You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by hx...@apache.org on 2020/04/11 08:44:13 UTC

[incubator-iotdb] 01/01: add default jmx user and password; fix issues that jmx can not be accessed remotely

This is an automated email from the ASF dual-hosted git repository.

hxd pushed a commit to branch jmx
in repository https://gitbox.apache.org/repos/asf/incubator-iotdb.git

commit 57157995700fe3683fbb1b506c565248cf2ee63f
Author: xiangdong huang <sa...@gmail.com>
AuthorDate: Sat Apr 11 16:43:53 2020 +0800

    add default jmx user and password; fix issues that jmx can not be accessed remotely
---
 docs/UserGuide/3-Server/4-Config Manual.md         | 47 +++++++++++++-------
 server/src/assembly/resources/conf/iotdb-env.sh    | 30 ++++++++++---
 server/src/assembly/resources/conf/jmx.access      |  3 ++
 server/src/assembly/resources/conf/jmx.password    |  3 ++
 .../org/apache/iotdb/db/conf/IoTDBConstant.java    | 10 ++---
 .../org/apache/iotdb/db/service/JMXService.java    | 50 ++--------------------
 .../org/apache/iotdb/db/service/StartupChecks.java |  9 +---
 .../apache/iotdb/db/utils/EnvironmentUtils.java    |  1 -
 8 files changed, 69 insertions(+), 84 deletions(-)

diff --git a/docs/UserGuide/3-Server/4-Config Manual.md b/docs/UserGuide/3-Server/4-Config Manual.md
index dc14a60..c161e00 100644
--- a/docs/UserGuide/3-Server/4-Config Manual.md	
+++ b/docs/UserGuide/3-Server/4-Config Manual.md	
@@ -47,13 +47,31 @@ The environment configuration file is mainly used to configure the Java environm
 
 The detail of each variables are as follows:
 
-* LOCAL\_JMX
+* MAX\_HEAP\_SIZE
+
+|Name|MAX\_HEAP\_SIZE|
+|:---:|:---|
+|Description|The maximum heap memory size that IoTDB can use at startup.|
+|Type|String|
+|Default| On Linux or MacOS, the default is one quarter of the memory. On Windows, the default value for 32-bit systems is 512M, and the default for 64-bit systems is 2G.|
+|Effective|After restart system|
 
-|Name|LOCAL\_JMX|
+* HEAP\_NEWSIZE
+
+|Name|HEAP\_NEWSIZE|
+|:---:|:---|
+|Description|The minimum heap memory size that IoTDB can use at startup.|
+|Type|String|
+|Default| On Linux or MacOS, the default is min{cores * 100M, one quarter of MAX\_HEAP\_SIZE}. On Windows, the default value for 32-bit systems is 512M, and the default for 64-bit systems is 2G.|
+|Effective|After restart system|
+
+* JMX\_LOCAL
+
+|Name|JMX\_LOCAL|
 |:---:|:---|
 |Description|JMX monitoring mode, configured as yes to allow only local monitoring, no to allow remote monitoring|
-|Type|Enum String: "yes", "no"|
-|Default|yes|
+|Type|Enum String: "true", "true"|
+|Default|true|
 |Effective|After restart system|
 
 
@@ -66,23 +84,22 @@ The detail of each variables are as follows:
 |Default|31999|
 |Effective|After restart system|
 
-* MAX\_HEAP\_SIZE
+* JMX\_IP
 
-|Name|MAX\_HEAP\_SIZE|
+|Name|JMX\_IP|
 |:---:|:---|
-|Description|The maximum heap memory size that IoTDB can use at startup.|
+|Description|JMX listening address. Only take effect if JMX\_LOCAL=false. 0.0.0.0 is never allowed|
 |Type|String|
-|Default| On Linux or MacOS, the default is one quarter of the memory. On Windows, the default value for 32-bit systems is 512M, and the default for 64-bit systems is 2G.|
+|Default|127.0.0.1|
 |Effective|After restart system|
 
-* HEAP\_NEWSIZE
+## JMX Authorization
 
-|Name|HEAP\_NEWSIZE|
-|:---:|:---|
-|Description|The minimum heap memory size that IoTDB can use at startup.|
-|Type|String|
-|Default| On Linux or MacOS, the default is min{cores * 100M, one quarter of MAX\_HEAP\_SIZE}. On Windows, the default value for 32-bit systems is 512M, and the default for 64-bit systems is 2G.|
-|Effective|After restart system|
+We **STRONGLY RECOMMENDED** you CHANGE the PASSWORD for the JMX remote connection.
+
+The user and passwords are in ${IOTDB\_CONF}/conf/jmx.password.
+
+The permission definitions are in ${IOTDB\_CONF}/conf/jmx.access.
 
