f1 if it is not the config server\(aqs primary. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -For example, the following sets the interval at 300000 milliseconds -(5 minutes) at startup: -.PP -.EX - mongod \-\-setParameter shardedIndexConsistencyCheckIntervalMS=300000 -.EE -.RS -.IP \(bu 2 -\fBenableShardedIndexConsistencyCheck\f1\f1 parameter -.IP \(bu 2 -\fBshardedIndexConsistency\f1\f1 metrics returned by the -\fBserverStatus\f1\f1 commandq -.RE .RE .PP \fBenableFinerGrainedCatalogCacheRefresh\f1 .RS .PP +Starting in MongoDB 8.0, the parameter is deprecated and doesn\(aqt +cause any changes or errors. +.PP Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. .PP \fIType\f1: boolean @@ -4748,59 +4841,115 @@ parameter, use the \fBsetParameter\f1\f1 setting. .RE .RE .PP -\fBmaxTimeMSForHedgedReads\f1 +\fBenableShardedIndexConsistencyCheck\f1 .RS .PP -Starting in MongoDB 8.0, hedged reads are deprecated. Queries that -specify the read preference \fBnearest\f1\f1 no longer use hedged -reads by default. If you explicitly specify a hedged read, MongoDB -performs a hedged read and logs a warning. +Available for \fBmongod\f1\f1 only. .PP -Available for \fBmongos\f1\f1 only. +\fIType\f1: boolean .PP -\fIType\f1: integer +\fIDefault\f1: true .PP -\fIDefault\f1: 150 -.PP -Specifies the maximum time limit (in milliseconds) for the -\fBhedged read\f1\&. That is, the additional -read sent to hedge the read operation uses the \fBmaxTimeMS\f1 value -of \fBmaxTimeMSForHedgedReads\f1\f1 while the read operation -that is being hedged uses the \fBmaxTimeMS\f1 value specified for the -operation. +If set on the config server\(aqs primary, enables or disables the index +consistency check for sharded collections. The parameter has no +effect on the \fBmongod\f1\f1 if it is not the config server\(aqs +primary. .PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP -For example, to set the limit to 200 milliseconds, you can issue the -following during startup: +The following example sets +\fBenableShardedIndexConsistencyCheck\f1\f1 to \fBfalse\f1 for a +config server primary: .PP .EX - mongos \-\-setParameter maxTimeMSForHedgedReads=200 + mongod \-\-setParameter enableShardedIndexConsistencyCheck=false .EE .PP -Or if using the \fBsetParameter\f1\f1 command in a -\fBmongosh\f1\f1 session that is connected to a running -\fBmongos\f1\f1: +During run time, you can also set the parameter with the +\fBsetParameter\f1\f1 command: .PP .EX - db.adminCommand( { setParameter: 1, maxTimeMSForHedgedReads: 200 } ) + db.adminCommand( { setParameter: 1, enableShardedIndexConsistencyCheck: false } ) .EE .RS .IP \(bu 2 -\fBreadHedgingMode\f1\f1 +\fBshardedIndexConsistencyCheckIntervalMS\f1\f1 parameter .IP \(bu 2 -\fBHedged Reads\f1 +\fBshardedIndexConsistency\f1\f1 metrics returned by the +\fBserverStatus\f1\f1 command. .RE .RE .PP +\fBfindChunksOnConfigTimeoutMS\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Type: Non\-negative integer +.PP +Default: 900000 +.PP +The timeout in milliseconds for find operations on +\fBchunks\f1\f1\&. +.PP +If there is a large number of chunks in the cluster and chunk loading +fails with the error \fBExceededTimeLimit\f1, increase the parameter +value: +.PP +.EX + mongod \-\-setParameter findChunksOnConfigTimeoutMS=1000000 +.EE +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.RE +.PP +\fBloadRoutingTableOnStartup\f1 +.RS +.PP +Available for \fBmongos\f1\f1 only. +.PP +Type: boolean +.PP +\fIDefault\f1: true +.PP +Configures a \fBmongos\f1\f1 instance to preload the routing +table for a sharded cluster on startup. With this setting +enabled, the \fBmongos\f1\f1 caches the cluster\-wide routing +table for each sharded collection as part of its startup procedure, +before it begins accepting client connections. +.PP +Without this setting enabled, the \fBmongos\f1\f1 only loads +a routing table as needed for incoming client connections, and only +loads the specific routing table for the namespace of a given +request. +.PP +A \fBmongos\f1\f1 instance with the +\fBloadRoutingTableOnStartup\f1\f1 parameter enabled may +experience longer startup times, but will result in faster servicing +of initial client connections once started. +.PP +\fBloadRoutingTableOnStartup\f1\f1 is enabled by default. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.RE +.PP \fBmaxCatchUpPercentageBeforeBlockingWrites\f1 .RS .PP @@ -4844,9 +4993,25 @@ set the parameter during runtime with the Live Migration Protocol (https://github.com/mongodb/mongo/blob/master/src/mongo/db/s/README.md#the\-live\-migration\-protocol) .RE .PP +\fBmaxTimeMSForHedgedReads\f1 +.RS +.PP +Starting in MongoDB 8.1, hedged reads are removed and this +parameter has no effect. +.RE +.PP \fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1 .RS .PP +\fBDeprecated\f1 +.PP +Starting in MongoDB 8.1, the old +\fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1 parameter is +renamed \fBmetadataRefreshInTransactionMaxWaitMS\f1\&. You can continue to +use \fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1 as the +parameter name, but it is deprecated and will be removed in a future +MongoDB release. +.PP Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer @@ -4881,10 +5046,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP For example, to set \fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1\f1 @@ -4895,6 +5060,328 @@ to 400 milliseconds: .EE .RE .PP +\fBmetadataRefreshInTransactionMaxWaitMS\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 500 +.PP +Limits the time a shard waits for a critical section within a +transaction. +.PP +Starting in MongoDB 8.1, the old +\fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1 parameter is +renamed \fBmetadataRefreshInTransactionMaxWaitMS\f1\&. You can continue to +use \fBmetadataRefreshInTransactionMaxWaitBehindCritSecMS\f1 as the +parameter name, but it is deprecated and will be removed in a future +MongoDB release. +.PP +When a query accesses a shard, a \fBchunk migration\f1 or \fBDDL operation\f1 may already hold the critical +section for the collection. If the query finds the critical +section is taken, the shard waits until the critical section has +been released. When the shard returns control to \fBmongos\f1\f1, +\fBmongos\f1\f1 retries the query. However, if a multi\-shard +transaction interacts with an operation that takes the critical +section on multiple shards, the interaction can result in a +distributed deadlock. +.PP +\fBmetadataRefreshInTransactionMaxWaitMS\f1\f1 +limits the maximum time a shard waits within a transaction for the +critical section to be released. +.PP +To reduce the maximum wait time for the critical section within a +transaction, lower the value of +\fBmetadataRefreshInTransactionMaxWaitMS\f1\f1\&. +.PP +If \fBmetadataRefreshInTransactionMaxWaitMS\f1\f1 +is too low, \fBmongos\f1\f1 could use all of its retry attempts +and return an error. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +For example, to set \fBmetadataRefreshInTransactionMaxWaitMS\f1\f1 +to 400 milliseconds: +.PP +.EX + db.adminCommand( { setParameter: 1, metadataRefreshInTransactionMaxWaitMS: 400 } ) +.EE +.RE +.PP +\fBmigrateCloneInsertionBatchDelayMS\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +Type: Non\-negative integer +.PP +Default: 0 +.PP +Time in milliseconds to wait between batches of insertions during +cloning step of the migration process. This wait is in addition to +the \fBsecondaryThrottle\f1\&. +.PP +The default value of \fB0\f1 indicates no additional wait. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following sets the \fBmigrateCloneInsertionBatchDelayMS\f1\f1 to 200 +milliseconds: +.PP +.EX + mongod \-\-setParameter migrateCloneInsertionBatchDelayMS=200 +.EE +.PP +The parameter may also be set using the \fBsetParameter\f1\f1 +command: +.PP +.EX + db.adminCommand( { setParameter: 1, migrateCloneInsertionBatchDelayMS: 200 } ) +.EE +.RE +.PP +\fBmigrateCloneInsertionBatchSize\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +Type: Non\-negative integer +.PP +Default: 0 +.PP +The maximum number of documents to insert in a single batch during +the cloning step of the migration process. +.PP +The default value of \fB0\f1 indicates no maximum number of documents +per batch. However, in practice, this results in batches that +contain up to 16 MB of documents. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following sets the \fBmigrateCloneInsertionBatchSize\f1\f1 to 100 +documents: +.PP +.EX + mongod \-\-setParameter migrateCloneInsertionBatchSize=100 +.EE +.PP +The parameter may also be set using the \fBsetParameter\f1\f1 +command: +.PP +.EX + db.adminCommand( { setParameter: 1, migrateCloneInsertionBatchSize: 100 } ) +.EE +.RE +.PP +\fBmongosShutdownTimeoutMillisForSignaledShutdown\f1 +.RS +.PP +Available for \fBmongos\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 15000 +.PP +Specifies the time (in milliseconds) to wait for any ongoing database +operations to complete before initiating a shutdown of +\fBmongos\f1\f1 in response to a \fBSIGTERM\f1 signal. