As you can see, there's the new instructions:
https://docs.jboss.org/author/display/AS71/JMX+subsystem+configuration
And the old RMI instructions:
https://docs.jboss.org/author/pages/viewpage.action?pageId=21627109
I can get the new instructions working, but we use nagios, which only allows checking JMX via RMI, so I need to get RMI JMX working.
Does anyone have a solution for this?
I can't use the old instructions because it says <jmx-connector> is no longer supported.
I've added the following to my JAVA_OPTS on JBoss startup:
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.port=12345 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" -Djava.util.logging.manager=org.jboss.logmanager.LogManager -Dorg.jboss.logging.Logger.pluginClass=org.jboss.logging.logmanager.LoggerPluginImpl -Djava.rmi.server.hostname=10.20.2.50
but i can't get jconsole to connect to service:jmx:rmi:///jndi/rmi://10.20.2.50:12345/jmxrmi
(PS. If anyone with redhat paywall access could report back on the answer here: https://access.redhat.com/solutions/263763 that would be swell :P)
To connect to JMX the URL entered should be in the format
service:jmx:remoting-jmx://{host_name}:{port}
Standalone mode
where {port} is the native management interface of the AS7 installation being monitored (default=9999).
Domain mode
where {port} is the JMX subsystem interface of the AS7 installation being monitored (first server=4447, port-offset=150 next server).
<subsystem xmlns="urn:jboss:domain:jmx:1.1">
<show-model value="true"/>
<remoting-connector use-management-endpoint="false"/>
</subsystem>
Both modes
Outside localhost you have to set -Djboss.bind.address.management or inside xml (standalone.xml / host.xml).
Once connected the capabilities provided by jconsole can be used as normal.
Authentication
The connector is making use of JBoss Remoting to communicate with the server, for this reason the exact same authentication mechanisms as are used by the CLI will apply here.
Local
For processes running local to the AS7 installation we support a local authentication mechanism which allows clients to verify their identity by sharing a token on the filesystem with the server - this mechanism runs silently without any further user interaction required.
Username / Password
Where local authentication is not possible such as if the client is running as a different user than the AS7 process or is running on a remote installation by default the next mechanism to be used is username / password based. Where this mechanism is used the username and password of a user in the ManagementRealm if using the default management connector (port 9999) or in the ApplicationRealm if using the remoting connector (port 4447) should be supplied in the boxes on the 'New Connection' screen before the 'Connect' button is clicked.
The $JBOSS_HOME/bin/add-user.sh (Linux) or $JBOSS_HOME/bin/add-user.bat (Windows) scripts can be used to add these users. Make sure to choose between Management User and ManagementRealm vs Application User and ApplicationRealm depending on whether you're using the default management connector or the remoting connector (usually used with domain mode or when connecting remotely).
Necessary libraries to connect JMX over JBoss Remoting
The JMX MBeanServer is accessible using JBoss Remoting through the management connection. Therefore, it is necessary to add the following libaries from the modules directory of the EAP6 / AS7 distribution to the classpath of the monitoring application:
org/jboss/remoting3/remoting-jmx
org/jboss/remoting3
org/jboss/logging
org/jboss/xnio
org/jboss/xnio/nio
org/jboss/sasl
org/jboss/marshalling
org/jboss/marshalling/river
Ref: Using jconsole to connect to JMX on AS7
Other resource: Connecting VisualVM with a remote JBoss AS 7 / EAP6 JVM process
EDIT:
JBoss EAP 5 supports JMX monitoring using RMI, where JBoss EAP 6 does not. EAP 6 uses “remoting-jmx” instead of “rmi”.
You should look for another solution, as SNMP, or proper plugin for nagios
See:
JVM monitoring via SNMP of JBoss EAP 6 worker nodes with pnp4nagios Template
Jboss SAR MBean and Perl plug-in for Nagios compatible with Jboss 7.1.1
Related
I have a weblogic 10.3.6 installed in windows server 2008 R2 64-bit with Java 7 update 111. With in weblogic server I have 4 manged server running many java applications.
I have new client web-services application need to be deployed in one of the 4 manged server and this application require TLS1.2 as requested by third party services provider application. For that purpose, I am setting the following property in client application code like System.setProperty("jdk.tls.client.protocols", "TLSv1.2");
Question:
Will the statement System.setProperty("jdk.tls.client.protocols", "TLSv1.2"); change the protocol for only manged server where the application is deployed ? Or it will be for all application servers available within weblogic ?
