This page describes configuring JMX for Ranger KMS in ODP so Pulse can collect metrics.
Steps to Configure JMX
- In the Ambari UI, navigate to Ranger KMS > Configs > Advanced.
- In the Advanced tab, navigate to
Advanced kms-env>kms-env-template. - In
kms-env-template, choose and apply one of the following JMX configurations based on your security needs.
Enable JMX without Security on JMX Remote Port
To enable JMX port without any security, add the following parameters at the end of the file:
export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.port=<Ranger KMS JMX Port>"Enable Basic Authentication on JMX Remote Port (Optional)
To enable basic authentication on the JMX remote port, add the following parameters:
export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.access.file=</path/to/jmxremote.access/file> -Dcom.sun.management.jmxremote.password.file=</path/to/jmxremote.password/file> -Dcom.sun.management.jmxremote.port=<Ranger KMS JMX Port>"Enable TLS/SSL on the JMX Remote Port (Optional)
To enable TLS/SSL authentication on the JMX remote port, add the following parameters:
export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.registry.ssl=true -Djavax.net.ssl.keyStore=</path/to/keystore.jks/file> -Dcom.sun.management.jmxremote.access.file=</path/to/jmxremote.access/file> -Djavax.net.ssl.keyStorePassword=<Keystore Password> -Dcom.sun.management.jmxremote.password.file=</path/to/jmxremote.password/file> -Djavax.net.ssl.trustStore=</path/to/truststore.jks/file> -Djavax.net.ssl.trustStorePassword=<Truststore Password> -Dcom.sun.management.jmxremote.port=<Ranger KMS JMX Port>"- Save the configurations.
- Restart the Ranger KMS service.
Result
- Ranger KMS exposes metrics on the configured port.
Was this page helpful?