You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/11/29 11:38:00 UTC

[jira] [Commented] (KAFKA-7455) JmxTool cannot connect to an SSL-enabled JMX RMI port

    [ https://issues.apache.org/jira/browse/KAFKA-7455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16703064#comment-16703064 ] 

ASF GitHub Bot commented on KAFKA-7455:
---------------------------------------

murong00 opened a new pull request #5968: KAFKA-7455: Support JmxTool to connect to a secured RMI port.
URL: https://github.com/apache/kafka/pull/5968
 
 
   To connect to a secured RMI port (enabling remote JMX with password authentication and SSL), JmxTool should pass an envionrment map that contains relevant certification entry.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> JmxTool cannot connect to an SSL-enabled JMX RMI port
> -----------------------------------------------------
>
>                 Key: KAFKA-7455
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7455
>             Project: Kafka
>          Issue Type: Bug
>          Components: tools
>            Reporter: Attila Sasvari
>            Priority: Major
>
> When JmxTool tries to connect to an SSL-enabled JMX RMI port with JMXConnectorFactory'connect(), the connection attempt results in a "java.rmi.ConnectIOException: non-JRMP server at remote endpoint":
> {code}
> $ export KAFKA_OPTS="-Djavax.net.ssl.trustStore=/tmp/kafka.server.truststore.jks -Djavax.net.ssl.trustStorePassword=test"
> $ bin/kafka-run-class.sh kafka.tools.JmxTool --object-name "kafka.server:type=kafka-metrics-count"  --jmx-url service:jmx:rmi:///jndi/rmi://localhost:9393/jmxrmi
> ConnectIOException: non-JRMP server at remote endpoint].
> java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
>         at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
>         at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
>         at kafka.tools.JmxTool$.main(JmxTool.scala:120)
>         at kafka.tools.JmxTool.main(JmxTool.scala)
> {code}
> The problem is that {{JmxTool}} does not specify {{SslRMIClientSocketFactory}} when it tries to connect
> https://github.com/apache/kafka/blob/70d90c371833b09cf934c8c2358171433892a085/core/src/main/scala/kafka/tools/JmxTool.scala#L120
> {code}  
>       jmxc = JMXConnectorFactory.connect(url, null)
> {code}
> To connect to a secured RMI port, it should pass an envionrment map that contains a {{("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory)}} entry.
> More info:
> - https://docs.oracle.com/cd/E19698-01/816-7609/security-35/index.html
> - https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)