ConnectIOException: non-JRMP server at remote endpoint - cannot connect to SSL secured JMX

1,273 views
Skip to first unread message

Matúš Cuper

unread,
Aug 24, 2021, 3:55:58 AM8/24/21
to Prometheus Users
Hi everyone,

I am trying connect JMX exporter https://github.com/prometheus/jmx_exporter httpserver to my Kafka connect docker instance https://hub.docker.com/r/confluentinc/cp-kafka-connect. SSL with authentication must be enabled on JMX port due to company policies.

All JMX kafka connect options:
KAFKA_JMX_PORT=5555
KAFKA_JMX_OPTS=-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.registry.ssl=true
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=true
-Djava.net.preferIPv4Stack=true
-Djava.rmi.server.hostname=kafka-connect-01.triviadata.local
-Dcom.sun.management.jmxremote.password.file=/tmp/kafka_connect/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/tmp/kafka_connect/jmxremote.access
-Djavax.net.ssl.trustStore=/root/pki/jssecacerts
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStorePassword=trust_pass
-Djavax.net.ssl.keyStore=/root/pki/host.jks
-Djavax.net.ssl.keyStoreType=jks
-Djavax.net.ssl.keyStorePassword=key_pass

Execution of exporter httpserver:
java -Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Djavax.net.ssl.trustStore=/root/pki/jssecacerts
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStorePassword=trust_pass
-Djavax.net.ssl.keyStore=/root/pki/host.jks
-Djavax.net.ssl.keyStoreType=jks
-Djavax.net.ssl.keyStorePassword=key_pass
-jar /opt/jmx_exporter/jmx_prometheus_httpserver-0.16.1-jar-with-dependencies.jar kafka-connect-01.triviadata.local:9555 /opt/jmx_exporter/jmx_httpserver_config.yml

Content of jmx_httpserver_config.yml:
---
username: monitorRole
password: monitor_pass
jmxUrl: service:jmx:rmi:///jndi/rmi://kafka-connect-01.triviadata.local:5555/jmxrmi

rules:
- pattern: ".*"

Error message:
Aug 24, 2021 1:29:29 PM io.prometheus.jmx.JmxCollector collect
SEVERE: JMX scrape failed: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
        at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
        at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
        at io.prometheus.jmx.JmxScraper.doScrape(JmxScraper.java:95)
        at io.prometheus.jmx.JmxCollector.collect(JmxCollector.java:547)
        at io.prometheus.client.CollectorRegistry$MetricFamilySamplesEnumeration.findNextElement(CollectorRegistry.java:207)
        at io.prometheus.client.CollectorRegistry$MetricFamilySamplesEnumeration.nextElement(CollectorRegistry.java:240)
        at io.prometheus.client.CollectorRegistry$MetricFamilySamplesEnumeration.nextElement(CollectorRegistry.java:161)
        at io.prometheus.client.exporter.common.TextFormat.writeOpenMetrics100(TextFormat.java:202)
        at io.prometheus.client.exporter.common.TextFormat.writeFormat(TextFormat.java:57)
        at io.prometheus.client.exporter.HTTPServer$HTTPMetricHandler.handle(HTTPServer.java:83)
        at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:79)
        at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:83)
        at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:82)
        at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:675)
        at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:79)
        at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:647)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
        at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:136)
        at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:205)
        at javax.naming.InitialContext.lookup(InitialContext.java:417)
        at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1955)
        at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1922)
        at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:287)
        ... 18 more
Caused by: java.rmi.ConnectIOException: non-JRMP server at remote endpoint
        at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:248)
        at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
        at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:343)
        at sun.rmi.registry.RegistryImpl_Stub.lookup(RegistryImpl_Stub.java:116)
        at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:132)
        ... 23 more


When I disable SSL for kafka connect JMX port by setting -Dcom.sun.management.jmxremote.registry.ssl=false and -Dcom.sun.management.jmxremote.ssl=false, JMX exporter httpserver is running and I am able to get metrics from kafka-connect-01.triviadata.local:9555/metrics

Can someone help me how to connect JMX exporter httpserver to SSL secured JMX?

Matúš Cuper

unread,
Aug 24, 2021, 7:53:46 AM8/24/21
to Prometheus Users
Added ssl: true to jmx_httpserver_config.yml file and it is working now. Sorry for my post. Solved
Reply all
Reply to author
Forward
0 new messages