Controlling Access to JMX Metrics

The following table describes the environment variables. For release 6.2.0, JMX is enabled by default, and local binding is enabled by default:

Environment Variable	Default Value		Description
	Secure Cluster	Non-Secure Cluster
MAPR_JMXAUTH*	true	false	Enables or disables authentication for JMX metrics for a node. JMXAUTH is only used in conjunction with MAPR_JMXLOCALHOST or MAPR_JMXREMOTEHOST. JMXAUTH is ignored when MAPR_JMXRLOCALBINDING is true.
MAPR_JMXDISABLE*	false	false	If set to true, disables JMX for the entire node. In this scenario, Collectd does not receive JMX metrics.
MAPR_JMXLOCALBINDING*	true	true	If set to true, disables TCP/IP listening on the the local JMX port. There is no TCP/IP listener at all when you turn on local binding. In this scenario, you can only get JMX metrics from the node itself by configuring a process that attaches to the Java process such as a debugger tool. And you can connect only to processes that you own.
MAPR_JMXLOCALHOST	false	false	Enables the JMX server in the Java processes to listen on the local host and on the JMX port number. The local host is a TCP/IP listener that listens on the local host only. It doesn't let you connect remotely.
MAPR_JMXREMOTEHOST	false	false	Enables the JMX server to listen on the JMX port and allows users from outside the cluster to connect to that port. You can turn on REMOTEHOST if you want to have a cluster with both LOCALBINDING and REMOTEHOST so that you can use JConsole or Virtual VM or any of these other tools to log in and look at what the Java processes do. When MAPR_JMXREMOTEHOST is true, the system always uses SSL and authentication.
MAPR_JMXSSL*	false	false	Enables or disables SSL for JMX metrics for a node. This variable is ignored when MAPR_JMXREMOTEHOST is true.

*For internal use only. Manually changing the the value of this environment variable is not recommended.

Suppose you wanted to change the value of MAPR_JMXREMOTEHOST to true. Doing so would allow you to use a tool such as JConsole to log in remotely and monitor the Java processes. To change the MAPR_JMXREMOTEHOST setting:

1. Export the new value of MAPR_JMXREMOTEHOST in /opt/mapr/conf/env_override.sh:

   export MAPR_JMXREMOTEHOST=true

2. Run /opt/mapr/server/configure.sh -R, and restart all services. For example:
   1. Stop Warden by using the systemctl stop mapr-warden command.
   2. Stop ZooKeeper by using the systemctl stop mapr-zookeeper command.
   3. Restart ZooKeeper by using the systemctl start mapr-zookeeper command.
   4. Restart Warden by using the systemctl start mapr-warden command.

The following configure.sh options are supported for managing JMX on individual nodes:

Option	Description
-JMXEnable	Enables JMX support for every service on the node where JMX is configured to be enabled. JMX is enabled by default.
-JMXDisable	Globally disables JMX support for all JMX-enabled services on the node.
-JMXLocalBindingEnable	Enables local binding for JMX connections. Local binding is enabled by default
-JMXLocalBindingDisable	Disables local binding for JMX connections.
-JMXLocalHostEnable	Enables the local-host TCP port for JMX. This setting is mutually exclusive with JMXRemoteHostEnable.
-JMXLocalHostDisable	Disables the local-host TCP port for JMX.
-JMXRemoteHostEnable	Enables the remote TCP port for JMX. This setting is mutually exclusive with JMXLocalHostEnable.
-JMXRemoteHostDisable	Disables the remote TCP port for JMX.

To use the -JMX options, run configure.sh -R with the -JMX option on the desired node. For example:

/opt/mapr/server/configure.sh -R -JMXRemoteHostEnable