Monitoring Tomcat via JConsole in a local setting - java

I've been trying to monitor a locally running Tomcat via JConsole. I, of course, added
-Dcom.sun.management.jmxremote to the CATALINA_OPTS variable in catalina.bat, but when starting JConsole, I couldn't find the process in the process list.
After some searching, I tried out the (more complicated?) non-local setting, further adding
set CATALINA_OPTS=-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=%my.jmx.port% \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false
and using the right parameters in JConsole, I was able to connect via the remote interface.
Has anyone else tried and succeded in using JConsole/Tomcat in a pure local setting or is the pseudo-remote way the only chance to get a local tomcat monitored?

I ran into the same thing--I'm used to running jconsole on my local Tomcat process that's been started with the -Dcom.sun.management.jmxremote flag, but it didn't work for me the first time I tried it on my laptop.
Another answer in here tipped me off to the temp directory being the key to getting this working. My Tomcat process has this argument:
-Djava.io.tmpdir="c:/install/apache-tomcat-6.0.18/temp"
I was able to get jconsole running with this command line:
jconsole -J-Djava.io.tmpdir="c:/install/apache-tomcat-6.0.18/temp"
I am running JDK 6 update 24 on a Windows 7 64-bit system.

Related

Java remote JMX config gets ignored

I'm trying to create the correct remote JMX config for a Java process on:
OpenJDK 8
CentOS 7
The box seems to be provisioned correctly and the process being run ends up with the following vm options (confirmed using a ps -ef command):
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.ssl=true
-Dcom.sun.management.jmxremote.ssl.enabled.protocols=TLSv1.2
-Dcom.sun.management.jmxremote.registry.ssl=true
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.ssl.config.file=/path/to/jmxremote.properties
-Dcom.sun.management.jmxremote.access.file=/path/to/jmxremote.access
-Dcom.sun.management.jmxremote.password.file=/path/to/jmxremote.password
-Dcom.sun.management.jmxremote.port=<<my_port>>
-Dcom.sun.management.jmxremote.rmi.port=<<my_port>>
The problem I'm facing is that after I start the process, no error is thrown, but the port is not open, whereas all the other ports opened by the application are.
Does anyone know why this config would be utterly ignored by the application?

Error: JMX connector server communication error: service:jmx:rmi when stopping/shutdown Tomcat

Title says it all. Tomcat 8 (Java 8) is running on Linux. After the error message I see that java process is not killed. Is it a problem with JMX configuration or what?
export JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=55001 -Dcom.sun.management.jmxremote.authenticate=false"
export JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.rmi.port=55002 -Djava.rmi.server.hostname=xxxxx -Dcom.sun.management.jmxremote.local.only=false"
Found the answer here:
There isn't. The reason why this is happening is that when tomcat
starts, port 5555 (in this example) is bound.
For shutdown, another jvm is launched and gets the same jmx
parameters. Therefore, it tries to bind to port 5555, too, fails and
shuts the jvm down. The shutdown procedure isn't executed and thus
tomcat is still running.
The only fix I could think of is to introduce yet another variable
that applies to start and run but not to stop.
I had to set JMX parameters as CATALINA_OPTS and not as JAVA_OPTS and it worked.

Monitoing of remote JVM using Jconsole

I'm trying to monitor remote jvm using Jconsole.
jdk1.7.0_75 is installed and configured the below parameter in jre/lib/management/management.properties file on remote machine.
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=8002
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Djava.rmi.server.hostname=x.x.x.x
Getting Connection failed: connection refused.
checked the port number 8002 is free and disabled the firewall, Kindly provide the solution.
You are setting the right properties, but mixing two different approaches here. To enable JMX on your application you either need to:
start your application with these command line parameters you used above (java -Dcom.sun.management.jmxremote.port=8002 -cp somedependency.jar Appplication)
add similar entries to your management.properties BUT WITHOUT the "-D" prefixes. So entries like: com.sun.management.jmxremote.port=8002

