You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kafka.apache.org by ma...@apache.org on 2019/04/10 07:09:33 UTC

[kafka] branch trunk updated: MINOR: Add security considerations for remote JMX in Kafka docs (#6544)

This is an automated email from the ASF dual-hosted git repository.

manikumar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 950cfe3  MINOR: Add security considerations for remote JMX in Kafka docs (#6544)
950cfe3 is described below

commit 950cfe3e703f1726d6447e17480d1c8c04c46796
Author: Rajini Sivaram <ra...@googlemail.com>
AuthorDate: Wed Apr 10 08:09:11 2019 +0100

    MINOR: Add security considerations for remote JMX in Kafka docs (#6544)
    
    Reviewers: Manikumar Reddy <ma...@gmail.com>
---
 docs/ops.html | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/ops.html b/docs/ops.html
index e14231c..600b500 100644
--- a/docs/ops.html
+++ b/docs/ops.html
@@ -786,6 +786,16 @@
   <code>records-consumed-rate</code> has a corresponding metric named <code>records-consumed-total</code>.
   <p>
   The easiest way to see the available metrics is to fire up jconsole and point it at a running kafka client or server; this will allow browsing all metrics with JMX.
+
+  <h4><a id="remote_jmx" href="#remote_jmx">Security Considerations for Remote Monitoring using JMX</a></h4>
+  Apache Kafka disables remote JMX by default. You can enable remote monitoring using JMX by setting the environment variable
+  <code>JMX_PORT</code> for processes started using the CLI or standard Java system properties to enable remote JMX programmatically.
+  You must enable security when enabling remote JMX in production scenarios to ensure that unauthorized users cannot monitor or
+  control your broker or application as well as the platform on which these are running. Note that authentication is disabled for
+  JMX by default in Kafka and security configs must be overridden for production deployments by setting the environment variable
+  <code>KAFKA_JMX_OPTS</code> for processes started using the CLI or by setting appropriate Java system properties. See
+  <a href=https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html">Monitoring and Management Using JMX Technology</a>
+  for details on securing JMX.
   <p>
   We do graphing and alerting on the following metrics:
   <table class="data-table">