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +For example, to set the time to 250 milliseconds, you can issue the +following during startup: +.PP +.EX + mongos \-\-setParameter mongosShutdownTimeoutMillisForSignaledShutdown=250 +.EE +.PP +Or if using the \fBsetParameter\f1\f1 command in a +\fBmongosh\f1\f1 session that is connected to a running +\fBmongos\f1\f1: +.PP +.EX + db.adminCommand( { setParameter: 1, mongosShutdownTimeoutMillisForSignaledShutdown: 250 } ) +.EE +.RE +.PP +\fBopportunisticSecondaryTargeting\f1 +.RS +.PP +Starting in MongoDB 8.1, hedged reads are removed and this +parameter has no effect. +.RE +.PP +\fBorphanCleanupDelaySecs\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +Default: 3600 (60 minutes) +.PP +Minimum delay before a migrated \fBchunk\f1 is deleted from the source +shard. +.PP +Before deleting a migrated chunk, MongoDB waits for +in\-progress queries involving the chunk to complete on the shard primary +and then waits an additional \fBorphanCleanupDelaySecs\f1\f1 seconds. +.PP +Starting in 8.2, the behavior of in\-progress queries on shard secondaries +is determined by \fBterminateSecondaryReadsOnOrphanCleanup\f1\f1\&. +.PP +If a shard has storage constraints, consider reducing this value +temporarily. If running queries that exceed 60 minutes on shard +secondaries, consider increasing this value. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following sets the \fBorphanCleanupDelaySecs\f1\f1 to 20 minutes: +.PP +.EX + mongod \-\-setParameter orphanCleanupDelaySecs=1200 +.EE +.PP +This may also be set using the \fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, orphanCleanupDelaySecs: 1200 } ) +.EE +.PP +In all versions, the new value of \fBorphanCleanupDelaySecs\f1\f1 is +only applied to range deletions created after the value is changed. To +apply the new value to existing range deletions, \fBforce a step down\f1\&. +.RE +.PP +\fBpersistedChunkCacheUpdateMaxBatchSize\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +Type: Integer +.PP +Default: 1000 +.PP +To route and serve operations, shards must know the routing and +ownership information associated with their collections. This +information propogates from a shard\(aqs primary node to its +secondary nodes through the replication of the internal cache +collections \fBconfig.cache.collections\f1 and +\fBconfig.cache.chunks.\f1\&. +.PP +In previous versions, updates on the chunk cache collection were +performed individually (meaning that an entry was deleted and a new +entry was inserted). Starting in MongoDB 7.2, these updates are +performed as a batch of deletions followed by a batch of insertions. +The updated logic improves performance for collections that contain a +large number of chunks. +.PP +The \fBpersistedChunkCacheUpdateMaxBatchSize\f1 parameter specifies the +maximum batch size used for updating the persisted chunk cache. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following example sets \fBpersistedChunkCacheUpdateMaxBatchSize\f1 +to 700 at startup: +.PP +.EX + mongod \-\-setParameter persistedChunkCacheUpdateMaxBatchSize=700 +.EE +.PP +You can also set \fBpersistedChunkCacheUpdateMaxBatchSize\f1 during +runtime: +.PP +.EX + db.adminCommand( { setParameter: 1, persistedChunkCacheUpdateMaxBatchSize: 700 } ) +.EE +.RE +.PP +\fBqueryAnalysisSampleExpirationSecs\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 7 * 24 * 3600 +.PP +Amount of time that a sampled query document exists before +being removed by the TTL monitor, in seconds. Must be greater +than \fB0\f1\&. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +This example sets \fBqueryAnalysisSampleExpirationSecs\f1 to +\fB691200\f1 (\fB8 * 24 * 3600\f1) at startup on a \fBmongod\f1 instance: +.PP +.EX + mongod \-\-setParameter queryAnalysisSampleExpirationSecs=691200 +.EE +.PP +During run time, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, queryAnalysisSampleExpirationSecs: 691200 } ) +.EE +.RE +.PP \fBqueryAnalysisSamplerConfigurationRefreshSecs\f1 .RS .PP @@ -4965,14 +5452,52 @@ This example sets \fBqueryAnalysisWriterIntervalSecs\f1 to .PP .EX mongod \-\-setParameter queryAnalysisWriterIntervalSecs=60 - To set the value to 60 seconds, run the following: .EE .PP +To set the value to 60 seconds, run the following: +.PP .EX db.adminCommand( { setParameter: 1, queryAnalysisWriterIntervalSecs: 60 } ) .EE .RE .PP +\fBqueryAnalysisWriterMaxBatchSize\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 100000 +.PP +Maximum number of sampled queries to write to disk at once. Must be +greater than \fB0\f1 and less than or equal to \fB100000\f1\&. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +This example sets \fBqueryAnalysisWriterMaxBatchSize\f1 to +\fB1000\f1 at startup on a \fBmongod\f1 instance: +.PP +.EX + mongod \-\-setParameter queryAnalysisWriterMaxBatchSize=1000 +.EE +.PP +During run time, you can also set the parameter with the +\fBsetParameter\f1\f1 command: +.PP +.EX + db.adminCommand( { setParameter: 1, queryAnalysisWriterMaxBatchSize: 1000 } ) +.EE +.RE +.PP \fBqueryAnalysisWriterMaxMemoryUsageBytes\f1 .RS .PP @@ -4991,10 +5516,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP This example sets \fBqueryAnalysisWriterMaxMemoryUsageBytes\f1 to @@ -5005,153 +5530,103 @@ This example sets \fBqueryAnalysisWriterMaxMemoryUsageBytes\f1 to .EE .RE .PP -\fBqueryAnalysisWriterMaxBatchSize\f1 +\fBrangeDeleterBatchDelayMS\f1 .RS .PP Available for \fBmongod\f1\f1 only. .PP -\fIType\f1: integer +Type: Non\-negative integer .PP -\fIDefault\f1: 100000 +Default: 20 .PP -Maximum number of sampled queries to write to disk at once. Must be -greater than \fB0\f1 and less than or equal to \fB100000\f1\&. +The amount of time in milliseconds to wait before the next batch of +deletion during the cleanup stage of \fBrange migration\f1\&. +.PP +The \fB_secondaryThrottle replication delay\f1 occurs after each batch deletion. .PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP -This example sets \fBqueryAnalysisWriterMaxBatchSize\f1 to -\fB1000\f1 at startup on a \fBmongod\f1 instance: +The following sets the \fBrangeDeleterBatchDelayMS\f1\f1 to 200 +milliseconds: .PP .EX - mongod \-\-setParameter queryAnalysisWriterMaxBatchSize=1000 + mongod \-\-setParameter rangeDeleterBatchDelayMS=200 .EE .PP -During run time, you can also set the parameter with the -\fBsetParameter\f1\f1 command: +The parameter may also be set using the \fBsetParameter\f1\f1 +command: .PP .EX - db.adminCommand( { setParameter: 1, queryAnalysisWriterMaxBatchSize: 1000 } ) + db.adminCommand( { setParameter: 1, rangeDeleterBatchDelayMS: 200 } ) .EE +.PP +In versions prior to 6.0.3, the new value of \fBrangeDeleterBatchDelayMS\f1\f1 is +only applied to range deletions created after the value is changed. To +apply the new value to existing range deletions, \fBforce a step down\f1\&. +.PP +From 6.0.3 on, the new value of the parameter is applied to all the range deletions processed +after the update, regardless of when the range deletion was created. .RE .PP -\fBqueryAnalysisSampleExpirationSecs\f1 +\fBrangeDeleterBatchSize\f1 .RS .PP Available for \fBmongod\f1\f1 only. .PP -\fIType\f1: integer +Type: Non\-negative integer .PP -\fIDefault\f1: 7 * 24 * 3600 +Default: 2147483647 starting in MongoDB 5.1.2 and 5.0.6 .PP -Amount of time that a sampled query document exists before -being removed by the TTL monitor, in seconds. Must be greater -than \fB0\f1\&. +The maximum number of documents in each batch to delete during the +cleanup stage of \fBrange migration\f1\&. +.PP +A value of \fB0\f1 indicates that the system chooses the default value. .PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP -This example sets \fBqueryAnalysisSampleExpirationSecs\f1 to -\fB691200\f1 (\fB8 * 24 * 3600\f1) at startup on a \fBmongod\f1 instance: +The following example sets \fBrangeDeleterBatchSize\f1\f1 to 32 +documents: .PP .EX - mongod \-\-setParameter queryAnalysisSampleExpirationSecs=691200 + mongod \-\-setParameter rangeDeleterBatchSize=32 .EE .PP -During run time, you can also set the parameter with the -\fBsetParameter\f1\f1 command: +The parameter may also be set using the \fBsetParameter\f1\f1 +command: .PP .EX - db.adminCommand( { setParameter: 1, queryAnalysisSampleExpirationSecs: 691200 } ) + db.adminCommand( { setParameter: 1, rangeDeleterBatchSize: 32 } ) .EE +.PP +In versions prior to 6.0.3, the new value of \fBrangeDeleterBatchSize\f1\f1 is +only applied to range deletions created after the value is changed. To +apply the new value to existing range deletions, \fBforce a step down\f1\&. +.PP +From 6.0.3 on, the new value of the parameter is applied to all the range deletions processed +after the update, regardless of when the range deletion was created. .RE .PP \fBreadHedgingMode\f1 .RS .PP -Available for \fBmongos\f1\f1 only. -.PP -\fIType\f1: string -.PP -\fIDefault\f1: on -.PP -Specifies whether \fBmongos\f1\f1 supports hedged reads for -those read operations whose \fBread preference\f1 have enabled the hedged read option. -.PP -Available values are: -.RS -.IP \(bu 2 -.RS -.IP \(bu 4 -Value -.IP \(bu 4 -Description -.RE -.IP \(bu 2 -.RS -.IP \(bu 4 -\fBon\f1 -.IP \(bu 4 -The \fBmongos\f1\f1 