If this command change the protocol for all manged servers, then this is a problem since other applications may get affected. What is the solution in this case and what is the right action to be taken to enable the required SSL protocol for that specific application without affecting other running applications ?
It should affect all managed servers on that box (probably after the nodes are restarted)
TLS is compatible with SSL - just not with insecure handshake protocols (which you should have stopped doing years ago) For more information, see: Modifiying Weblogic Server to use TLS
I've made a script called debug.sh and placed it under the bin directory (start it with ./debug.sh) to start Tomcat 8 in debugging mode:
set JPDA_ADDRESS=8000
set JPDA_TRANSPORT=dt_socket
set JAVA_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n
bash catalina.sh jpda start
But if it started, there is now message which says, that Tomcat is listening on port 8000. Also if I type
netstat -nat
there is no application listening on port 8000.
What exact configuration do I have to set, to remote debug my Tomcat 8 server which is running on a specific IP or do I have just a little problem in my script?
This answer has been updated following the comments, I did not understand the problem in the first place.
I guess you have followed that doc: this is about developing Tomcat itself.
I am not sure you are using the proper way to configure the port (I don't know your specific configuration details). In a standard environment, the ports are configured in the server.xml (note that several different ports are used by Tomcat for the different services).
To remotely monitor your server, you should use a JMX client. As far as I know, Eclipse doesn't include one (or at least not one documented) - you could code one as this is a Java specification (JSR262). You have one in a standard Java environement (JConsole). By default, JMX is not enabled on Tomcat. If you need to enable it, the fine way is to follow the doc.
Tomcat JMX monitoring and JConsole are both available in most versions of Tomcat and the Java runtime.
The following exchange seems to be about your problem.
I am trying to deploy the hawtio-default-offline-1.3.1.war (into JBoss EAP 6.2) and I see this message in the logs:
10:16:07,988 WARN [io.hawt.jvm.local.JVMList] (ServerService Thread Pool -- 65) Local JVM discovery disabled as this JVM cannot access com.sun.tools.attach.VirtualMachine due to: com/sun/tools/attach/VirtualMachine
So I don't have a local tab when I start up hawtio. Is this OK? This is my local Windows laptop and I am deploying the hawtio WAR alongside my app WAR and I am launching it using the JBoss bat file. I do a jps and I can see the JBoss server running.
Appreciate any pointers, thanks!
Yes this is okay, the WARNING is only about the connect plugin, not being able to use the local discovery. You can always use remote discovery, also to connect to local.
But if you only need that hawtio application deployed in your EAP to manage and monitor whats running in the same JVM then this is no problem.
There is also a FAQ at hawtio about related to this.
http://hawt.io/faq/
I have a Jboss 6.1 server and I'd like to use remote EJB connection from a remote client.
But JBoss port 4447 is always closed, connection is refused.
How can I open this port?
I assumed you are using Remote protocol to get JNDI resources in server from a Java program
By default, Remote port is not closed in JBOSS servers.
To access Remote protocol , you need to create an application user and use that credentials while connecting.
Find the add-user.bat (for windows) / add-user.sh (for linux) and create a application Realm user.
After that use that user name and password in your program.
For reference :check this documentation
But here are other things to ensure:
Check your log for the below line:
[Server:ServiceNode-1] 19:40:39,323 INFO [org.jboss.as.remoting] (MSC service thread 1-1) JBAS017100: Listening on fedora18/localhost:4447
And ensure that no other programs uses the port 4447. (using netstat or something like that)
I have an app deployed to my local WebLogic instance (10.3.6) on my Win7 laptop. It's creating Beans through Spring and registering them in the local MBeanServer. I can open up VisualVM, see the "WebLogic" process and see the mbeans that I've registered. This works fine.
I then wanted to set up my JVM for remote JMX access. I took the simple-minded approach for now and set the following properties:
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true
I made sure the "jmxremote.access" and "jmxremote.password" file in my JRE was set appropriately.
I started it up, then opened up VisualVM on my Linux box and created a remote host entry for the IP address of my laptop, then a JMX connect to port 8888, and specified the name:pwd pair I set in the jmxremote.access and jmxremote.password files. This all worked fine. I could see all the same registered mbeans.
Then, I went back to my laptop and looked my local VisualVM, and I saw that there was no "WebLogic" process. It appears that enabling my JVM for remote JMX access has disabled local access. Is this supposed to happen? Is there a way to configure this? This isn't necessarily a big problem, I just need to understand it.