JMX connection to Gemfire over SSL - ssl

I have used GFSH to start locator like below
start locator --name=gemfire_locator --security-properties-file="../config/gfsecurity.properties" --J=-Dgemfire.ssl-enabled-components=all --mcast-port=0 --J=-Dgemfire.jmx-manager-ssl=true
Also started server
start server --name=server1 --security-properties-file="../config/gfsecurity.properties" --J=-Dgemfire.ssl-enabled-components=all --mcast-port=0 --J=-Dgemfire.jmx-manager-ssl=true
I am trying to connect to Gemfire as ClientCache which works perfectly fine over SSL. But When I connect as JMX client, I am getting below error in Java code as well as Jconsole.
Error:
Exception in thread "main" java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
at SamplePlugin.main(SamplePlugin.java:101)
Am I missing any other configuration?
Here is my JAVA_TOOL_OPTIONS:
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=true
-Djava.rmi.server.hostname=myhostname

You will also need to add the geode-core jar to your classpath for jvisualvm. Use the --cp:a option. I would suggest just using geode-dependencies.jar as that will get everything you might need.
The reason this is required is explained a bit in the comments for ContextAwareSSLRMIClientSocketFactory. Basically it seems that when RMI uses SSL, the necessary RMIClientSocketFactory is exported from the server to the client for use there. In general this would simply just be SslRMIClientSocketFactory. But in our case, we have a custom socket factory and so the client (jvisualvm in this case) needs to have access to it.

Related

how can I get all the mbeans about weblogic?

When I use jconsole to access weblogic's mbean,I just can get some info about jvm like 'java.lang'.But what I want to get is about 'jdbc','jta','ejb','servlet'...
I wonder if I can get these indicators through service:jmx:rmi:///jndi/rmi://10.0.99.102:7997/jmxrmi with username and password.I think it's very likely that my configuration has errors, but I don't know where the problem is.
Then I tried another way.I enabled iiop, but I can't access it via iiop.
I met some errors like Failed to retrieve RMIServer stub: javax.naming.NameNotFoundException.
Try to figure this error,I add wljarbulder.jar to my project,then another error comes out,'Unhandled exception in lookup,Caused by: javax.naming.NamingException Unhandled exception in lookup [Root exception is org.omg.CORBA.NO_PERMISSION...'.
All I need is to get the mbean information for weblogic, I am trying to monitor weblogic via jmx.
(I have collected weblogic's snmp oid, but it is not enough to complete my monitoring plan)
Thank you.
Actually,I figure out the problem.
It seems that the iiop default username and password must be set the same as weblogic Admin.
I don't understand why for this,but when I read one blog and try,then I get the data.
I'm not sure that I can get all the mbean data through this,but it connects successful at least and show a lot of data.
I should have used jconsole to find the value I want now.emmm,but I cannot connect by jconsole.But this is the next question.
First add these parameters to your WebLogic Server instance :
-Dcom.sun.management.jmxremote
-Djavax.management.builder.initial=weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder
-Dcom.sun.management.jmxremote.port=6789
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
Second, launch jconsole :
jconsole.exe -J-Djmx.remote.protocol.provider.pkgs=weblogic.management.remote -J-Djava.class.path=%JAVA_HOME%\lib\jconsole.jar;%WL_HOME%\server\lib\weblogic.jar;%JAVA_HOME%\lib\tools.jar
and connect to port 6789

Apache camel / MQTT through SSL : Failed to create Producer for endpoint (java.lang.NullPointerException)

I'm trying to publish to a MQTT topic thanks to the appropriate Apache Camel MQTT component.
So in my spring context XML I have the following:
<camel:to uri="mqtt:test?host=ssl://myhost:8883&publishTopicName=test&userName=test&password=test"/>
But I'm getting the following error at startup :
Failed to create Producer for endpoint:
Endpoint[mqtt:test?host=ssl://myhost:8883&publishTopicName=test&userName=test&password=test]. Reason: java.lang.NullPointerException
Everything is working fine when not using ssl, the following configuration (regular tcp instead of ssl) is working well :
<camel:to uri="mqtt:test?host=tcp://myhost:1883&publishTopicName=test&userName=test&password=test"/>
I've added the javax.net.ssl.trustStore JVM property pointing to my certificates store but without any effect.
Does someone already met this issue ? Is there something to specifically add in the spring DSL configuration file when using the camel mqtt component with ssl ?
EDIT :
The stacktrace of the NPE :
Caused by: java.lang.NullPointerException at
org.fusesource.hawtdispatch.transport.SslTransport.connecting(SslTransport.java:194)
at
org.fusesource.mqtt.client.CallbackConnection.createTransport(CallbackConnection.java:285)
at
org.fusesource.mqtt.client.CallbackConnection.connect(CallbackConnection.java:138)
at
org.apache.camel.component.mqtt.MQTTEndpoint.connect(MQTTEndpoint.java:305)
at
org.apache.camel.component.mqtt.MQTTProducer.doStart(MQTTProducer.java:38)
at
org.apache.camel.support.ServiceSupport.start(ServiceSupport.java:61)
at
org.apache.camel.impl.DefaultCamelContext.startService(DefaultCamelContext.java:3219)
at
org.apache.camel.impl.DefaultCamelContext.doAddService(DefaultCamelContext.java:1209)
at
org.apache.camel.impl.DefaultCamelContext.addService(DefaultCamelContext.java:1170)
at
org.apache.camel.impl.ProducerCache.doGetProducer(ProducerCache.java:442)
... 33 more
Debugging through javax.net.debug=ssl was useful.
Actually there were an issue on the java.security where the security.provider property was not set properly. That was manually changed for testing purpose related to another application.
Since, everything is working fine. Sorry for the post related to a internal specific mistake.
Alex.

