Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-12848

make configuring remote jmx access simpler

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.3.0
    • Fix Version/s: None
    • Component/s: Support Tools
    • Labels:

      Description

      We have an article published which describes how to configure Nexus 3.x to allow remote JMX access.

      This improvement request is about making configuring remote JMX access to Nexus 3.x container mbeans much easier to setup than the existing instructions.

      Existing implementation involves:

      • (possibly) editing etc/karaf/jmx.acl.cfg to change role mappings to mbean access
      • using non-intuitive 'karaf-' prefixed role names for accessing all remote jmx features
      • editing etc/karaf/org.apache.karaf.features.cfg to add management feature
      • editing etc/karaf/org.apache.karaf.management.cfg to add rmi server host and port properties
      • restarting Nexus
      • creating viewer and admin roles in nexus ui - for a non-administrator user, possibly assigning both viewer and admin roles to be an jmx admin ( makes more sense to only have to apply one of these )
      • assign roles to users, other roles, as required

      Areas to improve:

      • reduce manual or custom editing of properties files and replace with setup over UI instead
      • do not require restarting the server
      • ship with default roles which provide basic levels of read only or read/write access to mbeans so user does not need to create these themselves

      Implementation ideas:

      Add a JMX Remoting Capability that allows configuring

      • rmi hostname
      • ports
      • management feature enablement ( capability is enabled )
      • mbean viewer role name
      • mbean writer role name
      • allows the most common JMX configurations and has sane default values
      • (advanced) custom mbean RBAC access mapping

      Also, ship with some default viewer and admin roles for JMX already created and not tie this to `karaf-` prefix.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              2 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title