Configuring RMI JMX with Basic Authentication
To collect Java Management Extensions (JMX) data through a Remote Method Invocation (RMI) port that's secured with Basic Authentication, follow these steps:
- Create the Override Configuration File (if it doesn't exist): Navigate to your cluster's directory and create an override.yml file if one isn't already present:
touch $AcceloHome/work/<clusterName>/override.yml- Configure the
override.ymlFile:- Open the
override.ymlfile using a text editor:
- Open the
vi $AcceloHome/work/<clusterName>/override.ymlb. Insert the following configurations for the respective services, if they're not already included:
- For Hive Metastore:
jmx: hive_metastore_auth: "true" hive_metastore_username: "<HIVE METASTORE USERNAME>" hive_metastore_password: "<HIVE METASTORE PASSWORD>" hive_metastore_port: "<HIVE METASTORE JMX PORT>"- For Hive Server:
jmx: hive_server_auth: "true" hive_server_username: "<HIVE SERVER USERNAME>" hive_server_password: "<HIVE SERVER PASSWORD>" hive_server_port: "<HIVE SERVER JMX PORT>"- For Kafka:
jmx: kafka_broker_auth: "true" kafka_broker_username: "<KAFKA BROKER USERNAME>"" kafka_broker_password: "<KAFKA BROKER PASSWORD>"" kafka_broker_port: "<KAFKA BROKER JMX PORT>"- For Zeppelin:
jmx: zeppelin_master_auth: "true" zeppelin_master_username: "<ZEPPELIN MASTER USERNAME>"" zeppelin_master_password: "<ZEPPELIN MASTER PASSWORD>" zeppelin_master_port: "<ZEPPELIN MASTER JMX PORT>"- For Zookeeper:
jmx: zookeeper_server_auth: "true" zookeeper_server_username: "<ZOOKEEPER SERVER USERNAME>"" zookeeper_server_password: "<ZOOKEEPER SERVER PASSWORD>"" zookeeper_server_port: "<ZOOKEEPER SERVER PORT>"- For Kafka Mirror Maker:
jmx: kafka_mirror_maker_port: "<KAFKA MIRROR MAKER PORT>" kafka_mirror_maker_auth: "true" kafka_mirror_maker_username: "<KAFKA MIRROR MAKER USERNAME>" kafka_mirror_maker_password: "<KAFKA MIRROR MAKER PASSWORD>"c. Save your changes to the override.yml file.
d. Apply the new configuration by running the following command:
accelo reconfig clusterConfiguring SSL for JMX RMI Port
To gather JMX data through an Secure Sockets Layer (SSL)-enabled RMI port, ensure the following procedure is adhered to, keeping in mind that all SSL certificates (truststores) must be identical across services with exposed JMX RMI ports.
- Create the Override Configuration File: If the
override.ymlfile doesn't exist within your cluster's workspace, create it:
touch $AcceloHome/work/<clusterName>/override.yml- Configure the
override.ymlFile:
a. Open the override.yml file for editing:
vi $AcceloHome/work/<clusterName>/override.ymlb. Add the necessary SSL configuration for each specific service if not already present. Begin with the common configuration applicable to all services:
- Common Configuration for All Services:
jmx: pulsejmx_use_ssl: true pulsejmx_ssl_truststore: </PATH/TO/SERVICE/TRUSTORE/FILE> pulsejmx_ssl_truststore_password: <SERVICE TRUSTSTORE PASSWORD>- For Hive Metastore:
jmx: hive_metastore_ssl: "true"- For Hive Server:
jmx: hive_server_ssl: "true"- For Zeppelin:
jmx: zeppelin_master_ssl: "true"- For Zookeeper:
jmx: zookeeper_server_ssl: "true"- For Kafka Mirror Maker:
jmx: kafka_mirror_master_ssl: "true"c. Save the changes to the override.yml file.
d. Apply the new SSL configurations by running:
accelo reconfig cluster