instance supports hedged reads for -read operations whose \fBread preference\f1 have enabled the hedged read option. -.RE -.IP \(bu 2 -.RS -.IP \(bu 4 -\fBoff\f1 -.IP \(bu 4 -The \fBmongos\f1\f1 instance does not support hedged -reads. That is, hedged reads are unavailable, even for read -operations whose read preference have enabled the hedged read -option. -.RE -.RE -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -For example, to turn off hedged read support for a -\fBmongos\f1\f1 instance, you can issue the following during -startup: -.PP -.EX - mongos \-\-setParameter readHedgingMode=off -.EE -.PP -Or if using the \fBsetParameter\f1\f1 command in a -\fBmongosh\f1\f1 session that is connected to a running -\fBmongos\f1\f1: -.PP -.EX - db.adminCommand( { setParameter: 1, readHedgingMode: "off" } ) -.EE -.RS -.IP \(bu 2 -\fBHedged Reads\f1 -.IP \(bu 2 -\fBmaxTimeMSForHedgedReads\f1\f1 -.RE +Starting in MongoDB 8.1, hedged reads are removed and this +parameter has no effect. .RE .PP \fBroutingTableCacheChunkBucketSize\f1 @@ -5177,82 +5652,36 @@ For example, to set the cache chunk bucket size to \fB250\f1 on a .EE .RE .PP -\fBshutdownTimeoutMillisForSignaledShutdown\f1 +\fBshardedIndexConsistencyCheckIntervalMS\f1 .RS .PP Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP -\fIDefault\f1: 15000 +\fIDefault\f1: 600000 .PP -Specifies the time (in milliseconds) to wait for any ongoing database -operations to complete before initiating a shutdown of -\fBmongod\f1\f1 in response to a \fBSIGTERM\f1 signal. +If set on the config server\(aqs primary, the interval, in +milliseconds, at which the config server\(aqs primary checks the index +consistency of sharded collections. The parameter has no effect on +the \fBmongod\f1\f1 if it is not the config server\(aqs primary. .PP -This parameter is available both at runtime and at startup: +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +For example, the following sets the interval at 300000 milliseconds +(5 minutes) at startup: +.PP +.EX + mongod \-\-setParameter shardedIndexConsistencyCheckIntervalMS=300000 +.EE .RS .IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBenableShardedIndexConsistencyCheck\f1\f1 parameter .IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBshardedIndexConsistency\f1\f1 metrics returned by the +\fBserverStatus\f1\f1 command. .RE -.PP -For example, to set the time to 250 milliseconds, you can issue the -following during startup: -.PP -.EX - mongod \-\-setParameter shutdownTimeoutMillisForSignaledShutdown=250 -.EE -.PP -Or if using the \fBsetParameter\f1\f1 command in a -\fBmongosh\f1\f1 session that is connected to a running -\fBmongod\f1\f1: -.PP -.EX - db.adminCommand( { setParameter: 1, shutdownTimeoutMillisForSignaledShutdown: 250 } ) -.EE -.RE -.PP -\fBmongosShutdownTimeoutMillisForSignaledShutdown\f1 -.RS -.PP -Available for \fBmongos\f1\f1 only. -.PP -\fIType\f1: integer -.PP -\fIDefault\f1: 15000 -.PP -Specifies the time (in milliseconds) to wait for any ongoing database -operations to complete before initiating a shutdown of -\fBmongos\f1\f1 in response to a \fBSIGTERM\f1 signal. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -For example, to set the time to 250 milliseconds, you can issue the -following during startup: -.PP -.EX - mongos \-\-setParameter mongosShutdownTimeoutMillisForSignaledShutdown=250 -.EE -.PP -Or if using the \fBsetParameter\f1\f1 command in a -\fBmongosh\f1\f1 session that is connected to a running -\fBmongos\f1\f1: -.PP -.EX - db.adminCommand( { setParameter: 1, mongosShutdownTimeoutMillisForSignaledShutdown: 250 } ) -.EE .RE .PP \fBShardingTaskExecutorPoolHostTimeoutMS\f1 @@ -5279,10 +5708,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets @@ -5325,10 +5754,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets @@ -5369,10 +5798,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets @@ -5431,10 +5860,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP .EX @@ -5478,10 +5907,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets @@ -5544,10 +5973,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP .EX @@ -5586,10 +6015,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets @@ -5630,10 +6059,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets @@ -5694,7 +6123,7 @@ behavior specified for the \fB"matchPrimaryNode"\f1 option. When set for a \fBmongod\f1\f1, the instance follows the behavior specified for the \fB"disabled"\f1 option. .IP -If the +WARNING: If the \fBShardingTaskExecutorPoolReplicaSetMatching\f1\f1 is set to \fB"automatic"\f1, the \fBreplicaSetMatchingStrategy\f1\f1 still @@ -5721,7 +6150,7 @@ another replica set in the sharded cluster (specifically, shard replica set and config servers) is equal to the size of its connection pool to that replica set\(aqs primary. .IP -If multiple shard servers in your topology can experience a +WARNING: If multiple shard servers in your topology can experience a rapid influx of cross\-shard operations, do not set this option on your \fBmongod\f1\f1 instances. .IP @@ -5777,10 +6206,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets the @@ -5799,6 +6228,70 @@ During run time, you can also set the parameter with the .EE .RE .PP +\fBshutdownTimeoutMillisForSignaledShutdown\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 15000 +.PP +Specifies the time (in milliseconds) to wait for any ongoing database +operations to complete before initiating a shutdown of +\fBmongod\f1\f1 in response to a \fBSIGTERM\f1 signal. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +For example, to set the time to 250 milliseconds, you can issue the +following during startup: +.PP +.EX + mongod \-\-setParameter shutdownTimeoutMillisForSignaledShutdown=250 +.EE +.PP +Or if using the \fBsetParameter\f1\f1 command in a +\fBmongosh\f1\f1 session that is connected to a running +\fBmongod\f1\f1: +.PP +.EX + db.adminCommand( { setParameter: 1, shutdownTimeoutMillisForSignaledShutdown: 250 } ) +.EE +.RE +.PP +\fBskipShardingConfigurationChecks\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +Type: boolean +.PP +Default: false +.PP +When \fBtrue\f1, allows for starting a shard member or config server +member as a standalone for maintenance operations. This parameter is +mutually exclusive with the \fB\-\-configsvr\f1\f1 or \fB\-\-shardsvr\f1\f1 options. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +.EX + mongod \-\-setParameter skipShardingConfigurationChecks=true +.EE +.PP +Once maintenance has completed, remove the +\fBskipShardingConfigurationChecks\f1\f1 parameter when +restarting the \fBmongod\f1\f1\&. +.RE +.PP \fBtaskExecutorPoolSize\f1 .RS .PP @@ -5823,20 +6316,16 @@ If the number of cores is greater than 64, the number of Task Executor connection pools is 64. .RE .PP -When running MongoDB 6.2 or newer on Linux, you cannot modify the -\fBtaskExecutorPoolSize\f1\f1 from the default value of \fB1\f1\&. -You may modify this parameter when running MongoDB on Windows or macOS. -.PP The default value of \fBtaskExecutorPoolSize\f1\f1 is \fB1\f1: .PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP .EX @@ -5850,35 +6339,66 @@ To set the parameter at startup, use the .RE .RE .PP -\fBloadRoutingTableOnStartup\f1 +\fBterminateSecondaryReadsOnOrphanCleanup\f1 .RS .PP -Available for \fBmongos\f1\f1 only. +Available for \fBmongod\f1\f1 only. .PP Type: boolean .PP \fIDefault\f1: true .PP -Configures a \fBmongos\f1\f1 instance to preload the routing -table for a sharded cluster on startup. With this setting -enabled, the \fBmongos\f1\f1 caches the cluster\-wide routing -table for each sharded collection as part of its startup procedure, -before it begins accepting client connections. +Controls whether long\-running read operations on secondary nodes +automatically terminate before \fBorphaned document\f1 +deletion following a \fBchunk\f1 migration. .PP -Without this setting enabled, the \fBmongos\f1\f1 only loads -a routing table as needed for incoming client connections, and only -loads the specific routing table for the namespace of a given -request. +In sharded clusters, when a chunk successfully migrates from the source +shard to the destination shard, MongoDB does not immediately remove the +migrated documents from the source shard. Instead, the primary of the +source shard waits for any in\-progress reads involving the namespace +of the migrated chunk to complete, and after that, waits an additional +period controlled by \fBorphanCleanupDelaySecs\f1\f1 (default: 1 hour). +This additional delay allows any long\-running secondary reads to finish +before orphaned documents are deleted from the source shard. .PP -A \fBmongos\f1\f1 instance with the -\fBloadRoutingTableOnStartup\f1\f1 parameter enabled may -experience longer startup times, but will result in faster servicing -of initial client connections once started. +After the orphaned documents are deleted from the source shard, any ongoing +reads running on secondary nodes that started before the chunk migration +may silently miss documents without returning an error unless +\fBterminateSecondaryReadsOnOrphanCleanup\f1 is set to \fBtrue\f1\&. .PP -\fBloadRoutingTableOnStartup\f1\f1 is enabled by default. +When \fBterminateSecondaryReadsOnOrphanCleanup\f1 is set to \fBtrue\f1, read +operations on secondary nodes that began before the chunk migration commit +are automatically terminated before the orphaned documents are +removed from the secondary node. This prevents long\-running secondary reads +from silently missing documents that were moved during migration. .PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. +When set to \fBfalse\f1, read operations on secondary nodes continue executing +even after orphaned documents are deleted. Operations may silently miss documents +without returning an error. This matches the behavior in MongoDB versions before 8.2. +.PP +This behavior only affects read operations that start before the +chunk migration commit. It applies to all read operations on secondaries, +including queries, aggregations, and operations spanning multiple namespaces. