You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Grzegorz Grzybek (Jira)" <ji...@apache.org> on 2021/04/06 10:12:00 UTC
[jira] [Commented] (KARAF-6955) JMX: With rmiRegistryHost =
127.0.0.1, Karaf should listen only on 127.0.0.1
[ https://issues.apache.org/jira/browse/KARAF-6955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17315418#comment-17315418 ]
Grzegorz Grzybek commented on KARAF-6955:
-----------------------------------------
I had problem after this change - {{jconsole}} stopped working and sample Java application ended with {{Connection refused}} exception.
I did enjoyable analysis and I found that:
* ports are opened on proper interfaces ({{::ffff:127.0.0.1}} in my case, which is an IPv6 address from _::ffff:0:0/96 CIDR_ that represents _Transition from IPv4_ address block)
* I could connect to RMI Registry at port 1099 and even obtain {{karaf-root}} object from there, which:
** is of {{javax.management.remote.rmi.RMIServer}} interface
** is of {{javax.management.remote.rmi.RMIServerImpl_Stub}} implementation
The problem is that this stub contains:
{noformat}
ref: java.rmi.server.RemoteRef = {sun.rmi.server.UnicastRef2@1918}
...
ref: sun.rmi.transport.LiveRef = {sun.rmi.transport.LiveRef@1925} "[endpoint:[192.168.0.38:44444](remote),objID:[2f23195f:178a6a29327:-7ffa, 4962682433218761153]]"
ep: sun.rmi.transport.Endpoint = {sun.rmi.transport.tcp.TCPEndpoint@1927} "[192.168.0.38:44444]"
host: java.lang.String = "192.168.0.38"
port: int = 44444 (0xAD9C)
{noformat}
The problem is that when {{RMIServerImpl_Stub}} is created *at server side* by karaf.management.server bundle, the bind address of this remote object is NOT taken from {{rmiServerHost}} property of {{org.apache.karaf.management}} PID. It's taken from (top to bottom):
* sun.rmi.transport.tcp.TCPEndpoint#getLocalEndpoint()
* java.net.InetAddress#getLocalHost()
* java.net.InetAddressImpl#getLocalHostName()
* java.net.InetAddress#getAddressesFromNameService()
* java.net.Inet6AddressImpl#lookupAllHostAddr()
* getaddress() libc method
* /etc/hosts
The way to solve this is to set {{java.rmi.server.hostname}} system property to 127.0.0.1, so the Stub contains proper address.
> JMX: With rmiRegistryHost = 127.0.0.1, Karaf should listen only on 127.0.0.1
> ----------------------------------------------------------------------------
>
> Key: KARAF-6955
> URL: https://issues.apache.org/jira/browse/KARAF-6955
> Project: Karaf
> Issue Type: Bug
> Components: karaf
> Affects Versions: 4.2.9
> Reporter: Martin Lichtin
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 4.2.11, 4.3.1
>
>
> JMX - with rmiRegistryHost = 127.0.0.1 Karaf should listen only on 127.0.0.1
> However, Karaf listens on 0.0.0.0 which opens up access to the network.
> {noformat}
> > config:list "(service.pid=org.apache.karaf.management)"
> ----------------------------------------------------------------
> Pid: org.apache.karaf.management
> BundleLocation: ?
> Properties:
> daemon = true
> felix.fileinstall.filename = file:mykaraf/etc/org.apache.karaf.management.cfg
> jmxRealm = karaf
> jmxmpEnabled = false
> jmxmpHost = 127.0.0.1
> jmxmpObjectName = connector:name=jmxmp
> jmxmpPort = 9999
> jmxmpServiceUrl = service:jmx:jmxmp://127.0.0.1:9999
> objectName = connector:name=rmi
> rmiRegistryHost = 127.0.0.1
> rmiRegistryPort = 25031
> rmiServerHost = 127.0.0.1
> rmiServerPort = 25041
> service.pid = org.apache.karaf.management
> serviceUrl = service:jmx:rmi://127.0.0.1:25041/jndi/rmi://127.0.0.1:25031/karaf-mykaraf
> threaded = true
> {noformat}
> Using netstat one can see the listen address is not 127.0.0.1:
> {noformat}
> $ netstat -n -l -t|grep 25031
> tcp 0 0 0.0.0.0:25031 0.0.0.0:* LISTEN
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)