Repository: cassandra Updated Branches: refs/heads/cassandra-2.1 d6c37bdd1 -> 628394a6f
Allow JMX over SSL directly from nodetool patch by Marcus Olsson, reviewed by jasobrown for CASSANDRA-9090 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/628394a6 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/628394a6 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/628394a6 Branch: refs/heads/cassandra-2.1 Commit: 628394a6fad134dee3d1ec340b88ffcba51e67e7 Parents: d6c37bd Author: Jason Brown <jasedbr...@gmail.com> Authored: Thu Jun 25 07:17:41 2015 -0700 Committer: Jason Brown <jasedbr...@gmail.com> Committed: Thu Jun 25 10:36:42 2015 -0700 ---------------------------------------------------------------------- CHANGES.txt | 1 + bin/nodetool | 13 +++++++++++++ conf/cassandra-env.sh | 8 ++++++++ src/java/org/apache/cassandra/tools/NodeProbe.java | 14 ++++++++++++++ 4 files changed, 36 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/628394a6/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index e8ac3e7..fded5fc 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 2.1.7 + * Allow JMX over SSL directly from nodetool (CASSANDRA-9090) * Fix incorrect result for IN queries where column not found (CASSANDRA-9540) * ColumnFamilyStore.selectAndReference may block during compaction (CASSANDRA-9637) * Fix bug in cardinality check when compacting (CASSANDRA-9580) http://git-wip-us.apache.org/repos/asf/cassandra/blob/628394a6/bin/nodetool ---------------------------------------------------------------------- diff --git a/bin/nodetool b/bin/nodetool index e81c59b..d211459 100755 --- a/bin/nodetool +++ b/bin/nodetool @@ -56,6 +56,8 @@ fi # JMX Port passed via cmd line args (-p 9999 / --port 9999 / --port=9999) # should override the value from cassandra-env.sh ARGS="" +JVM_ARGS="" +SSL_FILE=$HOME/.cassandra/nodetool-ssl.properties while true do if [ ! $1 ]; then break; fi @@ -71,6 +73,16 @@ do JMX_PORT=$2 shift ;; + --ssl) + if [ -f $SSL_FILE ] + then + SSL_ARGS=$(cat $SSL_FILE | tr '\n' ' ') + fi + JVM_ARGS="$JVM_ARGS -Dssl.enable=true $SSL_ARGS" + ;; + -D*) + JVM_ARGS="$JVM_ARGS $1" + ;; *) ARGS="$ARGS $1" ;; @@ -91,6 +103,7 @@ esac -Dcassandra.storagedir="$cassandra_storagedir" \ -Dlogback.configurationFile=logback-tools.xml \ -Dstorage-config="$CASSANDRA_CONF" \ + $JVM_ARGS \ org.apache.cassandra.tools.NodeTool -p $JMX_PORT $ARGS # vi:ai sw=4 ts=4 tw=0 et http://git-wip-us.apache.org/repos/asf/cassandra/blob/628394a6/conf/cassandra-env.sh ---------------------------------------------------------------------- diff --git a/conf/cassandra-env.sh b/conf/cassandra-env.sh index 2e22f7f..73217bb 100644 --- a/conf/cassandra-env.sh +++ b/conf/cassandra-env.sh @@ -286,6 +286,14 @@ else JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false" JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true" JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password" +# JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStore=/path/to/keystore" +# JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=<keystore-password>" +# JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStore=/path/to/truststore" +# JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=<truststore-password>" +# JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true" +# JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.registry.ssl=true" +# JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.protocols=<enabled-protocols>" +# JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.cipher.suites=<enabled-cipher-suites>" fi # To use mx4j, an HTML interface for JMX, add mx4j-tools.jar to the lib/ http://git-wip-us.apache.org/repos/asf/cassandra/blob/628394a6/src/java/org/apache/cassandra/tools/NodeProbe.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/tools/NodeProbe.java b/src/java/org/apache/cassandra/tools/NodeProbe.java index da1fca0..d3bce4d 100644 --- a/src/java/org/apache/cassandra/tools/NodeProbe.java +++ b/src/java/org/apache/cassandra/tools/NodeProbe.java @@ -27,6 +27,8 @@ import java.lang.management.MemoryUsage; import java.lang.management.RuntimeMXBean; import java.net.InetAddress; import java.net.UnknownHostException; +import java.rmi.server.RMIClientSocketFactory; +import java.rmi.server.RMISocketFactory; import java.text.SimpleDateFormat; import java.util.AbstractMap; import java.util.ArrayList; @@ -58,6 +60,7 @@ import javax.management.remote.JMXConnectionNotification; import javax.management.remote.JMXConnector; import javax.management.remote.JMXConnectorFactory; import javax.management.remote.JMXServiceURL; +import javax.rmi.ssl.SslRMIClientSocketFactory; import org.apache.cassandra.concurrent.JMXEnabledThreadPoolExecutorMBean; import org.apache.cassandra.db.ColumnFamilyStoreMBean; @@ -182,6 +185,9 @@ public class NodeProbe implements AutoCloseable String[] creds = { username, password }; env.put(JMXConnector.CREDENTIALS, creds); } + + env.put("com.sun.jndi.rmi.factory.socket", getRMIClientSocketFactory()); + jmxc = JMXConnectorFactory.connect(jmxUrl, env); mbeanServerConn = jmxc.getMBeanServerConnection(); @@ -218,6 +224,14 @@ public class NodeProbe implements AutoCloseable mbeanServerConn, ManagementFactory.RUNTIME_MXBEAN_NAME, RuntimeMXBean.class); } + private RMIClientSocketFactory getRMIClientSocketFactory() throws IOException + { + if (Boolean.parseBoolean(System.getProperty("ssl.enable"))) + return new SslRMIClientSocketFactory(); + else + return RMISocketFactory.getDefaultSocketFactory(); + } + public void close() throws IOException { jmxc.close();