hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke Lu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9160) Adopt Jolokia as the JMX HTTP/JSON bridge.
Date Tue, 30 Jul 2013 19:05:48 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13724269#comment-13724269
] 

Luke Lu commented on HADOOP-9160:
---------------------------------

bq. If you're running a third party JVM agent, by all means let it expose whatever APIs it
would like--it's got everything it needs to bind to addresses and listen for 'em. 

It's not me or us whose running 3rd party agents that I/we don't have any control. It's the
customers/users who chose/bought these software. These third-party agents usually have JMX,
some has REST API, but they cannot use Hadoop auth directly without code changes, which is
out of the question as they're not Hadoop specific. Jolokia can extend Hadoop auth to these
agents without code changes.

bq. I have no particular objections to alternative access endpoints (e.g., NFS proxies).

OK.

bq. I do have objections to alternatives for write access.

This seems to be directly contradict your previous statement.

bq. I completely agree with Allen W: we've got to have a way to turn it off.

As I mentioned in a [previous comment|#comment-13707692], JMX/Jolokia write access will be
off by default to avoid any surprises, which should be few, as people who care about security
has site wide HTTP hadoop auth configured in core-site.xml. BTW, Jolokia has as per attribute/method
ACLs as well.

We're talking about a small and low risk patch to properly expose the builtin java management
facility here. The code to expose JMX/Jolokia access to a subset of admin functions is trivial
compared with that using custom Hadoop RPC and/or web services. 
                
> Adopt Jolokia as the JMX HTTP/JSON bridge.
> ------------------------------------------
>
>                 Key: HADOOP-9160
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9160
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Luke Lu
>            Assignee: Junping Du
>              Labels: features
>         Attachments: hadoop-9160-demo-branch-1.txt, HADOOP-9160.patch
>
>
> The current JMX HTTP bridge has served its purpose, while a more complete solution: Jolokia
(formerly Jmx4Perl) has been developed/matured over the years.
> Jolokia provides comprehensive JMX features over HTTP/JSON including search and list
of JMX attributes and operations metadata, which helps to support inter framework/platform
compatibility. It has first class language bindings for Perl, Python, Javascript, Java.
> It's trivial (see demo patch) to incorporate Jolokia servlet into Hadoop HTTP servers
and use the same security mechanisms.
> Adopting Jolokia will substantially improve the manageability of Hadoop and its ecosystem.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message