[ACCEPTED]-Connecting remote tomcat JMX instance using jConsole-jconsole
I had a similar, if not the same, problem. I 6 could connect to the JMX server if I started 5 jconsole locally on the machine.
It appears 4 the RMI server was not listening on the 3 correct ip. So, as was suggested in this related question, I 2 added the following:
-Djava.rmi.server.hostname=<host ip>
to JAVA_OPTS as well, and then 1 it worked.
I've collected information spread over the 21 net, found with hints from other members.
Most 20 pain caused by JMX is (imo) the fact that 19 JMX opens a second dynamically allocated 18 network port. A firewall (like iptables) will 17 block this.
Solution for tomcat on linux 16 :
use tomcat 6.0.24 or newer download catalina-jmx-remote.jar 15 from apache tomcat extras (use browse on 14 tomcat download page) copy it in the $CTALINA_HOME\lib
This 13 allows you to set both ports used by JMX
edit 12 Server section in your server.xml
<Server port="8005" ..>
...
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="9840" rmiServerPortPlatform="9841"/>
set some 11 environment variables (e.g. in setenv.sh)
CATALINA_OPTS="
-Djava.rmi.server.hostname=IP-TO-LISTEN
-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access
-Dcom.sun.management.jmxremote.ssl=false"
this 10 activates access control for JMX
jmxremote.access 9 will look like
monitorRole readonly
controlRole readwrite
end jmxremote.password will 8 be
monitorRole tomcat
controlRole tomcat
(just simple spaces)
restart tomcat.
Now 7 configure firewall on the server (e.g. iptables)
/etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9841 -j ACCEPT
and 6 /etc/sysconfig/ip6tables
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9841 -j ACCEPT
restart iptables 5
Done!
Now use VisualVM or JConsole on your 4 workstation to establish a connection to 3 rmiRegistryPortPlatform, 9840 in our sample.
If 2 there are no more firewalls between workstation 1 and server it should work.
Tried with Java 8
1. Add this to your java tomcat startup script:
-Dcom.sun.management.jmxremote.port=1616
-Dcom.sun.management.jmxremote.rmi.port=1616
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=false
-Djava.rmi.server.hostname=localhost
for example add into bin/setenv.sh this:
export CATALINA_OPTS="$CATALINA_OPTS \
-Dcom.sun.management.jmxremote.port=1616 \
-Dcom.sun.management.jmxremote.rmi.port=1616 \
-Dcom.sun.management.jmxremote.local.only=true \
-Dcom.sun.management.jmxremote.authenticate=false \
-Dcom.sun.management.jmxremote.ssl=false "
2. Execute this on your computer.
Windows users:
putty.exe -ssh user@remote-host -L 1616:remote-host:1616Linux and Mac Users:
ssh user@remote-host -L 1616:remote-host:1616
3. Start jconsole on your computer
jconsole localhost:1616
4. Have fun!
- P.S.: during step 2, using
sshand-Lyou specify that the port 1616 on the local (client) host is to be forwarded to the remote side. - P.S.2.: you can specify same port for JMX and RMI conversations
0
what string are you using as the JMX connection 5 url. I don't mean to point out the obvious 4 but JConsole has a terrible interface and 3 to me requires an overly complex url before 2 it will connect to a remote jmx app. Mine 1 looks like this:
service:jmx:rmi:///jndi/rmi://(hostname):(jmxport)/jmxrmi
Enable JMX in Tomcat8, successfully tested in my POC
1/ Download the catalina-jmx-remote.jar from apache website and 6 place in $CATALINA_HOME/lib.
2/ Take server.xml / setenv.sh backup. Make the 5 changes to server.xml like below-
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />
3/ Make the changes 4 to $CATALINA_BASE/bin/setenv.sh like -
[...]
JVM_OPTS="[...]
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.authenticate=true
-Djava.rmi.server.hostname=<eth:0_IP>| <`hostname -i`>
-Dcom.sun.management.jmxremote.password.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.access
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote=true "
4/ Create these two files as 3 -
$touch $CATALINA_BASE/conf/jmxremote.password containing:
admin letmein
$touch $CATALINA_BASE/conf/jmxremote.access containing:
admin 2 readwrite
$ chmod 600 jmxremote.password
5/ Restart tomcat and test on jconsole 1 tool :)
$echo|telnet 10.105.14.90 10001
What exactly do you mean when you say "But 7 can't connect successfully."? Is there 6 an error message? Try turning on logging 5 in jconsole and see if that helps debug 4 it.
