[
https://issues.apache.org/jira/browse/CASSANDRA-18508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17889332#comment-17889332
]
Doug Rohrer commented on CASSANDRA-18508:
-----------------------------------------
With respect to the two socket factory properties, I think you have the two
reversed in your explanation but generally have the right idea as to why there
are two. The only reason I needed to set a client socket factory with
{{jmx.remote.rmi.client.socket.factory}} was to deal with the whole "override
the local address" for clients trying to connect to the JMX _RMI_ server on
each isolated JMX instance. That is the only one I ever needed.
The other seems to deal with looking up the _JNDI server_ in the first place
(which is the naming server that then lets you look up RMI instances if I
remember correctly, but it's been a _long time_), so I don't think you need it
unless you found some reason to set it.
Still looking over the code, which generally looks reasonable to me. I have one
comment that actually deals with the order of startup in {{Instance.java}} that
_I_ wrote before, where we start the JMX service _before_ calling
{{DatabaseDescriptor#daemonInitialize}}, which is backwards of what the actual
server does and makes it so running all tests in the
{{JMXEncryptionOptionsTest}} suite. Essentially, we need to put the call to
{{daemonInitialize}} in the in-jvm dtest {{Instance}} class _before_ the JMX
startup call, which will fix the issue (and more accurately simulate the actual
server startup sequence).
I'll try to finish up this review tomorrow, but, as I said, it generally looks
reasonable so far.
> Sensitive JMX SSL configuration options can be easily exposed
> -------------------------------------------------------------
>
> Key: CASSANDRA-18508
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18508
> Project: Cassandra
> Issue Type: Improvement
> Components: Feature/Encryption, Local/Config
> Reporter: Anthony Grasso
> Assignee: Maulin Vasavada
> Priority: Normal
> Fix For: 5.x
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> We need a way to specify sensitive JMX SSL configuration options to avoid
> them being easily exposed.
> When encrypting the JMX connection the passwords for the key and trust stores
> must be specified using the {{javax.net.ssl.keyStorePassword}} and
> {{javax.net.ssl.trustStorePassword}} options respectively in the
> _cassandra-env.sh_ file. After Cassandra is started it is possible to see the
> passwords by looking the running process ({{ps aux | grep "cassandra"}}).
> Java 8 has the ability to specify a configuration file that can contain these
> security sensitive settings using the {{com.sun.management.config.file}}
> argument. However, despite what the documentation
> ([https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdevf])
> says, both the {{com.sun.management.jmxremote}} and
> {{com.sun.management.jmxremote.port}} arguments need to be defined in the
> _cassandra-env.sh_ for the JVM to read the contents of the file.
> The problem with defining the {{com.sun.management.jmxremote.port}} argument
> is it conflicts with the {{cassandra.jmx.remote.port}} argument. Even if the
> port numbers are different, attempting an encrypted JMX connection using
> {{nodetool}} fails and we see a {{ConnectException: 'Connection refused
> (Connection refused)'}} error.
> One possible way to fix this is to introduce a new option that would allow a
> file to be passed containing the JMX encryption options.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
