[jira] [Commented] (KAFKA-7455) JmxTool cannot connect to an SSL-enabled JMX RMI port

Mon, 06 May 2019 05:23:22 -0700 


    [ 
https://issues.apache.org/jira/browse/KAFKA-7455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16833756#comment-16833756
 ] 

ASF GitHub Bot commented on KAFKA-7455:
---------------------------------------

omkreddy commented on pull request #5968: KAFKA-7455: Support JmxTool to 
connect to a secured RMI port.
URL: https://github.com/apache/kafka/pull/5968
 
 
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> JmxTool cannot connect to an SSL-enabled JMX RMI port
> -----------------------------------------------------
>
>                 Key: KAFKA-7455
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7455
>             Project: Kafka
>          Issue Type: Bug
>          Components: tools
>            Reporter: Attila Sasvari
>            Priority: Major
>
> When JmxTool tries to connect to an SSL-enabled JMX RMI port with 
> JMXConnectorFactory'connect(), the connection attempt results in a 
> "java.rmi.ConnectIOException: non-JRMP server at remote endpoint":
> {code}
> $ export 
> KAFKA_OPTS="-Djavax.net.ssl.trustStore=/tmp/kafka.server.truststore.jks 
> -Djavax.net.ssl.trustStorePassword=test"
> $ bin/kafka-run-class.sh kafka.tools.JmxTool --object-name 
> "kafka.server:type=kafka-metrics-count"  --jmx-url 
> service:jmx:rmi:///jndi/rmi://localhost:9393/jmxrmi
> ConnectIOException: non-JRMP server at remote endpoint].
> java.io.IOException: Failed to retrieve RMIServer stub: 
> javax.naming.CommunicationException [Root exception is 
> java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
>         at 
> javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
>         at 
> javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
>         at kafka.tools.JmxTool$.main(JmxTool.scala:120)
>         at kafka.tools.JmxTool.main(JmxTool.scala)
> {code}
> The problem is that {{JmxTool}} does not specify 
> {{SslRMIClientSocketFactory}} when it tries to connect
> https://github.com/apache/kafka/blob/70d90c371833b09cf934c8c2358171433892a085/core/src/main/scala/kafka/tools/JmxTool.scala#L120
> {code}  
>       jmxc = JMXConnectorFactory.connect(url, null)
> {code}
> To connect to a secured RMI port, it should pass an envionrment map that 
> contains a {{("com.sun.jndi.rmi.factory.socket", new 
> SslRMIClientSocketFactory)}} entry.
> More info:
> - https://docs.oracle.com/cd/E19698-01/816-7609/security-35/index.html
> - https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to