Context
A customer may need to change a statically configured XDR credentials (auth-mode , auth-user , auth-password-file ) setting dynamically. Such a change requires that XDR be disconnected from the security enabled destination cluster.Method
Steps needed to disconnect a DC prior to changing the credentials dynamically:1. Disconnect XDR to destination by disassociating the namespace:
asinfo -v "set-config:context=xdr;dc=<DC_NAME>;namespace=<NAMESAPCE>;action=remove"
2. Check that connections to the destination cluster have been disconnected
netstat -anpt
3. Run the command for the credential change after having confirm destination is disconnected (ie netstat -anpt) :
asinfo -v "set-config:context=xdr;dc=<DC_NAME>;auth-user=<NEW_USERNAME>"
4. Re-associate the namespace to re-establish connections:
We can also set a value for the rewind to cover the time namespace was disassociated from XDR.
asinfo -v "set-config:context=xdr;dc=<DC_NAME>;namespace=<NAMESAPCE>;action=add;rewind=<DISASSOCIATION_DURATION_SECS>"
Notes
The procedure detailed in this article can be used for the following XDR settings:- https://docs.aerospike.com/reference/configuration#auth-user
- https://docs.aerospike.com/reference/configuration#auth-password-file
- https://docs.aerospike.com/reference/configuration#auth-mode