Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

webserver on HTTPS for /metrics url #513

Closed
sidharthk opened this issue Jul 27, 2020 · 4 comments
Closed

webserver on HTTPS for /metrics url #513

sidharthk opened this issue Jul 27, 2020 · 4 comments

Comments

@sidharthk
Copy link

sidharthk commented Jul 27, 2020
edited by brian-brazil

Hi,
We have requirement where we need to run jmx-exporter /metrics url with https. I have configured all the parameter provided in readme. But still it is not working. I am able to connect to jmx remote port (example 4009 in my case) with ssl certificates using Jconsole but /metrics url is still running on http.

Please let me know if i am missing any config or if it is a bug.

Env-properties:

-Xmx1024m
-Dcom.sun.management.jmxremote.ssl=true
-Djava.util.logging.config.file=/opt/hadoop/jmx-log.properties
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
-Djava.rmi.server.hostname=server1.abc.com
-Dzookeeper.jmx.log4j.disable=false
-Dcom.sun.management.jmxremote.ssl.config.file=/opt/hadoop/zookeeper_ssl.properties
-Djavax.net.ssl.keyStore=/opt/hadoop/keystore.jks
-Djavax.net.ssl.trustStore=/opt/hadoop/trustore.jks
-Dcom.sun.management.jmxremote.access.file=/opt/hadoop/hadoop_jmxremote.access
-Dcom.sun.management.jmxremote.password.file=/opt/hadoop/hadoop_jmxremote.password
-javaagent:/opt/hadoop/jmx_prometheus_javaagent-0.12.1-SNAPSHOT.jar=4021:/opt/hadoop/sample.yaml
-Djava.security.auth.login.config=/usr/hdp/current/zookeeper-server/conf/zookeeper_jaas.conf
-Dzookeeper.log.threshold=INFO
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=4009
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=true
-Dzookeeper.jmx.log4j.disable=true org.apache.zookeeper.server.quorum.QuorumPeerMain /usr/hdp/current/zookeeper-server/conf/zoo.cfg

zookeeper_ssl.properties

javax.net.ssl.keyStore=/opt/hadoop/keystore.jks
javax.net.ssl.keyStorePassword=redacted
javax.net.ssl.trustStore=/opt/hadoop/trustore.jks

sample.yaml

ssl: true
@brian-brazil
Copy link
Contributor

This is not currently supported. Dupe of #442.

You also included a password in this report, which should be rotated.

@sidharthk
Copy link
Author

@brian-brazil Thanks for such a quick response. Hope this will be added in future release

@ghost
Copy link

ghost commented May 10, 2021

Hi, Any update on this?
thanks in advanced.

@Slowdive-Aideron
Copy link

i would love this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brian-brazil @Slowdive-Aideron @sidharthk