Re: How to Protect Tracing Requests From Client Side
Thanks Guys! This really helps! On Fri, Mar 23, 2018 at 7:10 AM, Mick Semb Weverwrote: > Is there a way to protect C* on the server side from tracing commands that >> are executed from clients? >> > > > If you really needed a way to completely disable all and any possibility > of tracing you could start each C* node with tracing switched to a noop > implementation. > > eg, add to the jvm.options file the line > > -Dcassandra.custom_tracing_class=somepackage.NoOpTracing > > > while also putting into each $CASSANDRA_HOME/lib/ a jar file containing > this NoOpTracing class… > > ``` > package somepackage; > > import java.net.InetAddress; > import java.nio.ByteBuffer; > import java.util.Map; > import java.util.UUID; > import org.apache.cassandra.tracing.*; > import org.apache.cassandra.utils.FBUtilities; > > /** Starting Cassandra with '-Dcassandra.custom_tracing_ > class=org.apache.cassandra.tracing.NoOpTracing' > * will forcibly disable all tracing. > * > * This can be useful in defensive environments. > */ > public final class NoOpTracing extends Tracing { > > @Override > protected void stopSessionImpl() {} > > @Override > public TraceState begin(String request, InetAddress client, > Map parameters) { > return NoOpTraceState.INSTANCE; > } > > @Override > protected TraceState newTraceState(InetAddress coordinator, UUID > sessionId, TraceType traceType) { > return NoOpTraceState.INSTANCE; > } > > @Override > public void trace(ByteBuffer sessionId, String message, int ttl) {} > > private static class NoOpTraceState extends TraceState { > private static final NoOpTraceState INSTANCE = new > NoOpTraceState(); > private NoOpTraceState() { > super(FBUtilities.getBroadcastAddress(), UUID.randomUUID(), > TraceType.NONE); > } > @Override > protected void traceImpl(String message) {} > } > } > ``` > > regards, > Mick > > > -- > Mick Semb Wever > Australia > > The Last Pickle > Apache Cassandra Consulting > http://www.thelastpickle.com >
Re: How to Protect Tracing Requests From Client Side
> > Is there a way to protect C* on the server side from tracing commands that > are executed from clients? > If you really needed a way to completely disable all and any possibility of tracing you could start each C* node with tracing switched to a noop implementation. eg, add to the jvm.options file the line -Dcassandra.custom_tracing_class=somepackage.NoOpTracing while also putting into each $CASSANDRA_HOME/lib/ a jar file containing this NoOpTracing class… ``` package somepackage; import java.net.InetAddress; import java.nio.ByteBuffer; import java.util.Map; import java.util.UUID; import org.apache.cassandra.tracing.*; import org.apache.cassandra.utils.FBUtilities; /** Starting Cassandra with '-Dcassandra.custom_tracing_class=org.apache.cassandra.tracing.NoOpTracing' * will forcibly disable all tracing. * * This can be useful in defensive environments. */ public final class NoOpTracing extends Tracing { @Override protected void stopSessionImpl() {} @Override public TraceState begin(String request, InetAddress client, Mapparameters) { return NoOpTraceState.INSTANCE; } @Override protected TraceState newTraceState(InetAddress coordinator, UUID sessionId, TraceType traceType) { return NoOpTraceState.INSTANCE; } @Override public void trace(ByteBuffer sessionId, String message, int ttl) {} private static class NoOpTraceState extends TraceState { private static final NoOpTraceState INSTANCE = new NoOpTraceState(); private NoOpTraceState() { super(FBUtilities.getBroadcastAddress(), UUID.randomUUID(), TraceType.NONE); } @Override protected void traceImpl(String message) {} } } ``` regards, Mick -- Mick Semb Wever Australia The Last Pickle Apache Cassandra Consulting http://www.thelastpickle.com
Re: How to Protect Tracing Requests From Client Side
`nodetool settraceeprobability` controls the *automated* tracing within a single node based on the value set. It may be some or none, but it doesn't effect queries which are explicitly marked for tracing by the driver within your application. You can test this by running CQLSH and enabling TRACING with "TRACING ON;". Now run a query and trace results will be returned. To resolve your problem it may be worth checking to see if you could limit the ability to modify tables within the system_traces keyspace via permissions. ~Chris On Thu, Mar 22, 2018 at 6:07 PM shalom saggeswrote: > Thanks a lot Rahul! :-) > > On Thu, Mar 22, 2018 at 8:03 PM, Rahul Singh > wrote: > >> Execute ‘nodetool settraceprobability 0’ on all nodes. It does zero >> percentage of he tracing. >> >> -- >> Rahul Singh >> rahul.si...@anant.us >> >> Anant Corporation >> >> On Mar 22, 2018, 11:10 AM -0500, shalom sagges , >> wrote: >> >> Hi All, >> >> Is there a way to protect C* on the server side from tracing commands >> that are executed from clients? >> >> Thanks! >> >> >
Re: How to Protect Tracing Requests From Client Side
Thanks a lot Rahul! :-) On Thu, Mar 22, 2018 at 8:03 PM, Rahul Singhwrote: > Execute ‘nodetool settraceprobability 0’ on all nodes. It does zero > percentage of he tracing. > > -- > Rahul Singh > rahul.si...@anant.us > > Anant Corporation > > On Mar 22, 2018, 11:10 AM -0500, shalom sagges , > wrote: > > Hi All, > > Is there a way to protect C* on the server side from tracing commands that > are executed from clients? > > Thanks! > >
Re: How to Protect Tracing Requests From Client Side
Execute ‘nodetool settraceprobability 0’ on all nodes. It does zero percentage of he tracing. -- Rahul Singh rahul.si...@anant.us Anant Corporation On Mar 22, 2018, 11:10 AM -0500, shalom sagges, wrote: > Hi All, > > Is there a way to protect C* on the server side from tracing commands that > are executed from clients? > > Thanks!
How to Protect Tracing Requests From Client Side
Hi All, Is there a way to protect C* on the server side from tracing commands that are executed from clients? Thanks!