Repository: cassandra Updated Branches: refs/heads/cassandra-2.1.4-rel [created] c041ea8b3
Bind JMX to localhost unless explicitly configured otherwise Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/c041ea8b Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/c041ea8b Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/c041ea8b Branch: refs/heads/cassandra-2.1.4-rel Commit: c041ea8b3748089937168839791a6d64382b34de Parents: 7cc1cf0 Author: T Jake Luciani <[email protected]> Authored: Wed Mar 25 12:27:50 2015 -0400 Committer: T Jake Luciani <[email protected]> Committed: Mon Mar 30 09:38:50 2015 -0400 ---------------------------------------------------------------------- CHANGES.txt | 3 + NEWS.txt | 6 ++ bin/cassandra.bat | 11 ++- build.xml | 3 +- conf/cassandra-env.ps1 | 13 +++- conf/cassandra-env.sh | 21 ++++-- debian/changelog | 6 ++ .../cassandra/service/CassandraDaemon.java | 78 ++++++++++++++++++-- .../utils/RMIServerSocketFactoryImpl.java | 34 +++++++++ 9 files changed, 157 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/c041ea8b/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 954fa3f..50c7967 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,6 @@ +2.1.4 + * If no JMX flags are set start a localhost only JMX service + 2.1.3 * Fix HSHA/offheap_objects corruption (CASSANDRA-8719) * Upgrade libthrift to 0.9.2 (CASSANDRA-8685) http://git-wip-us.apache.org/repos/asf/cassandra/blob/c041ea8b/NEWS.txt ---------------------------------------------------------------------- diff --git a/NEWS.txt b/NEWS.txt index 602770c..076885c 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -13,6 +13,12 @@ restore snapshots created with the previous major version using the 'sstableloader' tool. You can upgrade the file format of your snapshots using the provided 'sstableupgrade' tool. +2.1.4 +===== + +The default JMX config now listens to localhost only. You must enable +the other JMX flags in cassandra-env.sh manually. + 2.1.3 ===== http://git-wip-us.apache.org/repos/asf/cassandra/blob/c041ea8b/bin/cassandra.bat ---------------------------------------------------------------------- diff --git a/bin/cassandra.bat b/bin/cassandra.bat index 99b291a..fefd3fc 100644 --- a/bin/cassandra.bat +++ b/bin/cassandra.bat @@ -65,10 +65,13 @@ set JAVA_OPTS=-ea^ -XX:MaxTenuringThreshold=1^ -XX:CMSInitiatingOccupancyFraction=75^ -XX:+UseCMSInitiatingOccupancyOnly^ - -Dcom.sun.management.jmxremote.port=7199^ - -Dcom.sun.management.jmxremote.ssl=false^ - -Dcom.sun.management.jmxremote.authenticate=false^ - -Dlogback.configurationFile=logback.xml + -Dlogback.configurationFile=logback.xml^ + -Dcassandra.jmx.local.port=7199 +REM **** JMX REMOTE ACCESS SETTINGS SEE: https://wiki.apache.org/cassandra/JmxSecurity *** +REM -Dcom.sun.management.jmxremote.port=7199^ +REM -Dcom.sun.management.jmxremote.ssl=false^ +REM -Dcom.sun.management.jmxremote.authenticate=true^ +REM -Dcom.sun.management.jmxremote.password.file=C:\jmxremote.password REM ***** CLASSPATH library setting ***** REM Ensure that any user defined CLASSPATH variables are not used on startup http://git-wip-us.apache.org/repos/asf/cassandra/blob/c041ea8b/build.xml ---------------------------------------------------------------------- diff --git a/build.xml b/build.xml index eaef534..cf401e4 100644 --- a/build.xml +++ b/build.xml @@ -25,7 +25,7 @@ <property name="debuglevel" value="source,lines,vars"/> <!-- default version and SCM information --> - <property name="base.version" value="2.1.3"/> + <property name="base.version" value="2.1.4"/> <property name="scm.connection" value="scm:git://git.apache.org/cassandra.git"/> <property name="scm.developerConnection" value="scm:git://git.apache.org/cassandra.git"/> <property name="scm.url" value="http://git-wip-us.apache.org/repos/asf?p=cassandra.git;a=tree"/> @@ -1113,6 +1113,7 @@ <jvmarg value="-Xss256k"/> <jvmarg value="-Dcassandra.memtable_row_overhead_computation_step=100"/> <jvmarg value="-Dcassandra.test.use_prepared=${cassandra.test.use_prepared}"/> + <jvmarg value="-Dcassandra.jmx.local.port=7199" /> <jvmarg value="-Dcassandra.test.offsetseed=@{poffset}"/> <optjvmargs/> <classpath> http://git-wip-us.apache.org/repos/asf/cassandra/blob/c041ea8b/conf/cassandra-env.ps1 ---------------------------------------------------------------------- diff --git a/conf/cassandra-env.ps1 b/conf/cassandra-env.ps1 index 9c6b6f4..7a71a13 100644 --- a/conf/cassandra-env.ps1 +++ b/conf/cassandra-env.ps1 @@ -400,10 +400,17 @@ Function SetCassandraEnvironment # https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole # for more on configuring JMX through firewalls, etc. (Short version: # get it working with no firewall first.) - $env:JVM_OPTS="$env:JVM_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT" - $env:JVM_OPTS="$env:JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false" - $env:JVM_OPTS="$env:JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false" + # + # Due to potential security exploits, Cassandra ships with JMX accessible + # *only* from localhost. To enable remote JMX connections, uncomment lines below + # with authentication and ssl enabled. See https://wiki.apache.org/cassandra/JmxSecurity + # + #$env:JVM_OPTS="$env:JVM_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT" + #$env:JVM_OPTS="$env:JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false" + #$env:JVM_OPTS="$env:JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true" #$env:JVM_OPTS="$env:JVM_OPTS -Dcom.sun.management.jmxremote.password.file=C:/jmxremote.password" + $env:JVM_OPTS="$env:JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT -XX:+DisableExplicitGC" + $env:JVM_OPTS="$env:JVM_OPTS $JVM_EXTRA_OPTS" $env:JVM_OPTS = "$env:JVM_OPTS -Dlog4j.configuration=log4j-server.properties" http://git-wip-us.apache.org/repos/asf/cassandra/blob/c041ea8b/conf/cassandra-env.sh ---------------------------------------------------------------------- diff --git a/conf/cassandra-env.sh b/conf/cassandra-env.sh index 3f4c21b..58022e6 100644 --- a/conf/cassandra-env.sh +++ b/conf/cassandra-env.sh @@ -270,6 +270,22 @@ JVM_OPTS="$JVM_OPTS -Djava.net.preferIPv4Stack=true" # https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole # for more on configuring JMX through firewalls, etc. (Short version: # get it working with no firewall first.) +# +# Cassandra ships with JMX accessible *only* from localhost. +# To enable remote JMX connections, uncomment lines below +# with authentication and/or ssl enabled. See https://wiki.apache.org/cassandra/JmxSecurity +# +LOCAL_JMX=yes + +if [ "$LOCAL_JMX" = "yes" ]; then + JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT -XX:+DisableExplicitGC" +else + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT" + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT" + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false" + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true" + JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password" +fi # To use mx4j, an HTML interface for JMX, add mx4j-tools.jar to the lib/ # directory. @@ -279,11 +295,6 @@ JVM_OPTS="$JVM_OPTS -Djava.net.preferIPv4Stack=true" #MX4J_ADDRESS="-Dmx4jaddress=127.0.0.1" #MX4J_PORT="-Dmx4jport=8081" -JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT" -JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT" -JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false" -JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false" -#JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password" JVM_OPTS="$JVM_OPTS $MX4J_ADDRESS" JVM_OPTS="$JVM_OPTS $MX4J_PORT" JVM_OPTS="$JVM_OPTS $JVM_EXTRA_OPTS" http://git-wip-us.apache.org/repos/asf/cassandra/blob/c041ea8b/debian/changelog ---------------------------------------------------------------------- diff --git a/debian/changelog b/debian/changelog index 339da0c..8075460 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +cassandra (2.1.4) unstable; urgency=medium + + * New release + + -- Jake Luciani <[email protected]> Fri, 27 Mar 2015 13:48:25 -0400 + cassandra (2.1.3) unstable; urgency=medium * New release http://git-wip-us.apache.org/repos/asf/cassandra/blob/c041ea8b/src/java/org/apache/cassandra/service/CassandraDaemon.