Jconsole Remote Executable Jar File

All,
I have a remote server that I recently enabled VNC for using vnc4server and Chicken for mac as the client.
The purpose for doing so was to enable running Java's Jconsole to monitor an executable jar file that is running my server logic.
However, after logging into my server using VNC, I keep getting an error when I try to use Jconsole on vnc.
It states connection failed do you want to try again. Now I am logged in as the same user that started the process.
Is there something I am missing when using jconsole in VNC? Also can I monitor my executable jar file remotely using Jconsole on my local machine?
These are the options I am including to run the jar file: java -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9005 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.remote.ssl=false -Djava.rmi.server.hostname=ipaddress -jar path
Thanks
These JVM options fixed things. Fix found here: You need to pass to the VM: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.local.only=false
https://forums.oracle.com/thread/1177644
This does not seem like an VNC issue- either the ports are not open, they are being blocked b a firewall, or there is some kind of permission/authentication issue with the app itself related to monitoring it.
In order to eliminate VNC as the cause (and use localhost in a local connection on jconsole), do "ssh -X REMOTHOST -n jconsole" and see. This will also eliminate the overhead of running the full X server and VNC.
Also on linux you can find out what process holds a port open by doing:
netstat -ap | grep PORT_NUMBER on the remote host you want to run on.
Colin

