Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.8.1
-
None
-
Removed default insecure JMX configuration from scripts. Now JMX can be enabled through JVM_OPTS variable.
-
Docs Required, Release Notes Required
Description
At the moment we have the following code:
functions.sh
JMX_PORT=`"$JAVA" -cp "${IGNITE_LIBS}" org.apache.ignite.internal.util.portscanner.GridJmxPortFinder` # # This variable defines necessary parameters for JMX # monitoring and management. # # This enables remote unsecure access to JConsole or VisualVM. # # ADD YOUR ADDITIONAL PARAMETERS/OPTIONS HERE # if [ -n "$JMX_PORT" ]; then JMX_MON="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} \ -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" else # If JMX port wasn't found do not initialize JMX. echo "$0, WARN: Failed to resolve JMX host (JMX will be disabled): $HOSTNAME" JMX_MON="" fi
So the properties -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false will be set always and there is no way to change them.
I propose removal of JMX configuration (in scripts) altogether as it's very insecure and users must configure JMX themselves
Attachments
Issue Links
- causes
-
IGNITE-13606 Documentation update on JMX default configuration removal
-
- Resolved
-
- links to
