dropConnections

On this page

Definition
Syntax
Command Fields
Access Control
Behavior
Example

Definition

dropConnections: New in version 4.2.

The dropConnections command drops the mongod / mongos instance's outgoing connections to the specified hosts. The dropConnections must be run against the admin database.

Syntax

The command has following syntax:

db.adminCommand(
   {
     dropConnections: 1,
     hostAndPort : [ "host1:port1", "host2:port2", ... ],
     comment: <any>
   }
)

Command Fields

The command requires the following field:

Field	Type	Description
`hostAndPort`	array	Each array element represents the hostname and port of a remote machine.
`comment`	any	Optional. A user-provided comment to attach to this command. Once set, this comment appears alongside records of this command in the following locations: mongod log messages, in the `attr.command.cursor.comment` field. Database profiler output, in the `command.comment` field. `currentOp` output, in the `command.comment` field. A comment can be any valid BSON type (string, integer, object, array, etc). New in version 4.4.

Access Control

If the deployment enforces authentication/authorization, the dropConnections command requires the dropConnections action on the cluster resource.

Create a user-defined role in the admin database where the privilege array includes the following document:

{ "resource" : { "cluster" : true } }, "actions" : [ "dropConnections" ] }

Use db.createUser() to create a user on the admin database with the custom role.

or
Use db.grantRolesToUser() to grant the role to an existing user on the admin database.

For example, the following operation creates a user-defined role on the admin database with the privileges to support dropConnections:

db.getSiblingDB("admin").createRole(
  {
    "role" : "dropConnectionsRole",
    "privileges" : [
      {
        "resource" : { "cluster" : true },
        "actions" : [ "dropConnections" ]
      }
    ],
    "roles" : []
  }
)

Assign the custom role to a user on the admin database:

db.getSiblingDB("admin").createUser(
  {
    "user" : "dropConnectionsUser",
    "pwd" : "replaceThisWithASecurePassword",
    "roles" : [ "dropConnectionsRole" ]
  }
)

The created user can execute dropConnections.

For more examples of user creation, see Create a User. For a tutorial on adding privileges to an existing database user, see Modify Access for an Existing User.

Behavior

dropConnections silently ignores hostAndPort elements that do not include both the hostname and port of the remote machine.

Example

Consider a replica set with a recently removed member at oldhost.example.com:27017. Running the following dropConnections command against each active replica set member ensures there are no remaining outgoing connections to oldhost.example.com:27017:

db.adminCommand(
  {
    "dropConnections" : 1,
    "hostAndPort" : [
      "oldhost.example.com:27017"
    ]
  }
)

The command returns output similar to the following:

{
 "ok" : 1,
 "$clusterTime" : {
   "clusterTime" : Timestamp(1551375968, 1),
   "signature" : {
     "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
     "keyId" : NumberLong(0)
   }
 },
 "operationTime" : Timestamp(1551375968, 1)
}

You can confirm the status of the connection pool for the mongod or mongos using the connPoolStats command.

← dropDatabasedropIndexes →