From aa6d0cc4b015ff07c447f991460b9000f0b062c5 Mon Sep 17 00:00:00 2001 From: "Kenneth P. J. Dyer" <93145796+kennethdyer@users.noreply.github.com> Date: Wed, 17 Apr 2024 13:15:59 -0500 Subject: [PATCH] DOCSP-25321 Refactors the "wills" on Configuration Options (#7415) * Refactors the wills * Text adjustment * Text adjustment * Text adjustment in includes * Removes 'via' per Jeff * Removes 'via' per Jeff * Removes 'via' per Jeff * Fixes per Jeff * Fixes per Jeff * Fixes per Jeff --- .../extracts-linux-config-expectations.yaml | 4 +- .../includes/extracts-wired-tiger-base.yaml | 8 +- source/includes/extracts-wired-tiger.yaml | 13 +- source/includes/fact-default-conf-file.rst | 8 +- .../includes/fact-split-horizon-binding.rst | 2 +- source/includes/fact-timeZoneInfo.rst | 2 +- source/includes/important-hostnames.rst | 3 +- source/reference/configuration-options.txt | 158 ++++++++++-------- 8 files changed, 104 insertions(+), 94 deletions(-) diff --git a/source/includes/extracts-linux-config-expectations.yaml b/source/includes/extracts-linux-config-expectations.yaml index b6ede6c28ad..f59780cf28f 100644 --- a/source/includes/extracts-linux-config-expectations.yaml +++ b/source/includes/extracts-linux-config-expectations.yaml @@ -1,8 +1,8 @@ ref: _linux-config-expectations content: | The Linux package init scripts do not expect {{option}} to change from the - defaults. If you use the Linux packages and change {{option}}, you will have - to use your own init scripts and disable the built-in scripts. + defaults. If you use the Linux packages and change {{option}}, you must + use your own init scripts and disable the built-in scripts. --- ref: linux-config-expectations-systemlog-path replacement: diff --git a/source/includes/extracts-wired-tiger-base.yaml b/source/includes/extracts-wired-tiger-base.yaml index ba58a15c8a8..7172d72b4a4 100644 --- a/source/includes/extracts-wired-tiger-base.yaml +++ b/source/includes/extracts-wired-tiger-base.yaml @@ -22,10 +22,10 @@ content: | .. note:: The {{cachesetting}} limits the size of the WiredTiger internal - cache. The operating system will use the available free memory + cache. The operating system uses the available free memory for filesystem cache, which allows the compressed MongoDB data - files to stay in memory. In addition, the operating system will - use any free RAM to buffer file system blocks and file system + files to stay in memory. In addition, the operating system + uses any free RAM to buffer file system blocks and file system cache. To accommodate the additional consumers of RAM, you may have to @@ -37,7 +37,7 @@ content: | accommodate the other :binary:`~bin.mongod` instances. - If you run :binary:`~bin.mongod` in a container (e.g. ``lxc``, + If you run :binary:`~bin.mongod` in a container (for example, ``lxc``, ``cgroups``, Docker, etc.) that does *not* have access to all of the RAM available in a system, you must set {{cachesetting}} to a value less than the amount of RAM available in the container. The exact diff --git a/source/includes/extracts-wired-tiger.yaml b/source/includes/extracts-wired-tiger.yaml index fadc4ecd4f4..a22fc54dc4e 100644 --- a/source/includes/extracts-wired-tiger.yaml +++ b/source/includes/extracts-wired-tiger.yaml @@ -176,11 +176,12 @@ content: | - 256 MB. - For example, on a system with a total of 4GB of RAM the WiredTiger - cache will use 1.5GB of RAM (``0.5 * (4 GB - 1 GB) = 1.5 GB``). - Conversely, a system with a total of 1.25 GB of RAM will allocate 256 - MB to the WiredTiger cache because that is more than half of the - total RAM minus one gigabyte (``0.5 * (1.25 GB - 1 GB) = 128 MB < 256 MB``). + For example, on a system with a total of 4GB of RAM the + WiredTiger cache uses 1.5GB of RAM (``0.5 * (4 GB - 1 GB) = + 1.5 GB``). Conversely, on a system with a total of 1.25 GB of + RAM WiredTiger allocates 256 MB to the WiredTiger cache + because that is more than half of the total RAM minus one + gigabyte (``0.5 * (1.25 GB - 1 GB) = 128 MB < 256 MB``). .. note:: @@ -194,7 +195,7 @@ content: | --- ref: wt-filesystem-cache content: | - Via the filesystem cache, MongoDB automatically uses all free memory + With the filesystem cache, MongoDB automatically uses all free memory that