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.SS ERROR RESPONSE +.PP +When a read operation terminates due to \fBterminateSecondaryReadsOnOrphanCleanup\f1, +MongoDB returns the following error: +.PP +.EX + {code: 175, name: QueryPlanKilled, categories: [CursorInvalidatedError], errmsg: "Read has been invalidated due to an orphan cleanup"} +.EE +.PP +This error is not retryable by design. .RE .PP \fBwarmMinConnectionsInShardingTaskExecutorPoolOnStartup\f1 @@ -5946,382 +6466,6 @@ parameter, use the \fBsetParameter\f1\f1 setting. \fBShardingTaskExecutorPoolMinSize\f1\f1 .RE .RE -.PP -\fBmigrateCloneInsertionBatchDelayMS\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -Type: Non\-negative integer -.PP -Default: 0 -.PP -Time in milliseconds to wait between batches of insertions during -cloning step of the migration process. This wait is in addition to -the \fBsecondaryThrottle\f1\&. -.PP -The default value of \fB0\f1 indicates no additional wait. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following sets the \fBmigrateCloneInsertionBatchDelayMS\f1\f1 to 200 -milliseconds: -.PP -.EX - mongod \-\-setParameter migrateCloneInsertionBatchDelayMS=200 -.EE -.PP -The parameter may also be set using the \fBsetParameter\f1\f1 -command: -.PP -.EX - db.adminCommand( { setParameter: 1, migrateCloneInsertionBatchDelayMS: 200 } ) -.EE -.RE -.PP -\fBmigrateCloneInsertionBatchSize\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -Type: Non\-negative integer -.PP -Default: 0 -.PP -The maximum number of documents to insert in a single batch during -the cloning step of the migration process. -.PP -The default value of \fB0\f1 indicates no maximum number of documents -per batch. However, in practice, this results in batches that -contain up to 16 MB of documents. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following sets the \fBmigrateCloneInsertionBatchSize\f1\f1 to 100 -documents: -.PP -.EX - mongod \-\-setParameter migrateCloneInsertionBatchSize=100 -.EE -.PP -The parameter may also be set using the \fBsetParameter\f1\f1 -command: -.PP -.EX - db.adminCommand( { setParameter: 1, migrateCloneInsertionBatchSize: 100 } ) -.EE -.RE -.PP -\fBorphanCleanupDelaySecs\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -Default: 900 (15 minutes) -.PP -Minimum delay before a migrated \fBchunk\f1 is deleted from the source -shard. -.PP -Before deleting the chunk during chunk migration, MongoDB waits for -\fBorphanCleanupDelaySecs\f1\f1 or for in\-progress queries -involving the chunk to complete on the shard primary, whichever is -longer. -.PP -However, because the shard primary has no knowledge of in\-progress queries -run on the shard secondaries, queries that use the chunk but are run on -secondaries may see documents disappear if these queries take longer than -the time to complete the shard primary queries and the -\fBorphanCleanupDelaySecs\f1\f1\&. -.PP -This behavior only affects in\-progress queries that start before the -chunk migration. Queries that start after the chunk migration starts -will not use the migrating chunk. -.PP -If a shard has storage constraints, consider reducing this value -temporarily. If running queries that exceed 15 minutes on shard -secondaries, consider increasing this value. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following sets the \fBorphanCleanupDelaySecs\f1\f1 to 20 minutes: -.PP -.EX - mongod \-\-setParameter orphanCleanupDelaySecs=1200 -.EE -.PP -This may also be set using the \fBsetParameter\f1\f1 command: -.PP -.EX - db.adminCommand( { setParameter: 1, orphanCleanupDelaySecs: 1200 } ) -.EE -.PP -In all versions, the new value of \fBorphanCleanupDelaySecs\f1\f1 is -only applied to range deletions created after the value is changed. To -apply the new value to existing range deletions, \fBforce a step down\f1\&. -.RE -.PP -\fBpersistedChunkCacheUpdateMaxBatchSize\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -Type: Integer -.PP -Default: 1000 -.PP -To route and serve operations, shards must know the routing and -ownership information associated with their collections. This -information propogates from a shard\(aqs primary node to its -secondary nodes through the replication of the internal cache -collections \fBconfig.cache.collections\f1 and -\fBconfig.cache.chunks.\f1\&. -.PP -In previous versions, updates on the chunk cache collection were -performed individually (meaning that an entry was deleted and a new -entry was inserted). Starting in MongoDB 7.2, these updates are -performed as a batch of deletions followed by a batch of insertions. -The updated logic improves performance for collections that contain a -large number of chunks. -.PP -The \fBpersistedChunkCacheUpdateMaxBatchSize\f1 parameter specifies the -maximum batch size used for updating the persisted chunk cache. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets \fBpersistedChunkCacheUpdateMaxBatchSize\f1 -to 700 at startup: -.PP -.EX - mongod \-\-setParameter persistedChunkCacheUpdateMaxBatchSize=700 -.EE -.PP -You can also set \fBpersistedChunkCacheUpdateMaxBatchSize\f1 during -runtime: -.PP -.EX - db.adminCommand( { setParameter: 1, persistedChunkCacheUpdateMaxBatchSize: 700 } ) -.EE -.RE -.PP -\fBrangeDeleterBatchDelayMS\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -Type: Non\-negative integer -.PP -Default: 20 -.PP -The amount of time in milliseconds to wait before the next batch of -deletion during the cleanup stage of \fBrange migration\f1 (or the \fBcleanupOrphaned\f1\f1 -command). -.PP -The \fB_secondaryThrottle replication delay\f1 occurs after each batch deletion. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following sets the \fBrangeDeleterBatchDelayMS\f1\f1 to 200 -milliseconds: -.PP -.EX - mongod \-\-setParameter rangeDeleterBatchDelayMS=200 -.EE -.PP -The parameter may also be set using the \fBsetParameter\f1\f1 -command: -.PP -.EX - db.adminCommand( { setParameter: 1, rangeDeleterBatchDelayMS: 200 } ) -.EE -.PP -In versions prior to 6.0.3, the new value of \fBrangeDeleterBatchDelayMS\f1\f1 is -only applied to range deletions created after the value is changed. To -apply the new value to existing range deletions, \fBforce a step down\f1\&. -.PP -From 6.0.3 on, the new value of the parameter is applied to all the range deletions processed -after the update, regardless of when the range deletion was created. -.RE -.PP -\fBrangeDeleterBatchSize\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -Type: Non\-negative integer -.PP -Default: 2147483647 starting in MongoDB 5.1.2 and 5.0.6 -.PP -The maximum number of documents in each batch to delete during the -cleanup stage of \fBrange migration\f1 -(or the \fBcleanupOrphaned\f1\f1 command). -.PP -A value of \fB0\f1 indicates that the system chooses the default value. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets \fBrangeDeleterBatchSize\f1\f1 to 32 -documents: -.PP -.EX - mongod \-\-setParameter rangeDeleterBatchSize=32 -.EE -.PP -The parameter may also be set using the \fBsetParameter\f1\f1 -command: -.PP -.EX - db.adminCommand( { setParameter: 1, rangeDeleterBatchSize: 32 } ) -.EE -.PP -In versions prior to 6.0.3, the new value of \fBrangeDeleterBatchSize\f1\f1 is -only applied to range deletions created after the value is changed. To -apply the new value to existing range deletions, \fBforce a step down\f1\&. -.PP -From 6.0.3 on, the new value of the parameter is applied to all the range deletions processed -after the update, regardless of when the range deletion was created. -.RE -.PP -\fBrangeDeleterHighPriority\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -Type: boolean -.PP -Default: false -.PP -When \fBtrue\f1, prioritizes cleanup of \fBorphaned documents\f1 over user operations. By default, this is set to -\fBfalse\f1 to prioritize user operations over cleanup of orphaned -documents. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -The following example sets \fBrangeDeleterHighPriority\f1\f1 to -\fBtrue\f1: -.PP -.EX - mongod \-\-setParameter rangeDeleterHighPriority=true -.EE -.PP -The parameter may also be set using the \fBsetParameter\f1\f1 -command: -.PP -.EX - db.adminCommand( { setParameter: 1, rangeDeleterBatchSize: true } ) -.EE -.RE -.PP -\fBskipShardingConfigurationChecks\f1 -.RS -.PP -Available for \fBmongod\f1\f1 only. -.PP -Type: boolean -.PP -Default: false -.PP -When \fBtrue\f1, allows for starting a shard member or config server -member as a standalone for maintenance operations. This parameter is -mutually exclusive with the \fB\-\-configsvr\f1\f1 or \fB\-\-shardsvr\f1\f1 options. -.PP -This parameter is only available at startup. To set the -parameter, use the \fBsetParameter\f1\f1 setting. -.PP -.EX - mongod \-\-setParameter skipShardingConfigurationChecks=true -.EE -.PP -Once maintenance has completed, remove the -\fBskipShardingConfigurationChecks\f1\f1 parameter when -restarting the \fBmongod\f1\f1\&. -.RE -.PP -\fBfindChunksOnConfigTimeoutMS\f1 -.RS -.PP -Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. -.PP -Type: Non\-negative integer -.PP -Default: 900000 -.PP -The timeout in milliseconds for find operations on -\fBchunks\f1\f1\&. -.PP -If there is a large number of chunks in the cluster and chunk loading -fails with the error \fBExceededTimeLimit\f1, increase the parameter -value: -.PP -.EX - mongod \-\-setParameter findChunksOnConfigTimeoutMS=1000000 -.EE -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.RE .SS HEALTH MANAGER PARAMETERS .PP \fBactiveFaultDurationSecs\f1 @@ -6342,10 +6486,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP For example, to set the duration from failure to crash to five @@ -6394,10 +6538,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP \fBhealthMonitoringIntensities\f1 accepts an array of documents, @@ -6524,10 +6668,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP \fBhealthMonitoringIntervals\f1 accepts an array of documents, @@ -6621,10 +6765,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .SS PROGRESSMONITOR FIELDS .RS @@ -6692,6 +6836,29 @@ in your \fBmongos config file\f1 using the .RE .SS STORAGE PARAMETERS .PP +\fBenableAutoCompaction\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +\fIType\f1: boolean +.PP +\fIDefault\f1: false +.PP +Specifies whether the instance runs automatic background +\fBcompaction\f1\&. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.PP +The following example enables automatic background compaction on +the instance: +.PP +.EX + mongod \-\-setParameter "enableAutoCompaction=true" +.EE +.RE +.PP \fBhonorSystemUmask\f1 .RS .PP @@ -6733,10 +6900,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP Consider the following example which sets the @@ -6763,14 +6930,23 @@ the snapshot history. If you query data using read concern \fBminSnapshotHistoryWindowInSeconds\f1, \fBmongod\f1\f1 returns a \fBSnapshotTooOld\f1 error. .PP +In sharded clusters, changing the default \fBminSnapshotHistoryWindowInSeconds\f1 +value on \fBconfig server\f1 nodes may cause +internal operations to fail. +.PP +Do not set \fBminSnapshotHistoryWindowInSeconds\f1 to \fB0\f1 on config server +nodes. Setting this parameter to \fB0\f1 causes internal operations conducting +\fBsnapshot\f1 reads targeting the config server with a specified +\fBatClusterTime\f1 to fail. +.PP This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP Specify an integer greater than or equal to (\fB>=\f1) 0. @@ -6827,40 +7003,22 @@ Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP -\fIDefault\f1: 128 +Specifies the maximum number of concurrent read transactions (read tickets) +allowed into the storage engine. +.PP +Starting in version 7.0, MongoDB dynamically adjusts the number of +tickets to optimize performance, with a highest possible value of 128. +.PP +Modifying this value can cause performance issues or errors. To +determine if disabling the dynamic concurrent storage engine +transactions algorithm is optimal for the cluster, contact +MongoDB Support (https://www.mongodb.com/docs/manual/support/)\&. .PP Starting in MongoDB 7.0, this parameter is available for all storage engines. In earlier versions, this parameter is available for the WiredTiger storage engine only. .PP -Specify the maximum number of concurrent read transactions (read tickets) -allowed into the storage engine. -.PP -If you use the default value, MongoDB dynamically adjusts the number of tickets -to optimize performance, with a highest possible value of 128. -.PP -Starting in MongoDB 7.0, if you set \fBstorageEngineConcurrentReadTransactions\f1 to a non\-default value, it -disables an algorithm that dynamically adjusts the number of concurrent storage -engine transactions. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -.EX - db.adminCommand( { setParameter: 1, storageEngineConcurrentReadTransactions: } ) -.EE -.PP -The \fBwiredTigerConcurrentReadTransactions\f1 parameter was renamed to -\fBstorageEngineConcurrentReadTransactions\f1\&. -.PP -\fBwiredTiger.concurrentTransactions\f1\f1 +\fBqueues.execution\f1\f1 .RE .PP \fBstorageEngineConcurrentWriteTransactions\f1 @@ -6870,47 +7028,22 @@ Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP +Specifies the maximum number of concurrent write transactions allowed +into the WiredTiger storage engine. +.PP +Starting in version 7.0, MongoDB dynamically adjusts the number of +tickets to optimize performance, with a highest possible value of 128. +.PP +Modifying this value can cause performance issues or errors. To +determine if disabling the dynamic concurrent storage engine +transactions algorithm is optimal for the cluster, contact +MongoDB Support (https://www.mongodb.com/docs/manual/support/)\&. +.PP Starting in MongoDB 7.0, this parameter is available for all storage engines. In earlier versions, this parameter is available for the WiredTiger storage engine only. .PP -Specify the maximum number of concurrent write transactions allowed -into the WiredTiger storage engine. -.PP -By default, MongoDB sets \fBstorageEngineConcurrentWriteTransactions\f1 to -whichever value is higher: -.RS -.IP \(bu 2 -Number of cores on the machine running MongoDB -.IP \(bu 2 -4 -.RE -.PP -If you use the default value, MongoDB dynamically adjusts the number of tickets -to optimize performance, with a highest possible value of 128. -.PP -Starting in MongoDB 7.0, if you set \fBstorageEngineConcurrentWriteTransactions\f1 to a non\-default value, it -disables an algorithm that dynamically adjusts the number of concurrent storage -engine transactions. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -.EX - db.adminCommand( { setParameter: 1, storageEngineConcurrentWriteTransactions: } ) -.EE -.PP -The \fBwiredTigerConcurrentWriteTransactions\f1 parameter was renamed to -\fBstorageEngineConcurrentWriteTransactions\f1\&. -.PP -\fBwiredTiger.concurrentTransactions\f1\f1 +\fBqueues.execution\f1\f1 .RE .PP \fBsyncdelay\f1 @@ -6918,6 +7051,8 @@ The \fBwiredTigerConcurrentWriteTransactions\f1 parameter was renamed to .PP Available for \fBmongod\f1\f1 only. .PP +\fIDefault\f1: 60 +.PP Specify the interval in seconds when \fBmongod\f1\f1 flushes its working memory to disk. By default, \fBmongod\f1\f1 flushes memory to disk every 60 @@ -6928,10 +7063,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP Consider the following example which sets the \fBsyncdelay\f1 to @@ -6957,6 +7092,8 @@ details, see \fBJournaling and the WiredTiger Storage Engine\f1\&. .PP Available for \fBmongod\f1\f1 only. .PP +\fIDefault\f1: 1000 +.PP Specifies the initial delay before retying a write operation that was rolled back due to cache pressure. .PP @@ -7001,10 +7138,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP To set a new value, use \fBdb.adminCommand()\f1\f1: @@ -7019,6 +7156,8 @@ To set a new value, use \fBdb.adminCommand()\f1\f1: .PP Available for \fBmongod\f1\f1 only. .PP +\fIDefault\f1: 10 +.PP Specifies the maximum number of retries when a write operation is rolled back due to cache pressure. .PP @@ -7049,7 +7188,7 @@ Description .IP \(bu 4 \fBinteger >= 0\f1 .IP \(bu 4 -Defaults to 10. The maximum number of retries. +The maximum number of retries. .IP There is an increasing delay between retries. To configure the backoff time, use @@ -7061,10 +7200,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP To set a new value, use \fBdb.adminCommand()\f1\f1: @@ -7073,6 +7212,50 @@ To set a new value, use \fBdb.adminCommand()\f1\f1: db.adminCommand( { setParameter: 1, temporarilyUnavailableMaxRetries: 5 } ) .EE .RE +.PP +\fBupsertMaxRetryAttemptsOnDuplicateKeyError\f1 +.RS +.PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP +Maximum number of retry attempts when an \fBupsert\f1 operation +encounters a duplicate key error. +.PP +\fIType\f1: Integer +.PP +\fIDefault\f1: 100 +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +Starting in MongoDB 8.1, if an \fBupsert\f1 operation runs in a multidocument +transaction, then the \fBupsert\f1 does not retry when it encounters a duplicate key error. +.PP +The following example sets the maximum number of times the server +retries an \fBupsert\f1 operation when encountering a duplicate key +error to \fB50\f1\&. +.PP +.EX + mongod \-\-setParameter "upsertMaxRetryAttemptsOnDuplicateKeyError=50" +.EE +.PP +During run time, you can also set the parameter with the +\fBsetParameter\f1 command: +.PP +.EX + db.adminCommand( { + setParameter: 