Bug 63990 - SSL RMI Binding
Summary: SSL RMI Binding
Status: NEW
Alias: None
Product: JMeter
Classification: Unclassified
Component: Main (show other bugs)
Version: 5.2.1
Hardware: PC Linux
: P2 regression (vote)
Target Milestone: JMETER_5.2
Assignee: JMeter issues mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-06 18:58 UTC by Tom Lagodzinski
Modified: 2019-12-10 08:36 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tom Lagodzinski 2019-12-06 18:58:00 UTC
In AWS when using Elastic IP for public IP mapping, it's not possible to use SSL RMI as setting java.rmi.server.hostname when using SSL RMI, it wants to bind to the provided address. This doesn't happen on non SSL setup, which allows remote jmeter master to manage EC2 based jmeter runners.

Seems to be caused in RMIServerSocketFactoryImpl by the createServerSocket override which also provides localAddress.

Security wise, it seems to not matter, as binding to a local address and reporting a remote one requires non standard manual configuration.

Log from binding when using SSL RMI:
Server failed to start: java.rmi.server.ExportException: Listen failed on port: 1099; nested exception is:
        java.io.IOException: Could not bind /XXX.XXX.XXX.XXX using port 1099
An error occurred: Listen failed on port: 0; nested exception is:
        java.io.IOException: Could not bind to /XXX.XXX.XXX.XXX using port 1099

With -Jserver.rmi.ssl.disable=true it works without a hitch, therefore marking it as regression.
Comment 1 Philippe Mouawad 2019-12-08 15:46:38 UTC
Can you provide more informations on your setup and how you start each server and test ? 

Do you set this property:

java.rmi.server.hostname
Comment 2 Tom Lagodzinski 2019-12-08 18:48:59 UTC
Sure,

0. Setup 4 linux jmeter servers in AWS.
1. Using Elastic IP in AWS on EC2, which makes something similar to NAT, so the public IP is not available on host.
2. Using a remote windows machine as master.
3. Set java.rmi.server.hostname to public IP.
4. Configure keystore using provided shell script.
5. Jmeter-server tries to bind to public IP as set in java.rmi.server.hostname due to some weird behaviour from rmi ssl connection factory.


AFAIK if any of the following is not met, it's not possible to reproduce this error:
- Windows master
- Linux runners
- Runners behind NAT
Comment 3 Tom Lagodzinski 2019-12-10 08:36:11 UTC
Upon further deliberation it seems that to replicate this bug it should only be necessary to use ssl rmi and to set java.rmi.server.hostname to a non local ip.