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/service/CassandraDaemon.java b/src/java/org/apache/cassandra/service/CassandraDaemon.java index 50c8295..3e398bf 100644 --- a/src/java/org/apache/cassandra/service/CassandraDaemon.java +++ b/src/java/org/apache/cassandra/service/CassandraDaemon.java @@ -23,14 +23,16 @@ import java.lang.management.ManagementFactory; import java.lang.management.MemoryPoolMXBean; import java.net.InetAddress; import java.net.UnknownHostException; -import java.util.Arrays; -import java.util.Date; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.TimeUnit; +import java.rmi.registry.LocateRegistry; +import java.rmi.server.RMIServerSocketFactory; +import java.util.*; + import java.util.concurrent.TimeUnit; import javax.management.MBeanServer; import javax.management.ObjectName; import javax.management.StandardMBean; +import javax.management.remote.JMXConnectorServer; +import javax.management.remote.JMXServiceURL; +import javax.management.remote.rmi.RMIConnectorServer; import com.google.common.collect.Iterables; import com.google.common.util.concurrent.Uninterruptibles; @@ -66,9 +68,61 @@ import org.apache.cassandra.utils.*; public class CassandraDaemon { public static final String MBEAN_NAME = "org.apache.cassandra.db:type=NativeAccess"; + public static JMXConnectorServer jmxServer = null; private static final Logger logger = LoggerFactory.getLogger(CassandraDaemon.class); + private static void maybeInitJmx() + { + String jmxPort = System.getProperty("com.sun.management.jmxremote.port"); + + if (jmxPort == null) + { + logger.warn("JMX is not enabled to receive remote connections. Please see cassandra-env.sh for more info."); + + jmxPort = System.getProperty("cassandra.jmx.local.port"); + + if (jmxPort == null) + { + logger.error("cassandra.jmx.local.port missing from cassandra-env.sh, unable to start local JMX service." + jmxPort); + } + else + { + System.setProperty("java.rmi.server.hostname","127.0.0.1"); + + try + { + RMIServerSocketFactory serverFactory = new RMIServerSocketFactoryImpl(); + LocateRegistry.createRegistry(Integer.valueOf(jmxPort), null, serverFactory); + + StringBuffer url = new StringBuffer(); + url.append("service:jmx:"); + url.append("rmi://localhost/jndi/"); + url.append("rmi://localhost:").append(jmxPort).append("/jmxrmi"); + + Map env = new HashMap(); + env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, serverFactory); + + jmxServer = new RMIConnectorServer( + new JMXServiceURL(url.toString()), + env, + ManagementFactory.getPlatformMBeanServer() + ); + + jmxServer.start(); + } + catch (IOException e) + { + logger.error("Error starting local jmx server: ", e); + } + } + } + else + { + logger.info("JMX is enabled to receive remote connections on port: " + jmxPort); + } + } + private static final CassandraDaemon instance = new CassandraDaemon(); /** @@ -159,6 +213,8 @@ public class CassandraDaemon CLibrary.tryMlockall(); + maybeInitJmx(); + Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() { public void uncaughtException(Thread t, Throwable e) @@ -432,6 +488,18 @@ public class CassandraDaemon // We rely on the shutdown hook to drain the node if (FBUtilities.isWindows()) System.exit(0); + + if (jmxServer != null) + { + try + { + jmxServer.stop(); + } + catch (IOException e) + { + logger.error("Error shutting down local JMX server: ", e); + } + } } http://git-wip-us.apache.org/repos/asf/cassandra/blob/c041ea8b/src/java/org/apache/cassandra/utils/RMIServerSocketFactoryImpl.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/utils/RMIServerSocketFactoryImpl.java b/src/java/org/apache/cassandra/utils/RMIServerSocketFactoryImpl.java new file mode 100644 index 0000000..75331ab --- /dev/null +++ b/src/java/org/apache/cassandra/utils/RMIServerSocketFactoryImpl.java @@ -0,0 +1,34 @@ +package org.apache.cassandra.utils; + +import java.io.IOException; +import java.net.*; +import java.rmi.server.RMIServerSocketFactory; +import javax.net.ServerSocketFactory; + + +public class RMIServerSocketFactoryImpl implements RMIServerSocketFactory +{ + + public ServerSocket createServerSocket(final int pPort) throws IOException { + return ServerSocketFactory.getDefault().createServerSocket(pPort, 0, InetAddress.getLoopbackAddress()); + } + + public boolean equals(Object obj) + { + if (obj == null) + { + return false; + } + if (obj == this) + { + return true; + } + + return obj.getClass().equals(getClass()); + } + + public int hashCode() + { + return RMIServerSocketFactoryImpl.class.hashCode(); + } +}
