Controlling Access to JMX Metrics
Environment variables and configure.sh
options introduced in release
6.2.0 let you control how metrics are collected and who can access the metrics from JMX-enabled
services.
JMX is a technology for monitoring system services. In the HPE Ezmeral Data Fabric, you can use environment variables or
configure.sh
options to enable or disable access to JMX metrics. The
JMX-enabled services are:- CLDB
- Drill
- Hive
- NodeManager
- Oozie
- ResourceManager
- Spark
Understanding the MAPR_JMX Variables
The following table describes the environment variables. For release 6.2.0, JMX is enabled
by default, and local binding is enabled by default:
*For internal use only. Manually changing the the value of this environment variable
is not recommended.
Environment Variable | Default Value | Description | |
---|---|---|---|
Secure Cluster | Non-Secure Cluster | ||
MAPR_JMXAUTH * |
true |
false |
Enables or disables authentication for JMX metrics for a node. JMXAUTH is
only used in conjunction with MAPR_JMXLOCALHOST or MAPR_JMXREMOTEHOST. JMXAUTH is
ignored if MAPR_JMXRLOCALBINDING is set to true . |
MAPR_JMXDISABLE * |
false |
false |
If set to true , disables JMX for the entire node. In this
scenario, Collectd does not receive JMX metrics. |
MAPR_JMXLOCALBINDING * |
true |
true |
If set to true, disables TCP/IP listening on the the local JMX port. There is no TCP/IP listener at all after you turn on local binding. In this scenario, you can only get JMX metrics from the node itself by configuring a process that attaches to the Java process, such as a debugger tool. You can connect only to processes that you own. |
MAPR_JMXLOCALHOST |
false |
false |
Enables the JMX server in the Java processes to listen on the local host and on the JMX port number. The local host is a TCP/IP listener that listens on the local host only. It does not let you connect remotely. |
MAPR_JMXREMOTEHOST |
false |
false |
Enables the JMX server to listen on the JMX port and allows users from
outside the cluster to connect to that port. You can turn on REMOTEHOST if you
want to have a cluster with both LOCALBINDING and REMOTEHOST. Turning on
REMOTEHOST allows you to use JConsole, Virtual VM, or any of these other tools to
log in and look at what the Java processes is doing. If MAPR_JMXREMOTEHOST is set
to true , the system always uses SSL and authentication. |
MAPR_JMXSSL * |
false |
false |
Enables or disables SSL for JMX metrics for a node. This variable is ignored
if MAPR_JMXREMOTEHOST is set to true . |
Changing the MAPR_JMX Environment Variables
Suppose you want to change the value of
MAPR_JMXREMOTEHOST
to
true
. Doing so allows you to use a tool, such as JConsole, to log in
remotely and monitor the Java processes. To change the MAPR_JMXREMOTEHOST
setting:- Export the new value of
MAPR_JMXREMOTEHOST
in/opt/mapr/conf/env_override.sh
:export MAPR_JMXREMOTEHOST=true
- Run
/opt/mapr/server/configure.sh -R
, and restart all services. For example:- Stop Warden by using the
systemctl stop mapr-warden
command. - Stop ZooKeeper by using the
systemctl stop mapr-zookeeper
command. - Restart ZooKeeper by using the
systemctl start mapr-zookeeper
command. - Restart Warden by using the
systemctl start mapr-warden
command.
- Stop Warden by using the
Using the JMX Options for configure.sh
The following
configure.sh
options are supported for managing JMX on
individual nodes:Option | Description |
---|---|
-JMXEnable |
Enables JMX support for every service on the node where JMX is configured to be enabled. JMX is enabled by default. |
-JMXDisable |
Globally disables JMX support for all JMX-enabled services on the node. |
-JMXLocalBindingEnable |
Enables local binding for JMX connections. Local binding is enabled by default. |
-JMXLocalBindingDisable |
Disables local binding for JMX connections. |
-JMXLocalHostEnable |
Enables the local-host TCP port for JMX. This setting is mutually exclusive
with JMXRemoteHostEnable . |
-JMXLocalHostDisable |
Disables the local-host TCP port for JMX. |
-JMXRemoteHostEnable |
Enables the remote TCP port for JMX. This setting is mutually exclusive with
JMXLocalHostEnable . |
-JMXRemoteHostDisable |
Disables the remote TCP port for JMX. |
To use
-JMX
options, run configure.sh -R
with the
-JMX
option on the desired node. For
example:/opt/mapr/server/configure.sh -R -JMXRemoteHostEnable