[
https://issues.apache.org/jira/browse/CASSANDRA-18508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17900463#comment-17900463
]
Stefan Miklosovic commented on CASSANDRA-18508:
-----------------------------------------------
[CASSANDRA-18508|https://github.com/instaclustr/cassandra/tree/CASSANDRA-18508]
{noformat}
java17_pre-commit_tests
✓ j17_build 4m 55s
✓ j17_cqlsh_dtests_py311 7m 25s
✓ j17_cqlsh_dtests_py311_vnode 7m 17s
✓ j17_cqlsh_dtests_py38 7m 4s
✓ j17_cqlsh_dtests_py38_vnode 7m 25s
✓ j17_cqlshlib_cython_tests 10m 46s
✓ j17_cqlshlib_tests 6m 41s
✓ j17_dtests 33m 41s
✓ j17_dtests_latest 34m 48s
✓ j17_dtests_vnode 37m 30s
✓ j17_jvm_dtests 27m 2s
✓ j17_unit_tests 15m 46s
✓ j17_unit_tests_repeat 11m 0s
✓ j17_utests_latest 13m 36s
✓ j17_utests_latest_repeat 11m 15s
✓ j17_utests_oa 14m 41s
✓ j17_utests_oa_repeat 10m 44s
✕ j17_jvm_dtests_latest_vnode 26m 41s
junit.framework.TestSuite
org.apache.cassandra.fuzz.harry.integration.model.InJVMTokenAwareExecutorTest
org.apache.cassandra.distributed.test.tcm.CMSPlacementAfterMoveTest
testMoveToCMS
{noformat}
[java17_pre-commit_tests|https://app.circleci.com/pipelines/github/instaclustr/cassandra/5025/workflows/59db9b41-04e6-4528-8cd5-aeb4b3e268c6]
> Make JMX SSL to be configured in cassandra.yaml
> -----------------------------------------------
>
> Key: CASSANDRA-18508
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18508
> Project: Cassandra
> Issue Type: Improvement
> Components: Feature/Encryption, Local/Config
> Reporter: Anthony Grasso
> Assignee: Maulin Vasavada
> Priority: Normal
> Fix For: 5.x
>
> Time Spent: 17h 50m
> Remaining Estimate: 0h
>
> We need a way to specify sensitive JMX SSL configuration options to avoid
> them being easily exposed.
> When encrypting the JMX connection the passwords for the key and trust stores
> must be specified using the {{javax.net.ssl.keyStorePassword}} and
> {{javax.net.ssl.trustStorePassword}} options respectively in the
> _cassandra-env.sh_ file. After Cassandra is started it is possible to see the
> passwords by looking the running process ({{ps aux | grep "cassandra"}}).
> Java 8 has the ability to specify a configuration file that can contain these
> security sensitive settings using the {{com.sun.management.config.file}}
> argument. However, despite what the documentation
> ([https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdevf])
> says, both the {{com.sun.management.jmxremote}} and
> {{com.sun.management.jmxremote.port}} arguments need to be defined in the
> _cassandra-env.sh_ for the JVM to read the contents of the file.
> The problem with defining the {{com.sun.management.jmxremote.port}} argument
> is it conflicts with the {{cassandra.jmx.remote.port}} argument. Even if the
> port numbers are different, attempting an encrypted JMX connection using
> {{nodetool}} fails and we see a {{ConnectException: 'Connection refused
> (Connection refused)'}} error.
> One possible way to fix this is to introduce a new option that would allow a
> file to be passed containing the JMX encryption options.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
