You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Attila Sasvari (JIRA)" <ji...@apache.org> on 2018/09/28 17:21:00 UTC

[jira] [Created] (KAFKA-7455) JmxTool cannot connect to an SSL-enabled JMX RMI port

Attila Sasvari created KAFKA-7455:
-------------------------------------

             Summary: JmxTool cannot connect to an SSL-enabled JMX RMI port
                 Key: KAFKA-7455
                 URL: https://issues.apache.org/jira/browse/KAFKA-7455
             Project: Kafka
          Issue Type: Bug
          Components: tools
            Reporter: Attila Sasvari


When JmxTool tries to connect to an SSL-enabled JMX RMI port with JMXConnectorFactory'connect(), the connection attempt results in a "java.rmi.ConnectIOException: non-JRMP server at remote endpoint":

{code}
$ export KAFKA_OPTS="-Djavax.net.ssl.trustStore=/tmp/kafka.server.truststore.jks -Djavax.net.ssl.trustStorePassword=test"

$ bin/kafka-run-class.sh kafka.tools.JmxTool --object-name "kafka.server:type=kafka-metrics-count"  --jmx-url service:jmx:rmi:///jndi/rmi://localhost:9393/jmxrmi

ConnectIOException: non-JRMP server at remote endpoint].
java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
        at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
        at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
        at kafka.tools.JmxTool$.main(JmxTool.scala:120)
        at kafka.tools.JmxTool.main(JmxTool.scala)
{code}

The problem is that {{JmxTool}} does not specify {{SslRMIClientSocketFactory}} when it tries to connect
https://github.com/apache/kafka/blob/70d90c371833b09cf934c8c2358171433892a085/core/src/main/scala/kafka/tools/JmxTool.scala#L120
{code}  
      jmxc = JMXConnectorFactory.connect(url, null)
{code}
To connect to a secured RMI port, it should pass an envionrment map that contains a {{("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory)}} entry.

More info:
- https://docs.oracle.com/cd/E19698-01/816-7609/security-35/index.html
- https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)