[
https://issues.apache.org/jira/browse/CASSANDRA-9090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14601260#comment-14601260
]
Jason Brown edited comment on CASSANDRA-9090 at 6/25/15 2:27 PM:
-----------------------------------------------------------------
Overall, I like the idea and approach. However, I'm not thrilled with adding
another properties file. I think using the well-known -D properties for JMX is
ample enough, without needing to create a new file/syntax/ supporting code (as
simple as that might be). I do think it is convenient to have an external file
with the relevant -D properties already set up, which is preserved across c*
upgrade.
So, I've taken the existing cassandra-2.1-9090-1.patch, simplified everything
in NodeProbe to just look for the ssl.enable flag, and rely on the JMX system
properties being set correctly. Additionally, in the bin/nodetool script, if
you pass --ssl to it, we'll look for a file,
$HOME/.cassandra/nodetool-ssl.properties, and read that for -D properties to
pass to the JVM. it's more of a convenience than anything, but I did like that
idea, a lot.
was (Author: jasobrown):
Overall, I like the idea. However, I'm not thrilled with adding another
properties file. I think using the well-known -D properties for JMX is ample
enough, without needing to create a new file/syntax/ supporting code (as simple
as that might be). I do think it is convenient to have an external file with
the relevant -D properties already set up, which is preserved across c* upgrade.
So, I've taken the existing cassandra-2.1-9090-1.patch, simplified everything
in NodeProbe to just look for the ssl.enable flag, and rely on the JMX system
properties being set correctly. Additionally, in the bin/nodetool script, if
you pass --ssl to it, we'll look for a file,
$HOME/.cassandra/nodetool-ssl.properties, and read that for -D properties to
pass to the JVM. it's more of a convenience than anything, but I did like that
idea, a lot.
> Allow JMX over SSL directly from nodetool
> -----------------------------------------
>
> Key: CASSANDRA-9090
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9090
> Project: Cassandra
> Issue Type: Improvement
> Components: Tools
> Reporter: Philip Thompson
> Fix For: 3.x, 2.1.x, 2.0.x
>
> Attachments: cassandra-2.0-9090.patch, cassandra-2.1-9090-1.patch,
> cassandra-2.1-9090-2.patch, cassandra-2.1-9090.patch, cassandra-2.2-9090.patch
>
>
> Currently cqlsh allows users to connect via SSL to their cassandra cluster
> via command line.
> Nodetool only offers username/password authentication [1], and if users want
> to use SSL, they need to use jconsole [2]. We should support nodetool
> connecting via SSL in the same way cqlsh does.
> [1] http://wiki.apache.org/cassandra/JmxSecurity
> [2] https://www.lullabot.com/blog/article/monitor-java-jmx
> [3]
> http://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