Connecting remote tomcat JMX instance using jConsole

I am trying to connect to a remote tomcat JMX instance using jConsole. But can't connect successfully. Any Idea?
I included the following option in remote tomcat catalina.sh:
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=9004 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false"
I had a similar, if not the same, problem. I could connect to the JMX server if I started jconsole locally on the machine.
It appears the RMI server was not listening on the correct ip. So, as was suggested in this related question, I added the following:
-Djava.rmi.server.hostname=<host ip>
to JAVA_OPTS as well, and then it worked.
I've collected information spread over the net, found with hints from other members.
Most pain caused by JMX is (imo) the fact that JMX opens a second dynamically allocated network port. A firewall (like iptables) will block this.
Solution for tomcat on linux :
use tomcat 6.0.24 or newer
download catalina-jmx-remote.jar from apache tomcat extras (use browse on tomcat download page)
copy it in the $CTALINA_HOME\lib
This allows you to set both ports used by JMX
edit Server section in your server.xml
<Server port="8005" ..>
...
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="9840" rmiServerPortPlatform="9841"/>
set some environment variables (e.g. in setenv.sh)
CATALINA_OPTS="
-Djava.rmi.server.hostname=IP-TO-LISTEN
-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access
-Dcom.sun.management.jmxremote.ssl=false"
this activates access control for JMX
jmxremote.access will look like
monitorRole readonly
controlRole readwrite
end jmxremote.password will be
monitorRole tomcat
controlRole tomcat
(just simple spaces)
restart tomcat.
Now configure firewall on the server (e.g. iptables)
/etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9841 -j ACCEPT
and /etc/sysconfig/ip6tables
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9841 -j ACCEPT
restart iptables
Done!
Now use VisualVM or JConsole on your workstation to establish a connection to rmiRegistryPortPlatform, 9840 in our sample.
If there are no more firewalls between workstation and server it should work.
Tried with Java 8
1. Add this to your java tomcat startup script:
-Dcom.sun.management.jmxremote.port=1616
-Dcom.sun.management.jmxremote.rmi.port=1616
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=false
-Djava.rmi.server.hostname=localhost
for example add into bin/setenv.sh this:
export CATALINA_OPTS="$CATALINA_OPTS \
-Dcom.sun.management.jmxremote.port=1616 \
-Dcom.sun.management.jmxremote.rmi.port=1616 \
-Dcom.sun.management.jmxremote.local.only=true \
-Dcom.sun.management.jmxremote.authenticate=false \
-Dcom.sun.management.jmxremote.ssl=false "
2. Execute this on your computer.
Windows users:
putty.exe -ssh user#remote-host -L 1616:remote-host:1616
Linux and Mac Users:
ssh user#remote-host -L 1616:remote-host:1616
3. Start jconsole on your computer
jconsole localhost:1616
4. Have fun!
P.S.: during step 2, using ssh and -L you specify that the port 1616 on the local (client) host is to be forwarded to the remote side.
P.S.2.: you can specify same port for JMX and RMI conversations
what string are you using as the JMX connection url. I don't mean to point out the obvious but JConsole has a terrible interface and to me requires an overly complex url before it will connect to a remote jmx app. Mine looks like this:
service:jmx:rmi:///jndi/rmi://(hostname):(jmxport)/jmxrmi
Enable JMX in Tomcat8, successfully tested in my POC
1/ Download the catalina-jmx-remote.jar from apache website and place in $CATALINA_HOME/lib.
2/ Take server.xml / setenv.sh backup. Make the changes to server.xml like below-
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />
3/ Make the changes to $CATALINA_BASE/bin/setenv.sh like -
[...]
JVM_OPTS="[...]
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.authenticate=true
-Djava.rmi.server.hostname=<eth:0_IP>| <`hostname -i`>
-Dcom.sun.management.jmxremote.password.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.access
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote=true "
4/ Create these two files as -
$touch $CATALINA_BASE/conf/jmxremote.password containing:
admin letmein
$touch $CATALINA_BASE/conf/jmxremote.access containing:
admin readwrite
$ chmod 600 jmxremote.password
5/ Restart tomcat and test on jconsole tool :)
$echo|telnet 10.105.14.90 10001
What exactly do you mean when you say "But can't connect successfully."? Is there an error message? Try turning on logging in jconsole and see if that helps debug it.
To turn on jconsole logging, edit a file named logging.properties in the directory you will be running jconsole in, add:
handlers= java.util.logging.ConsoleHandler
.level=INFO
java.util.logging.FileHandler.pattern = %h/java%u.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
java.util.logging.ConsoleHandler.level = FINEST
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
javax.management.level=FINEST
javax.management.remote.level=FINEST
Then, start jconsole with:
jconsole -J-Djava.util.logging.config.file=logging.properties
if you are working on linux, modify the catalina.sh file adding:
CATALINA_OPTS="-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=<HOST_IP> -Dcom.sun.management.jmxremote.port=<HOST_PORT> -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
export CATALINA_OPTS
or modify the /etc/profile file as root and rerun the file (source /etc/profile)
if you are working on windows and you are starting tomcat from the command line, use
the environment variable CATALINA_OPTS
if you are working on windows and you are starting tomcat as a service, you'll need to use the monitor service utility to configure the service initialization parameters (neither setenv.bat, catalina.bat or env-vars will work). for that you'll need the service name that appears listed in services.msc (for example jasperreportsTomcat). After, you'll need to open a console as administrator and execute (for example):
tomcat6w.exe //MS//jasperreportsTomcat
with this command will appear a tray icon where you can open a panel. In the "Java" tab now you can modify the jmx options. Be careful to not add trailing whitespaces and use the "[enter]" symbol to separate each option line by line.
-Dcom.sun.management.jmxremote
-Djava.rmi.server.hostname=192.168.61.101
-Dcom.sun.management.jmxremote.port=9999
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
Hope it helps
Check if your server is behind the firewall. JMX is base on RMI, which open two port when it start. One is the register port, default is 1099, and can be specified by the com.sun.management.jmxremote.port option. The other is for data communication, and is random, which is what cause problem. A good news is that, from JDK6, this random port can be specified by the com.sun.management.jmxremote.rmi.port option.
add the line in you {tomcat_dir}/bin/setenv.sh:
export CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8991 -Dcom.sun.management.jmxremote.rmi.port=8991 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
I got something for all of you, in order to complete the investigation of this whole thing. There is a trick, it happens that profiler tool connnects with the jvm using a port, but the jvm continues the conversation using another random port. If the jvm is running inside a remote machine (for example : a tomcat web-app server), and the remote machine has protection against outgoing and incoming connections, you must set the java system property com.sun.management.jmxremote.rmi.port to the same value of the property named com.sun.management.jmxremote.port
Source : https://serverfault.com/questions/308662/how-do-i-fix-a-failed-to-retrieve-rmiserver-stub-jmx-error
And also check this out : http://blog.cantremember.com/debugging-with-jconsole-jmx-ssh-tunnels/
Hope to contribute guys!
And good luck!
Well, I had this problem in a Linux box (virtual machine) and I fixed it using -Djava.rmi.server.hostname property but there's a thing I can't understand. My machine has 5 tomcat servers, all of them has jmx enabled in consecutive ports (8008,8018,8028...) and only one of them had this issue connecting JMX. No firewall, no -Djava.rmi.server.hostname property in any tomcat....
So the thing is that I understand the problem but I can't understand why 4 of my tomcats worked and 1 of them not.
P.D: My english is very poor, I know. My Apologies.
PROTIP: You need to fix (as in having a known number) the RMI Registry and JMX/RMI Server ports. You do this by putting jar-file in the lib-dir and configuring a special listener. (And ofcourse the usual flags for activating JMX
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=8999 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false \
-Djava.rmi.server.hostname=<HOSTNAME> \
See: JMX Remote Lifecycle Listener at http://tomcat.apache.org/tomcat-6.0-doc/config/listeners.html
Changing the /etc/hosts on linux, where I replaced the localhost address associated to my account to the machine ip, solved this problem for me.

Categories