You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Marcus Olsson (JIRA)" <ji...@apache.org> on 2015/06/24 14:31:05 UTC

[jira] [Updated] (CASSANDRA-9090) Allow JMX over SSL directly from nodetool

     [ https://issues.apache.org/jira/browse/CASSANDRA-9090?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marcus Olsson updated CASSANDRA-9090:
-------------------------------------
    Attachment: cassandra-2.1-9090.patch

This patch makes it possible to use SSL with nodetool by running it with:
{noformat}
nodetool --ssl
{noformat}

Then either using a configuration file in ~/.cassandra/ called nodetool.properties
{code:title=nodetool.properties}
# Path to keystore
keyStore=/path/to/keystore
# Keystore password
keyStorePassword=<keystore-password>
# Path to truststore
trustStore=/path/to/truststore
# Truststore password
trustStorePassword=<truststore-password>
# Enabled cipher suites
cipherSuites=<enabled-cipher-suites>
# Enabled protocols
enabledProtocols=<enabled-protocols>
{code}
or by running it with the flags:
{noformat}
nodetool --ssl -Djavax.net.ssl.keyStore=/path/to/keystore -Djavax.net.ssl.keyStorePassword=<keystore-password> -Djavax.net.ssl.trustStore=/path/to/truststore -Djavax.net.ssl.trustStorePassword=<truststore-password> -Djavax.rmi.ssl.client.enabledCipherSuites=<enabled-cipher-suites> -Djavax.rmi.ssl.client.enabledProtocols=<enabled-protocols>
{noformat}

> Allow JMX over SSL directly from nodetool
> -----------------------------------------
>
>                 Key: CASSANDRA-9090
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9090
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Tools
>            Reporter: Philip Thompson
>             Fix For: 3.x, 2.1.x, 2.0.x
>
>         Attachments: cassandra-2.1-9090.patch
>
>
> Currently cqlsh allows users to connect via SSL to their cassandra cluster via command line. 
> Nodetool only offers username/password authentication [1], and if users want to use SSL, they need to use jconsole [2]. We should support nodetool connecting via SSL in the same way cqlsh does.
> [1] http://wiki.apache.org/cassandra/JmxSecurity
> [2] https://www.lullabot.com/blog/article/monitor-java-jmx
> [3] http://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)