Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Connecting remote tomcat JMX instance using jConsole

People also ask

How do I connect JMX to JConsole?

To connect JConsole to server process, in the Remote Process section, specify the URL service:jmx:rmi:///jndi/rmi://localhost:2047/fmq and credentials pertaining to the server. Default user name and password are admin and passwd respectively.

How do I connect to a JMX Remote?

Remote JMX ConnectionsRight click anywhere in the blank area under the application tree and select Add JMX Connection. Provide the machine name and port number for a running JMX agent, that has been started with the appropriate system properties to allow remote management.

How do I enable JMX Remote Monitoring?

The most common way to enable remote JMX access to your JVM is to specify a TCP/IP port number and some basic security settings when you start the JVM. The security settings commonly include authentication and SSL (Secure Socket Layer). Derby attempts to use the JVM's built-in platform MBean server.


I had a similar, if not the same, problem. I could connect to the JMX server if I started jconsole locally on the machine.

It appears the RMI server was not listening on the correct ip. So, as was suggested in this related question, I added the following:

-Djava.rmi.server.hostname=<host ip>

to JAVA_OPTS as well, and then it worked.


I've collected information spread over the net, found with hints from other members.

Most pain caused by JMX is (imo) the fact that JMX opens a second dynamically allocated network port. A firewall (like iptables) will block this.

Solution for tomcat on linux :

use tomcat 6.0.24 or newer download catalina-jmx-remote.jar from apache tomcat extras (use browse on tomcat download page) copy it in the $CTALINA_HOME\lib

This allows you to set both ports used by JMX

edit Server section in your server.xml

<Server port="8005" ..>
  ...
  <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="9840" rmiServerPortPlatform="9841"/>

set some environment variables (e.g. in setenv.sh)

CATALINA_OPTS="
  -Djava.rmi.server.hostname=IP-TO-LISTEN
  -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password 
  -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access 
  -Dcom.sun.management.jmxremote.ssl=false"

this activates access control for JMX

jmxremote.access will look like

monitorRole readonly
controlRole readwrite

end jmxremote.password will be

monitorRole tomcat
controlRole tomcat

(just simple spaces)

restart tomcat.

Now configure firewall on the server (e.g. iptables)

/etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9841 -j ACCEPT

and /etc/sysconfig/ip6tables

-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9841 -j ACCEPT

restart iptables

Done!

Now use VisualVM or JConsole on your workstation to establish a connection to rmiRegistryPortPlatform, 9840 in our sample.

If there are no more firewalls between workstation and server it should work.


Tried with Java 8

1. Add this to your java tomcat startup script:

-Dcom.sun.management.jmxremote.port=1616
-Dcom.sun.management.jmxremote.rmi.port=1616
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=false
-Djava.rmi.server.hostname=localhost

for example add into bin/setenv.sh this:

export CATALINA_OPTS="$CATALINA_OPTS \
-Dcom.sun.management.jmxremote.port=1616 \
-Dcom.sun.management.jmxremote.rmi.port=1616 \
-Dcom.sun.management.jmxremote.local.only=true \
-Dcom.sun.management.jmxremote.authenticate=false \
-Dcom.sun.management.jmxremote.ssl=false "

2. Execute this on your computer.

  • Windows users:

    putty.exe -ssh user@remote-host -L 1616:remote-host:1616

  • Linux and Mac Users:

    ssh user@remote-host -L 1616:remote-host:1616

3. Start jconsole on your computer

jconsole localhost:1616

4. Have fun!

  • P.S.: during step 2, using ssh and -L you specify that the port 1616 on the local (client) host is to be forwarded to the remote side.
  • P.S.2.: you can specify same port for JMX and RMI conversations

what string are you using as the JMX connection url. I don't mean to point out the obvious but JConsole has a terrible interface and to me requires an overly complex url before it will connect to a remote jmx app. Mine looks like this:

service:jmx:rmi:///jndi/rmi://(hostname):(jmxport)/jmxrmi

Enable JMX in Tomcat8, successfully tested in my POC

1/ Download the catalina-jmx-remote.jar from apache website and place in $CATALINA_HOME/lib.

2/ Take server.xml / setenv.sh backup. Make the changes to server.xml like below-

<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />

3/ Make the changes to $CATALINA_BASE/bin/setenv.sh like -

[...]

JVM_OPTS="[...] 
-Dcom.sun.management.jmxremote 
-Dcom.sun.management.jmxremote.authenticate=true 
-Djava.rmi.server.hostname=<eth:0_IP>| <`hostname -i`> 
-Dcom.sun.management.jmxremote.password.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.password 
-Dcom.sun.management.jmxremote.access.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.access 
-Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.local.only=false 
-Dcom.sun.management.jmxremote=true "

4/ Create these two files as - $touch $CATALINA_BASE/conf/jmxremote.password containing:

admin letmein

$touch $CATALINA_BASE/conf/jmxremote.access containing:

admin readwrite

$ chmod 600 jmxremote.password

5/ Restart tomcat and test on jconsole tool :)

$echo|telnet 10.105.14.90 10001