Kafka - random high port

Coredump · 20 January 2024 12:19

Hi All,

I am running the confluent kafka containers, one for kraft and one for a broker. The containers are ran in podman and use network ‘host’. I need to use the JMX interface to monitor stats, for this i have enabled JMX using KAFKA_JMX_OPTS, as below:

KAFKA_JMX_OPTS: -Dcom.sun.management.jmxremote.port=1091 -Dcom.sun.management.jmxremote.host=127.0.0.1 -Djava.net.preferIPv4Stack=true -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.rmi.port=1091 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false

Kafka controller and broker appear to be listening on 1091 but also open a random high port. How do i stop this random high port ?

Thanks in advance!

dtroiano · 22 January 2024 19:53

Which specific image / version are you running?

How are you configuring kafka in the containers? e.g., do you have a Docker Compose file? I’m wondering what listeners you have configured (KAFKA_LISTENERS / KAFKA_ADVERTISED_LISTENERS environment variables)

Coredump · 22 January 2024 21:36

@dtroiano

I am using podman containers managed by systemd. I am passing in ENV variables to configure my nodes and bind mounting truststore/certs.

Image: docker.io/confluentinc/cp-kafka:7.5.0-1-ubi8
I have two listeners SSL Listeners on 9093, 9094 all working as expected.

LISTEN 0 50 0.0.0.0:1091 0.0.0.0:* users:((“java”,pid=3875131,fd=113)) <— JMX
LISTEN 0 50 10.10.10.10:9093 0.0.0.0:* users:((“java”,pid=3875131,fd=467)) <–MTLS SSL LISTENER
LISTEN 0 50 0.0.0.0:41147 0.0.0.0:* users:((“java”,pid=3875131,fd=114)) << — ? Random high port - possibly jmri? Changes across reboots.
LISTEN 0 50 10.10.20.10:9094 0.0.0.0:* users:((“java”,pid=3875131,fd=468)) ← MTLS LISTENER

dtroiano · 22 January 2024 22:45

Very likely it’s JMX-related, either RMI or there’s also a port for local connections. Check this and this out for further reading and ways to configure those ports. Bear in mind that the image you’re using includes Java 11, so any post-Java 11 features wouldn’t be doable out of the box. If you really needed those features you might attempt upgrading java in the image (*ymmv).

Coredump · 23 January 2024 12:42

thanks. Interesting that confluent recommend Java 17 but build containers using ubi8 (java 11) and not ubi8/openjdk-17. I suspect the port is the local jmx port which i dont think can be changed or disabled in java 11 ;(.

dtroiano · 23 January 2024 20:29

I confirmed that if you upgrade to Java 17 and use the following env var, it’ll do the trick and JMX will only use the two configured ports:

KAFKA_JMX_OPTS: -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.rmi.port=9101 -Dcom.sun.management.jmxremote.local.port=9102

Those properties are from the Baeldung article, and the env variable is documented here.

system · 30 January 2024 20:30

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to enable JMX port in Confluent Cloud? Confluent Cloud	3	5817	15 April 2021
Kafka client unable to communicate with Kafka broker Clients	1	499	23 January 2024
MQTT Proxy Error: No LoginModules configured for ConfluentKafkaMqtt Clients	5	3087	25 May 2022
What is wrong with my cluster setup? Ops	8	3639	31 December 2021
Kafka Monitoring and Metrics Using JMX Confluent Cloud	11	4240	22 August 2022

Kafka - random high port

Related Topics