MINOR: Add security considerations for remote JMX in Kafka docs (#6544)

Reviewers: Manikumar Reddy <manikumar.reddy@gmail.com>
2019-04-10 08:09:11 +01:00 · 2019-04-10 08:09:11 +01:00 · 950cfe3e70
parent 0667fe2bfd
commit 950cfe3e70
1 changed files with 10 additions and 0 deletions
--- a/docs/ops.html
+++ b/docs/ops.html
@ -786,6 +786,16 @@
  <code>records-consumed-rate</code> has a corresponding metric named <code>records-consumed-total</code>.
  <p>
  The easiest way to see the available metrics is to fire up jconsole and point it at a running kafka client or server; this will allow browsing all metrics with JMX.
+
+  <h4><a id="remote_jmx" href="#remote_jmx">Security Considerations for Remote Monitoring using JMX</a></h4>
+  Apache Kafka disables remote JMX by default. You can enable remote monitoring using JMX by setting the environment variable
+  <code>JMX_PORT</code> for processes started using the CLI or standard Java system properties to enable remote JMX programmatically.
+  You must enable security when enabling remote JMX in production scenarios to ensure that unauthorized users cannot monitor or
+  control your broker or application as well as the platform on which these are running. Note that authentication is disabled for
+  JMX by default in Kafka and security configs must be overridden for production deployments by setting the environment variable
+  <code>KAFKA_JMX_OPTS</code> for processes started using the CLI or by setting appropriate Java system properties. See
+  <a href=https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html">Monitoring and Management Using JMX Technology</a>
+  for details on securing JMX.
  <p>
  We do graphing and alerting on the following metrics:
  <table class="data-table">