Spring XD on YARN

I am getting the below error, while I am trying to install Spring XD on YARN.
Error executing a spring application; nested exception is org.springframework.yarn.YarnSystemException:
Call From c01dfobi43.vcac.dc1.dsghost.net/100.98.226.45 to c01dfobi41.vcac.dc1.dsghost.net:8032 failed on connection exception:
java.net.ConnectException: Connection refused; For more details see: http://wiki.apache.org/hadoop/ConnectionRefused;
nested exception is java.net.ConnectException:
Call From c01dfobi43.vcac.dc1.dsghost.net/100.98.226.45 to c01dfobi41.vcac.dc1.dsghost.net:8032 failed on connection exception:
java.net.ConnectException: Connection refused; For more details see: http://wiki.apache.org/hadoop/ConnectionRefused
Not sure where I am committing a mistake. Also do we need to install Spring XD Yarn on all nodes?
It would be great if you can share any documentation mentioned explicitly for YARN.
I am going to assume that c01dfobi41.vcac.dc1.dsghost.net:8032 is a ResourceManager host, I am also going to assume that based on your comment stating that yarn applications do run, you have more then one. In that case what may be happening (and I see this all the time) is that your yarn client attempts to contact the resource manager by looking it up in yarn-site.xml, it picks the first one and gets ConnectionRefused as the standby resource manager does not listen on its RPC port, it moves on to the next one and succeeds. If this is the case this is not a fatal error and can be ignored.

How to address JNDI configuration when using mvn scala:console

I'm troubleshooting a Mapper problem and I'm running into an issue trying to use a Mapper class inside of the Scala/Lift console. Our MetaMappers have their datasource configured through a ConnectionIdentifier that points to a JDBC datasource configured in JNDI. This works great when bootstrapping through Jetty.
When loading the console and running (new bootstrap.liftweb.Boot).boot to initialize, Schemifier.schemify fails JNDI configuration is not available.
scala> (new bootstrap.liftweb.Boot).boot
java.lang.NullPointerException: Looking for Connection Identifier ConnectionIdentifier(jdbc/svcHub) but failed to find either a JNDI data source with the name jdbc/svcHub or a lift connection manager with the correct name
at net.liftweb.mapper.DB$$anonfun$7$$anonfun$apply$12.apply(DB.scala:141)
at net.liftweb.mapper.DB$$anonfun$7$$anonfun$apply$12.apply(DB.scala:141)
at net.liftweb.common.EmptyBox.openOr(Box.scala:465)
at net.liftweb.mapper.DB$$anonfun$7.apply(DB.scala:140)
at net.liftweb.mapper.DB$$anonfun$7.apply(DB.scala:140)
at net.liftweb.common.EmptyBox.openOr(Box.scala:465)
at net.liftweb.mapper.DB$.newConnection(DB.scala:134)
at net.liftweb.mapper.DB$.getConnection(DB.scala:230)
at net.liftweb.mapper.DB$.use(DB.scala:581)
at net.liftweb.mapper.Schemifier$.schemify(Sche...
Essentially, I'd like to have full MetaMapper functionality from within the console. My question is: What's the best way to bootstrap a Lift app from the console such that the JNDI-based dependencies can also be fulfilled outside of a JNDI-capable web container?
Under a application server it's likely that the server will provide a JNDI context for you. In a standalone application you must provide a JNDI Context your self. For that you can use a javax.naming.InitialContext.
There is a nice example using Apache's DBCP here: http://commons.apache.org/dbcp/guide/jndi-howto.html. Of course, will you have to fix the Datasource objects to the implementation you are using.
This will be enough (not very elegant, though) for simple JNDI usage.

OSB WLS Initialisation issue

facing some strange behavior in OSB, i have configured WLS with MQ in client mode, i am doing some minor test to check the connection, i have created a proxy service to read the message from Q1 and a Business Service(BS) to route it to Q2. The issue is the proxy is able to read the message but the BS is throwing this:
JMSPool BEA-169807 There was an error while making the initial connection to the JMS resource named ALSB_JMS_SessionPool_491704821 from within an EJB or a servlet. The server will attempt the connection again later. The error was javax.jms.JMSException: [JMSPool:169803]JNDI lookup of the JMS connection factory AKBConnFact failed: javax.naming.NoInitialContextException: Cannot instantiate class: com.sun.jndi.fscontext.RefFSContextFactory [Root exception is java.lang.ClassNotFoundException: com.sun.jndi.fscontext.RefFSContextFactory
Note: The classpath or the domain/lib folder contains the RefFSContextFactory class
Any ideas gang..? TIA
The answer is this is a bug in OSB which needs to be reported.
As a workaround you need to individually set the jars in the weblogic classpath in your domain/server/bin folder. just go through the link below for more details:
http://forums.oracle.com/forums/thread.jspa?threadID=2135523&start=0&tstart=0