[
https://issues.apache.org/jira/browse/CASSANDRA-18508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17889875#comment-17889875
]
Maulin Vasavada edited comment on CASSANDRA-18508 at 10/15/24 11:57 PM:
------------------------------------------------------------------------
So [~jeetkundoug] I could run the ResourceLeakTest#looperJMXTest from the trunk
now for 50 loop count. I prefer rebasing from the trunk for my branch and try
to run the same thing. Earlier it didnt' work from my branch for more than 27
loops without getting errors like below-
{noformat}
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler
in thread "node2_isolatedExecutor:1"Exception: java.lang.OutOfMemoryError
thrown from the UncaughtExceptionHandler in thread
"node2_isolatedExecutor:2"Exception: java.lang.OutOfMemoryError thrown from the
UncaughtExceptionHandler in thread "node2_isolatedExecutor:3"
WARN 23:07:31 Out of 1 commit log syncs over the past 0.00s with average
duration of 1938.39ms, 1 have exceeded the configured commit interval by an
average of 938.39ms
WARN [node1_COMMIT-LOG-WRITER] node1 2024-10-11 16:07:31,221
NoSpamLogger.java:107 - Out of 1 commit log syncs over the past 0.00s with
average duration of 1938.39ms, 1 have exceeded the configured commit interval
by an average of 938.39msException: java.lang.OutOfMemoryError thrown from the
UncaughtExceptionHandler in thread "node2_isolatedExecutor:8"Exception:
java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"node2_isolatedExecutor:6"Exception: java.lang.OutOfMemoryError thrown from the
UncaughtExceptionHandler in thread "node2_isolatedExecutor:7"Exception:
java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"node2_isolatedExecutor:4"Exception: java.lang.OutOfMemoryError thrown from the
UncaughtExceptionHandler in thread "node2_isolatedExecutor:5"{noformat}
was (Author: maulin.vasavada):
So [~jeetkundoug] I could run the ResourceLeakTest#looperJMXTest from the trunk
now for 50 loop count. I prefer rebasing from the trunk for my branch and try
to run the same thing. Earlier it didnt' work from my branch for more than 27
loops.
> Sensitive JMX SSL configuration options can be easily exposed
> -------------------------------------------------------------
>
> Key: CASSANDRA-18508
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18508
> Project: Cassandra
> Issue Type: Improvement
> Components: Feature/Encryption, Local/Config
> Reporter: Anthony Grasso
> Assignee: Maulin Vasavada
> Priority: Normal
> Fix For: 5.x
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> We need a way to specify sensitive JMX SSL configuration options to avoid
> them being easily exposed.
> When encrypting the JMX connection the passwords for the key and trust stores
> must be specified using the {{javax.net.ssl.keyStorePassword}} and
> {{javax.net.ssl.trustStorePassword}} options respectively in the
> _cassandra-env.sh_ file. After Cassandra is started it is possible to see the
> passwords by looking the running process ({{ps aux | grep "cassandra"}}).
> Java 8 has the ability to specify a configuration file that can contain these
> security sensitive settings using the {{com.sun.management.config.file}}
> argument. However, despite what the documentation
> ([https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdevf])
> says, both the {{com.sun.management.jmxremote}} and
> {{com.sun.management.jmxremote.port}} arguments need to be defined in the
> _cassandra-env.sh_ for the JVM to read the contents of the file.
> The problem with defining the {{com.sun.management.jmxremote.port}} argument
> is it conflicts with the {{cassandra.jmx.remote.port}} argument. Even if the
> port numbers are different, attempting an encrypted JMX connection using
> {{nodetool}} fails and we see a {{ConnectException: 'Connection refused
> (Connection refused)'}} error.
> One possible way to fix this is to introduce a new option that would allow a
> file to be passed containing the JMX encryption options.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
