OpenDJ icon indicating copy to clipboard operation
OpenDJ copied to clipboard

Published 20 hours ago verified publisher icon OpenIdentityPlatform

No opendj metrics via JMX

Open Cenness opened this issue 6 months ago • 0 comments

Describe the bug JMX does not return any metrics for the server, except jvm, host and flag that says jmx is enabled

To Reproduce Steps to reproduce the behavior:

  1. Setup opendj
  2. Run commands from listing 1
  3. Download jmx_prometheus_javaagent-1.0.1.jar
  4. Create jmx-exporter.yml with content from listing 2
  5. Restart opendj with parameters from listing 3
  6. Call curl localhost:7072/metrics | grep opends, get
org_opends_server_rootdse_active{rdn1="cn-config",rdn2="cn-Connection_Handlers",rdn3="cn-JMX_Connection_Handler",type="jmxRmiConnectorNoClientCertificateName"} 1.0
  1. With jconsole connect to service:jmx:rmi:///jndi/rmi://localhost:1690/jmxrmi
  2. All org.opends.server mbeans are attributeless except for jmxRmiConnectorNoClientCertificateName
  3. With jconsole try connecting to service:jmx:rmi:///jndi/rmi://localhost:1690/org.opends.server.protocols.jmx.client-unknown, get connection failed

listing 1:

#enable jmx
/opt/opendj/bin/dsconfig \
  set-connection-handler-prop \
  --bindDN "$ROOT_USER_DN" \
  --bindPassword "$ROOT_PASSWORD" \
  --handler-name "JMX Connection Handler" \
  --set enabled:true \
  --trustAll \
  --no-prompt

#allow admin to access jmx
/opt/opendj/bin/dsconfig \
  set-root-dn-prop \
  --bindDN "$ROOT_USER_DN" \
  --bindPassword "$ROOT_PASSWORD" \
  --add default-root-privilege-name:jmx-notify \
  --add default-root-privilege-name:jmx-read \
  --add default-root-privilege-name:jmx-write \
  --trustAll \
  --no-prompt

listing 2

username: cn=directory manager
password: password
ssl: false
startDelaySeconds: 0
lowercaseOutputName: true
lowercaseOutputLabelNames: true

rules:
- pattern: ".*"

listing 3

-javaagent:/path/to/jmx_prometheus_javaagent-1.0.1.jar=7072:/path/to/jmx-exporter.yml
-Dcom.sun.management.jmxremote.port=1690
-Dcom.sun.management.jmxremote.rmi.port=1690
-Djava.rmi.server.hostname=127.0.0.1
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false

Expected behavior Same metrics as you can get from ldap monitoring

Screenshots image

Specs:

Ubuntu 22.04.2 LTS

--- Server Details ---
Host Name:
od-opendj-az0-0.od-opendj-hs-az0.opendj.svc.cluster.local
Administrative Users:     cn=Directory Manager
Installation Path:        /opt/opendj
Instance Path:            /opt/opendj/data
Version:                  OpenDJ Server 4.6.6-SNAPSHOT
Java Version:             19.0.2
Administration Connector: Port 4444 (LDAPS)

          --- Connection Handlers ---
Address:Port : Protocol               : State
-------------:------------------------:---------
--           : LDIF                   : Disabled
8989         : Replication            : Enabled
0.0.0.0:1389 : LDAP (allows StartTLS) : Enabled
0.0.0.0:1636 : LDAPS                  : Enabled
0.0.0.0:1689 : JMX                    : Enabled
0.0.0.0:8080 : HTTP                   : Disabled

          --- Data Sources ---
Base DN:                      dc=local
Backend ID:                   userRoot
Entries:                      134
Replication:                  Enabled
Missing Changes:              <not available>
Age of Oldest Missing Change: <not available>

Additional context ldap monitoring works fine image

Cenness avatar Aug 16 '24 08:08 Cenness