is not used by the WiredTiger cache or by other processes. --- ref: wt-snapshot-frequency diff --git a/source/includes/fact-default-conf-file.rst b/source/includes/fact-default-conf-file.rst index 87f4e1d97b0..1c7dd4bfed7 100644 --- a/source/includes/fact-default-conf-file.rst +++ b/source/includes/fact-default-conf-file.rst @@ -27,7 +27,7 @@ - MSI Installer - ``\bin\mongod.cfg`` -- If you :ref:`installed MongoDB ` via a downloaded - ``TGZ`` or ``ZIP`` file, you will need to create your own configuration - file. The :ref:`basic example configuration ` is a good - place to start. +- If you :ref:`installed MongoDB ` + through a downloaded ``TGZ`` or ``ZIP`` file, you must create + your own configuration file. The :ref:`basic example + configuration ` is a good place to start. diff --git a/source/includes/fact-split-horizon-binding.rst b/source/includes/fact-split-horizon-binding.rst index bb7b16dfb93..693879ce672 100644 --- a/source/includes/fact-split-horizon-binding.rst +++ b/source/includes/fact-split-horizon-binding.rst @@ -13,7 +13,7 @@ configuration commands. :binary:`mongod` and :binary:`mongos` do not rely on :parameter:`disableSplitHorizonIPCheck` for validation at startup. Legacy :binary:`mongod` and :binary:`mongos` instances that use IP -addresses instead of host names will start after an upgrade. +addresses instead of host names can start after an upgrade. Instances that are configured with IP addresses log a warning to use host names instead of IP addresses. diff --git a/source/includes/fact-timeZoneInfo.rst b/source/includes/fact-timeZoneInfo.rst index fad8926aa94..1d37a77f755 100644 --- a/source/includes/fact-timeZoneInfo.rst +++ b/source/includes/fact-timeZoneInfo.rst @@ -1,5 +1,5 @@ The full path from which to load the time zone database. If this option -is not provided, then MongoDB will use its built-in time zone database. +is not provided, then MongoDB uses its built-in time zone database. The configuration file included with Linux and macOS packages sets the time zone database path to ``/usr/share/zoneinfo`` by default. diff --git a/source/includes/important-hostnames.rst b/source/includes/important-hostnames.rst index 9dde5ed597d..cba1a54757b 100644 --- a/source/includes/important-hostnames.rst +++ b/source/includes/important-hostnames.rst @@ -7,6 +7,5 @@ Use hostnames instead of IP addresses to configure clusters across a split network horizon. Starting in MongoDB 5.0, nodes that are only - configured with an IP address will fail startup validation and will - not start. + configured with an IP address fail startup validation and do not start. diff --git a/source/reference/configuration-options.txt b/source/reference/configuration-options.txt index 97e050de327..aff21bf9ae2 100644 --- a/source/reference/configuration-options.txt +++ b/source/reference/configuration-options.txt @@ -281,8 +281,10 @@ Core Options *Default*: false - When ``true``, :binary:`~bin.mongos` or :binary:`~bin.mongod` appends new entries to the end of the existing log file when the :binary:`~bin.mongos` or :binary:`~bin.mongod` - instance restarts. Without this option, :binary:`~bin.mongod` will back up the + When ``true``, :binary:`~bin.mongos` or :binary:`~bin.mongod` + appends new entries to the end of the existing log file when + the instance restarts. Without this option, + :binary:`~bin.mongod` or :binary:`~bin.mongos` backs up the existing log and create a new file. @@ -910,12 +912,13 @@ Core Options *Default*: false - Enable a :term:`daemon` mode that runs the :binary:`~bin.mongos` or :binary:`~bin.mongod` process in the - background. By default :binary:`~bin.mongos` or :binary:`~bin.mongod` does not run as a daemon: - typically you will run :binary:`~bin.mongos` or :binary:`~bin.mongod` as a daemon, either by using - :setting:`processManagement.fork` or by using a controlling process that handles the - daemonization process (e.g. as with ``upstart`` and ``systemd``). - + Enable a :term:`daemon` mode that runs the :binary:`~bin.mongos` or + :binary:`~bin.mongod` process in the background. By default + :binary:`~bin.mongos` or :binary:`~bin.mongod` does not run as a daemon. + To use :binary:`~bin.mongos` or :binary:`~bin.mongod` as a daemon, set + :setting:`processManagement.fork` or use a controlling process that + handles the daemonization process (for example, ``systemd``). + The :setting:`processManagement.fork` option is not supported on Windows. .. include:: /includes/extracts/linux-config-expectations-processmanagement-fork.rst @@ -1144,15 +1147,15 @@ Core Options | *Default (Linux):* (`RLIMIT_NOFILE `__) * 0.8 - The maximum number of simultaneous connections that :binary:`~bin.mongos` or :binary:`~bin.mongod` will - accept. This setting has no effect if it is higher than your operating + The maximum number of simultaneous connections that :binary:`~bin.mongos` or :binary:`~bin.mongod` + accepts. This setting has no effect if it is higher than your operating system's configured maximum connection tracking threshold. - - Do not assign too low of a value to this option, or you will + + Do not assign too low of a value to this option, or you may encounter errors during normal application operation. .. include:: /includes/fact-maxconns-mongos.rst - + .. setting:: net.wireObjectCheck @@ -1384,15 +1387,16 @@ Core Options :setting:`~net.tls.certificateKeyFile`). Use the :setting:`net.tls.certificateKeyFilePassword` option only if the certificate-key file is encrypted. In all cases, the - :binary:`~bin.mongos` or :binary:`~bin.mongod` will redact the + :binary:`~bin.mongos` or :binary:`~bin.mongod` redacts the password from all logging and reporting output. Starting in MongoDB 4.0: - On Linux/BSD, if the private key in the PEM file is encrypted and - you do not specify the - :setting:`net.tls.certificateKeyFilePassword` option, MongoDB will - prompt for a passphrase. See :ref:`ssl-certificate-password`. + you do not specify the :setting:`net.tls.certificateKeyFilePassword` + option, MongoDB prompts for a passphrase. + + For more information, see :ref:`ssl-certificate-password`. - On macOS, if the private key in the PEM file is encrypted, you must explicitly specify the @@ -1549,17 +1553,18 @@ Core Options The password to de-crypt the x.509 certificate-key file specified with ``--sslClusterFile``. Use the :setting:`net.tls.clusterPassword` option only if the - certificate-key file is encrypted. In all cases, the - :binary:`~bin.mongos` or :binary:`~bin.mongod` will redact the + certificate-key file is encrypted. In all cases, + :binary:`~bin.mongos` or :binary:`~bin.mongod` redacts the password from all logging and reporting output. - + Starting in MongoDB 4.0: - + - On Linux/BSD, if the private key in the x.509 file is encrypted and you do not specify the :setting:`net.tls.clusterPassword` option, - MongoDB will prompt for a passphrase. See - :ref:`ssl-certificate-password`. - + MongoDB prompts for a passphrase. + + For more information, see :ref:`ssl-certificate-password`. + - On macOS, if the private key in the x.509 file is encrypted, you must explicitly specify the :setting:`net.tls.clusterPassword` option. Alternatively, you can either use a certificate from the @@ -1980,15 +1985,16 @@ Core Options :setting:`~net.ssl.PEMKeyFile`). Use the :setting:`net.ssl.PEMKeyPassword` option only if the certificate-key file is encrypted. In all cases, the :binary:`~bin.mongos` or - :binary:`~bin.mongod` will redact the password from all logging and + :binary:`~bin.mongod` redacts the password from all logging and reporting output. Starting in MongoDB 4.0: - On Linux/BSD, if the private key in the PEM file is encrypted and you do not specify the :setting:`net.ssl.PEMKeyPassword` option, - MongoDB will prompt for a passphrase. See - :ref:`ssl-certificate-password`. + MongoDB prompts for a passphrase. + + For more information, see :ref:`ssl-certificate-password`. - On macOS, if the private key in the PEM file is encrypted, you must explicitly specify the :setting:`net.ssl.PEMKeyPassword` option. @@ -2140,15 +2146,16 @@ Core Options The password to de-crypt the x.509 certificate-key file specified with ``--sslClusterFile``. Use the :setting:`net.ssl.clusterPassword` option only if the certificate-key file is encrypted. In all cases, - the :binary:`~bin.mongos` or :binary:`~bin.mongod` will redact the + the :binary:`~bin.mongos` or :binary:`~bin.mongod` redacts the password from all logging and reporting output. Starting in MongoDB 