This is an automated email from the ASF dual-hosted git repository.
qiaojialin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new e690c1b [IOTDB-575] JMX authenticate configuration (#979)
e690c1b is described below
commit e690c1b0215c5d91ad692a3fe835196f4bba3619
Author: Zesong Sun <[email protected]>
AuthorDate: Tue Apr 7 21:31:04 2020 +0800
[IOTDB-575] JMX authenticate configuration (#979)
* JMX user and password
* Set -Dcom.sun.management.jmxremote.authenticate=true
---
docs/UserGuide/6-System Tools/3-JMX Tool.md | 22 ++++++++++++++++++
docs/zh/UserGuide/6-System Tools/3-JMX Tool.md | 22 ++++++++++++++++++
.../resources/conf/iotdb-engine.properties | 10 +++++++++
server/src/assembly/resources/conf/iotdb-env.bat | 4 ++--
server/src/assembly/resources/conf/iotdb-env.sh | 4 ++--
.../java/org/apache/iotdb/db/conf/IoTDBConfig.java | 26 ++++++++++++++++++++++
.../org/apache/iotdb/db/conf/IoTDBConstant.java | 1 +
.../org/apache/iotdb/db/conf/IoTDBDescriptor.java | 4 ++++
.../org/apache/iotdb/db/service/JMXService.java | 7 ++++++
9 files changed, 96 insertions(+), 4 deletions(-)
diff --git a/docs/UserGuide/6-System Tools/3-JMX Tool.md
b/docs/UserGuide/6-System Tools/3-JMX Tool.md
index 3827622..9bc1d1f 100644
--- a/docs/UserGuide/6-System Tools/3-JMX Tool.md
+++ b/docs/UserGuide/6-System Tools/3-JMX Tool.md
@@ -23,6 +23,28 @@
Java VisualVM is a tool that provides a visual interface for viewing detailed
information about Java applications while they are running on a Java Virtual
Machine (JVM), and for troubleshooting and profiling these applications.
+## Config
+
+JMX authenticate configuration is `true` by default, so you need to edit JMX
user name and password in `iotdb-engine.properties`. Related configurations are:
+
+* jmx\_user
+
+|Name| jmx\_user |
+|:---:|:---|
+|Description| User name of JMX |
+|Type| String |
+|Default| admin |
+|Effective|After restart system|
+
+* jmx\_password
+
+|Name| jmx\_password |
+|:---:|:---|
+|Description| User password of JMX |
+|Type| String |
+|Default| password |
+|Effective|After restart system|
+
## Usage
Step1: Start sever.
diff --git a/docs/zh/UserGuide/6-System Tools/3-JMX Tool.md
b/docs/zh/UserGuide/6-System Tools/3-JMX Tool.md
index 4e50ab8..30ad328 100644
--- a/docs/zh/UserGuide/6-System Tools/3-JMX Tool.md
+++ b/docs/zh/UserGuide/6-System Tools/3-JMX Tool.md
@@ -23,6 +23,28 @@
Java VisualVM提供了一个可视化的界面,用于查看Java应用程序在Java虚拟机(JVM)上运行的详细信息,并对这些应用程序进行故障排除和分析。
+## 配置
+
+JMX 访问权限认证设置默认打开,因此你需要编辑`iotdb-engine.properties`中的 JMX 用户名和密码。相关配置项包括:
+
+* jmx\_user
+
+|名字| jmx\_user |
+|:---:|:---|
+|描述| JMX配置中的用户名 |
+|类型| String |
+|默认值| admin |
+|改后生效方式|重启服务器生效|
+
+* jmx\_password
+
+|名字| jmx\_password |
+|:---:|:---|
+|描述| JMX配置中的密码 |
+|类型| String |
+|默认值| password |
+|改后生效方式|重启服务器生效|
+
## 使用
第一步:启动IoTDB server。
diff --git a/server/src/assembly/resources/conf/iotdb-engine.properties
b/server/src/assembly/resources/conf/iotdb-engine.properties
index 35b7ef3..39ac594 100644
--- a/server/src/assembly/resources/conf/iotdb-engine.properties
+++ b/server/src/assembly/resources/conf/iotdb-engine.properties
@@ -40,6 +40,16 @@ rpc_thrift_compression_enable=false
rpc_max_concurrent_client_num=65535
####################
+### JMX Configuration
+####################
+
+# If system property com.sun.management.jmxremote.authenticate is true, user
name should be set to environment
+jmx_user=admin
+
+# If system property com.sun.management.jmxremote.authenticate is true,
password should be set to environment
+jmx_password=password
+
+####################
### Dynamic Parameter Adapter Configuration
####################
diff --git a/server/src/assembly/resources/conf/iotdb-env.bat
b/server/src/assembly/resources/conf/iotdb-env.bat
index 007ea8c..dea41bb 100644
--- a/server/src/assembly/resources/conf/iotdb-env.bat
+++ b/server/src/assembly/resources/conf/iotdb-env.bat
@@ -22,9 +22,9 @@ set LOCAL_JMX=no
set JMX_PORT=31999
if "%LOCAL_JMX%" == "yes" (
- set IOTDB_JMX_OPTS="-Diotdb.jmx.local.port=%JMX_PORT%"
"-Dcom.sun.management.jmxremote.authenticate=false"
"-Dcom.sun.management.jmxremote.ssl=false"
+ set IOTDB_JMX_OPTS="-Diotdb.jmx.local.port=%JMX_PORT%"
"-Dcom.sun.management.jmxremote.authenticate=true"
"-Dcom.sun.management.jmxremote.ssl=false"
) else (
- set IOTDB_JMX_OPTS="-Dcom.sun.management.jmxremote"
"-Dcom.sun.management.jmxremote.authenticate=false"
"-Dcom.sun.management.jmxremote.ssl=false"
"-Dcom.sun.management.jmxremote.port=%JMX_PORT%"
+ set IOTDB_JMX_OPTS="-Dcom.sun.management.jmxremote"
"-Dcom.sun.management.jmxremote.authenticate=true"
"-Dcom.sun.management.jmxremote.ssl=false"
"-Dcom.sun.management.jmxremote.port=%JMX_PORT%"
)
IF ["%IOTDB_HEAP_OPTS%"] EQU [""] (
