Securing with the TMS
If you are using the Terracotta Management Server (TMS), you must set up
JMX authentication. Every node in the cluster must have the following entry in its keychain, all locked with the identical secret:
jmx:net.sf.ehcache:type=RepositoryService
In addition, server-server REST-agent communication must also be authorized using a keychain entry using the format jmx://<user>@<host>:<group-port> .
Add entries to the keychain file as described in
Setting up the Server Keychain,
but avoid using the -O flag when using the keychain script.For example, to create an entry for server2 in server1's keychain, use:
tools/security/bin/keychain.sh server1keychain.tkc
jmx://server2username@172.16.254.2:9530
Each server must have an entry for itself and one for each other server in the TSA.