Bind JMX to localhost unless explicitly configured otherwise
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/2433068c Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/2433068c Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/2433068c Branch: refs/heads/trunk Commit: 2433068c157cd21d4217c98ec5c0b9a2c07e288d Parents: 20593c2 Author: T Jake Luciani <j...@apache.org> Authored: Wed Mar 25 12:04:09 2015 -0400 Committer: T Jake Luciani <j...@apache.org> Committed: Mon Mar 30 09:40:38 2015 -0400 ---------------------------------------------------------------------- CHANGES.txt | 3 + NEWS.txt | 5 ++ bin/cassandra.bat | 11 ++- build.xml | 5 +- conf/cassandra-env.sh | 22 ++++-- debian/changelog | 6 ++ .../cassandra/service/CassandraDaemon.java | 79 +++++++++++++++++++- .../utils/RMIServerSocketFactoryImpl.java | 34 +++++++++ 8 files changed, 150 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/2433068c/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index f98bb3f..7a3a4ea 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,6 @@ +2.0.14: + * If no JMX flags are set start a localhost only JMX service + 2.0.13: * Add offline tool to relevel sstables (CASSANDRA-8301) * Preserve stream ID for more protocol errors (CASSANDRA-8848) http://git-wip-us.apache.org/repos/asf/cassandra/blob/2433068c/NEWS.txt ---------------------------------------------------------------------- diff --git a/NEWS.txt b/NEWS.txt index 5a4bc3d..82f643f 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -13,6 +13,11 @@ restore snapshots created with the previous major version using the 'sstableloader' tool. You can upgrade the file format of your snapshots using the provided 'sstableupgrade' tool. +2.0.14 +====== + The default JMX config now listens to localhost only. You must enable +the other JMX flags in cassandra-env.sh manually. + 2.0.13 ====== http://git-wip-us.apache.org/repos/asf/cassandra/blob/2433068c/bin/cassandra.bat ---------------------------------------------------------------------- diff --git a/bin/cassandra.bat b/bin/cassandra.bat index 8a3bf7f..c316d7f 100644 --- a/bin/cassandra.bat +++ b/bin/cassandra.bat @@ -41,11 +41,14 @@ set JAVA_OPTS=-ea^ -XX:MaxTenuringThreshold=1^ -XX:CMSInitiatingOccupancyFraction=75^ -XX:+UseCMSInitiatingOccupancyOnly^ - -Dcom.sun.management.jmxremote.port=7199^ - -Dcom.sun.management.jmxremote.ssl=false^ - -Dcom.sun.management.jmxremote.authenticate=false^ -Dlog4j.configuration=log4j-server.properties^ - -Dlog4j.defaultInitOverride=true + -Dlog4j.defaultInitOverride=true^ + -Dcassandra.jmx.local.port=7199 +REM **** JMX REMOTE ACCESS SETTINGS SEE: https://wiki.apache.org/cassandra/JmxSecurity *** +REM -Dcom.sun.management.jmxremote.port=7199^ +REM -Dcom.sun.management.jmxremote.ssl=false^ +REM -Dcom.sun.management.jmxremote.authenticate=true^ +REM -Dcom.sun.management.jmxremote.password.file=C:\jmxremote.password REM ***** CLASSPATH library setting ***** http://git-wip-us.apache.org/repos/asf/cassandra/blob/2433068c/build.xml ---------------------------------------------------------------------- diff --git a/build.xml b/build.xml index bdbd10a..e644b71 100644 --- a/build.xml +++ b/build.xml @@ -25,7 +25,7 @@ <property name="debuglevel" value="source,lines,vars"/> <!-- default version and SCM information --> - <property name="base.version" value="2.0.13"/> + <property name="base.version" value="2.0.14"/> <property name="scm.connection" value="scm:git://git.apache.org/cassandra.git"/> <property name="scm.developerConnection" value="scm:git://git.apache.org/cassandra.git"/> <property name="scm.url" value="http://git-wip-us.apache.org/repos/asf?p=cassandra.git;a=tree"/> @@ -1035,7 +1035,8 @@ <jvmarg value="-Dlog4j.configuration=log4j-junit.properties" /> <jvmarg value="-Djava.awt.headless=true"/> <jvmarg value="-javaagent:${basedir}/lib/jamm-0.2.5.jar" /> - <jvmarg