I'm trying to enable JMX on tomcat docker image using docker-compose.yml but I'm still getting error that VisualVM cannot connect to the JMX.
tomcat:
image: tomcat:8.0-jre8
environment:
CATALINA_OPTS: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
ports:
- "9000:9000"
JMX requires more than just a single port since RMI is also involved. Remote JMX is always a challenge with Tomcat, and using Docker basically makes this "remote" access.
Have a look at Tomcat's JMX Remote Lifecycle Listener to see the port numbers that can be set, and use that listener to set them. If you don't, the RMI server is basically free to use whatever ports it wants to use and you can't predict them.
Once you set those ports, give the port mapping to Docker and you should be good to go.
Related
My understanding is that tomcat server can be accessed thru jmxrmi if we configure following properties. Port can also be configured.
-Dcom.sun.management.jmxremote.port=30000
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.password.file=xyz
-Dcom.sun.management.jmxremote.access.file=xyz
After that tomcat server can be connected thru some jmx tools like jconsole or jvisualvm etc. But I also noticed that same tomcat server can also be connected on default jmxrmi port 1099. I havent configured anywhere port 1099. Even though if I comment out all above properties, I see tomcat still can be connected to on port 1099 on jvisualvm.
Please suggest, what might be enabling this connectivity on default port. And how can I disable this connectivity?
Possibly some other third party libraries in classpath might be doing it, but how to figure which one?
JMX uses two ports: one for the JMX connection (which you have set to port 30000) and another one for RMI communications. Java defaults to port 1099, but if it's in use, it will choose the first port available after 1099. In Java 8, you cannot explicitly set this port via system properties.
For later Java versions, you can use the system property com.sun.management.jmxremote.rmi.port.
Tomcat has a workaround for this. You can use the JmxRemoteLifecycleListener to set the rmiServerPortPlatform attribute. Set that to whatever port you prefer.
Note that you cannot disable this second port: it is required for JMX to operate properly.
Assuming I have a server in my local network with ip 192.168.100.10.
There is docker container running in it with java application.
Now i want to connect to this java application with VisualVM from my computer which has ip address 192.168.100.20. I thought I had everything configured properly but it still does not work.
I have passed these JVM options:
-Dcom.sun.management.jmxremote"
-Dcom.sun.management.jmxremote.port=9010"
-Dcom.sun.management.jmxremote.authenticate=false"
-Dcom.sun.management.jmxremote.ssl=false"
-Dcom.sun.management.jmxremote.local.only=false"
-Dcom.sun.management.jmxremote.rmi.port=9010"
-Djava.rmi.server.hostname=192.168.100.10"
Then I have exposed port 9010 in Dockerfile:
EXPOSE 9010
Then added this port to docker-compose:
ports:
- "9010:9010"
I am trying to connect to remote host with JConsole or VisualVM from my local machine. In "Remote Process" input in JConsole I put "192.168.100.10:9010" but connection fails with error:
"The connection to 192.168.100.10:9010 did not succeed. Would you like to try again?"
What am I doing wrong?
The solution above is sufficient and working. I've been using env variable to set port number which was not working properly.
I have successfully implemented my remote debugging for Spring boot applications in tomcat server for several times.
To make remote debug enable in tomcat server just need to change in catalina.sh and set: JAVA_OPTS="$JAVA_OPTS -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=9999 $JSSE_OPTS"
And start tomcat by catalina.sh jpda start
But I need to know how it works internally through this specific port over TCP network connection from IDE?
I have ordinary spring boot application and am able to connect to that application using jconsole when I choose it from the Local Processes group:
But I want to connect to my application remotely. Firstly I want to connect from the same PC but using remote process.
I tried to type localhost:1099 and localhost:1199 but it doesn't connect:
I didn't pass any special VM keys.
How can I connect using remote process?
The monitored application must be started with following java runtime arguments:
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=1199
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
Then in JConsole you can connect to remote process using localhost:1199.
I was able to connect when I used port from -Dcom.sun.management.jmxremote.port
I developing under Spring3.1 standalone env.
I am trying to connect my application remotely via jconsole.
It's working locally but when I deploy my application into the linux machine it gets time out.
I am using Daemon in order to run my environment.
this is what I add in the run.sh script:
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=6969 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false \
com.mypackage.daemon.FixDaemon
and inside applicationContext.xml:
<context:mbean-server />
<context:mbean-export />
now on the linux machine after doing netstat thats what we see:
[root# logs]# netstat -an | grep 6969
tcp 0 0 :::6969 :::* LISTEN
so it's seems like it does listening.
but when I add my ip:6969 inside the jconsole interface I get connection failed popup.
any idea what am I doing wrong?
thanks,
ray.
First try to add also this option to your application:
-Djava.rmi.server.hostname=<ip>
Also keep in mind jconsole is using RMI for the communication. This means jconsole first connects to ip:6969. Then server generates a random port X which is passed back to the jconsole. Jconsole then opens another connection to ip:X. Since X is random, there is no way you can open this specific port in the firewall. You have either to open all ports or use a socks proxy which is another subject.
Try connecting to that port using telnet from your machine. If this does not succeed it usually is because of a firewall dropping packets. You will have to talk to your network administrator to open up that port.
Note: You will have to open up two ports. One for binding the RMIRegistry and another one to export the RMI objects. RMI usually exports objects on random high ports. But this will not work in a firewall-ed environment hence you would have to configure the port on which it is exported. This is done by using a RMI URL.
If you are running this on Linux then do a hostname -i, if it returns 127.0.0.1 then fix /etc/hosts. The FAQ entry for JConsole has more information on this.
Another option I would strongly suggest is to look at Jolokia which does not involve changing the firewall configuration but still provides the JMX goodies over HTTP.