DataStax Academy FAQ

DataStax Academy migrated to a new learning management system (LMS) in July 2020. We are also moving to a new Cassandra Certification process so there are changes to exam bookings, voucher system and issuing of certificates.

Check out the Academy FAQ pages for answers to your questions:


question

noelle.heerink-wijnja_161326 avatar image
noelle.heerink-wijnja_161326 asked ·

What is the format of the entries for the JMX password file?

We have implemented Cassandra integrated authentication following the article on https://cassandra.apache.org/doc/latest/operating/security.html#jmx-with-ssl . Now we have to use nodetool commands with -u and -pw parameters. That works fine.

But we want to avoid showing up the credentials (in history) issuing the nodetool command on commandline and we also want to use scripting/scripts on commandline and not having that password show up.

1) we tried using the -pwf option (with -u). But what should be the config of such a file? We tried putting in a file: username=<dbusername> password=<dbpassword> and jmx_username=<jmxusername> and jmx_password=<jmxpassword> and <username> <password>. Nothing works. Could it be this no longer works when having done the configuration steps for using integrated authentication? Or should the file be different?

2) I looked at datastax articles: https://docs.datastax.com/en/security/6.0/security/Auth/secCredentialsEnv.html

https://docs.datastax.com/en/security/6.0/security/Auth/secDseCredFile.html

https://docs.datastax.com/en/security/5.1/security/Auth/secDsetoolCredentials.html

They are referring to a .dserc file. Is there also something like .nodetoolrc? (like cqlshrc)?

3) or is using environment variables in .bash_profile our only option now?

authenticationjmx
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered ·

@noelle.heerink-wijnja_161326 Specifically on the JMX password file, you need to specify the full path with the -pwf flag:

$ nodetool -u jmx_user -pwf /etc/cassandra/jmxremote.password

The contents of the password file (I've called it jmxremote.password in my example but you can call it anything you want) is the JMX user name and the corresponding JMX password with one user per line. For example:

jmx_user SomeComp7exPass3ord
ops_user Cassan6raOpera2or
dev_user NoProd4ccess

Remember to secure the password file so only the Linux user which runs Cassandra can access it. For example:

$ sudo chown cassandra:cassandra /etc/cassandra/jmxremote.password
$ sudo chmod 400 /etc/cassandra/jmxremote.password

Cheers!

2 comments Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

well yes that indeed worked. Thanks. Thought I tried it all but guess I did not. Thanks.

0 Likes 0 · ·
Erick Ramirez avatar image Erick Ramirez ♦♦ noelle.heerink-wijnja_161326 ·

Good to hear! Cheers!

P.S. I've turned your answer into a comment. :)

0 Likes 0 · ·