Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cassandra.apache.org
Date: Wed, 24 Jun 2015 12:32:04 +0000 (UTC)
From: "Marcus Olsson (JIRA)" <jira@apache.org>
To: commits@cassandra.apache.org
Message-ID: <JIRA.12787406.1427908800000.1500.1435149124888@Atlassian.JIRA>
In-Reply-To: <JIRA.12787406.1427908800000@Atlassian.JIRA>
References: <JIRA.12787406.1427908800000@Atlassian.JIRA>
 <JIRA.12787406.1427908800922@arcas>
Subject: [jira] [Comment Edited] (CASSANDRA-9090) Allow JMX over SSL
 directly from nodetool
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/CASSANDRA-9090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14599328#comment-14599328 ] 

Marcus Olsson edited comment on CASSANDRA-9090 at 6/24/15 12:31 PM:
--------------------------------------------------------------------

This patch makes it possible to use SSL with nodetool by running it with:
{noformat}
nodetool --ssl
{noformat}

Then either using a configuration file in ~/.cassandra/ called nodetool.properties
{code:title=nodetool.properties}
# Path to keystore
keyStore=/path/to/keystore
# Keystore password
keyStorePassword=<keystore-password>
# Path to truststore
trustStore=/path/to/truststore
# Truststore password
trustStorePassword=<truststore-password>
# Enabled cipher suites
cipherSuites=<enabled-cipher-suites>
# Enabled protocols
enabledProtocols=<enabled-protocols>
{code}
or by running it with the flags:
{noformat}
nodetool --ssl -Djavax.net.ssl.keyStore=/path/to/keystore -Djavax.net.ssl.keyStorePassword=<keystore-password> -Djavax.net.ssl.trustStore=/path/to/truststore -Djavax.net.ssl.trustStorePassword=<truststore-password> -Djavax.rmi.ssl.client.enabledCipherSuites=<enabled-cipher-suites> -Djavax.rmi.ssl.client.enabledProtocols=<enabled-protocols>
{noformat}

Edit: This patch is only tested on 2.1.


was (Author: molsson):
This patch makes it possible to use SSL with nodetool by running it with:
{noformat}
nodetool --ssl
{noformat}

Then either using a configuration file in ~/.cassandra/ called nodetool.properties
{code:title=nodetool.properties}
# Path to keystore
keyStore=/path/to/keystore
# Keystore password
keyStorePassword=<keystore-password>
# Path to truststore
trustStore=/path/to/truststore
# Truststore password
trustStorePassword=<truststore-password>
# Enabled cipher suites
cipherSuites=<enabled-cipher-suites>
# Enabled protocols
enabledProtocols=<enabled-protocols>
{code}
or by running it with the flags:
{noformat}
nodetool --ssl -Djavax.net.ssl.keyStore=/path/to/keystore -Djavax.net.ssl.keyStorePassword=<keystore-password> -Djavax.net.ssl.trustStore=/path/to/truststore -Djavax.net.ssl.trustStorePassword=<truststore-password> -Djavax.rmi.ssl.client.enabledCipherSuites=<enabled-cipher-suites> -Djavax.rmi.ssl.client.enabledProtocols=<enabled-protocols>
{noformat}

> Allow JMX over SSL directly from nodetool
> -----------------------------------------
>
>                 Key: CASSANDRA-9090
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9090
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Tools
>            Reporter: Philip Thompson
>             Fix For: 3.x, 2.1.x, 2.0.x
>
>         Attachments: cassandra-2.1-9090.patch
>
>
> Currently cqlsh allows users to connect via SSL to their cassandra cluster via command line. 
> Nodetool only offers username/password authentication [1], and if users want to use SSL, they need to use jconsole [2]. We should support nodetool connecting via SSL in the same way cqlsh does.
> [1] http://wiki.apache.org/cassandra/JmxSecurity
> [2] https://www.lullabot.com/blog/article/monitor-java-jmx
> [3] http://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)