4.0: - On Linux/BSD, if the private key in the x.509 file is encrypted and you do not specify the :setting:`net.ssl.clusterPassword` option, - MongoDB will prompt for a passphrase. See - :ref:`ssl-certificate-password`. + MongoDB prompts for a passphrase. + + For more information, see :ref:`ssl-certificate-password`. - On macOS, if the private key in the x.509 file is encrypted, you must explicitly specify the :setting:`net.ssl.clusterPassword` @@ -2348,7 +2355,7 @@ Core Options - To list multiple protocols, specify as a comma separated list of protocols. For example ``TLS1_0,TLS1_1``. - - Specifying an unrecognized protocol will prevent the server from + - Specifying an unrecognized protocol prevents the server from starting. - The specified disabled protocols overrides any default disabled @@ -2791,9 +2798,9 @@ Key Management Configuration Options *Type*: string - The path to the local keyfile when managing keys via process *other - than* KMIP. Only set when managing keys via process other than KMIP. - If data is already encrypted using KMIP, MongoDB will throw an error. + The path to the local keyfile when managing keys through a process *other + than* KMIP. Only set when managing keys through a process other than KMIP. + If data is already encrypted using KMIP, MongoDB throws an error. Requires :setting:`security.enableEncryption` to be ``true``. @@ -2812,12 +2819,11 @@ Key Management Configuration Options encryption for the :binary:`~bin.mongod` instance. Requires :setting:`security.enableEncryption` to be true. - If unspecified, MongoDB will request that the KMIP server create a + If unspecified, MongoDB requests that the KMIP server create a new key to utilize as the system key. If the KMIP server cannot locate a key with the specified identifier - or the data is already encrypted with a key, MongoDB will throw an - error. + or the data is already encrypted with a key, MongoDB throws an error. .. include:: /includes/fact-enterprise-only-admonition.rst @@ -2850,10 +2856,10 @@ Key Management Configuration Options :setting:`security.enableEncryption` to be true. Starting in MongoDB 4.2.1 (and 4.0.14), you can specify multiple KMIP - servers as a comma-separated list, e.g. + servers as a comma-separated list, for example ``server1.example.com,server2.example.com``. On startup, the - :binary:`~bin.mongod` will attempt to establish a connection to each - server in the order listed, and will select the first server to + :binary:`~bin.mongod` attempts to establish a connection to each + server in the order listed, and selects the first server to which it can successfully establish a connection. KMIP server selection occurs only at startup. @@ -2877,8 +2883,8 @@ Key Management Configuration Options :setting:`security.enableEncryption` to be true. If specifying multiple KMIP servers with - :setting:`security.kmip.serverName`, the :binary:`~bin.mongod` will - use the port specified with :setting:`security.kmip.port` for all + :setting:`security.kmip.serverName`, the :binary:`~bin.mongod` + uses the port specified with :setting:`security.kmip.port` for all provided KMIP servers. .. include:: /includes/fact-enterprise-only-admonition.rst @@ -2983,7 +2989,7 @@ Key Management Configuration Options Timeout in milliseconds to wait for a response from the KMIP server. If the :setting:`~security.kmip.connectRetries` setting is specified, - the :binary:`~bin.mongod` will wait up to the value specified with + the :binary:`~bin.mongod` waits up to the value specified with :setting:`~security.kmip.connectTimeoutMS` for each retry. Value must be ``1000`` or greater. @@ -3005,10 +3011,10 @@ Key Management Configuration Options When ``security.kmip.activateKeys`` is ``true`` and you have existing keys on a KMIP server, the key must be activated first or the :binary:`mongod` - node will fail to start. + node fails to start. If the key being used by the mongod transitions into a non-active state, - the :binary:`mongod` node will shut down unless ``kmipActivateKeys`` is + the :binary:`mongod` node shuts down unless ``kmipActivateKeys`` is false. To ensure you have an active key, rotate the KMIP master key by using :setting:`security.kmip.rotateMasterKey`. @@ -3176,11 +3182,14 @@ Key Management Configuration Options - Using an LDAP query for :setting:`security.ldap.userToDNMapping`. - The LDAP server disallows anonymous binds - You must use :setting:`~security.ldap.bind.queryUser` with :setting:`~security.ldap.bind.queryPassword`. + You must use :setting:`~security.ldap.bind.queryUser` with + :setting:`~security.ldap.bind.queryPassword`. - If unset, :binary:`~bin.mongod` or :binary:`~bin.mongos` will not attempt to bind to the LDAP server. + If unset, :binary:`~bin.mongod` or :binary:`~bin.mongos` does not + attempt to bind to the LDAP server. - This setting can be configured on a running :binary:`~bin.mongod` or :binary:`~bin.mongos` using + This setting can be configured on a running + :binary:`~bin.mongod` or :binary:`~bin.mongos` using :dbcommand:`setParameter`. .. note:: @@ -3320,7 +3329,7 @@ Key Management Configuration Options For Linux deployments, you must configure the appropriate TLS Options in ``/etc/openldap/ldap.conf`` file. Your operating system's package manager - creates this file as part of the MongoDB Enterprise installation, via the + creates this file as part of the MongoDB Enterprise installation, through the ``libldap`` dependency. See the documentation for ``TLS Options`` in the `ldap.conf OpenLDAP documentation `_ @@ -3393,7 +3402,7 @@ Key Management Configuration Options ` that requires a DN. - Transforming the usernames of clients authenticating to Mongo DB using - different authentication mechanisms (e.g. x.509, kerberos) to a full LDAP + different authentication mechanisms (for example, x.509, kerberos) to a full LDAP DN for authorization. :setting:`~security.ldap.userToDNMapping` expects a quote-enclosed JSON-string representing an ordered array @@ -3432,7 +3441,7 @@ Key Management Configuration Options Each curly bracket-enclosed numeric value is replaced by the corresponding `regex capture group `_ extracted - from the authentication username via the ``match`` regex. + from the authentication username through the ``match`` regex. The result of the substitution must be an `RFC4514 `_ escaped string. @@ -3447,7 +3456,7 @@ Key Management Configuration Options respecting RFC4515 and RFC4516. Each curly bracket-enclosed numeric value is replaced by the corresponding `regex capture group `_ extracted - from the authentication username via the ``match`` expression. + from the authentication username through the ``match`` expression. :binary:`~bin.mongod` or :binary:`~bin.mongos` executes the query against the LDAP server to retrieve the LDAP DN for the authenticated user. :binary:`~bin.mongod` or :binary:`~bin.mongos` requires exactly one returned result for the transformation to be @@ -3490,7 +3499,7 @@ Key Management Configuration Options Starting in MongoDB 5.0, :setting:`~security.ldap.userToDNMapping` accepts an empty string ``""`` or empty array ``[ ]`` in place of a mapping document. If providing an empty string or empty array to - :setting:`~security.ldap.userToDNMapping`, MongoDB will map the + :setting:`~security.ldap.userToDNMapping`, MongoDB maps the authenticated username as the LDAP DN. Previously, providing an empty mapping document would cause mapping to fail. @@ -3791,7 +3800,7 @@ LDAP Parameters On WiredTiger, the default journal commit interval is 100 milliseconds. Additionally, a write that includes or implies - ``j:true`` will cause an immediate sync of the journal. For details + ``j:true`` causes an immediate sync of the journal. For details or additional conditions that affect the frequency of the sync, see :ref:`journal-process`. @@ -3865,7 +3874,7 @@ LDAP Parameters The :binary:`~bin.mongod` process writes data very quickly to the journal and lazily to the data files. :setting:`storage.syncPeriodSecs` has no effect on :ref:``, but if :setting:`storage.syncPeriodSecs` is - set to ``0`` the journal will eventually consume all available disk space. + set to ``0`` the journal eventually consumes all available disk space. The :setting:`storage.syncPeriodSecs` setting is available only for :binary:`~bin.mongod`. @@ -3902,9 +3911,9 @@ LDAP Parameters Available in MongoDB Enterprise only. If you attempt to start a :binary:`~bin.mongod` with a - :setting:`storage.dbPath` that contains data