Cassandra's nodetool tool uses jdk's jmx to communicate with cassandra nodes.
nodetool is an important management tool for clusters.
In the cassandra 2.0 version, nodetool allows remote access by default, which does not require a password.
In the cassandra 2.1 version, nodetool only allows local access by default, which is very inconvenient.
If the remote access function is turned on, it is not safe to prevent others from operating indiscriminately. A good way is to add access control.
Step 1: Open the remote access
and edit the conf/cassandra-env.sh file.
Found:
LOCAL_JMX=yes The default value listens to localhost and only allows local access.
Change to
LOCAL_JMX=no to indicate remote access.
Step 2: Specify
the same file as the password file and find the following configuration items:
JVM_OPTS=”$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true”
JVM_OPTS=”$JVM_OPTS -Dcom.sun.management.jmxremote.password.file =/home/cassandra/jmxremote.password"
Step 3: Create a password file
vi /home/cassandra/jmxremote.password
Enter
myusername mypassword
Note: Modifying file permissions can only be accessed by this user:
chmod go-rwx /home/cassandra/jmxremote.password
Otherwise, an error will be reported at startup
Error: Password file read access must be restricted: /home/cassandra/jmxremote.password
Step 4: Configure the access file
access permissions control permissions, the default use of jdk directory:
$JAVA_HOME/jre/lib/management/jmxremote.access
Write to myusername with read and write permissions
myusername readwrite
This file can also be specified with the -Dcom.sun.management.jmxremote.access.file option.
After restarting cassandra, you need to use nodetool like this:
bin/nodetool -u myusername -pw mypassword status