Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Adding com.sun.management.jmxremote.authenticate=true on opennms.conf is ignored by the opennms script

Description

A user is trying to configure JMX authentication via opennms.conf with the following properties:

opennms.conf

MANAGER_OPTIONS="$MANAGER_OPTIONS -Dcom.sun.management.jmxremote.port=18980" MANAGER_OPTIONS="$MANAGER_OPTIONS -Dcom.sun.management.jmxremote.ssl=false" MANAGER_OPTIONS="$MANAGER_OPTIONS -Dcom.sun.management.jmxremote.authenticate=true" MANAGER_OPTIONS="$MANAGER_OPTIONS -Dcom.sun.management.jmxremote.local.only=false" MANAGER_OPTIONS="$MANAGER_OPTIONS -Dopennms.poller.server.serverHost=0.0.0.0" MANAGER_OPTIONS="$MANAGER_OPTIONS -Dcom.sun.management.jmxremote.password.file=/opt/opennms/etc/jmxremote.password" MANAGER_OPTIONS="$MANAGER_OPTIONS -Dcom.sun.management.jmxremote.access.file=/opt/opennms/etc/jmxremote.access"

When executing the /opt/opennms/bin/opennms script to start OpenNMS, this script will override com.sun.management.jmxremote.authenticate and of course the rest of the properties won't be used.

The workaround at the moment is modifying the opennms script.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Alejandro Galue June 9, 2016 at 6:11 PM

I think the REAL issue here is the lack of documentation. If something is required either in groups.xml or in magic-users.properties that's something I'm sure no one knows, and it is not obvious, specially because that used to work without that before 16.0.4 like on any other Java application (for example Cassandra, just for mentioning one).

Benjamin Reed June 9, 2016 at 5:52 PM

Closing as configuration, but I'm opening a new bug about whether we should change OpenNMS to use groups.xml by default in addition to magic-users.properties here: https://opennms.atlassian.net/browse/NMS-8492#icft=NMS-8492

Benjamin Reed June 9, 2016 at 5:27 PM

I just did a build of meridian 2016.1.0 to try it there, and I'll try 18 next.

I honestly couldn't remember if I needed to do magic-users.properties or not, I thought that for admin you still needed that and not just the group membership to get some proper admin role stuff.

Alejandro Galue June 9, 2016 at 4:52 PM

Well, the part where you put yourself as admin in magic-users.properties is not documented anywhere, so I didn't know about that. Either way, I'll check it tomorrow.

FYI, try 18, because foundation-2016 works a lot better winking face

Benjamin Reed June 9, 2016 at 4:26 PM

With foundation-2016, I just did the following:

1. add a user ranger
2. put the user ranger in the admin group and role
3. put the following in opennms.conf and restarted OpenNMS:

ADDITIONAL_MANAGER_OPTIONS="$ADDITIONAL_MANAGER_OPTIONS -Dcom.sun.management.jmxremote.port=18980" ADDITIONAL_MANAGER_OPTIONS="$ADDITIONAL_MANAGER_OPTIONS -Dcom.sun.management.jmxremote.ssl=false" ADDITIONAL_MANAGER_OPTIONS="$ADDITIONAL_MANAGER_OPTIONS -Dcom.sun.management.jmxremote.authenticate=true" ADDITIONAL_MANAGER_OPTIONS="$ADDITIONAL_MANAGER_OPTIONS -Dcom.sun.management.jmxremote.local.only=false" ADDITIONAL_MANAGER_OPTIONS="$ADDITIONAL_MANAGER_OPTIONS -Dopennms.poller.server.serverHost=0.0.0.0"

I then connected using jconsole to localhost:18980 as the ranger user and it accepted my connection.

Configuration

Details

Assignee

Reporter

Labels

Components

Fix versions

Affects versions

Priority

PagerDuty

Created December 10, 2015 at 10:16 AM
Updated June 9, 2016 at 6:11 PM
Resolved June 9, 2016 at 5:52 PM

Flag notifications