Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-7455

JmxTool cannot connect to an SSL-enabled JMX RMI port

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.0
    • Component/s: tools
    • Labels:
      None

      Description

      When JmxTool tries to connect to an SSL-enabled JMX RMI port with JMXConnectorFactory'connect(), the connection attempt results in a "java.rmi.ConnectIOException: non-JRMP server at remote endpoint":

      $ export KAFKA_OPTS="-Djavax.net.ssl.trustStore=/tmp/kafka.server.truststore.jks -Djavax.net.ssl.trustStorePassword=test"
      
      $ bin/kafka-run-class.sh kafka.tools.JmxTool --object-name "kafka.server:type=kafka-metrics-count"  --jmx-url service:jmx:rmi:///jndi/rmi://localhost:9393/jmxrmi
      
      ConnectIOException: non-JRMP server at remote endpoint].
      java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
              at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
              at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
              at kafka.tools.JmxTool$.main(JmxTool.scala:120)
              at kafka.tools.JmxTool.main(JmxTool.scala)
      

      The problem is that JmxTool does not specify SslRMIClientSocketFactory when it tries to connect
      https://github.com/apache/kafka/blob/70d90c371833b09cf934c8c2358171433892a085/core/src/main/scala/kafka/tools/JmxTool.scala#L120

        
            jmxc = JMXConnectorFactory.connect(url, null)
      

      To connect to a secured RMI port, it should pass an envionrment map that contains a ("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory) entry.

      More info:

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                asasvari Attila Sasvari
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: