You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ma...@apache.org on 2019/04/10 07:09:33 UTC
[kafka] branch trunk updated: MINOR: Add security considerations
for remote JMX in Kafka docs (#6544)
This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new 950cfe3 MINOR: Add security considerations for remote JMX in Kafka docs (#6544)
950cfe3 is described below
commit 950cfe3e703f1726d6447e17480d1c8c04c46796
Author: Rajini Sivaram <ra...@googlemail.com>
AuthorDate: Wed Apr 10 08:09:11 2019 +0100
MINOR: Add security considerations for remote JMX in Kafka docs (#6544)
Reviewers: Manikumar Reddy <ma...@gmail.com>
---
docs/ops.html | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/docs/ops.html b/docs/ops.html
index e14231c..600b500 100644
--- a/docs/ops.html
+++ b/docs/ops.html
@@ -786,6 +786,16 @@
<code>records-consumed-rate</code> has a corresponding metric named <code>records-consumed-total</code>.
<p>
The easiest way to see the available metrics is to fire up jconsole and point it at a running kafka client or server; this will allow browsing all metrics with JMX.
+
+ <h4><a id="remote_jmx" href="#remote_jmx">Security Considerations for Remote Monitoring using JMX</a></h4>
+ Apache Kafka disables remote JMX by default. You can enable remote monitoring using JMX by setting the environment variable
+ <code>JMX_PORT</code> for processes started using the CLI or standard Java system properties to enable remote JMX programmatically.
+ You must enable security when enabling remote JMX in production scenarios to ensure that unauthorized users cannot monitor or
+ control your broker or application as well as the platform on which these are running. Note that authentication is disabled for
+ JMX by default in Kafka and security configs must be overridden for production deployments by setting the environment variable
+ <code>KAFKA_JMX_OPTS</code> for processes started using the CLI or by setting appropriate Java system properties. See
+ <a href=https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html">Monitoring and Management Using JMX Technology</a>
+ for details on securing JMX.
<p>
We do graphing and alerting on the following metrics:
<table class="data-table">