check_jmx with certificate

[amit.ahuja]

I am trying to use the check_jmx plugin to monitor remote devices that require an additional classpath with a certificate for authentication. I have followed the tutorials online and have the plugin correctly installed but when I run the command ./check_jmx -U service:jmx:rmi:///jndi/rmi://REMOTEADDRESS:PORT/jmxrmi -O java.lang:type=Memory -A HeapMemoryUsage -K used -vvvv -w 4248302272 -c 5498760192 it times out. Any help in how to import the needed certificate to connect to the remote devices using this plugin would be greatly appreciated

[rkennedy]

Can you please post your full check_jmx command definition?

This link (http://devops-abyss.blogspot.com/2010/0 ... d-ssl.html) suggests you'll need to add two additional variables.

Code: Select all

-Djavax.net.ssl.trustStore=[full path to keystore file] -Djavax.net.ssl.trustStorePassword=[your password]

[amit.ahuja]

The command I posted was the full test command found on the pdf documentation for the check_jmx plugin: https://assets.nagios.com/downloads/nag ... ios-XI.pdf I have an updated version of the plugin which allows username and password fields which I am using. I am following up on the link you sent and working to see if that fixes my issue. Thanks for the reply.

[rkennedy]

You're welcome. I imagine it will work as it's java options, and not dependent on the java file that's running.

I'll leave this open for now, let us know if you have any other questions.

[haile711]

rkennedy,

Does nagios has a keystore to import the cert in? Or do we have to create a keystore first? I'm a little confused with this part myself. I'm working on the same

Code: Select all

java -cp jmxquery.jar -Djavax.net.ssl.trustStore="/local/nagios/libexec/mashery-proxy.jks" -Djavax.net.ssl.trustStorePassword=xxxxx org.nagios.JMXQuery -U service:jmx:rmi:///jndi/rmi://10.72.48.125:8084/jmxrmi -O java.lang.type=Memory -A HeapMemoryUsage -K used

Thanks

[rkennedy]

You would need to create the java keystore yourself, import your cert(s), and use that in reference with the command.

[haile711]

yea i've done that, and also see the cert in the keystore. I'm still getting connection refused.

Code: Select all

./check_jmx -Djavax.net.ssl.trustStore='/usr/local/nagios/libexec/mashery-proxy.jks' -Djavax.net.ssl.trustStorePassword=xxx org.nagios.JMXQuery -U service:jmx:rmi:///jndi/rmi://10.72.48.129:8084/jmxrmi -O "java.lang:type=MemoryPool,name=Perm Gen" -A Usage -K used -I Usage
JMX CRITICAL - Error opening RMI connection: Connection refused to host: xx.xx.xx.xxx; nested exception is:
        java.net.ConnectException: Connection timed out

[tgriep]

Can you add -vvvv to your command to get a verbose output and post that here?
Are you seeing any errors on the remote system?
Can you login to the XI server as root, run the following and post the output?

Code: Select all

ls -l /usr/local/nagios/libexec/mashery-proxy.jks

[haile711]

hey tgriep,
even tho i've added -vvv on the command it didn't produce any verbose output.
here is the output

Code: Select all

ls -l /usr/local/nagios/libexec/mashery-proxy.jks
-rw------- 1 root nagios 2901 Mar 25 10:17 /usr/local/nagios/libexec/mashery-proxy.jks

[rkennedy]

Can you show us the full input / output you're running?

Also, can you post the result of a nmap ipofjmxmachine?