1, + upsertMaxRetryAttemptsOnDuplicateKeyError: 50 + } ) +.EE +.RE .SS WIREDTIGER PARAMETERS .PP \fBwiredTigerConcurrentReadTransactions\f1 @@ -7082,37 +7265,23 @@ Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP -\fIDefault\f1: 128 +Specifies the maximum number of concurrent read transactions (read tickets) +allowed into the storage engine. +.PP +Starting in version 7.0, MongoDB dynamically adjusts the number of +tickets to optimize performance, with a highest possible value of 128. +.PP +Modifying this value can cause performance issues or errors. To +determine if disabling the dynamic concurrent storage engine +transactions algorithm is optimal for the cluster, contact +MongoDB Support (https://www.mongodb.com/docs/manual/support/)\&. .PP Starting in MongoDB 7.0, this parameter is available for all storage engines. In earlier versions, this parameter is available for the WiredTiger storage engine only. .PP -Specify the maximum number of concurrent read transactions (read tickets) -allowed into the storage engine. -.PP -If you use the default value, MongoDB dynamically adjusts the number of tickets -to optimize performance, with a highest possible value of 128. -.PP -Starting in MongoDB 7.0, if you set \fBwiredTigerConcurrentReadTransactions\f1 to a non\-default value, it -disables an algorithm that dynamically adjusts the number of concurrent storage -engine transactions. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -.EX - db.adminCommand( { setParameter: 1, wiredTigerConcurrentReadTransactions: } ) -.EE -.PP -\fBwiredTiger.concurrentTransactions\f1\f1 +The \fBwiredTigerConcurrentReadTransactions\f1 parameter was renamed to +\fBstorageEngineConcurrentReadTransactions\f1\f1\&. .RE .PP \fBwiredTigerConcurrentWriteTransactions\f1 @@ -7122,44 +7291,23 @@ Available for \fBmongod\f1\f1 only. .PP \fIType\f1: integer .PP +Specifies the maximum number of concurrent write transactions allowed +into the WiredTiger storage engine. +.PP +Starting in version 7.0, MongoDB dynamically adjusts the number of +tickets to optimize performance, with a highest possible value of 128. +.PP +Modifying this value can cause performance issues or errors. To +determine if disabling the dynamic concurrent storage engine +transactions algorithm is optimal for the cluster, contact +MongoDB Support (https://www.mongodb.com/docs/manual/support/)\&. +.PP Starting in MongoDB 7.0, this parameter is available for all storage engines. In earlier versions, this parameter is available for the WiredTiger storage engine only. .PP -Specify the maximum number of concurrent write transactions allowed -into the WiredTiger storage engine. -.PP -By default, MongoDB sets \fBwiredTigerConcurrentWriteTransactions\f1 to -whichever value is higher: -.RS -.IP \(bu 2 -Number of cores on the machine running MongoDB -.IP \(bu 2 -4 -.RE -.PP -If you use the default value, MongoDB dynamically adjusts the number of tickets -to optimize performance, with a highest possible value of 128. -.PP -Starting in MongoDB 7.0, if you set \fBwiredTigerConcurrentWriteTransactions\f1 to a non\-default value, it -disables an algorithm that dynamically adjusts the number of concurrent storage -engine transactions. -.PP -This parameter is available both at runtime and at startup: -.RS -.IP \(bu 2 -To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command -.IP \(bu 2 -To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting -.RE -.PP -.EX - db.adminCommand( { setParameter: 1, wiredTigerConcurrentWriteTransactions: } ) -.EE -.PP -\fBwiredTiger.concurrentTransactions\f1\f1 +The \fBwiredTigerConcurrentWriteTransactions\f1 parameter was renamed to +\fBstorageEngineConcurrentWriteTransactions\f1\f1\&. .RE .PP \fBwiredTigerEngineRuntimeConfig\f1 @@ -7202,6 +7350,14 @@ can remain idle before being closed. If you set \fBwiredTigerFileHandleCloseIdleTime\f1 to \fB0\f1, idle handles are not closed. .PP +This parameter is case sensitive. If you capitalize the \fBw\f1 in +\fBwiredTigerFileHandleCloseIdleTime\f1 and run the parameter, the operation +returns the following error message: +.PP +.EX + { "code":2,"codeName":"BadValue","errmsg":"Unknown \-\-setParameter \(aqWiredTigerFileHandleCloseIdleTime\(aq" } +.EE +.PP This parameter is only available at startup. To set the parameter, use the \fBsetParameter\f1\f1 setting. .PP @@ -7212,6 +7368,21 @@ For example: .EE .RE .PP +\fBwiredTigerSessionMax\f1 +.RS +.PP +\fIType\f1: 32\-bit integer +.PP +\fIDefault:\f1 33000 +.PP +Available for \fBmongod\f1\f1 only. +.PP +Maximum number of sessions allowed by WiredTiger. +.PP +This parameter is only available at startup. To set the +parameter, use the \fBsetParameter\f1\f1 setting. +.RE +.PP See the WiredTiger documentation for all available WiredTiger configuration options (http://source.wiredtiger.com/mongodb\-5.0/struct_w_t___c_o_n_n_e_c_t_i_o_n.html#)\&. .SS AUDITING PARAMETERS @@ -7240,10 +7411,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP To enable the audit of authorization successes, issue the following @@ -7267,6 +7438,8 @@ file. The server will fail to start if the parameter is present. \fBauditConfigPollingFrequencySecs\f1 .RS .PP +Available for both \fBmongod\f1\f1 and \fBmongos\f1\f1\&. +.PP \fIType\f1: integer .PP \fIDefault\f1: 300 @@ -7342,6 +7515,52 @@ The following example sets .RE .SS TRANSACTION PARAMETERS .PP +\fBAbortExpiredTransactionsSessionCheckoutTimeout\f1 +.RS +.PP +Available for \fBmongod\f1\f1 only. +.PP +\fIType\f1: integer +.PP +\fIDefault\f1: 100 milliseconds +.PP +A session is checked out from a session pool to run database operations. +.PP +\fBAbortExpiredTransactionsSessionCheckoutTimeout\f1\f1 sets the +maximum number of milliseconds for a session to be checked out when +attempting to end an expired transaction. +.PP +If the expired transaction is successfully ended, MongoDB increments +\fBmetrics.abortExpiredTransactions.successfulKills\f1\f1\&. If the +transaction isn\(aqt successfully ended because it timed out when +attempting to check out a session, MongoDB increments +\fBmetrics.abortExpiredTransactions.timedOutKills\f1\f1\&. +.PP +This parameter is available both at runtime and at startup: +.RS +.IP \(bu 2 +To set the parameter at runtime, use the +\fBsetParameter\f1\f1 command. +.IP \(bu 2 +To set the parameter at startup, use the +\fBsetParameter\f1\f1 setting. +.RE +.PP +The following example sets +\fBAbortExpiredTransactionsSessionCheckoutTimeout\f1 to \fB120\f1 +milliseconds: +.PP +.EX + db.adminCommand( { setParameter: 1, AbortExpiredTransactionsSessionCheckoutTimeout: 120 } ) +.EE +.PP +You can also set this parameter during startup. For example: +.PP +.EX + mongod \-\-setParameter AbortExpiredTransactionsSessionCheckoutTimeout=120 +.EE +.RE +.PP \fBcoordinateCommitReturnImmediatelyAfterPersistingDecision\f1 .RS .PP @@ -7388,10 +7607,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets @@ -7435,10 +7654,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following example sets \fBinternalSessionsReapThreshold\f1\f1 @@ -7478,10 +7697,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following sets the @@ -7548,10 +7767,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP For more information on WiredTiger storage, see: @@ -7601,10 +7820,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following sets the @@ -7648,7 +7867,7 @@ The exact amount of data to allocate for the plan cache in either \fBMB\f1 or \fBGB\f1\&. For example, \fB"100MB"\f1 or \fB"1GB"\f1\&. .RE .PP -Increasing the plan cache size adds more cached query shapes for the +Increasing the plan cache size adds more cached \fBplan cache query shapes\f1 for the \fBquery planner\f1\&. This can improve query performance, but increases memory usage. .PP @@ -7656,10 +7875,10 @@ This parameter is available both at runtime and at startup: .RS .IP \(bu 2 To set the parameter at runtime, use the -\fBsetParameter\f1\f1 command +\fBsetParameter\f1\f1 command. .IP \(bu 2 To set the parameter at startup, use the -\fBsetParameter\f1\f1 setting +\fBsetParameter\f1\f1 setting. .RE .PP The following startup command sets \fBplanCacheSize\f1\f1 to 80 diff --git a/debian/mongokerberos.1 b/debian/mongokerberos.1 index 6e85b4888ba..f137b4829c1 100644 --- a/debian/mongokerberos.1 +++ b/debian/mongokerberos.1 @@ -69,9 +69,9 @@ documentation. For configuring MongoDB to authenticate using Kerberos, please reference the following tutorials: .RS .IP \(bu 2 -\fBConfigure MongoDB with Kerberos Authentication on Linux\f1 +\fBConfigure Self\-Managed MongoDB with Kerberos Authentication on Linux\f1 .IP \(bu 2 -\fBConfigure MongoDB with Kerberos Authentication on Windows\f1\&. +\fBConfigure Self\-Managed MongoDB with Kerberos Authentication on Windows\f1\&. .RE .PP This document provides a complete overview of all command line options @@ -327,7 +327,7 @@ output. .PP Specifies a configuration file for runtime configuration options. The options are equivalent to the command\-line -configuration options. See \fBConfiguration File Options\f1 for +configuration options. See \fBSelf\-Managed Configuration File Options\f1 for more information. .PP \fBmongokerberos\f1\f1 will read the values for diff --git a/debian/mongoldap.1 b/debian/mongoldap.1 index 9f230c4f73b..589e4c11755 100644 --- a/debian/mongoldap.1 +++ b/debian/mongoldap.1 @@ -1,6 +1,13 @@ .TH mongoldap 1 .SH MONGOLDAP \fIMongoDB Enterprise\f1 +.PP +Starting in MongoDB 8.0, LDAP authentication and authorization is +deprecated. LDAP is available and will continue to operate without +changes throughout the lifetime of MongoDB 8. LDAP will be removed in a +future major release. +.PP +For details, see \fBLDAP Deprecation\f1\&. .SH SYNOPSIS .PP MongoDB Enterprise provides @@ -196,11 +203,11 @@ If your connection string specifies \fB"srv_raw:"\f1, .PP Specifies a configuration file for runtime configuration options. The options are equivalent to the command\-line -configuration options. See \fBConfiguration File Options\f1 for +configuration options. See \fBSelf\-Managed Configuration File Options\f1 for more information. .PP -\fBmongoldap\f1\f1 uses any configuration options related to \fBLDAP Proxy Authentication\f1 -or \fBLDAP Authorization\f1 for testing LDAP authentication or +\fBmongoldap\f1\f1 uses any configuration options related to \fBSelf\-Managed LDAP Proxy Authentication\f1 +or \fBLDAP Authorization on Self\-Managed Deployments\f1 for testing LDAP authentication or authorization. .PP Requires specifying \fB\-\-user\f1\f1\&. May accept \fB\-\-password\f1\f1 for @@ -377,7 +384,7 @@ libraries by default. Defer to the documentation associated with each SASL mechanism for guidance on installation and configuration. .PP If using the \fBGSSAPI\f1 SASL mechanism for use with -\fBKerberos Authentication\f1, verify the following for the +\fBKerberos Authentication on Self\-Managed Deployments\f1, verify the following for the \fBmongoldap\f1\f1 host machine: .PP \fBLinux\f1\f1 @@ -492,7 +499,7 @@ authenticate to MongoDB with usernames that are not full LDAP DNs. Using an \fBLDAP authorization query template\f1\f1 that requires a DN. .IP \(bu 2 Transforming the usernames of clients authenticating to Mongo DB using -different authentication mechanisms (e.g. x.509, kerberos) to a full LDAP +different authentication mechanisms (e.g. X.509, kerberos) to a full LDAP DN for authorization. .RE .PP diff --git a/debian/mongos.1 b/debian/mongos.1 index 243e1e9352e..fa6e9537548 100644 --- a/debian/mongos.1 +++ b/debian/mongos.1 @@ -1,5 +1,5 @@ .TH mongos 1 -.SH MONGOS +.SH MONGOS INSTANCES .SH SYNOPSIS For a \fBsharded cluster\f1, the \fBmongos\f1 instances provide the interface between the client applications and the @@ -16,12 +16,12 @@ MongoDB disables support for TLS 1.0 encryption on systems where TLS 1.1+ is available. .IP \(bu 2 The \fBmongos\f1\f1 binary cannot connect to \fBmongod\f1\f1 -instances whose \fBfeature compatibility version (fCV)\f1 is greater +instances whose \fBfeature compatibility version (FCV)\f1 is greater than that of the \fBmongos\f1\f1\&. For example, you cannot connect -a MongoDB 5.0 version \fBmongos\f1\f1 to a 7.0 -sharded cluster with \fBfCV\f1 set to 7.0\&. You +a MongoDB 5.0 version \fBmongos\f1\f1 to a 8.0 +sharded cluster with \fBFCV\f1 set to 8.0\&. You can, however, connect a MongoDB 5.0 version -\fBmongos\f1\f1 to a 7.0 sharded cluster with \fBfCV\f1 set to 5.0\&. +\fBmongos\f1\f1 to a 8.0 sharded cluster with \fBFCV\f1 set to 5.0\&. .IP \(bu 2 \fBmongod\f1\f1 includes a \fBFull Time Diagnostic Data Capture\f1 mechanism to assist MongoDB engineers with troubleshooting deployments. If this thread fails, it terminates the originating process. @@ -32,7 +32,7 @@ directory. For \fBmongod\f1 the directory is within .RE .SH OPTIONS .PP -\fBConfiguration File Settings and Command\-Line Options Mapping\f1 +\fBSelf\-Managed Configuration File Settings and Command\-Line Options Mapping\f1 .RS .IP \(bu 2 MongoDB deprecates the SSL options and instead adds new @@ -66,7 +66,7 @@ Returns the \fBmongos\f1 release number. Specifies a configuration file for runtime configuration options. The configuration file is the preferred method for runtime configuration of \fBmongos\f1\&. The options are equivalent to the command\-line -configuration options. See \fBConfiguration File Options\f1 for +configuration options. See \fBSelf\-Managed Configuration File Options\f1 for more information. .PP Ensure the configuration file uses ASCII encoding. The \fBmongos\f1 @@ -124,7 +124,7 @@ list, for example: \fBrest, exec\f1\&. If the configuration file contains expansion directives not specified to \fB\-\-configExpand\f1\f1, the \fBmongos\f1 returns an error and terminates. .PP -See \fBExternally Sourced Configuration File Values\f1 for configuration files +See \fBExternally Sourced Configuration File Values for Self\-Managed Deployments\f1 for configuration files for more information on expansion directives. .RE .PP @@ -204,12 +204,12 @@ configured with an IP address fail startup validation and do not start. Before you bind your instance to a publicly\-accessible IP address, you must secure your cluster from unauthorized access. For a complete list of security recommendations, see -\fBSecurity Checklist\f1\&. At minimum, consider +\fBSecurity Checklist for Self\-Managed Deployments\f1\&. At minimum, consider \fBenabling authentication\f1 and \fBhardening network infrastructure\f1\&. .PP For more information about IP Binding, refer to the -\fBIP Binding\f1 documentation. +\fBIP Binding in Self\-Managed Deployments\f1 documentation. .PP To bind to all IPv4 addresses, enter \fB0.0.0.0\f1\&. .PP @@ -241,12 +241,12 @@ addresses (i.e. \fB0.0.0.0\f1). If \fBmongos\f1 starts with Before you bind your instance to a publicly\-accessible IP address, you must secure your cluster from unauthorized access. For a complete list of security recommendations, see -\fBSecurity Checklist\f1\&. At minimum, consider +\fBSecurity Checklist for Self\-Managed Deployments\f1\&. At minimum, consider \fBenabling authentication\f1 and \fBhardening network infrastructure\f1\&. .PP For more information about IP Binding, refer to the -\fBIP Binding\f1 documentation. +\fBIP Binding in Self\-Managed Deployments\f1 documentation. .PP Alternatively, you can set the \fB\-\-bind_ip\f1 option to \fB::,0.0.0.0\f1 or to an asterisk \fB"*"\f1 (enclose the asterisk in quotes to avoid filename @@ -259,7 +259,7 @@ is, you can specify one or the other, but not both. \fBmongos \-\-listenBacklog\f1 .RS .PP -\fIDefault\f1: Target system specific maximum value +\fIDefault\f1: Target system \fBSOMAXCONN\f1 constant .PP The maximum number of connections that can exist in the listen queue. @@ -272,30 +272,21 @@ To prevent undefined behavior, specify a value for this parameter between \fB1\f1 and the local system \fBSOMAXCONN\f1 constant. .PP -The default value for the \fBlistenBacklog\f1 parameter depends on the target -system. On Linux, \fB/proc/sys/net/core/somaxconn\f1 is used. On all other -target systems, the compile time constant \fBSOMAXCONN\f1 is used. -\fBSOMAXCONN\f1 is the maximum valid value that is documented for -the \fIbacklog\f1 parameter to the \fIlisten\f1 system call. +The default value for the \fBlistenBacklog\f1 parameter depends on the +target system. On Linux, MongoDB uses \fB/proc/sys/net/core/somaxconn\f1\&. +On all other target systems, MongoDB uses the compile time constant +\fBSOMAXCONN\f1\&. .PP Some systems may interpret \fBSOMAXCONN\f1 symbolically, and others numerically. The actual \fIlisten backlog\f1 applied in practice may differ from any numeric interpretation of the \fBSOMAXCONN\f1 constant -or argument to \fB\-\-listenBacklog\f1, and may also be constrained by -system settings like \fB/proc/sys/net/core/somaxconn\f1 on Linux. +or argument to \fB\-\-listenBacklog\f1\&. .PP Passing a value for the \fBlistenBacklog\f1 parameter that exceeds the \fBSOMAXCONN\f1 constant for the local system is, by the letter of the standards, undefined behavior. Higher values may be silently integer truncated, may be ignored, may cause unexpected resource consumption, or have other adverse consequences. -.PP -On systems with workloads that exhibit connection spikes, for which -it is empirically known that the local system can honor higher -values for the \fIbacklog\f1 parameter than the \fBSOMAXCONN\f1 constant, -setting the \fBlistenBacklog\f1 parameter to a higher value may reduce -operation latency as observed by the client by reducing the number -of connections which are forced into a backoff state. .RE .PP \fBmongos \-\-maxConns\f1 @@ -316,7 +307,7 @@ In this case, set \fBmaxIncomingConnections\f1\f1 to a value slightly higher than the maximum number of connections that the client creates, or the maximum size of the connection pool. .PP -This setting prevents the \fBmongos\f1\f1 from causing connection spikes on +This setting prevents the \fBmongos\f1 from causing connection spikes on the individual \fBshards\f1\&. Spikes like these may disrupt the operation and memory allocation of the \fBsharded cluster\f1\&. .RE @@ -493,7 +484,7 @@ Installation Guide for your operating system. Specifies the path to a key file that stores the shared secret that MongoDB instances use to authenticate to each other in a \fBsharded cluster\f1 or \fBreplica