[jira] [Commented] (CASSANDRA-19453) Enabling remote JMX fails to start

Stefan Miklosovic (Jira) Fri, 01 Mar 2024 05:28:06 -0800


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-19453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17822567#comment-17822567
 ]


Stefan Miklosovic commented on CASSANDRA-19453:
-----------------------------------------------

If I have fully setup ssl like this (checkout LOCAL_JMX=baz) it will just jump 
to else branch again and all will be just started fine.

{noformat}
LOCAL_JMX="baz"

if [ "x$LOCAL_JMX" = "x" ]; then
    LOCAL_JMX=yes
fi

# Specifies the default port over which Cassandra will be available for
# JMX connections.
# For security reasons, you should not expose this port to the internet.  
Firewall it if needed.
JMX_PORT="7199"

if [ "$LOCAL_JMX" = "yes" ]; then
  JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT"
  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
else
  JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.remote.port=$JMX_PORT"
  # if ssl is enabled the same port cannot be used for both jmx and rmi so 
either
  # pick another value for this property or comment out to use a random port 
(though see CASSANDRA-7087 for origins)
  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=7750"

  # turn on JMX authentication. See below for further options
  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true"

  # jmx ssl options
  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=true"
  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=false"
  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.registry.ssl=true"
  JVM_OPTS="$JVM_OPTS 
-Dcom.sun.management.jmxremote.ssl.enabled.protocols=TLSv1.2"
  JVM_OPTS="$JVM_OPTS 
-Dcom.sun.management.jmxremote.ssl.enabled.cipher.suites=TLS_RSA_WITH_AES_256_CBC_SHA"
  JVM_OPTS="$JVM_OPTS 
-Djavax.net.ssl.keyStore=/submit/cassandra/ssl/$(hostname)-server-keystore.p12"
  JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=cassandra"
  JVM_OPTS="$JVM_OPTS 
-Djavax.net.ssl.trustStore=/submit/cassandra/ssl/server-truststore.jks"
  JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=cassandra"
fi
{noformat}

> Enabling remote JMX fails to start
> ----------------------------------
>
>                 Key: CASSANDRA-19453
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-19453
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Local/Config
>            Reporter: Brandon Williams
>            Assignee: Stefan Miklosovic
>            Priority: Normal
>             Fix For: 5.0-rc, 5.x
>
>
> If you set LOCAL_JMX to something other than 'yes' in conf/cassandra-env.sh, 
> you receive:
> {noformat}
> Exception (java.lang.ExceptionInInitializerError) encountered during startup: 
> null
> java.lang.ExceptionInInitializerError
>         at 
> org.apache.cassandra.utils.JMXServerUtils.configureJmxAuthentication(JMXServerUtils.java:188)
>         at 
> org.apache.cassandra.utils.JMXServerUtils.createJMXServer(JMXServerUtils.java:106)
>         at 
> org.apache.cassandra.utils.JMXServerUtils.createJMXServer(JMXServerUtils.java:154)
>         at 
> org.apache.cassandra.service.CassandraDaemon.maybeInitJmx(CassandraDaemon.java:172)
>         at 
> org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:240)
>         at 
> org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:721)
>         at 
> org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:855)
> Caused by: java.lang.RuntimeException: java.lang.IllegalAccessException: 
> access to public member failed: 
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.<init>[Ljava.lang.Object;@afb5821/invokeSpecial,
>  from class 
> org.apache.cassandra.utils.JMXServerUtils$JMXPluggableAuthenticatorWrapper 
> (unnamed module @51dcb805)
>         at 
> org.apache.cassandra.utils.JMXServerUtils$JMXPluggableAuthenticatorWrapper.<clinit>(JMXServerUtils.java:306)
>         ... 7 more
> Caused by: java.lang.IllegalAccessException: access to public member failed: 
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.<init>[Ljava.lang.Object;@afb5821/invokeSpecial,
>  from class 
> org.apache.cassandra.utils.JMXServerUtils$JMXPluggableAuthenticatorWrapper 
> (unnamed module @51dcb805)
>         at 
> java.base/java.lang.invoke.MemberName.makeAccessException(MemberName.java:955)
>         at 
> java.base/java.lang.invoke.MethodHandles$Lookup.checkAccess(MethodHandles.java:3882)
>         at 
> java.base/java.lang.invoke.MethodHandles$Lookup.getDirectConstructorCommon(MethodHandles.java:4117)
>         at 
> java.base/java.lang.invoke.MethodHandles$Lookup.getDirectConstructorNoSecurityManager(MethodHandles.java:4111)
>         at 
> java.base/java.lang.invoke.MethodHandles$Lookup.unreflectConstructor(MethodHandles.java:3433)
>         at 
> org.apache.cassandra.utils.JMXServerUtils$JMXPluggableAuthenticatorWrapper.<clinit>(JMXServerUtils.java:302)
>         ... 7 more
> ERROR [main] 2024-03-01 06:16:00,028 CassandraDaemon.java:877 - Exception 
> encountered during startup
> java.lang.ExceptionInInitializerError: null
>         at 
> org.apache.cassandra.utils.JMXServerUtils.configureJmxAuthentication(JMXServerUtils.java:188)
>         at 
> org.apache.cassandra.utils.JMXServerUtils.createJMXServer(JMXServerUtils.java:106)
>         at 
> org.apache.cassandra.utils.JMXServerUtils.createJMXServer(JMXServerUtils.java:154)
>         at 
> org.apache.cassandra.service.CassandraDaemon.maybeInitJmx(CassandraDaemon.java:172)
>         at 
> org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:240)
>         at 
> org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:721)
>         at 
> org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:855)
> Caused by: java.lang.RuntimeException: java.lang.IllegalAccessException: 
> access to public member failed: 
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.<init>[Ljava.lang.Object;@afb5821/invokeSpecial,
>  from class 
> org.apache.cassandra.utils.JMXServerUtils$JMXPluggableAuthenticatorWrapper 
> (unnamed module @51dcb805)
>         at 
> org.apache.cassandra.utils.JMXServerUtils$JMXPluggableAuthenticatorWrapper.<clinit>(JMXServerUtils.java:306)
>         ... 7 common frames omitted
> Caused by: java.lang.IllegalAccessException: access to public member failed: 
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.<init>[Ljava.lang.Object;@afb5821/invokeSpecial,
>  from class 
> org.apache.cassandra.utils.JMXServerUtils$JMXPluggableAuthenticatorWrapper 
> (unnamed module @51dcb805)
>         at 
> java.base/java.lang.invoke.MemberName.makeAccessException(MemberName.java:955)
>         at 
> java.base/java.lang.invoke.MethodHandles$Lookup.checkAccess(MethodHandles.java:3882)
>         at 
> java.base/java.lang.invoke.MethodHandles$Lookup.getDirectConstructorCommon(MethodHandles.java:4117)
>         at 
> java.base/java.lang.invoke.MethodHandles$Lookup.getDirectConstructorNoSecurityManager(MethodHandles.java:4111)
>         at 
> java.base/java.lang.invoke.MethodHandles$Lookup.unreflectConstructor(MethodHandles.java:3433)
>         at 
> org.apache.cassandra.utils.JMXServerUtils$JMXPluggableAuthenticatorWrapper.<clinit>(JMXServerUtils.java:302)
>         ... 7 common frames omitted
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (CASSANDRA-19453) Enabling remote JMX fails to start

Reply via email to