kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maniku...@apache.org
Subject [kafka] branch trunk updated: MINOR: Add security considerations for remote JMX in Kafka docs (#6544)
Date Wed, 10 Apr 2019 07:09:33 GMT
This is an automated email from the ASF dual-hosted git repository.

manikumar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 950cfe3  MINOR: Add security considerations for remote JMX in Kafka docs (#6544)
950cfe3 is described below

commit 950cfe3e703f1726d6447e17480d1c8c04c46796
Author: Rajini Sivaram <rajinisivaram@googlemail.com>
AuthorDate: Wed Apr 10 08:09:11 2019 +0100

    MINOR: Add security considerations for remote JMX in Kafka docs (#6544)
    
    Reviewers: Manikumar Reddy <manikumar.reddy@gmail.com>
---
 docs/ops.html | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/ops.html b/docs/ops.html
index e14231c..600b500 100644
--- a/docs/ops.html
+++ b/docs/ops.html
@@ -786,6 +786,16 @@
   <code>records-consumed-rate</code> has a corresponding metric named <code>records-consumed-total</code>.
   <p>
   The easiest way to see the available metrics is to fire up jconsole and point it at a running
kafka client or server; this will allow browsing all metrics with JMX.
+
+  <h4><a id="remote_jmx" href="#remote_jmx">Security Considerations for Remote
Monitoring using JMX</a></h4>
+  Apache Kafka disables remote JMX by default. You can enable remote monitoring using JMX
by setting the environment variable
+  <code>JMX_PORT</code> for processes started using the CLI or standard Java
system properties to enable remote JMX programmatically.
+  You must enable security when enabling remote JMX in production scenarios to ensure that
unauthorized users cannot monitor or
+  control your broker or application as well as the platform on which these are running.
Note that authentication is disabled for
+  JMX by default in Kafka and security configs must be overridden for production deployments
by setting the environment variable
+  <code>KAFKA_JMX_OPTS</code> for processes started using the CLI or by setting
appropriate Java system properties. See
+  <a href=https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html">Monitoring
and Management Using JMX Technology</a>
+  for details on securing JMX.
   <p>
   We do graphing and alerting on the following metrics:
   <table class="data-table">


Mime
View raw message