value="-ea"/> + <jvmarg value="-Dcassandra.jmx.local.port=7199" /> + <jvmarg value="-ea"/> <jvmarg value="-Xss256k"/> <optjvmargs/> <classpath> http://git-wip-us.apache.org/repos/asf/cassandra/blob/2433068c/conf/cassandra-env.sh ---------------------------------------------------------------------- diff --git a/conf/cassandra-env.sh b/conf/cassandra-env.sh index dfe8184..70d86cf 100644 --- a/conf/cassandra-env.sh +++ b/conf/cassandra-env.sh @@ -261,9 +261,21 @@ JVM_OPTS="$JVM_OPTS -Djava.net.preferIPv4Stack=true" # https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole # for more on configuring JMX through firewalls, etc. (Short version: # get it working with no firewall first.) -JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT" -JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT" -JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false" -JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false" -#JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password" +# +# Cassandra ships with JMX accessible *only* from localhost. +# To enable remote JMX connections, change the setting below to enable JMX +# with authentication and/or ssl enabled. See https://wiki.apache.org/cassandra/JmxSecurity +# +LOCAL_JMX=yes + +if [ "$LOCAL_JMX" = "yes" ]; then + JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT -XX:+DisableExplicitGC" +else + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT" + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT" + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false" + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true" + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password" +fi + JVM_OPTS="$JVM_OPTS $JVM_EXTRA_OPTS" http://git-wip-us.apache.org/repos/asf/cassandra/blob/2433068c/debian/changelog ---------------------------------------------------------------------- diff --git a/debian/changelog b/debian/changelog index 2c80800..257d636 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +cassandra (2.0.14) unstable; urgency=medium + + * New release + + -- Jake Luciani <j...@apache.org> Thu, 26 Mar 2015 14:57:39 -0400 + cassandra (2.0.13) unstable; urgency=medium * New release http://git-wip-us.apache.org/repos/asf/cassandra/blob/2433068c/src/java/org/apache/cassandra/service/CassandraDaemon.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/service/CassandraDaemon.java b/src/java/org/apache/cassandra/service/CassandraDaemon.java index cad1658..039760e 100644 --- a/src/java/org/apache/cassandra/service/CassandraDaemon.java +++ b/src/java/org/apache/cassandra/service/CassandraDaemon.java @@ -24,13 +24,21 @@ import java.lang.management.MemoryPoolMXBean; import java.net.InetAddress; import java.net.MalformedURLException; import java.net.URL; +import java.rmi.registry.LocateRegistry; +import java.rmi.server.RMIServerSocketFactory; +import java.rmi.server.RMISocketFactory; import java.util.Arrays; +import java.util.HashMap; import java.util.Map; import java.util.UUID; import java.util.concurrent.TimeUnit; import javax.management.MBeanServer; import javax.management.ObjectName; import javax.management.StandardMBean; +import javax.management.remote.JMXConnectorServer; +import javax.management.remote.JMXConnectorServerFactory; +import javax.management.remote.JMXServiceURL; +import javax.management.remote.rmi.RMIConnectorServer; import com.addthis.metrics.reporter.config.ReporterConfig; @@ -38,6 +46,7 @@ import com.google.common.collect.Iterables; import com.google.common.util.concurrent.Uninterruptibles; import org.apache.cassandra.io.sstable.CorruptSSTableException; +import org.apache.cassandra.utils.