cassandra: Allow to configure the jmx for remote or local only access (!559) · Merge requests · Platform / Infrastructure / Puppet / puppet-swh-site

Vincent Sellier requested to merge generated-differential-D8472-source into generated-differential-D8472-target Sep 14, 2022

If remote access is activated, the user authentication is configured and activated

Related to T4458

Test Plan

diff origin/production/cassandra01.internal.softwareheritage.org current/cassandra01.internal.softwareheritage.org
*******************************************
+ File[/etc/cassandra/jmxremote.access] =>
   parameters =>
     "content": "monitorRole   readonly\ncontrolRole   readwrite \\\n            ...
     "ensure": "present",
     "group": "cassandra",
     "mode": "0540",
     "owner": "root"
*******************************************
+ File[/etc/cassandra/jmxremote.password] =>
   parameters =>
     "content": "cassandra   \n",
     "ensure": "present",
     "group": "cassandra",
     "mode": "0540",
     "owner": "root"
*******************************************
  File[/etc/systemd/system/cassandra@instance1.service.d/parameters.conf] =>
   parameters =>
     content =>
      @@ -6,7 +6,8 @@
      _
       [Service]
      -Environment=JVM_EXTRA_OPTS="-javaagent:/opt/prometheus-jmx-exporter/jmx_prometheus_javaagent-0.11.0.jar=7070:/etc/cassandra/jmx_exporter.yml -Dcassandra.jmx.local.port=7199 -Dcom.sun.management.jmxremote.authenticate=false"
      +Environment=JVM_EXTRA_OPTS="-javaagent:/opt/prometheus-jmx-exporter/jmx_prometheus_javaagent-0.11.0.jar=7070:/etc/cassandra/jmx_exporter.yml -Dcassandra.jmx.remote.port=7199 -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access"
       Environment=CASSANDRA_CONF=/etc/cassandra/instance1
       Environment=CASSANDRA_LOG_DIR=/var/log/cassandra/instance1
      +Environment=LOCAL_JMX=no
      _
       [Install]
*******************************************
  Profile::Cassandra::Instance[instance1] =>
   parameters =>
     config =>
       jmx_password =>
        - undef
        + ""
       jmx_remote =>
        + true
       jmx_user =>
        + cassandra
*******************************************
  Systemd::Dropin_file[cassandra@instance1.service.d/parameters.conf] =>
   parameters =>
     content =>
      @@ -6,7 +6,8 @@
      _
       [Service]
      -Environment=JVM_EXTRA_OPTS="-javaagent:/opt/prometheus-jmx-exporter/jmx_prometheus_javaagent-0.11.0.jar=7070:/etc/cassandra/jmx_exporter.yml -Dcassandra.jmx.local.port=7199 -Dcom.sun.management.jmxremote.authenticate=false"
      +Environment=JVM_EXTRA_OPTS="-javaagent:/opt/prometheus-jmx-exporter/jmx_prometheus_javaagent-0.11.0.jar=7070:/etc/cassandra/jmx_exporter.yml -Dcassandra.jmx.remote.port=7199 -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access"
       Environment=CASSANDRA_CONF=/etc/cassandra/instance1
       Environment=CASSANDRA_LOG_DIR=/var/log/cassandra/instance1
      +Environment=LOCAL_JMX=no
      _
       [Install]
*******************************************
*** End octocatalog-diff on cassandra01.internal.softwareheritage.org

Migrated from D8472 (view on Phabricator)

cassandra: Allow to configure the jmx for remote or local only access

Test Plan

Merge request reports