cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Olsson (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CASSANDRA-9090) Allow JMX over SSL directly from nodetool
Date Wed, 24 Jun 2015 12:32:04 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-9090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14599328#comment-14599328
] 

Marcus Olsson edited comment on CASSANDRA-9090 at 6/24/15 12:31 PM:
--------------------------------------------------------------------

This patch makes it possible to use SSL with nodetool by running it with:
{noformat}
nodetool --ssl
{noformat}

Then either using a configuration file in ~/.cassandra/ called nodetool.properties
{code:title=nodetool.properties}
# Path to keystore
keyStore=/path/to/keystore
# Keystore password
keyStorePassword=<keystore-password>
# Path to truststore
trustStore=/path/to/truststore
# Truststore password
trustStorePassword=<truststore-password>
# Enabled cipher suites
cipherSuites=<enabled-cipher-suites>
# Enabled protocols
enabledProtocols=<enabled-protocols>
{code}
or by running it with the flags:
{noformat}
nodetool --ssl -Djavax.net.ssl.keyStore=/path/to/keystore -Djavax.net.ssl.keyStorePassword=<keystore-password>
-Djavax.net.ssl.trustStore=/path/to/truststore -Djavax.net.ssl.trustStorePassword=<truststore-password>
-Djavax.rmi.ssl.client.enabledCipherSuites=<enabled-cipher-suites> -Djavax.rmi.ssl.client.enabledProtocols=<enabled-protocols>
{noformat}

Edit: This patch is only tested on 2.1.


was (Author: molsson):
This patch makes it possible to use SSL with nodetool by running it with:
{noformat}
nodetool --ssl
{noformat}

Then either using a configuration file in ~/.cassandra/ called nodetool.properties
{code:title=nodetool.properties}
# Path to keystore
keyStore=/path/to/keystore
# Keystore password
keyStorePassword=<keystore-password>
# Path to truststore
trustStore=/path/to/truststore
# Truststore password
trustStorePassword=<truststore-password>
# Enabled cipher suites
cipherSuites=<enabled-cipher-suites>
# Enabled protocols
enabledProtocols=<enabled-protocols>
{code}
or by running it with the flags:
{noformat}
nodetool --ssl -Djavax.net.ssl.keyStore=/path/to/keystore -Djavax.net.ssl.keyStorePassword=<keystore-password>
-Djavax.net.ssl.trustStore=/path/to/truststore -Djavax.net.ssl.trustStorePassword=<truststore-password>
-Djavax.rmi.ssl.client.enabledCipherSuites=<enabled-cipher-suites> -Djavax.rmi.ssl.client.enabledProtocols=<enabled-protocols>
{noformat}

> Allow JMX over SSL directly from nodetool
> -----------------------------------------
>
>                 Key: CASSANDRA-9090
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9090
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Tools
>            Reporter: Philip Thompson
>             Fix For: 3.x, 2.1.x, 2.0.x
>
>         Attachments: cassandra-2.1-9090.patch
>
>
> Currently cqlsh allows users to connect via SSL to their cassandra cluster via command
line. 
> Nodetool only offers username/password authentication [1], and if users want to use SSL,
they need to use jconsole [2]. We should support nodetool connecting via SSL in the same way
cqlsh does.
> [1] http://wiki.apache.org/cassandra/JmxSecurity
> [2] https://www.lullabot.com/blog/article/monitor-java-jmx
> [3] http://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message