Recently installed Cassandra to the product server, a lot of things require a lot of strict, such as Perf used in the JMX, previously as long as the IP can access, but the product server is not, so there is a security risk, nodetool-h host can add and delete nodes. So the thing to talk about today is Cassandra JMX's authorization and access control.
Here is the first, the most common use of passwords and access control file mode, the other way back to the time to follow up.
1 Modify $cassandra_home/conf/cassandra-env.sh file
Set up your server (the machine you need to monitor) IP
jvm_opts= "$JVM _opts-djava.rmi.server.hostname=172.29.1.18"
Cassandra default is to enable local access without authorization, here we need remote monitoring needs to change the way: Modify LOCAL_JMX to No
Local_jmx=no
2 Setting the files needed for authentication in JMX
# # Basic file based Authn & Authz
jvm_opts= "$JVM _opts-dcom.sun.management.jmxremote.password.file=/etc/ Cassandra/jmxremote.password "
jvm_opts=" $JVM _opts-dcom.sun.management.jmxremote.access.file=/etc/cassandra /jmxremote.access "
Create file/etc/cassandra/jmxremote.password, add roles and Passwords: (Here the Cassandra is the user name, the password is the back of the Cassandra, you can change to your own)
Monitorrole QED
Controlrole
Cassandra Cassandra
Modify Jmxremote.password access rights: (Cassandra:cassandra is just an example, fill in your own startup Cassandra User and user group)
Chown Cassandra:cassandra/etc/cassandra/jmxremote.password
chmod 400/etc/cassandra/jmxremote.password
Create file/etc/cassandra/jmxremote.access, add role permission control:
Monitorrole readonly
Cassandra ReadWrite
controlrole readwrite \
Create javax.management.monitor.*, javax.management.timer.* \
Unregister
Description
ReadOnly is a read-only attribute in the smart read Mbean.
ReadWrite is the parameter modification and control program behavior that can be used by the Mbean.
3 start Cassandra, use Nodetool to access:
Nodetool Status-u CASSANDRA-PW Cassandra
Reference Material:
1 Cassandra Wiki JMX Security
2 monitoring and Management using JMX