[Netarchivesuite-users] RE JMX user names

Søren Vejrup Carlsen svc at kb.dk
Tue Apr 21 18:04:53 CEST 2009


Hi nicolas.

We think we have found the problem, and incidentally a bug in NetarchiveSuite.

 

The "jmxremote.access" file contains access-rules for the JMX roles.

And By default the jmxremote.access contains access-rules for the roles 

monitorRole   (readonly access)

controlRole   (readwrite access)

 

If you set monitor.jmxUsername to "monitorRole", and heritrix.JmxUsername to "ControlRole"

it will work as intended.

 

But if you use different roles, there need to access-rules for these roles

in the jmxremote.access as well.

 

Consequently, we need to create our own jmxremote.access to handle other roles than the ones

known by Java.

 

The workaround in the mean-time is to stick to monitorRole, and controlRole. 

 

/Søren

 

 

Fra: netarchivesuite-users-bounces at lists.gforge.statsbiblioteket.dk [mailto:netarchivesuite-users-bounces at lists.gforge.statsbiblioteket.dk] På vegne af nicolas.giraud at bnf.fr
Sendt: 21. april 2009 10:55
Til: netarchivesuite-users at lists.gforge.statsbiblioteket.dk
Emne: [Netarchivesuite-users] RE JMX user names

 


Hi,

I've made some progress, but I still can't crawl. Here's my setup in the deploy definition file (see full file as attachment ) :

- settings.common.jmx.passwordFile=conf/jmxremote.password at the deployGlobal scope.
- settings.common.monitor.jmxUsername=nas_bnf_test_monitorRole at the deployGlobal scope.
- settings.common.monitor.jmxPassword=nas_bnf_test at the deployGlobal scope.
- settings.harvester.harvesting.heritrix.jmxUsername=nas_bnf_test_heritrixRoleat the deployMachine scope for crawler machines
- settings.harvester.harvesting.heritrix.jmxPassword=nas_bnf_testat the deployMachine scope for crawler machines

Once the deploy tool is ran, the generated jmxremote.password file contains both usernames and passwords.

However, when starting a job I get the following error :

acheron2.bnf.fr
dk.netarkivet.harvester.harvesting.distribute.HarvestControllerServer$HarvesterThread.run(HarvestControllerServer.java:670)
Fatal error while operating job 'Job 1 (state = SUBMITTED, HD = 1, priority = HIGHPRIORITY, forcemaxcount = -1, forcemaxbytes = 1000000000, orderxml = default_orderxml, numconfigs = 0)'
dk.netarkivet.common.exceptions.IOFailure: Error during crawling. The crawl may have been only partially completed.
                at dk.netarkivet.harvester.harvesting.distribute.HarvestControllerServer$HarvesterThread.run(HarvestControllerServer.java:657)
Caused by: java.lang.SecurityException: Access denied! No entries found in the access file [/usr/java/jdk1.6.0_13/jre/lib/management/jmxremote.access] for any of the authenticated identities [nas_bnf_test_heritrixRole]
                at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.checkAccessFileEntries(ConnectorBootstrap.java:223)
                at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:202)
                at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)
                at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:180)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:597)
                at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
                at sun.rmi.transport.Transport$1.run(Transport.java:159)
                at java.security.AccessController.doPrivileged(Native Method)
                at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
                at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
                at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
                at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
                at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
                at java.lang.Thread.run(Thread.java:619)
                at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:255)
                at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:233)
                at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)
                at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
                at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2327)
                at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:279)
                at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248)
                at dk.netarkivet.common.utils.JMXUtils.getJMXConnector(JMXUtils.java:369)
                at dk.netarkivet.harvester.harvesting.JMXHeritrixController.getHeritrixJMXConnector(JMXHeritrixController.java:924)
                at dk.netarkivet.harvester.harvesting.JMXHeritrixController.executeHeritrixCommand(JMXHeritrixController.java:848)
                at dk.netarkivet.harvester.harvesting.JMXHeritrixController.cleanup(JMXHeritrixController.java:501)
                at dk.netarkivet.harvester.harvesting.HeritrixLauncher.doCrawl(HeritrixLauncher.java:200)
                at dk.netarkivet.harvester.harvesting.HarvestController.runHarvest(HarvestController.java:221)
                at dk.netarkivet.harvester.harvesting.distribute.HarvestControllerServer$HarvesterThread.run(HarvestControllerServer.java:650)

If I run the command ps aux | grep heritrix on acheron2.bnf.fr, here's what I see : 

/usr/java/jdk1.6.0_13/jre/bin/java -Xmx1598M -Dheritrix.home=/bnf/netarchivesuite/bnf_test/server/2_1240303957543 -Dcom.sun.management.jmxremote.port=8172 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.password.file=/bnf/netarchivesuite/bnf_test/conf/jmxremote.password -Dheritrix.out=/bnf/netarchivesuite/bnf_test/server/2_1240303957543/heritrix.out -Djava.protocol.handler.pkgs=org.archive.net -Ddk.netarkivet.settings.file=/bnf/netarchivesuite/bnf_test/conf/settings_HarvestControllerApplication_HARVEST_HIGH_1.xml org.archive.crawler.Heritrix --bind / --port=8072 --admin=admin:dlweb

So why on earth is the HeritrixLauncher not using the correct password file and reads the default one ? com.sun.management.jmxremote.password.filepoints to the roght file, so what ? 

I can't understand this... and really need help, as my fellow colleagues need this environment running as soon as possible to perform tests. 
Thanks in advance,

Nicolas


Avant d'imprimer, pensez à l'environnement.
Consider the environment before printing this mail.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.sbforge.org/pipermail/netarchivesuite-users/attachments/20090421/0633c748/attachment-0002.html>


More information about the NetarchiveSuite-users mailing list