JMX SSL monitoring

[nagiosvick]

This is a windows VMWare service that is being monitored. Don't think this is an application issue. I have attached the screenshot of jconsole monitoring JMX just now. Also attached the screenshot of the Java properties set during startup.

[rkennedy]

Your JMX settings are listening on port 9712, which lines up with where your check commands are, however RMI is listening on the same port as JMX. I don't believe they can listen on the same port.

[nagiosvick]

I don't think it is a problem with the RMI port being the same either. I had changed it so that the rmi connector has a different port and still nothing changes as attached in the screenshot.

Please take a look and advise.,

[mcapra]

Looking over the client this plugin leverages (jmxquery.jar), I do not think SSL is possible in it's current state.

The way this client establishes the JMX connection is done like so:

Code: Select all

private JMXConnector connector;
private MBeanServerConnection connection;

...

JMXServiceURL jmxUrl = new JMXServiceURL(url);
connector = JMXConnectorFactory.connect(jmxUrl);
connection = connector.getMBeanServerConnection();

Based on this document from Oracle, it needs to be explicitly setting the RMI connection factory to use SSL:
https://blogs.oracle.com/lmalventosa/en ... ment_agent

Code: Select all

JMXServiceURL url = ...;
Map<String,Object> env = new HashMap<String,Object>();
env.put("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory());
JMXConnector cc = JMXConnectorFactory.connect(url, env);
MBeanServerConnection mbsc = cc.getMBeanServerConnection();

I'll see what can be done about this, but I can't make any guarantees since this is a 3rd party plugin that is quite old (developed against JRE 1.5).

[nagiosvick]

Thanks a lot for looking into this. BTW, I see that it has worked through this blog. I will post a question there as well.

http://devops-abyss.blogspot.com/2010/0 ... d-ssl.html

The problem is I dont get any error messages in the output. If there is some log file which would give some hint, pls let me know , atleast a connection refused or something like that. The only error message I see is in the status (No output on stdout) stderr: Error: Could not find or load main class org.nagios.JMXQuery. Tried with JMXQuery alone and also fiddled with the order of parameters, but the error message seems to be consistent. Also pls check if the jar file processes the parameters passed.

[mcapra]

Can you post your server's jmxquery.jar? You may need to archive it to get past our forum's file type filters.

[nagiosvick]

Attached.

[mcapra]

Can you run the following and share the output? Be sure to replace the keystore+password with your preferred one and change the address+port to match yours:

Code: Select all

java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=/root/.keystore -Djavax.net.ssl.trustStorePassword=welcome -cp jmxquery.jar org.nagios.JMXQuery -U service:jmx:rmi:///jndi/r://192.168.67.96:9010/jmxrmi -O java.lang:type=Memory -A HeapMemoryUsage -K used -I HeapMemoryUsage -J used -vvvv

[nagiosvick]

find the log attached.Hope it doesnt have to do with JDK version. I have also shown the version I have been using.

[nagiosvick]

The earlier error was due to blocking of firewall seems like. Finally able to get the original error message what all folks were talking about. Attached in the screen shot.

Update:

Sorry for the confusion, this error occurs because it is not able to reach the server IP. The above exception is the original exception and it does not occur due to firewall issue. If there is something else you want me to check please let me know and I can try it out. Is this occurring due to the RMI connection factory issue?

Thanks.