Cassandra JMX Monitoring Configuration

Source: Internet
Author: User
Tags cassandra

Recently installed Cassandra to the product server, a lot of things require a lot of strict, such as Perf used in the JMX, previously as long as the IP can access, but the product server is not, so there is a security risk, nodetool-h host can add and delete nodes. So the thing to talk about today is Cassandra JMX's authorization and access control.


Here is the first, the most common use of passwords and access control file mode, the other way back to the time to follow up.


1 Modify $cassandra_home/conf/cassandra-env.sh file

Set up your server (the machine you need to monitor) IP

jvm_opts= "$JVM _opts-djava.rmi.server.hostname=172.29.1.18"

Cassandra default is to enable local access without authorization, here we need remote monitoring needs to change the way: Modify LOCAL_JMX to No

Local_jmx=no

2 Setting the files needed for authentication in JMX

# # Basic file based Authn & Authz
jvm_opts= "$JVM _opts-dcom.sun.management.jmxremote.password.file=/etc/ Cassandra/jmxremote.password "
jvm_opts=" $JVM _opts-dcom.sun.management.jmxremote.access.file=/etc/cassandra /jmxremote.access "

Create file/etc/cassandra/jmxremote.password, add roles and Passwords: (Here the Cassandra is the user name, the password is the back of the Cassandra, you can change to your own)

Monitorrole QED
Controlrole
Cassandra Cassandra


Modify Jmxremote.password access rights: (Cassandra:cassandra is just an example, fill in your own startup Cassandra User and user group)

Chown Cassandra:cassandra/etc/cassandra/jmxremote.password
chmod 400/etc/cassandra/jmxremote.password

Create file/etc/cassandra/jmxremote.access, add role permission control:

Monitorrole readonly
Cassandra ReadWrite
controlrole readwrite \
Create javax.management.monitor.*, javax.management.timer.* \
Unregister

Description

ReadOnly is a read-only attribute in the smart read Mbean.

ReadWrite is the parameter modification and control program behavior that can be used by the Mbean.


3 start Cassandra, use Nodetool to access:

Nodetool Status-u CASSANDRA-PW Cassandra


Reference Material:

1 Cassandra Wiki JMX Security

2 monitoring and Management using JMX

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.