files produced by a - storage engine other than the one specified by :setting:`storage.engine`, :binary:`~bin.mongod` - will refuse to start. + :setting:`storage.dbPath` that contains data files produced + by a storage engine other than the one specified by + :setting:`storage.engine`, :binary:`~bin.mongod` refuses to start. @@ -3984,8 +3993,8 @@ LDAP Parameters *Type*: float - Defines the maximum size of the internal cache that WiredTiger will - use for all data. The memory consumed by an index build (see + Defines the maximum size of the internal cache that WiredTiger + uses for all data. The memory consumed by an index build (see :parameter:`maxIndexBuildMemoryUsageMegabytes`) is separate from the WiredTiger cache memory. @@ -4083,8 +4092,8 @@ LDAP Parameters :setting:`storage.wiredTiger.collectionConfig.blockCompressor` affects all collections created. If you change the value of :setting:`storage.wiredTiger.collectionConfig.blockCompressor` on an existing MongoDB deployment, all new - collections will use the specified compressor. Existing collections - will continue to use the compressor specified when they were + collections uses the specified compressor. Existing collections + continue to use the compressor specified when they were created, or the default compressor at that time. @@ -4099,7 +4108,7 @@ LDAP Parameters The :setting:`storage.wiredTiger.indexConfig.prefixCompression` setting affects all indexes created. If you change the value of :setting:`storage.wiredTiger.indexConfig.prefixCompression` on an existing MongoDB deployment, all new - indexes will use prefix compression. Existing indexes + indexes uses prefix compression. Existing indexes are not affected. @@ -4299,7 +4308,7 @@ LDAP Parameters oplog is typically 5% of available disk space. Once the :binary:`~bin.mongod` has created the oplog for the first - time, changing the :setting:`replication.oplogSizeMB` option will not + time, changing the :setting:`replication.oplogSizeMB` option does not affect the size of the oplog. To change the maximum oplog size after starting the :binary:`~bin.mongod`, use :dbcommand:`replSetResizeOplog`. :dbcommand:`replSetResizeOplog` @@ -4338,7 +4347,7 @@ LDAP Parameters :setting:`~replication.enableMajorityReadConcern` cannot be changed and is always set to ``true``. Attempting to start a storage engine that does not support majority read concern with the - ``--enableMajorityReadConcern`` option will fail and return an error + ``--enableMajorityReadConcern`` option fails and return an error message. In earlier versions of MongoDB, @@ -4466,8 +4475,8 @@ LDAP Parameters and a facility level of ``user``. The syslog message limit can result in the truncation of - audit messages. The auditing system will neither detect the - truncation nor error upon its occurrence. + audit messages. The auditing system neither detects the + truncation nor errors upon its occurrence. * - ``console`` @@ -4584,18 +4593,19 @@ LDAP Parameters the default value in all of the client :driver:`drivers `. When :binary:`~bin.mongos` receives a request that permits reads to - :term:`secondary` members, the :binary:`~bin.mongos` will: + :term:`secondary` members, the :binary:`~bin.mongos`: - - Find the member of the set with the lowest ping time. + - Finds the member of the set with the lowest ping time. - - Construct a list of replica set members that is within a ping time of + - Constructs a list of replica set members that is within a ping time of 15 milliseconds of the nearest suitable member of the set. - If you specify a value for the :setting:`replication.localPingThresholdMs` option, :binary:`~bin.mongos` will - construct the list of replica members that are within the latency - allowed by this value. + If you specify a value for the + :setting:`replication.localPingThresholdMs` option, + :binary:`~bin.mongos` construct the list of replica members that are + within the latency allowed by this value. - - Select a member to read from at random from this list. + - Selects a member to read from at random from this list. The ping time used for a member compared by the :setting:`replication.localPingThresholdMs` setting is a moving average of recent ping times, calculated at most every 10