@@ -218,55 +218,66 @@ if [ "x$LOCAL_JMX" = "x" ]; then
218
218
LOCAL_JMX=yes
219
219
fi
220
220
221
- # Specifies the default port over which Cassandra will be available for
222
- # JMX connections.
223
- # For security reasons, you should not expose this port to the internet. Firewall it if needed.
224
- JMX_PORT=" 7199"
225
-
226
- if [ " $LOCAL_JMX " = " yes" ]; then
227
- JVM_OPTS=" $JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT "
228
- JVM_OPTS=" $JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
229
- else
230
- JVM_OPTS=" $JVM_OPTS -Dcassandra.jmx.remote.port=$JMX_PORT "
231
- # if ssl is enabled the same port cannot be used for both jmx and rmi so either
232
- # pick another value for this property or comment out to use a random port (though see CASSANDRA-7087 for origins)
233
- JVM_OPTS=" $JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT "
234
-
235
- # turn on JMX authentication. See below for further options
236
- JVM_OPTS=" $JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true"
237
-
238
- # jmx ssl options
239
- # Consider using the jmx_encryption_options section of cassandra.yaml instead
240
- # to prevent sensitive information being exposed.
241
- # In case jmx ssl options are configured in both the places - this file and cassandra.yaml, and
242
- # if com.sun.management.jmxremote.ssl is configured to be true here and encryption_options are marked enabled in
243
- # cassandra.yaml, then we will get exception at the startup
244
- # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=true"
245
- # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true"
246
- # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.protocols=<enabled-protocols>"
247
- # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.cipher.suites=<enabled-cipher-suites>"
248
- # JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStore=/path/to/keystore"
249
- # JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=<keystore-password>"
250
- # JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStore=/path/to/truststore"
251
- # JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=<truststore-password>"
252
- fi
221
+ configure_jmx ()
222
+ {
223
+ JMX_PORT=$1
224
+
225
+ if [ " $LOCAL_JMX " = " yes" ]; then
226
+ JVM_OPTS=" $JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT "
227
+ JVM_OPTS=" $JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
228
+ else
229
+ JVM_OPTS=" $JVM_OPTS -Dcassandra.jmx.remote.port=$JMX_PORT "
230
+ # if ssl is enabled the same port cannot be used for both jmx and rmi so either
231
+ # pick another value for this property or comment out to use a random port (though see CASSANDRA-7087 for origins)
232
+ JVM_OPTS=" $JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT "
233
+
234
+ # turn on JMX authentication. See below for further options
235
+ JVM_OPTS=" $JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true"
236
+
237
+ # jmx ssl options
238
+ # Consider using the jmx_encryption_options section of jmx_server_options in cassandra.yaml instead
239
+ # to prevent sensitive information being exposed.
240
+ # In case jmx ssl options are configured in both the places - this file and cassandra.yaml, and
241
+ # if com.sun.management.jmxremote.ssl is configured to be true here and encryption_options are marked enabled in
242
+ # cassandra.yaml, then we will get exception at the startup
243
+ # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=true"
244
+ # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true"
245
+ # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.protocols=<enabled-protocols>"
246
+ # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.cipher.suites=<enabled-cipher-suites>"
247
+ # JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStore=/path/to/keystore"
248
+ # JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=<keystore-password>"
249
+ # JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStore=/path/to/truststore"
250
+ # JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=<truststore-password>"
251
+ fi
252
+
253
+ # jmx authentication and authorization options. By default, auth is only
254
+ # activated for remote connections but they can also be enabled for local only JMX
255
+ # # Basic file based authn & authz
256
+ JVM_OPTS=" $JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password"
257
+ # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access"
258
+ # # Custom auth settings which can be used as alternatives to JMX's out of the box auth utilities.
259
+ # # JAAS login modules can be used for authentication by uncommenting these two properties.
260
+ # # Cassandra ships with a LoginModule implementation - org.apache.cassandra.auth.CassandraLoginModule -
261
+ # # which delegates to the IAuthenticator configured in cassandra.yaml. See the sample JAAS configuration
262
+ # # file cassandra-jaas.config
263
+ # JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.remote.login.config=CassandraLogin"
264
+ # JVM_OPTS="$JVM_OPTS -Djava.security.auth.login.config=$CASSANDRA_CONF/cassandra-jaas.config"
265
+
266
+ # # Cassandra also ships with a helper for delegating JMX authz calls to the configured IAuthorizer,
267
+ # # uncomment this to use it. Requires one of the two authentication options to be enabled
268
+ # JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy"
269
+ }
253
270
254
- # jmx authentication and authorization options. By default, auth is only
255
- # activated for remote connections but they can also be enabled for local only JMX
256
- # # Basic file based authn & authz
257
- JVM_OPTS=" $JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password"
258
- # JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access"
259
- # # Custom auth settings which can be used as alternatives to JMX's out of the box auth utilities.
260
- # # JAAS login modules can be used for authentication by uncommenting these two properties.
261
- # # Cassandra ships with a LoginModule implementation - org.apache.cassandra.auth.CassandraLoginModule -
262
- # # which delegates to the IAuthenticator configured in cassandra.yaml. See the sample JAAS configuration
263
- # # file cassandra-jaas.config
264
- # JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.remote.login.config=CassandraLogin"
265
- # JVM_OPTS="$JVM_OPTS -Djava.security.auth.login.config=$CASSANDRA_CONF/cassandra-jaas.config"
266
-
267
- # # Cassandra also ships with a helper for delegating JMX authz calls to the configured IAuthorizer,
268
- # # uncomment this to use it. Requires one of the two authentication options to be enabled
269
- # JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy"
271
+ # If this function call is commented out, then Cassandra will start with no system properties for JMX set whatsoever.
272
+ # We will be expecting the settings in jmx_server_options and jmx_encryption_options respectively instead.
273
+ # The argument specifies the default port over which Cassandra will be available for JMX connections.
274
+ #
275
+ # If you comment out configure_jmx method call, then JMX_PORT variable will not be set, which means
276
+ # nodetool which sources this file will not see it either and port from cassandra.yaml will be parsed instead,
277
+ # if not found there either, it defaults to 7199.
278
+ #
279
+ # For security reasons, you should not expose this port to the internet. Firewall it if needed.
280
+ configure_jmx 7199
270
281
271
282
# To use mx4j, an HTML interface for JMX, add mx4j-tools.jar to the lib/
272
283
# directory.
0 commit comments