Comments (13)
When running the exporter in standalone mode with JMX being protected by SSL you have to...
-
Create a trust store to be used by the exporter.
-
Added the trusted certificate to the trust store )if you are not using a certificate signed by a public certificate authority)
-
Added the following properties to your exporter command line
-javax.net.ssl.trustStore=<file> -javax.net.ssl.trustStorePassword=<trustStore password>
from jmx_exporter.
@kingEneru When configuring RMI for SSL, the expectation is that the RMI registry is also configured for SSL. This requires the Java system property...
-Dcom.sun.management.jmxremote.registry.ssl=true
... to be defined when launching your application.
I have merged an integration test that tests/validates RMI with SSL. @unitsvc also validated that adding the Java system property resolves the issue.
from jmx_exporter.
When running the exporter in standalone mode with JMX being protected by SSL you have to...
- Create a trust store to be used by the exporter.
- Added the trusted certificate to the trust store )if you are not using a certificate signed by a public certificate authority)
- Added the following properties to your exporter command line
-javax.net.ssl.trustStore=<file> -javax.net.ssl.trustStorePassword=<trustStore password>
Thanks for your prompt reply. And do I need to add the keystore command line?
-Djavax.net.ssl.keyStore=/home/user/.keystore
-Djavax.net.ssl.keyStorePassword=changeit
from jmx_exporter.
I don't believe the keyStore values are required.
from jmx_exporter.
I don't believe the keyStore values are required.
Okay,I generated truststore.p12 through tomcatJMX.cer file, and specify trustStore in commandline, but still got the above memtioned error.
- Create truststore
keytool -import -keystore ./truststore.p12 -storepass changeit-noprompt -trustcacerts -v -alias jmxssl -file ./tomcatJMX.cer
- Running command:
java -jar jmx_prometheus_httpserver.jar 49103 /etc/jmx/jmx-server-prometheus.yaml -Djavax.net.ssl.trustStore=./truststore.p12 -Djavax.net.ssl.trustStorePassword=changeit
from jmx_exporter.
This command line is incorrect...
java -jar jmx_prometheus_httpserver.jar 49103 /etc/jmx/jmx-server-prometheus.yaml -Djavax.net.ssl.trustStore=./truststore.p12 -Djavax.net.ssl.trustStorePassword=changeit
This is passing -Djavax.net.ssl.trustStore=./truststore.p12 -Djavax.net.ssl.trustStorePassword=changeit
as arguments to the exporter.
The correct command line should be...
java -Djavax.net.ssl.trustStore=./truststore.p12 -Djavax.net.ssl.trustStorePassword=changeit -jar jmx_prometheus_httpserver.jar 49103 /etc/jmx/jmx-server-prometheus.yaml
The use of the Java agent is strongly recommended. Some JVM metrics can't be captured when running the standalone exporter.
from jmx_exporter.
This command line is incorrect...
java -jar jmx_prometheus_httpserver.jar 49103 /etc/jmx/jmx-server-prometheus.yaml -Djavax.net.ssl.trustStore=./truststore.p12 -Djavax.net.ssl.trustStorePassword=changeit
This is passing
-Djavax.net.ssl.trustStore=./truststore.p12 -Djavax.net.ssl.trustStorePassword=changeit
as arguments to the exporter.The correct command line should be...
java -Djavax.net.ssl.trustStore=./truststore.p12 -Djavax.net.ssl.trustStorePassword=changeit -jar jmx_prometheus_httpserver.jar 49103 /etc/jmx/jmx-server-prometheus.yaml
The use of the Java agent is strongly recommended. Some JVM metrics can't be captured when running the standalone exporter.
It seems that the agent mode cannot be used because I deployed the java application and jmx_exporter in a kubernetes environment.
from jmx_exporter.
Deployment of the JMX Exporter Java agent works in Kubernetes.
from jmx_exporter.
Hi @dhoard , I tried again based on the correct command you provided. Unfortunately, I still got the same error. Then, I checked the SSL related source code and found that after I deleted this line and tested it in local, I was able to pass the SSL authentication successful. This Is it a bug?
from jmx_exporter.
@kingEneru I am reviewing #947, which appears to fail a new integration test I have created (not yet merged into main
.)
EDIT: The code in main
works correctly.
from jmx_exporter.
@kingEneru I am reviewing #947, which appears to fail a new integration test I have created (not yet merged into
main
.)EDIT: The code in
main
works correctly.
That's weird...
Does SSL authentication require that the jdk version of jmx exporter is the same as the jdk version of jmx server?
from jmx_exporter.
That's weird... Does SSL authentication require that the jdk version of jmx exporter is the same as the jdk version of jmx server?
It does not. This is a configuration issue. I just updated PR #947 with the missing Java system property.
from jmx_exporter.
@kingEneru When configuring RMI for SSL, the expectation is that the RMI registry is also configured for SSL. This requires the Java system property...
-Dcom.sun.management.jmxremote.registry.ssl=true
... to be defined when launching your application.
I have merged an integration test that tests/validates RMI with SSL. @unitsvc also validated that adding the Java system property resolves the issue.
Okay, It's working successfully and normally now. Thanks a lot
from jmx_exporter.
Related Issues (20)
- Duplicate metrics with NaN HOT 1
- Drop support for Java 8 HOT 8
- Blacklisting Percentile Metrics HOT 3
- Metrics for a specific process HOT 6
- the problem of getting data from multiple replicas under Kubernetes deployment controller and how to distinguish replica labels based on podname HOT 2
- JMX exporter high memory usage. HOT 3
- have any metric about jvm GC Pause? HOT 3
- Proposal: attributes as metrics & extra metrics HOT 7
- Can't add metrics to blacklistObjectNames HOT 6
- Plan for release with Prometheus Client 1.x? HOT 2
- no main manifest attribute, in jmx_prometheus_javaagent-0.19.0.jar HOT 1
- Hazelcast Metrics are not showing HOT 2
- Ability to use lowercaseOutputName in particular rules HOT 4
- jmx exporter inside Confluent Kafka broker container HOT 2
- After applying JMX filtering pattern, it takes 23 secs to scrape the metrics, is it expected behaviour? HOT 6
- Collection fails for Kafka using release 1.0.0 HOT 14
- feature request: allow to exclude specific attribute patterns inside a composite attribute HOT 3
- Clarify in documentation "jvm_*" metrics HOT 4
- jmxexporter adding incorrect _total suffix to #HELP and #TYPE when using COUNTER HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jmx_exporter.