Description
When JmxTool tries to connect to an SSL-enabled JMX RMI port with JMXConnectorFactory'connect(), the connection attempt results in a "java.rmi.ConnectIOException: non-JRMP server at remote endpoint":
$ export KAFKA_OPTS="-Djavax.net.ssl.trustStore=/tmp/kafka.server.truststore.jks -Djavax.net.ssl.trustStorePassword=test" $ bin/kafka-run-class.sh kafka.tools.JmxTool --object-name "kafka.server:type=kafka-metrics-count" --jmx-url service:jmx:rmi:///jndi/rmi://localhost:9393/jmxrmi ConnectIOException: non-JRMP server at remote endpoint]. java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint] at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270) at kafka.tools.JmxTool$.main(JmxTool.scala:120) at kafka.tools.JmxTool.main(JmxTool.scala)
The problem is that JmxTool does not specify SslRMIClientSocketFactory when it tries to connect
https://github.com/apache/kafka/blob/70d90c371833b09cf934c8c2358171433892a085/core/src/main/scala/kafka/tools/JmxTool.scala#L120
jmxc = JMXConnectorFactory.connect(url, null)
To connect to a secured RMI port, it should pass an envionrment map that contains a ("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory) entry.
More info:
Attachments
Issue Links
- is related to
-
KAFKA-5613 Deprecate JmxTool?
-
- Open
-
- links to