 ## IoTDB System Configuration File
 
diff --git a/server/src/assembly/resources/conf/iotdb-env.sh b/server/src/assembly/resources/conf/iotdb-env.sh
index 6132542..e5fcb3c 100755
--- a/server/src/assembly/resources/conf/iotdb-env.sh
+++ b/server/src/assembly/resources/conf/iotdb-env.sh
@@ -164,16 +164,32 @@ calculate_heap_sizes
 # Minimum heap size
 #HEAP_NEWSIZE="2G"
 
-JMX_LOCAL=no
+#true or false
+#DO NOT FORGET TO MODIFY THE PASSWORD FOR SECURITY (${IOTDB_CONF}/jmx.password and ${IOTDB_CONF}/jmx.access)
+JMX_LOCAL="true"
 
 JMX_PORT="31999"
-
-if [ "JMX_LOCAL" = "yes" ]; then
-	IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Diotdb.jmx.local.port=$JMX_PORT"
-	IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=false"
+#only take effect when the jmx_local=false
+#You need to change this IP as a public IP if you want to remotely connect IoTDB by JMX.
+# 0.0.0.0 is not allowed
+JMX_IP="127.0.0.1"
+
+if [ ${JMX_LOCAL} = "false" ]; then
+  echo "setting remote JMX..."
+  #you may have no permission to run chmod. If so, contact your system administrator.
+  chmod 600 ${IOTDB_CONF}/jmx.password
+  chmod 600 ${IOTDB_CONF}/jmx.access
+	IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote"
+	IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT"
+	IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Djava.rmi.server.randomIDs=true"
+	IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote.authenticate=true"
+  IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote.ssl=false"
+  IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote.authenticate=true"
+  IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote.password.file=${IOTDB_CONF}/jmx.password"
+  IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote.access.file=${IOTDB_CONF}/jmx.access"
+  IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Djava.rmi.server.hostname=$JMX_IP"
 else
-	IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=true  -Dcom.sun.management.jmxremote.ssl=false"
-	IOTDB_JMX_OPTS="$IOTDB_JMX_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT "
+  echo "setting local JMX..."
 fi
 
 
diff --git a/server/src/assembly/resources/conf/jmx.access b/server/src/assembly/resources/conf/jmx.access
new file mode 100644
index 0000000..e826645
--- /dev/null
+++ b/server/src/assembly/resources/conf/jmx.access
@@ -0,0 +1,3 @@
+# see https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdeup
+iotdb readonly
+root readwrite
diff --git a/server/src/assembly/resources/conf/jmx.password b/server/src/assembly/resources/conf/jmx.password
new file mode 100644
index 0000000..261a065
--- /dev/null
+++ b/server/src/assembly/resources/conf/jmx.password
@@ -0,0 +1,3 @@
+# see https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdeup
+iotdb passw!d
+root  passw!d
\ No newline at end of file
diff --git a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
index 0088ddf..4b79b87 100644
--- a/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
+++ b/server/src/main/java/org/apache/iotdb/db/conf/IoTDBConstant.java
@@ -27,13 +27,9 @@ public class IoTDBConstant {
   public static final String IOTDB_CONF = "IOTDB_CONF";
   public static final String GLOBAL_DB_NAME = "IoTDB";
   public static final String VERSION = "0.10.0-SNAPSHOT";
-  public static final String REMOTE_JMX_PORT_NAME = "com.sun.management.jmxremote.port";
-  public static final String IOTDB_LOCAL_JMX_PORT_NAME = "iotdb.jmx.local.port";
-  public static final String IOTDB_REMOTE_JMX_PORT_NAME = "iotdb.jmx.remote.port";
-  public static final String SERVER_RMI_ID = "java.rmi.server.randomIDs";
-  public static final String RMI_SERVER_HOST_NAME = "java.rmi.server.hostname";
-  public static final String JMX_REMOTE_RMI_PORT = "com.sun.management.jmxremote.rmi.port";
-  public static final String JMX_REMOTE_AUTHENTICATE = "com.sun.management.jmxremote.authenticate";
+
+  public static final String IOTDB_JMX_PORT = "iotdb.jmx.port";
+
   public static final String IOTDB_PACKAGE = "org.apache.iotdb.service";
   public static final String JMX_TYPE = "type";
 
diff --git a/server/src/main/java/org/apache/iotdb/db/service/JMXService.java b/server/src/main/java/org/apache/iotdb/db/service/JMXService.java
index 99a7ee6..d667e30 100644
--- a/server/src/main/java/org/apache/iotdb/db/service/JMXService.java
+++ b/server/src/main/java/org/apache/iotdb/db/service/JMXService.java
@@ -87,23 +87,6 @@ public class JMXService implements IService {
     }
   }
 
