Differential D8472

cassandra: Allow to configure the jmx for remote or local only access
ClosedPublic
Actions

Authored by vsellier on Sep 14 2022, 10:51 AM.

Details

Reviewers

ardumont

Group Reviewers

System administrators

Maniphest Tasks

T4458: Test reaper to automate the cassandra repair actions

Commits

rSPSITEde429d5dfd80: cassandra: Allow to configure the jmx for remote or local only access

Summary

If remote access is activated, the user authentication is configured
and activated

Related to T4458

Test Plan

diff origin/production/cassandra01.internal.softwareheritage.org current/cassandra01.internal.softwareheritage.org
*******************************************
+ File[/etc/cassandra/jmxremote.access] =>
   parameters =>
     "content": "monitorRole   readonly\ncontrolRole   readwrite \\\n            ...
     "ensure": "present",
     "group": "cassandra",
     "mode": "0540",
     "owner": "root"
*******************************************
+ File[/etc/cassandra/jmxremote.password] =>
   parameters =>
     "content": "cassandra   \n",
     "ensure": "present",
     "group": "cassandra",
     "mode": "0540",
     "owner": "root"
*******************************************
  File[/etc/systemd/system/cassandra@instance1.service.d/parameters.conf] =>
   parameters =>
     content =>
      @@ -6,7 +6,8 @@
      _
       [Service]
      -Environment=JVM_EXTRA_OPTS="-javaagent:/opt/prometheus-jmx-exporter/jmx_prometheus_javaagent-0.11.0.jar=7070:/etc/cassandra/jmx_exporter.yml -Dcassandra.jmx.local.port=7199 -Dcom.sun.management.jmxremote.authenticate=false"
      +Environment=JVM_EXTRA_OPTS="-javaagent:/opt/prometheus-jmx-exporter/jmx_prometheus_javaagent-0.11.0.jar=7070:/etc/cassandra/jmx_exporter.yml -Dcassandra.jmx.remote.port=7199 -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access"
       Environment=CASSANDRA_CONF=/etc/cassandra/instance1
       Environment=CASSANDRA_LOG_DIR=/var/log/cassandra/instance1
      +Environment=LOCAL_JMX=no
      _
       [Install]
*******************************************
  Profile::Cassandra::Instance[instance1] =>
   parameters =>
     config =>
       jmx_password =>
        - undef
        + ""
       jmx_remote =>
        + true
       jmx_user =>
        + cassandra
*******************************************
  Systemd::Dropin_file[cassandra@instance1.service.d/parameters.conf] =>
   parameters =>
     content =>
      @@ -6,7 +6,8 @@
      _
       [Service]
      -Environment=JVM_EXTRA_OPTS="-javaagent:/opt/prometheus-jmx-exporter/jmx_prometheus_javaagent-0.11.0.jar=7070:/etc/cassandra/jmx_exporter.yml -Dcassandra.jmx.local.port=7199 -Dcom.sun.management.jmxremote.authenticate=false"
      +Environment=JVM_EXTRA_OPTS="-javaagent:/opt/prometheus-jmx-exporter/jmx_prometheus_javaagent-0.11.0.jar=7070:/etc/cassandra/jmx_exporter.yml -Dcassandra.jmx.remote.port=7199 -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access"
       Environment=CASSANDRA_CONF=/etc/cassandra/instance1
       Environment=CASSANDRA_LOG_DIR=/var/log/cassandra/instance1
      +Environment=LOCAL_JMX=no
      _
       [Install]
*******************************************
*** End octocatalog-diff on cassandra01.internal.softwareheritage.org