set\f1\&. \fB\-\-keyFile\f1\f1 implies -\fBclient authorization\f1\&. See \fBInternal/Membership Authentication\f1 for more +\fBclient authorization\f1\&. See \fBSelf\-Managed Internal/Membership Authentication\f1 for more information. .PP \fBKeyfiles for internal membership authentication\f1 use YAML format to allow for multiple keys in a @@ -513,7 +504,7 @@ keyfiles that use the text file format. .RS .PP Specifies one of the MongoDB parameters described in -\fBMongoDB Server Parameters\f1\&. You can specify multiple \fBsetParameter\f1 +\fBMongoDB Server Parameters for a Self\-Managed Deployment\f1\&. You can specify multiple \fBsetParameter\f1 fields. .RE .PP @@ -545,7 +536,8 @@ always listens on the UNIX socket unless one of the following is true: \fBnet.bindIp\f1\f1 does not specify \fBlocalhost\f1 or its associated IP address .RE .PP -\fBmongos\f1 installed from official \fB\&.deb\f1 and \fB\&.rpm\f1 packages +\fBmongos\f1 installed from official \fBInstall MongoDB Community Edition on Debian\f1 +and \fBInstall MongoDB Community Edition on Red Hat or CentOS\f1 packages have the \fBbind_ip\f1 configuration set to \fB127.0.0.1\f1 by default. .RE @@ -716,7 +708,7 @@ and use the \fBtimeZoneInfo\f1\f1 parameter. .PP Outputs the \fBmongos\f1 instance\(aqs configuration options, formatted in YAML, to \fBstdout\f1 and exits the \fBmongos\f1 instance. For -configuration options that uses \fBExternally Sourced Configuration File Values\f1, +configuration options that uses \fBExternally Sourced Configuration File Values for Self\-Managed Deployments\f1, \fB\-\-outputConfig\f1\f1 returns the resolved value for those options. .PP This may include any configured passwords or secrets previously @@ -727,7 +719,7 @@ For usage examples, see: .IP \(bu 2 \fBOutput the Configuration File with Resolved Expansion Directive Values\f1 .IP \(bu 2 -\fBConvert Command\-Line Options to YAML\f1 +\fBConvert Self\-Managed Command\-Line Options to YAML\f1 .RE .RE .SS SHARDED CLUSTER OPTIONS @@ -841,11 +833,11 @@ The server uses and accepts only TLS encrypted connections. .RE .PP If \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 is not -specified and you are not using x.509 authentication, you must set the +specified and you are not using X.509 authentication, you must set the \fBtlsUseSystemCA\f1\f1 parameter to \fBtrue\f1\&. This makes MongoDB use the system\-wide CA certificate store when connecting to a TLS\-enabled server. .PP -If using x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 +If using X.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&. .PP For more information about TLS and MongoDB, see @@ -906,7 +898,7 @@ For more information about TLS and MongoDB, see \fIDefault\f1: keyFile .PP The authentication mode used for cluster authentication. If you use -\fBinternal x.509 authentication\f1, +\fBinternal X.509 authentication\f1, specify so here. This option can have one of the following values: .RS .IP \(bu 2 @@ -930,7 +922,7 @@ Accept only keyfiles. \fBsendKeyFile\f1 .IP \(bu 4 For rolling upgrade purposes. Send a keyfile for -authentication but can accept both keyfiles and x.509 +authentication but can accept both keyfiles and X.509 certificates. .RE .IP \(bu 2 @@ -938,8 +930,8 @@ certificates. .IP \(bu 4 \fBsendX509\f1 .IP \(bu 4 -For rolling upgrade purposes. Send the x.509 certificate for -authentication but can accept both keyfiles and x.509 +For rolling upgrade purposes. Send the X.509 certificate for +authentication but can accept both keyfiles and X.509 certificates. .RE .IP \(bu 2 @@ -947,17 +939,17 @@ certificates. .IP \(bu 4 \fBx509\f1 .IP \(bu 4 -Recommended. Send the x.509 certificate for authentication and -accept only x.509 certificates. +Recommended. Send the X.509 certificate for authentication and +accept only X.509 certificates. .RE .RE .PP If \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 is not -specified and you are not using x.509 authentication, you must set the +specified and you are not using X.509 authentication, you must set the \fBtlsUseSystemCA\f1\f1 parameter to \fBtrue\f1\&. This makes MongoDB use the system\-wide CA certificate store when connecting to a TLS\-enabled server. .PP -If using x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 +If using X.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&. .PP For more information about TLS and MongoDB, see @@ -972,7 +964,7 @@ On macOS or Windows, you can use a certificate from the operating system\(aqs secure store instead of a PEM file. See \fB\-\-tlsClusterCertificateSelector\f1\f1\&. .PP -Specifies the \&.pem file that contains the x.509 certificate\-key +Specifies the \&.pem file that contains the X.509 certificate\-key file for \fBmembership authentication\f1 for the cluster or replica set. .PP @@ -982,14 +974,12 @@ authentication or the alternative \fB\&.pem\f1 file specified in the \fB\-\-tlsCertificateKeyFile\f1\f1 option or the certificate returned by the \fB\-\-tlsCertificateSelector\f1\f1\&. .PP -If using x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 +If using X.509 authentication, \fB\-\-tlsCAFile\f1 or \fBtls.CAFile\f1 must be specified unless using \fB\-\-tlsCertificateSelector\f1\f1\&. .PP \fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on -connection if the presented x.509 certificate expires within \fB30\f1 -days of the \fBmongod/mongos\f1 host system time. See -\fBx.509 Certificates Nearing Expiry Trigger Warnings\f1 for more -information. +connection if the presented X.509 certificate expires within \fB30\f1 +days of the \fBmongod/mongos\f1 host system time. .PP For more information about TLS and MongoDB, see \fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and @@ -999,17 +989,17 @@ For more information about TLS and MongoDB, see \fBmongos \-\-tlsClusterPassword\f1 .RS .PP -Specifies the password to decrypt the x.509 certificate\-key file +Specifies the password to decrypt the X.509 certificate\-key file specified with \fB\-\-tlsClusterFile\f1\&. Use the \fB\-\-tlsClusterPassword\f1\f1 option only if the certificate\-key file is encrypted. In all cases, the \fBmongos\f1 redacts the password from all logging and reporting output. .RS .IP \(bu 2 -On Linux/BSD, if the private key in the x.509 file is encrypted and +On Linux/BSD, if the private key in the X.509 file is encrypted and you do not specify the \fB\-\-tlsClusterPassword\f1\f1 option, MongoDB prompts for a passphrase. See \fBTLS/SSL Certificate Passphrase\f1\&. .IP \(bu 2 -On macOS or Windows, if the private key in the x.509 file is +On macOS or Windows, if the private key in the X.509 file is encrypted, you must explicitly specify the \fB\-\-tlsClusterPassword\f1\f1 option. Alternatively, you can either use a certificate from the secure system store (see \fB\-\-tlsClusterCertificateSelector\f1\f1) instead of a cluster PEM file or @@ -1173,10 +1163,8 @@ The \fBthumbprint\f1 is sometimes referred to as a .RE .PP \fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on -connection if the presented x.509 certificate expires within \fB30\f1 -days of the \fBmongod/mongos\f1 host system time. See -\fBx.509 Certificates Nearing Expiry Trigger Warnings\f1 for more -information. +connection if the presented X.509 certificate expires within \fB30\f1 +days of the \fBmongod/mongos\f1 host system time. .RE .PP \fBmongos \-\-tlsCRLFile\f1 @@ -1242,7 +1230,7 @@ connect. .PP If you specify \fB\-\-tlsAllowInvalidCertificates\f1 or \fBtls.allowInvalidCertificates: -true\f1 when using x.509 authentication, an invalid certificate is +true\f1 when using X.509 authentication, an invalid certificate is only sufficient to establish a TLS connection but is \fIinsufficient\f1 for authentication. .PP @@ -1504,8 +1492,9 @@ The \fB\f1 can be \fBany field in the audit message\f1, including fields To specify an audit filter, enclose the filter document in single quotes to pass the document as a string. .PP -To specify the audit filter in a \fBconfiguration file\f1, you must use the YAML format of -the configuration file. +To specify the audit filter in a +\fBconfiguration file\f1, you must use the YAML format +of the configuration file. .PP Available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server) and MongoDB Atlas (https://cloud.mongodb.com/user#/atlas/login)\&. @@ -1586,6 +1575,13 @@ only and not the profiler since profiling is not available on .RE .SS LDAP AUTHENTICATION AND AUTHORIZATION OPTIONS .PP +Starting in MongoDB 8.0, LDAP authentication and authorization is +deprecated. LDAP is available and will continue to operate without +changes throughout the lifetime of MongoDB 8. LDAP will be removed in a +future major release. +.PP +For details, see \fBLDAP Deprecation\f1\&. +.PP \fBmongos \-\-ldapServers\f1 .RS .PP @@ -1745,7 +1741,7 @@ libraries by default. Defer to the documentation associated with each SASL mechanism for guidance on installation and configuration. .PP If using the \fBGSSAPI\f1 SASL mechanism for use with -\fBKerberos Authentication\f1, verify the following for the +\fBKerberos Authentication on Self\-Managed Deployments\f1, verify the following for the \fBmongos\f1 host machine: .PP \fBLinux\f1\f1