*; import org.apache.log4j.PropertyConfigurator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -62,10 +71,6 @@ import org.apache.cassandra.io.util.FileUtils; import org.apache.cassandra.metrics.StorageMetrics; import org.apache.cassandra.thrift.ThriftServer; import org.apache.cassandra.tracing.Tracing; -import org.apache.cassandra.utils.CLibrary; -import org.apache.cassandra.utils.FBUtilities; -import org.apache.cassandra.utils.Mx4jTool; -import org.apache.cassandra.utils.Pair; /** * The <code>CassandraDaemon</code> is an abstraction for a Cassandra daemon @@ -76,6 +81,7 @@ import org.apache.cassandra.utils.Pair; public class CassandraDaemon { public static final String MBEAN_NAME = "org.apache.cassandra.db:type=NativeAccess"; + public static JMXConnectorServer jmxServer = null; static { @@ -138,6 +144,57 @@ public class CassandraDaemon private static final Logger logger = LoggerFactory.getLogger(CassandraDaemon.class); + private static void maybeInitJmx() + { + String jmxPort = System.getProperty("com.sun.management.jmxremote.port"); + + if (jmxPort == null) + { + logger.warn("JMX is not enabled to receive remote connections. Please see cassandra-env.sh for more info."); + + jmxPort = System.getProperty("cassandra.jmx.local.port"); + + if (jmxPort == null) + { + logger.error("cassandra.jmx.local.port missing from cassandra-env.sh, unable to start local JMX service." + jmxPort); + } + else + { + System.setProperty("java.rmi.server.hostname","127.0.0.1"); + + try + { + RMIServerSocketFactory serverFactory = new RMIServerSocketFactoryImpl(); + LocateRegistry.createRegistry(Integer.valueOf(jmxPort), null, serverFactory); + + StringBuffer url = new StringBuffer(); + url.append("service:jmx:"); + url.append("rmi://localhost/jndi/"); + url.append("rmi://localhost:").append(jmxPort).append("/jmxrmi"); + + Map env = new HashMap(); + env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, serverFactory); + + jmxServer = new RMIConnectorServer( + new JMXServiceURL(url.toString()), + env, + ManagementFactory.getPlatformMBeanServer() + ); + + jmxServer.start(); + } + catch (IOException e) + { + logger.error("Error starting local jmx server: ", e); + } + } + } + else + { + logger.info("JMX is enabled to receive remote connections on port: " + jmxPort); + } + } + private static final CassandraDaemon instance = new CassandraDaemon(); public Server thriftServer; @@ -191,6 +248,8 @@ public class CassandraDaemon logger.info("Classpath: {}", System.getProperty("java.class.path")); CLibrary.tryMlockall(); + maybeInitJmx(); + Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() { public void uncaughtException(Thread t, Throwable e) @@ -463,6 +522,18 @@ public class CassandraDaemon logger.info("Cassandra shutting down..."); thriftServer.stop(); nativeServer.stop(); + + if (jmxServer != null) + { + try + { + jmxServer.stop(); + } + catch (IOException e) + { + logger.error("Error shutting down local JMX server: ", e); + } + } } http://git-wip-us.apache.org/repos/asf/cassandra/blob/2433068c/src/java/org/apache/cassandra/utils/RMIServerSocketFactoryImpl.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/utils/RMIServerSocketFactoryImpl.java b/src/java/org/apache/cassandra/utils/RMIServerSocketFactoryImpl.java new file mode 100644 index 0000000..75331ab --- /dev/null +++ b/src/java/org/apache/cassandra/utils/RMIServerSocketFactoryImpl.java @@ -0,0 +1,34 @@ +package org.apache.cassandra.utils; + +import java.io.IOException; +import java.net.*; +import java.rmi.server.RMIServerSocketFactory; +import javax.net.ServerSocketFactory; + + +public class RMIServerSocketFactoryImpl implements RMIServerSocketFactory +{ + + public ServerSocket createServerSocket(final int pPort) throws IOException { + return ServerSocketFactory.getDefault().createServerSocket(pPort, 0, InetAddress.getLoopbackAddress()); + } + + public boolean equals(Object obj) + { + if (obj == null) + { + return false; + } + if (obj == this) + { + return true; + } + + return obj.getClass().equals(getClass()); + } + + public int hashCode() + { + return RMIServerSocketFactoryImpl.class.hashCode(); + } +}