This is a short post about two things that should be on the to-do list for all Cassandra Administrators. The leap second issue and the new JMX default.
The Leap Second
Before we move on you should learn more about how the leap second affects Cassandra in more detail.
In short, you must update your JVM to version 7u60 or above. If you are on Cassandra 2.0.14+ or 2.1.x then all JVM on version 8 are safe and tested. One issue that the the JVM doesn’t solve is that time-series data might become interleaved. If is this is critical for your deployment (not for most cases) be aware of this.
JMX Security
Since Cassandra 2.0.14 and 2.1.4 the cassandra-env.sh file sets the JMX to only listen to the localhost. So unless you are fine with this you should enable remote access, while making sure you activate security!
Short version:
- Edit $CASSANDRA_CONF/cassandra-env.sh update and set LOCAL_JMX=no
- Create /etc/cassandra/jmxremote.password and add the username and password:
monitorRole QED controlRole R&D USERNAME PASSWORD
- Change ownership to the user you run Cassandra with and permission to read only:
chown cassandra:cassandra /etc/cassandra/jmxremote.password chmod 400 /etc/cassandra/jmxremote.password
- Add the username defined before with readwrite permission to $JAVA_HOME/lib/management/jmxremote.access:
monitorRole readonly USERNAME readwrite controlRole readwrite \ create javax.management.monitor.,javax.management.timer. \ unregister
- Re-start Cassandra
Want to learn more about our Cassandra services? Contact us now!
No comments