diff --git a/server/src/assembly/resources/conf/iotdb-env.sh
b/server/src/assembly/resources/conf/iotdb-env.sh
index 583e93b..6132542 100755
--- a/server/src/assembly/resources/conf/iotdb-env.sh
+++ b/server/src/assembly/resources/conf/iotdb-env.sh
@@ -170,9 +170,9 @@ JMX_PORT="31999"
if [ "JMX_LOCAL" = "yes" ]; then
IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Diotdb.jmx.local.port=$JMX_PORT"
- IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false"
+ IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=false"
else
- IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false"
+ IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=false"
IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS
-Dcom.sun.management.jmxremote.port=$JMX_PORT "
fi
diff --git a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java
b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java
index 1b38462..c0ce887 100644
--- a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java
+++ b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConfig.java
@@ -68,6 +68,16 @@ public class IoTDBConfig {
private int rpcMaxConcurrentClientNum = 65535;
/**
+ * JMX user name
+ */
+ private String jmxUser = "admin";
+
+ /**
+ * JMX user password
+ */
+ private String jmxPassword = "password";
+
+ /**
* Memory allocated for the read process
*/
private long allocateMemoryForWrite = Runtime.getRuntime().maxMemory() * 6 /
10;
@@ -633,6 +643,22 @@ public class IoTDBConfig {
this.enableMetricService = enableMetricService;
}
+ public String getJmxUser() {
+ return jmxUser;
+ }
+
+ public void setJmxUser(String jmxUser) {
+ this.jmxUser = jmxUser;
+ }
+
+ public String getJmxPassword() {
+ return jmxPassword;
+ }
+
+ public void setJmxPassword(String jmxPassword) {
+ this.jmxPassword = jmxPassword;
+ }
+
void setDataDirs(String[] dataDirs) {
this.dataDirs = dataDirs;
}
diff --git a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
index 18b74a3..c52692f 100644
--- a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
+++ b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
@@ -33,6 +33,7 @@ public class IoTDBConstant {
public static final String SERVER_RMI_ID = "java.rmi.server.randomIDs";
public static final String RMI_SERVER_HOST_NAME = "java.rmi.server.hostname";
public static final String JMX_REMOTE_RMI_PORT =
"com.sun.management.jmxremote.rmi.port";
+ public static final String JMX_REMOTE_AUTHENTICATE =
"com.sun.management.jmxremote.authenticate";
public static final String IOTDB_PACKAGE = "org.apache.iotdb.service";
public static final String JMX_TYPE = "type";
diff --git a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBDescriptor.java
b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBDescriptor.java
index ad7a2ed..d046e11 100644
--- a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBDescriptor.java
+++ b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBDescriptor.java
@@ -134,6 +134,10 @@ public class IoTDBDescriptor {
conf.setRpcPort(Integer.parseInt(properties.getProperty("rpc_port",
Integer.toString(conf.getRpcPort()))));
+ conf.setJmxUser(properties.getProperty("jmx_user", conf.getJmxUser()));
+
+ conf.setJmxPassword(properties.getProperty("jmx_password",
conf.getJmxPassword()));
+
conf.setTimestampPrecision(properties.getProperty("timestamp_precision",
conf.getTimestampPrecision()));
diff --git a/server/src/main/java/org/apache/iotdb/db/service/JMXService.java
b/server/src/main/java/org/apache/iotdb/db/service/JMXService.java
index b12aceb..99a7ee6 100644
--- a/server/src/main/java/org/apache/iotdb/db/service/JMXService.java
+++ b/server/src/main/java/org/apache/iotdb/db/service/JMXService.java
@@ -30,10 +30,13 @@ import javax.management.MBeanServer;
import javax.management.MalformedObjectNameException;
import javax.management.NotCompliantMBeanException;
import javax.management.ObjectName;
+import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
+import org.apache.iotdb.db.conf.IoTDBConfig;
import org.apache.iotdb.db.conf.IoTDBConstant;
+import org.apache.iotdb.db.conf.IoTDBDescriptor;
import org.apache.iotdb.db.exception.StartupException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -86,6 +89,10 @@ public class JMXService implements IService {
private JMXConnectorServer createJMXServer(boolean local) throws IOException
{
Map<String, Object> env = new HashMap<>();
+ if
(Boolean.getBoolean(System.getProperty(IoTDBConstant.JMX_REMOTE_AUTHENTICATE)))
{
+ IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig();
+ env.put(JMXConnector.CREDENTIALS, new String[]{config.getJmxUser(),
config.getJmxPassword()});
+ }
InetAddress serverAddress;
if (local) {
