Controlling Access to JMX Metrics

Environment variables and configure.sh options introduced in release 6.2.0 let you control how metrics are collected and who can access the metrics from JMX-enabled services.

JMX is a technology for monitoring system services. In the HPE Ezmeral Data Fabric, you can use environment variables or configure.sh options to enable or disable access to JMX metrics. The JMX-enabled services are:
  • CLDB
  • Drill
  • Hive
  • NodeManager
  • Oozie
  • ResourceManager
  • Spark

Understanding the MAPR_JMX Variables

The following table describes the environment variables. For release 6.2.0, JMX is enabled by default, and local binding is enabled by default:
Environment Variable Default Value Description
Secure Cluster Non-Secure Cluster
MAPR_JMXAUTH* true false Enables or disables authentication for JMX metrics for a node. JMXAUTH is only used in conjunction with MAPR_JMXLOCALHOST or MAPR_JMXREMOTEHOST. JMXAUTH is ignored when MAPR_JMXRLOCALBINDING is true.
MAPR_JMXDISABLE* false false If set to true, disables JMX for the entire node. In this scenario, Collectd does not receive JMX metrics.
MAPR_JMXLOCALBINDING* true true If set to true, disables TCP/IP listening on the the local JMX port. There is no TCP/IP listener at all when you turn on local binding. In this scenario, you can only get JMX metrics from the node itself by configuring a process that attaches to the Java process such as a debugger tool. And you can connect only to processes that you own.
MAPR_JMXLOCALHOST false false Enables the JMX server in the Java processes to listen on the local host and on the JMX port number. The local host is a TCP/IP listener that listens on the local host only. It doesn't let you connect remotely.
MAPR_JMXREMOTEHOST false false Enables the JMX server to listen on the JMX port and allows users from outside the cluster to connect to that port. You can turn on REMOTEHOST if you want to have a cluster with both LOCALBINDING and REMOTEHOST so that you can use JConsole or Virtual VM or any of these other tools to log in and look at what the Java processes do. When MAPR_JMXREMOTEHOST is true, the system always uses SSL and authentication.
MAPR_JMXSSL* false false Enables or disables SSL for JMX metrics for a node. This variable is ignored when MAPR_JMXREMOTEHOST is true.
*For internal use only. Manually changing the the value of this environment variable is not recommended.

Changing the MAPR_JMX Environment Variables

Suppose you wanted to change the value of MAPR_JMXREMOTEHOST to true. Doing so would allow you to use a tool such as JConsole to log in remotely and monitor the Java processes. To change the MAPR_JMXREMOTEHOST setting:
  1. Export the new value of MAPR_JMXREMOTEHOST in /opt/mapr/conf/env_override.sh:
    export MAPR_JMXREMOTEHOST=true
  2. Run /opt/mapr/server/configure.sh -R, and restart all services. For example:
    1. Stop Warden by using the systemctl stop mapr-warden command.
    2. Stop ZooKeeper by using the systemctl stop mapr-zookeeper command.
    3. Restart ZooKeeper by using the systemctl start mapr-zookeeper command.
    4. Restart Warden by using the systemctl start mapr-warden command.

Using the JMX Options for configure.sh

The following configure.sh options are supported for managing JMX on individual nodes:
Option Description
-JMXEnable Enables JMX support for every service on the node where JMX is configured to be enabled. JMX is enabled by default.
-JMXDisable Globally disables JMX support for all JMX-enabled services on the node.
-JMXLocalBindingEnable Enables local binding for JMX connections. Local binding is enabled by default
-JMXLocalBindingDisable Disables local binding for JMX connections.
-JMXLocalHostEnable Enables the local-host TCP port for JMX. This setting is mutually exclusive with JMXRemoteHostEnable.
-JMXLocalHostDisable Disables the local-host TCP port for JMX.
-JMXRemoteHostEnable Enables the remote TCP port for JMX. This setting is mutually exclusive with JMXLocalHostEnable.
-JMXRemoteHostDisable Disables the remote TCP port for JMX.
To use the -JMX options, run configure.sh -R with the -JMX option on the desired node. For example:
/opt/mapr/server/configure.sh -R -JMXRemoteHostEnable