[jira] [Commented] (KAFKA-7455) JmxTool cannot connect to an SSL-enabled JMX RMI port

Thu, 29 Nov 2018 03:44:44 -0800 


    [ 
https://issues.apache.org/jira/browse/KAFKA-7455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16703064#comment-16703064
 ] 

ASF GitHub Bot commented on KAFKA-7455:
---------------------------------------

murong00 opened a new pull request #5968: KAFKA-7455: Support JmxTool to 
connect to a secured RMI port.
URL: https://github.com/apache/kafka/pull/5968
 
 
   To connect to a secured RMI port (enabling remote JMX with password 
authentication and SSL), JmxTool should pass an envionrment map that contains 
relevant certification entry.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> JmxTool cannot connect to an SSL-enabled JMX RMI port
> -----------------------------------------------------
>
>                 Key: KAFKA-7455
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7455
>             Project: Kafka
>          Issue Type: Bug
>          Components: tools
>            Reporter: Attila Sasvari
>            Priority: Major
>
> When JmxTool tries to connect to an SSL-enabled JMX RMI port with 
> JMXConnectorFactory'connect(), the connection attempt results in a 
> "java.rmi.ConnectIOException: non-JRMP server at remote endpoint":
> {code}
> $ export 
> KAFKA_OPTS="-Djavax.net.ssl.trustStore=/tmp/kafka.server.truststore.jks 
> -Djavax.net.ssl.trustStorePassword=test"
> $ bin/kafka-run-class.sh kafka.tools.JmxTool --object-name 
> "kafka.server:type=kafka-metrics-count"  --jmx-url 
> service:jmx:rmi:///jndi/rmi://localhost:9393/jmxrmi
> ConnectIOException: non-JRMP server at remote endpoint].
> java.io.IOException: Failed to retrieve RMIServer stub: 
> javax.naming.CommunicationException [Root exception is 
> java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
>         at 
> javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
>         at 
> javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
>         at kafka.tools.JmxTool$.main(JmxTool.scala:120)
>         at kafka.tools.JmxTool.main(JmxTool.scala)
> {code}
> The problem is that {{JmxTool}} does not specify 
> {{SslRMIClientSocketFactory}} when it tries to connect
> https://github.com/apache/kafka/blob/70d90c371833b09cf934c8c2358171433892a085/core/src/main/scala/kafka/tools/JmxTool.scala#L120
> {code}  
>       jmxc = JMXConnectorFactory.connect(url, null)
> {code}
> To connect to a secured RMI port, it should pass an envionrment map that 
> contains a {{("com.sun.jndi.rmi.factory.socket", new 
> SslRMIClientSocketFactory)}} entry.
> More info:
> - https://docs.oracle.com/cd/E19698-01/816-7609/security-35/index.html
> - https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to