To turn on jconsole logging, edit a file 3 named logging.properties in the directory 2 you will be running jconsole in, add:
handlers= java.util.logging.ConsoleHandler
.level=INFO
java.util.logging.FileHandler.pattern = %h/java%u.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
java.util.logging.ConsoleHandler.level = FINEST
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
javax.management.level=FINEST
javax.management.remote.level=FINEST
Then, start 1 jconsole with:
jconsole -J-Djava.util.logging.config.file=logging.properties
if you are working on linux, modify the 22 catalina.sh file adding:
CATALINA_OPTS="-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=<HOST_IP> -Dcom.sun.management.jmxremote.port=<HOST_PORT> -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
export CATALINA_OPTS
or modify the /etc/profile 21 file as root and rerun the file (source 20 /etc/profile)
if you are working on windows 19 and you are starting tomcat from the command 18 line, use the environment variable CATALINA_OPTS
if 17 you are working on windows and you are starting 16 tomcat as a service, you'll need to use 15 the monitor service utility to configure 14 the service initialization parameters (neither 13 setenv.bat, catalina.bat or env-vars will 12 work). for that you'll need the service 11 name that appears listed in services.msc 10 (for example jasperreportsTomcat). After, you'll 9 need to open a console as administrator 8 and execute (for example): tomcat6w.exe 7 //MS//jasperreportsTomcat
with this command 6 will appear a tray icon where you can open 5 a panel. In the "Java" tab now you can modify 4 the jmx options. Be careful to not add trailing 3 whitespaces and use the "[enter]" symbol 2 to separate each option line by line.
-Dcom.sun.management.jmxremote
-Djava.rmi.server.hostname=192.168.61.101
-Dcom.sun.management.jmxremote.port=9999
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
Hope 1 it helps
I got something for all of you, in order 13 to complete the investigation of this whole 12 thing. There is a trick, it happens that 11 profiler tool connnects with the jvm using 10 a port, but the jvm continues the conversation 9 using another random port. If the jvm is 8 running inside a remote machine (for example 7 : a tomcat web-app server), and the remote 6 machine has protection against outgoing 5 and incoming connections, you must set the 4 java system property com.sun.management.jmxremote.rmi.port to the same value 3 of the property named com.sun.management.jmxremote.port
Source : https://serverfault.com/questions/308662/how-do-i-fix-a-failed-to-retrieve-rmiserver-stub-jmx-error And also 2 check this out : http://blog.cantremember.com/debugging-with-jconsole-jmx-ssh-tunnels/
Hope to contribute guys!
And 1 good luck!
Check if your server is behind the firewall. JMX 8 is base on RMI, which open two port when 7 it start. One is the register port, default 6 is 1099, and can be specified by the com.sun.management.jmxremote.port 5 option. The other is for data communication, and 4 is random, which is what cause problem. A 3 good news is that, from JDK6, this random 2 port can be specified by the com.sun.management.jmxremote.rmi.port 1 option.
add the line in you {tomcat_dir}/bin/setenv.sh:
export CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8991 -Dcom.sun.management.jmxremote.rmi.port=8991 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
Changing the /etc/hosts on linux, where I replaced 3 the localhost address associated to my account 2 to the machine ip, solved this problem for 1 me.
Well, I had this problem in a Linux box 11 (virtual machine) and I fixed it using -Djava.rmi.server.hostname 10 property but there's a thing I can't understand. My 9 machine has 5 tomcat servers, all of them 8 has jmx enabled in consecutive ports (8008,8018,8028...) and 7 only one of them had this issue connecting 6 JMX. No firewall, no -Djava.rmi.server.hostname 5 property in any tomcat....
So the thing is 4 that I understand the problem but I can't 3 understand why 4 of my tomcats worked and 2 1 of them not.
P.D: My english is very poor, I 1 know. My Apologies.
PROTIP: You need to fix (as in having a 6 known number) the RMI Registry and JMX/RMI 5 Server ports. You do this by putting jar-file 4 in the lib-dir and configuring a special 3 listener. (And ofcourse the usual flags 2 for activating JMX
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=8999 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false \
-Djava.rmi.server.hostname=<HOSTNAME> \
See: JMX Remote Lifecycle 1 Listener at http://tomcat.apache.org/tomcat-6.0-doc/config/listeners.html
More Related questions
We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.