Open tnozicka opened 7 months ago
@mykaul the random port blocks security validation for the operator (https://github.com/scylladb/scylla-operator/pull/1759) do we have anyone to assign this to? (I can't even allow the port because it's random.)
If all goes well, JMX is going to be retired in 6.0 (at least from base installations), as well as java in general. Will that solve your problem? Or will you need this fixed in older versions too?
As much as I like JMX going away, we'll have to live with the older versions + enterprise for quite a bit :(
You will need @mykaul to find you somebody who can actually Java, because I can't.
I wonder if it happens only with IPv6.
I wonder if it happens only with IPv6.
the tcp6
in the output here comes from kernel and means IPv4 + IPv6 (listens on random port on both stacks)
so this bug should be in https://github.com/scylladb/scylla-jmx
@elcallio @amnonh do you guys remember why there is extra port open and who allocates it after registermbean in https://github.com/scylladb/scylla-jmx/blob/master/src/main/java/com/scylladb/jmx/main/Main.java ?
could it be some debug leftover?
I think I might have an answer - it's about local jconsole connection it seems - https://www.baeldung.com/jmx-ports so
-Dcom.sun.management.jmxremote.port=1234
-Dcom.sun.management.jmxremote.rmi.port=1234
-Dcom.sun.management.jmxremote.local.port=1235
might fix this and bind the port to static
wondering what -XX:+DisableAttachMechanism
will do
so try to fix here https://github.com/scylladb/scylla-jmx/blob/master/scripts/scylla-jmx#L134 ? (check service for install location of this script, on non container changing this and restarting scylla-jmx will show the effect asap, so it is possible it's a tiny config change/fix)
huh ... and I didn't realize but it says that .local.port is there since JDK 16 only ... d'oh :-(
@mykaul can you please move this to https://github.com/scylladb/scylla-jmx
? How do we ensure this gets an assignee and not linger around?
We are deprecating jmx in 6.0 or 6.1 the latest.
This is Scylla's bug tracker, to be used for reporting bugs only. If you have a question about Scylla, and not a bug, please ask it in our mailing-list at scylladb-dev@googlegroups.com or in our slack channel.
Installation details Scylla version (or git commit hash): 5.4.3 Cluster size: 1 OS (RHEL/CentOS/Ubuntu/AWS AMI): container image
Using ScyllaDB container image, the JMX service opens a random port on all interfaces. This is bad for security.