-  private JMXConnectorServer createJMXServer(boolean local) throws IOException {
-    Map<String, Object> env = new HashMap<>();
-    if (Boolean.getBoolean(System.getProperty(IoTDBConstant.JMX_REMOTE_AUTHENTICATE))) {
-      IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig();
-      env.put(JMXConnector.CREDENTIALS, new String[]{config.getJmxUser(), config.getJmxPassword()});
-    }
-
-    InetAddress serverAddress;
-    if (local) {
-      serverAddress = InetAddress.getLoopbackAddress();
-      System.setProperty(IoTDBConstant.RMI_SERVER_HOST_NAME, serverAddress.getHostAddress());
-    }
-    int rmiPort = Integer.getInteger(IoTDBConstant.JMX_REMOTE_RMI_PORT, 0);
-
-    return JMXConnectorServerFactory.newJMXConnectorServer(
-        new JMXServiceURL("rmi", null, rmiPort), env, ManagementFactory.getPlatformMBeanServer());
-  }
 
   @Override
   public ServiceType getID() {
@@ -112,43 +95,16 @@ public class JMXService implements IService {
 
   @Override
   public void start() throws StartupException {
-    System.setProperty(IoTDBConstant.SERVER_RMI_ID, "true");
-    boolean localOnly = false;
-    String jmxPort = System.getProperty(IoTDBConstant.IOTDB_REMOTE_JMX_PORT_NAME);
-
+    String jmxPort = System.getProperty(IoTDBConstant.IOTDB_JMX_PORT);
     if (jmxPort == null) {
-      localOnly = true;
-      jmxPort = System.getProperty(IoTDBConstant.IOTDB_LOCAL_JMX_PORT_NAME, "31999");
-    }
-
-    if (jmxPort == null) {
-      logger.warn("Failed to start {} because JMX port is undefined", this.getID().getName());
+      logger.warn("JMX port is undefined", this.getID().getName());
       return;
     }
-    try {
-      jmxConnectorServer = createJMXServer(localOnly);
-      if (jmxConnectorServer == null) {
-        return;
-      }
-      jmxConnectorServer.start();
-      logger
-          .info("{}: start {} successfully.", IoTDBConstant.GLOBAL_DB_NAME, this.getID().getName());
-    } catch (IOException e) {
-      throw new StartupException(this.getID().getName(), e.getMessage());
-    }
   }
 
   @Override
   public void stop() {
-    if (jmxConnectorServer != null) {
-      try {
-        jmxConnectorServer.stop();
-        logger.info("{}: close {} successfully", IoTDBConstant.GLOBAL_DB_NAME,
-            this.getID().getName());
-      } catch (IOException e) {
-        logger.error("Failed to stop {} because of: ", this.getID().getName(), e);
-      }
-    }
+
   }
 
   private static class JMXServerHolder {
diff --git a/server/src/main/java/org/apache/iotdb/db/service/StartupChecks.java b/server/src/main/java/org/apache/iotdb/db/service/StartupChecks.java
index 15e73b2..dfa07b9 100644
--- a/server/src/main/java/org/apache/iotdb/db/service/StartupChecks.java
+++ b/server/src/main/java/org/apache/iotdb/db/service/StartupChecks.java
@@ -30,17 +30,12 @@ public class StartupChecks {
 
   private static final Logger logger = LoggerFactory.getLogger(StartupChecks.class);
   public static final StartupCheck checkJMXPort = () -> {
-    String jmxPort = System.getProperty(IoTDBConstant.REMOTE_JMX_PORT_NAME);
+    String jmxPort = System.getProperty(IoTDBConstant.IOTDB_JMX_PORT);
     if (jmxPort == null) {
-      logger.warn("JMX is not enabled to receive remote connection. "
-              + "Please check conf/{}.sh(Unix or OS X, if you use Windows, "
-              + "check conf/{}.bat) for more info",
-          IoTDBConstant.ENV_FILE_NAME, IoTDBConstant.ENV_FILE_NAME);
-      jmxPort = System.getProperty(IoTDBConstant.IOTDB_LOCAL_JMX_PORT_NAME, "31999");
       if (jmxPort == null) {
         logger.warn("{} missing from {}.sh(Unix or OS X, if you use Windows,"
                 + " check conf/{}.bat)",
-            IoTDBConstant.IOTDB_LOCAL_JMX_PORT_NAME, IoTDBConstant.ENV_FILE_NAME,
+            IoTDBConstant.IOTDB_JMX_PORT, IoTDBConstant.ENV_FILE_NAME,
             IoTDBConstant.ENV_FILE_NAME);
       }
     } else {
diff --git a/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java b/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java
index 37162b6..94b5e73 100644
--- a/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java
+++ b/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java
@@ -187,7 +187,6 @@ public class EnvironmentUtils {
    */
   public static void envSetUp() {
     logger.warn("EnvironmentUtil setup...");
-    System.setProperty(IoTDBConstant.REMOTE_JMX_PORT_NAME, "31999");
     IoTDBDescriptor.getInstance().getConfig().setThriftServerAwaitTimeForStopService(0);
     //we do not start 8181 port in test.
     IoTDBDescriptor.getInstance().getConfig().setEnableMetricService(false);