The nodetool utility is a command line tool that is used to manage a Cassandra cluster. It is installed along with Cassandra. It uses a Java technology call Java Management Extensions or JMX for short. Securing nodetool means securing JMX. By default, nodetool only works with the localhost and is not secured.
Make the changes to the authenticator, role_manager, and authorizer options as shown in Authentication and Authorization.
if [ "x$LOCAL_JMX" = "x" ]; then LOCAL_JMX=yes fi
if [ "x$LOCAL_JMX" = "x" ]; then LOCAL_JMX=no fi
Do the remaining steps only if you want nodetool to have a password
- Add the following lines to
JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true" JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password" JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.access"
- Create two files
jmxremote.passwordin the same location as the
cassandra configurationfiles. Copy the following lines into each. You should use the passwords you have created for cassandra and the dba user.
- jmxremote.access file
monitorRole readonly dba readwrite cassandra readwrite controlRole readwrite \ create javax.management.monitor.*,javax.management.timer.* \ unregister
- jmxremote.password file
monitorRole QED controlRole R&D cassandra cassandra dba super
Updated almost 2 years ago