You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Manikumar (JIRA)" <ji...@apache.org> on 2019/05/06 12:26:00 UTC

[jira] [Resolved] (KAFKA-7455) JmxTool cannot connect to an SSL-enabled JMX RMI port

     [ https://issues.apache.org/jira/browse/KAFKA-7455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Manikumar resolved KAFKA-7455.
------------------------------
       Resolution: Fixed
    Fix Version/s: 2.3.0

> JmxTool cannot connect to an SSL-enabled JMX RMI port
> -----------------------------------------------------
>
>                 Key: KAFKA-7455
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7455
>             Project: Kafka
>          Issue Type: Bug
>          Components: tools
>            Reporter: Attila Sasvari
>            Priority: Major
>             Fix For: 2.3.0
>
>
> When JmxTool tries to connect to an SSL-enabled JMX RMI port with JMXConnectorFactory'connect(), the connection attempt results in a "java.rmi.ConnectIOException: non-JRMP server at remote endpoint":
> {code}
> $ export KAFKA_OPTS="-Djavax.net.ssl.trustStore=/tmp/kafka.server.truststore.jks -Djavax.net.ssl.trustStorePassword=test"
> $ bin/kafka-run-class.sh kafka.tools.JmxTool --object-name "kafka.server:type=kafka-metrics-count"  --jmx-url service:jmx:rmi:///jndi/rmi://localhost:9393/jmxrmi
> ConnectIOException: non-JRMP server at remote endpoint].
> java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
>         at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
>         at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
>         at kafka.tools.JmxTool$.main(JmxTool.scala:120)
>         at kafka.tools.JmxTool.main(JmxTool.scala)
> {code}
> The problem is that {{JmxTool}} does not specify {{SslRMIClientSocketFactory}} when it tries to connect
> https://github.com/apache/kafka/blob/70d90c371833b09cf934c8c2358171433892a085/core/src/main/scala/kafka/tools/JmxTool.scala#L120
> {code}  
>       jmxc = JMXConnectorFactory.connect(url, null)
> {code}
> To connect to a secured RMI port, it should pass an envionrment map that contains a {{("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory)}} entry.
> More info:
> - https://docs.oracle.com/cd/E19698-01/816-7609/security-35/index.html
> - https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)