Page 2 of 3
Re: JMX SSL monitoring
Posted: Thu Dec 08, 2016 5:15 pm
by nagiosvick
This is a windows VMWare service that is being monitored. Don't think this is an application issue. I have attached the screenshot of jconsole monitoring JMX just now. Also attached the screenshot of the Java properties set during startup.
Re: JMX SSL monitoring
Posted: Thu Dec 08, 2016 5:21 pm
by rkennedy
Your JMX settings are listening on port 9712, which lines up with where your check commands are, however RMI is listening on the same port as JMX. I don't believe they can listen on the same port.
Re: JMX SSL monitoring
Posted: Fri Dec 09, 2016 10:48 am
by nagiosvick
I don't think it is a problem with the RMI port being the same either. I had changed it so that the rmi connector has a different port and still nothing changes as attached in the screenshot.
Please take a look and advise.,
Re: JMX SSL monitoring
Posted: Fri Dec 09, 2016 12:43 pm
by mcapra
Looking over the client this plugin leverages (jmxquery.jar), I do not think SSL is possible in it's current state.
The way this client establishes the JMX connection is done like so:
Code: Select all
private JMXConnector connector;
private MBeanServerConnection connection;
...
JMXServiceURL jmxUrl = new JMXServiceURL(url);
connector = JMXConnectorFactory.connect(jmxUrl);
connection = connector.getMBeanServerConnection();
Based on this document from Oracle, it needs to be explicitly setting the RMI connection factory to use SSL:
https://blogs.oracle.com/lmalventosa/en ... ment_agent
Code: Select all
JMXServiceURL url = ...;
Map<String,Object> env = new HashMap<String,Object>();
env.put("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory());
JMXConnector cc = JMXConnectorFactory.connect(url, env);
MBeanServerConnection mbsc = cc.getMBeanServerConnection();
I'll see what can be done about this, but I can't make any guarantees since this is a 3rd party plugin that is quite old (developed against JRE 1.5).
Re: JMX SSL monitoring
Posted: Fri Dec 09, 2016 1:42 pm
by nagiosvick
Thanks a lot for looking into this. BTW, I see that it has worked through this blog. I will post a question there as well.
http://devops-abyss.blogspot.com/2010/0 ... d-ssl.html
The problem is I dont get any error messages in the output. If there is some log file which would give some hint, pls let me know , atleast a connection refused or something like that. The only error message I see is in the status (No output on stdout) stderr: Error: Could not find or load main class org.nagios.JMXQuery. Tried with JMXQuery alone and also fiddled with the order of parameters, but the error message seems to be consistent. Also pls check if the jar file processes the parameters passed.
Re: JMX SSL monitoring
Posted: Fri Dec 09, 2016 2:16 pm
by mcapra
Can you post your server's jmxquery.jar? You may need to archive it to get past our forum's file type filters.
Re: JMX SSL monitoring
Posted: Fri Dec 09, 2016 2:22 pm
by nagiosvick
Attached.
Re: JMX SSL monitoring
Posted: Fri Dec 09, 2016 3:07 pm
by mcapra
Can you run the following and share the output? Be sure to replace the keystore+password with your preferred one and change the address+port to match yours:
Code: Select all
java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=/root/.keystore -Djavax.net.ssl.trustStorePassword=welcome -cp jmxquery.jar org.nagios.JMXQuery -U service:jmx:rmi:///jndi/r://192.168.67.96:9010/jmxrmi -O java.lang:type=Memory -A HeapMemoryUsage -K used -I HeapMemoryUsage -J used -vvvv
Re: JMX SSL monitoring
Posted: Fri Dec 09, 2016 4:30 pm
by nagiosvick
find the log attached.Hope it doesnt have to do with JDK version. I have also shown the version I have been using.
Re: JMX SSL monitoring
Posted: Fri Dec 09, 2016 4:50 pm
by nagiosvick
The earlier error was due to blocking of firewall seems like. Finally able to get the original error message what all folks were talking about. Attached in the screen shot.
Update:
Sorry for the confusion, this error occurs because it is not able to reach the server IP. The above exception is the original exception and it does not occur due to firewall issue. If there is something else you want me to check please let me know and I can try it out. Is this occurring due to the RMI connection factory issue?
Thanks.